Smc 6709FL2 Management Guide

Download

TigerSwitch 10/100

9-Port Fast Ethernet Switch

◆ 8 10BASE-T/100BASE-TX ports, 1 100BASE-FX

MMF port

◆ 1.8 Gbps aggregate bandwidth

◆ Spanning Tree Protocol

◆ Port mirroring for non-intrusive analysis

◆ QoS support with two priority queues

◆ Full support for VLANs with GVRP

◆ IP multicasting with IGMP snooping

◆ Security filtering based on MAC addresses

◆ Manageable via console, Web, SNMP/RMON

Management Guide

SMC6709FL2

TigerSwitch 10/100 Management Guide

From SMC’s Tiger line of feature-rich workgroup LAN solutions

38 Tesla Irvine, CA 92618 Phone: (949) 679-8000

February 2004

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice.

38 Tesla

Irvine, CA 92618

Trademarks:

SMC is a registered trademark; and TigerStack and TigerSwitch are trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.

ONTENTS

1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Description of Software Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4

2 Initial Configuration . . . . . . . . . . . . . . . . . . . . . . 2-1

Connecting to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Required Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

Remote Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Setting Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Setting an IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

Enabling SNMP Management Access . . . . . . . . . . . . . . . . . . . . . 2-7

Community Strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7

3 Configuring the Switch . . . . . . . . . . . . . . . . . . . . 3-1

Using the Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Navigating the Web Browser Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Basic System Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6

Global Switch Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6

Class of Service Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8

Console Port Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9

Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

Displaying Connection Status . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

Configuring Interface Connections . . . . . . . . . . . . . . . . . . . . . . 3-11

Showing Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-12

Trunk Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13

Configuring Static Trunks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14

Configuring Dynamic Trunks . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16

Aggregator Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17

ONTENTS

Aggregator Information . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18

State Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20

Forwarding and Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-21

Configuring Multicast Filtering . . . . . . . . . . . . . . . . . . . . . . . . . 3-21

Setting Static Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24

Configuring Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25

Configuring Address Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26

VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27

Port-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-28

Tag-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29

Creating Tagged VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . 3-31

Configuring the PVID and Ingress Filters . . . . . . . . . . . . . 3-32

Spanning Tree Protocol Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 3-34

Enabling STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-34

Configuring Global STP Settings . . . . . . . . . . . . . . . . . . . . . . . . 3-34

Displaying Information About the Root Bridge . . . . . . . . . . . . 3-36

Configuring Port STP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36

Displaying Port Status for STP . . . . . . . . . . . . . . . . . . . . . . . . . 3-38

Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39

Simple Network Management Protocol . . . . . . . . . . . . . . . . . . . . . . . . 3-40

Configuring System Information . . . . . . . . . . . . . . . . . . . . . . . . 3-40

Setting Community Access Strings . . . . . . . . . . . . . . . . . . . . . . 3-40

Specifying Trap Managers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41

User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-42

Firmware and Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43

Downloading System Software from a Server . . . . . . . . . . . . . 3-43

Saving or Restoring Configuration Settings . . . . . . . . . . . . . . . 3-44

Resetting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45

Rebooting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-45

4 Console Interface . . . . . . . . . . . . . . . . . . . . . . . .4-1

Log-in Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2

Status and Counters Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6

Displaying Connection Status . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-7

Showing Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-8

Displaying System Information . . . . . . . . . . . . . . . . . . . . . . . . . . 4-9

ONTENTS

Switch Static Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10

Administration Configuration Menu . . . . . . . . . . . . . . . . . . . . . 4-11

Configuring Device Information . . . . . . . . . . . . . . . . . . . . 4-12

Configuring the IP Address . . . . . . . . . . . . . . . . . . . . . . . . 4-13

Configuring the User Name . . . . . . . . . . . . . . . . . . . . . . . . 4-14

Configuring the Password . . . . . . . . . . . . . . . . . . . . . . . . . 4-15

Configuring Interface Connections . . . . . . . . . . . . . . . . . . . . . . 4-16

Configuring Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-18

VLAN Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-20

Configuring Port-based VLANs . . . . . . . . . . . . . . . . . . . . 4-21

Configuring Tag-based VLANs . . . . . . . . . . . . . . . . . . . . . 4-23

Configuring Queue Priorities . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-26

MAC Address Configuration Menu . . . . . . . . . . . . . . . . . . . . . . 4-28

Setting Static Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-28

Configuring Address Filtering . . . . . . . . . . . . . . . . . . . . . . 4-30

Miscellaneous Configuration Menu . . . . . . . . . . . . . . . . . . . . . . 4-32

Configuring Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . 4-33

Configuring Address Aging . . . . . . . . . . . . . . . . . . . . . . . . 4-35

Configuring Broadcast Storm Control . . . . . . . . . . . . . . . . 4-36

Configuring the Transmit Delay Bound . . . . . . . . . . . . . . 4-37

Protocol Related Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . 4-39

Spanning Tree Protocol Menu . . . . . . . . . . . . . . . . . . . . . . . . . . 4-40

Enabling STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-41

Displaying Information About the Root Bridge . . . . . . . . 4-41

Configuring Global STP Settings . . . . . . . . . . . . . . . . . . . . 4-43

Configuring Port STP Settings . . . . . . . . . . . . . . . . . . . . . . 4-45

Simple Network Management Protocol Menu . . . . . . . . . . . . . 4-47

Configuring System Information . . . . . . . . . . . . . . . . . . . . 4-48

Setting Community Access Strings . . . . . . . . . . . . . . . . . . 4-49

Specifying Trap Managers . . . . . . . . . . . . . . . . . . . . . . . . . 4-50

GVRP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-51

Link Access Control Protocol Menu . . . . . . . . . . . . . . . . . . . . . 4-52

Configuring the Aggregator Setting . . . . . . . . . . . . . . . . . . 4-53

Setting the State Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-55

Displaying Aggregator Information . . . . . . . . . . . . . . . . . . 4-56

Reboot Switch Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-58

vii

ONTENTS

A Software Specifications . . . . . . . . . . . . . . . . . . . .A-1

Switch Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .A-2

Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2

B Upgrading Firmware . . . . . . . . . . . . . . . . . . . . . .B-1

C Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . .C-1

Glossary

Index

viii

HAPTER

NTRODUCTION

This switch provides a broad range of features for switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.

Key Features

Feature Description

Authentication Console, Telnet, Web – User name / password

SNMP – Community strings

Configuration Backup / Restore

Port Configuration Speed, duplex mode and flow control

Port Mirroring One or more ports mirrored to single analysis port

Static Address Up to 8K MAC addresses in the forwarding table

Trunks Static trunks or dynamic Link Aggregation Control Protocol

Spanning Tree Protocol

Virtual LANs Up to 128

Traffic Prioritization

Multicast Filtering Supports IGMP snooping and query

Backup to TFTP server

Supported

Supports two priority queues; queuing based on First-In First-Out (FIFO), high queue before low queue, or Weighted Round Robin (WRR)

1-1

NTRODUCTION

Description of Software Features

IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent

bridging. The address table facilitates data switching by learning addresses, and then filtering or forwarding traffic based on this information. The address table supports up to 8K addresses.

Store-and-Forward Switching – The switch copies each frame into its memory before forwarding them to another port. This ensures that all frames are a standard Ethernet size and have been verified for accuracy with the cyclic redundancy check (CRC). This prevents bad frames from entering the network and wasting bandwidth.

To avoid dropping frames on congested ports, the switch provides 2Mbit for frame buffering. This buffer can queue packets awaiting transmission on congested networks.

Spanning Tree Protocol – The switch supports IEEE 802.1D Spanning Tree Protocol. This protocol adds a level of fault tolerance by allowing two or more redundant connections to be created between a pair of LAN segments. When there are multiple physical paths between segments, the protocol will choose a single path and disable all others to ensure that only one route exists between any two stations on the network. This prevents the creation of network loops. However, if the chosen path should fail for any reason, an alternate path will be activated to maintain the connection.

VLANs – This switch supports up to 128 VLANs. A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. By segmenting your network into VLANs, you can:

• Eliminate broadcast storms which severely degrade performance in a flat network.

1-2

ESCRIPTION OF SOFTWARE FEATURES

• Simplify network management for node changes/moves by remotely configuring VLAN membership for any port, rather than having to manually change the network connection.

• Provide data security by restricting all traffic to the originating VLAN.

Port Mirroring – The switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity.

Port Trunking – Ports can be combined into an aggregate connection. Trunks can be manually set up or dynamically configured using IEEE

802.3ad Link Aggregation Control Protocol (LACP). The additional ports

dramatically increase the throughput across any connection, and provide redundancy by taking over the load if a port in the trunk should fail. The switch supports four trunks, with up to eight up-link ports per trunk.

Broadcast Suppression – Broadcast suppression prevents broadcast traffic from overwhelming the network. When enabled on a port, the level of broadcast traffic passing through the port is restricted. If broadcast traffic rises above a pre-defined threshold, it will be throttled until the level falls back beneath the threshold.

Flow Control – Flow control reduces traffic during periods of congestion and prevent packets from being dropped when port buffers overflow. The switch supports flow control based on the IEEE 802.3x standard. By default, flow control is enabled on all ports.

Traffic Priority – This switch provides Quality of Service (QoS) by prioritizing each packet based on the required level of service, using two priority queues, and processing the high-priority queue before the lowpriority queue, or using Weighted Round Robin Queuing (WRR). It uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on input from the end-station application. These functions can be used to provide independent priorities for delay-sensitive data and best-effort data.

1-3

NTRODUCTION

Multicast Filtering – Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere with normal network traffic and to guarantee real-time delivery by setting the required priority level for the designated VLAN. The switch uses IGMP Snooping and Query to manage multicast group registration.

System Defaults

The following table lists some of the basic system defaults.

Function Parameter Default

IP Settings IP Address 0.0.0.0

Subnet Mask 0.0.0.0

Default Gateway 0.0.0.0

SNMP Community Strings “public” (read only)

Traps Authentication traps

Link-up-down events

Security Console, Telnet, Web Username “admin”

Address Learning Enabled (all ports)

Console Port Connection

Port Status Admin Status Enabled

Link Aggregation

Baud Rate 9600

Data bits 8

Stop bits 1

Parity none

Local Console Timeout 1 minute

Auto-negotiation Enabled

Flow Control Enabled

Static Trunks None

LACP (all ports) Disabled

Password “admin”

1-4

YSTEM DEFAULTS

Function Parameter Default

Spanning Tree Protocol

Address Table Aging Time 300 seconds

Multicast Filtering

Virtual LANs VLAN Status Disabled

Class of Service Weighted Round Robin Weight: 2 high, 1 low

Broadcast Storm Protection

Status Enabled

(Defaults: All values based on IEEE 802.1D)

Forwarding and Filtering Static addresses: none

Filter addresses: none

IGMP Snooping Disabled

IGMP Query Auto-negotiation

Default VLAN 1

PVID 1

Ingress Filtering (Rule 1)

- Tag must match PVID

Ingress Filtering (Rule 2)

- Acceptable frame types

GVRP Disabled

Status Disabled (all ports)

Enabled

All

Queues: 7-4 high, 3-0 low

Note: To reset the switch defaults, use the Reset System command

(page 3-45).

1-5

NTRODUCTION

1-6

HAPTER

NITIAL

ONFIGURATION

Connecting to the Switch

Configuration Options

The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON, and a Web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via the console menu.

Note: The IP address for this switch is unassigned by default. To change

this address, see “Setting an IP Address” on page 2-5.

The switch’s HTTP Web agent allows you to configure switch parameters, monitor port connections, and display statistics using a standard Web browser such as Netscape Navigator version 6.2 and higher or Microsoft IE version 5.0 and higher. The switch’s Web management interface can be accessed from any computer attached to the network.

The switch’s management agent is based on SNMP (Simple Network Management Protocol). This SNMP agent permits the switch to be managed from any system in the network using management software.

The console menu can be accessed by a direct connection to the RS-232 serial console port on the switch, or remotely by a Telnet connection over the network.

The switch’s console menu, Web Interface, and SNMP agent allow you to perform the following management functions:

• Set user name and password

• Set an IP interface for management access (console menu only)

2-1

NITIAL CONFIGURATION

• Configure SNMP parameters

• Enable/disable any Ethernet port

• Set the speed/duplex mode for any port

• Configure up to 128 IEEE 802.1Q VLANs

• Enable GVRP automatic VLAN registration

• Configure IGMP multicast filtering

• Upload and download system firmware via TFTP

• Upload and download switch configuration files via TFTP

• Configure Spanning Tree parameters

• Configure Class of Service (CoS) priority queuing

• Configure up to four static or LACP trunks

• Enable port mirroring

• Prevent broadcast storms by limiting bandwidth for broadcast traffic

• Display system information and statistics

Required Connections

The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch.

Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch. You can use the console cable provided with this package, or use a null-modem cable that complies with the wiring assignments shown in the Installation Guide.

To connect a terminal to the console port, complete the following steps:

1. Connect the console cable to the serial port on a terminal, or a PC running terminal emulation software, and tighten the captive retaining screws on the DB-9 connector.

2. Connect the other end of the cable to the RS-232 serial port on the switch.

3. Make sure the terminal emulation software is set as follows:

2-2

ONNECTING TO THE SWITCH

• Select the appropriate serial port (COM port 1 or COM port 2).

• Set the data rate to 9600 baud.

• Set the data format to 8 data bits, 1 stop bit, and no parity.

• Set flow control to none.

• Set the emulation mode to VT100.

Note: Once you have set up the terminal correctly, the console login

screen will be displayed.

Remote Connections

Prior to accessing the switch’s onboard agent via a network connection, you must first configure it with a valid IP address, subnet mask, and default gateway using a console connection.

The IP address for this switch is unassigned by default. To manually configure this address to one that matches your specific network requirements, see “Setting an IP Address” on page 2-5.

After configuring the switch’s IP parameters, you can access the onboard configuration program from anywhere within the attached network. The onboard configuration program can be accessed using Telnet from any computer attached to the network. The switch can also be managed by any computer using a Web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above), or from a network computer using network management software.

Notes: 1. Only one management session is supported.

2. The onboard program only provides access to basic

configuration functions. To access the full range of SNMP management functions, you must use SNMP-based network management software.

2-3

NITIAL CONFIGURATION

Basic Configuration

Console Connection

Access to the console menu is controlled by a user name and password. The default setting is “admin” for both the user name and password. To log into the console menu, perform these steps:

1. Enter “admin” at the user name prompt.

2. Enter “admin” at the password prompt. (The password characters are not displayed on the console screen.)

The session is opened and the Main Menu displays.

Setting Passwords

Note: If this is your first time to log in, you should define a new user

name and password, record them and put them in a safe place.

A user name or password can consist of up to 15 alphanumeric characters and are not case sensitive. To prevent unauthorized access to the switch, set the user name and password as follows:

1. Open the console interface with the default user name and password “admin” to access the Main Menu.

2. Navigate from the Main Menu to –

Switch Static Configuration, and then Administration Configuration.

3. Select “Change Username” and press <Enter>.

• Select <Edit>, type in the new user name, and press <Enter>.

• Select <Save> and press Enter.

2-4

ASIC CONFIGURATION

4. Select “Change Password” and press <Enter>.

• Type the old password and press <Enter>.

• Type the new password and press <Enter>.

• Then re-enter the new password for verification, press <Enter>.

Setting an IP Address

You must establish IP address information for the switch to obtain management access through the network. You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the configuration program.

Note: The IP address for this switch is unassigned by default.

Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:

• IP address for the switch

• Network mask for this network

• Default gateway for the network

2-5

NITIAL CONFIGURATION

To assign an IP address to the switch, complete the following steps:

1. Navigate from the Main Menu to –

Switch Static Configuration, Administration Configuration, and then IP Configuration.

2. Select <Edit>, type in the IP Address, Subnet Mask, and Gateway. Press <Enter> after each item. Press <Ctrl-A> to return to the action bar at the bottom of the screen. Select <Save> and press any key to continue. (The IP addresses shown below are merely examples.)

Tiger Switch 10/100 6709FL2 : IP Configuration ===========================

IP Address : 192.168.16.1

Subnet Mask : 255.255.255.0

Gateway : 192.168.16.254

actions-> <Edit> <Save> <Quit> Select the action menu. Tab=Next Item BackSpace=Previous Item Quit=Previous menu Enter=Select Item

3. Navigate back to the Main Menu, go to Reboot Switch menu, select the “Restart” command, and press <Enter>.

2-6

ASIC CONFIGURATION

Enabling SNMP Management Access

The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications such as SMC’s EliteView. You also can configure the switch to generate SNMP traps.

When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter. The switch can also be configured to send information to SNMP managers (without being requested by the managers) through trap messages that inform the manager that certain events have occurred.

Community Strings

Community strings are used to control management access to SNMP stations, as well as to authorize SNMP stations to receive trap messages from the switch. You therefore need to assign community strings to specified users or user groups, and set the access level.

The default string is “public” with read-only access. Authorized management stations are only able to retrieve MIB objects.

Note: If you do not intend to use SNMP, it is recommended that you

delete all community strings. If there are no community strings, then SNMP management access to the switch is disabled.

To configure a community string, complete the following steps:

1. Navigate from the Main Menu to –

Protocol Related Configuration, SNMP, and then Community Strings.

2. Click <Add>, then <Edit>.

3. Type in the Community Name, and press <Enter>.

2-7

NITIAL CONFIGURATION

4. Use the scroll-bar to toggle the Write Access Field to “Restricted” or “Unrestricted.”

5. Press <Ctrl-A> to return to the action bar at the bottom of the screen. Select <Save> and press any key to continue. (The community string

shown below is an example.)

Tiger Switch 10/100 6709FL2 : Add SNMP Community ===========================

Community Name :private

Write Access :Unrestricted

actions-> <Edit> <Save> <Quit> Select the action menu. Tab=Next Item BackSpace=Previous Item Quit=Previous menu Enter=Select Item

2-8

HAPTER

ONFIGURING THE

WITCH

Using the Web Interface

This switch provides an embedded HTTP Web agent. Using a Web browser you can configure the switch and view statistics to monitor network activity. The Web agent can be accessed by any computer on the network using a standard Web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above.)

Note: You can also use the console menu to manage the switch over a

serial connection to the console port or via Telnet. For more information on using the console menu, refer to Chapter 4, “Console Interface.”

Prior to accessing the switch from a Web browser, be sure you have first performed the following tasks:

1. Configure the switch with a valid IP address, subnet mask, and default gateway using an out-of-band serial connection. (See “Setting an IP Address” on page 2-5.)

2. Set a user name and password. Access to the Web agent is controlled by the same user name and password as the console configuration program. (See “Setting Passwords” on page 2-4.)

3. After you enter a user name and password, you will have access to the system configuration program.

Note: You are allowed three attempts to enter the correct password; on

the third failed attempt the current connection is terminated.

3-1

ONFIGURING THE SWITCH

Navigating the Web Browser Interface

To access the Web-browser interface you must first enter a user name and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password for the administrator is “admin.”

Home Page

When your Web browser connects with the switch’s Web agent, the home page is displayed as shown below. The interface displays the Main Menu on the left side of the screen and the selected menu on the right side. The Main Menu links are used to navigate to other menus, and display configuration parameters and statistics.

3-2

Configuration Options

Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the “Apply” button to confirm the new setting. The following table summarizes the Web page configuration buttons.

Button Action

Apply Sets specified values to the system for the displayed page.

Default Cancels specified values and restores current values prior

to pressing “Apply.”

Reset Immediately updates values for the current page.

Notes: 1. To ensure proper screen refresh, be sure that Internet

Explorer 5.x is configured as follows: Under the menu “Tools / Internet Options / General / Temporary Internet Files / Settings,” the setting for item “Check for newer versions of stored pages” should be “Every visit to the page.”

2. When using Internet Explorer 5.0, you may have to manually

refresh the screen after making configuration changes by pressing the browser’s refresh button.

ANEL DISPLAY

Panel Display

The Web agent displays an image of the switch’s ports, indicating whether each link is up or down. Clicking on the image of a port opens the Port Configuration page as described on page 3-12.

3-3

ONFIGURING THE SWITCH

Main Menu

Using the onboard Web agent, you can define system parameters, manage and control the switch, or monitor network conditions. The following table briefly describes the selections available from this program.

Menu Description Page

Home Main Menu 3-2

Port Status Displays port connection status 3-10

Port Statistics Lists Ethernet statistics 3-12

Administrator

Switch Settings

Basic Shows system model number, MAC address,

hardware version, and firmware version

Advanced Provides settings for address aging time,

maximum queue delay, broadcast storm control, priority queue options, and global settings for STP, IGMP, and VLANs

Console Port Info Displays settings for the console port 3-9

Port Controls 3-10

Port Controls Configures connection settings including

speed, duplex mode, and flow control

Port Status Displays the current connection settings 3-10

Trunking

Aggregator Setting Configures static or dynamic trunks 3-17

Aggregator Information

State Activity Actively or passively configures a trunk 3-20

Filter Database

IGMP Snooping Displays active multicast groups, VLAN

Static MAC Addresses

Port Security Enables and disables address learning 3-25

MAC Filtering Filters specified addresses 3-26

Shows trunks and associated ports, and detailed information for dynamic links

identifier, and associated ports

Sets entries for address, port number, and VLAN identifier

3-6

3-11

3-18

3-21

3-24

3-4

AIN MENU

Menu Description Page

VLAN Configuration 3-27

Basic Configures VLAN groups, including name,

Port VID Sets port VID and ingress filters 3-32

Spanning Tree Configures global bridge and port settings

Port Sniffer Sets the source and target ports for mirroring 3-39

SNMP 3-40

System Options Provides basic system description, including

Community Strings Configures community strings 3-40

Trap Managers Sets trap management stations 3-41

Security Manager Assigns a user name and password 3-42

TFTP Update Firmware Downloads a new code image 3-43

Configuration Backup 3-44

TFTP Restore Configuration

TFTP Backup Configuration

Reset System Resets switch to the default configuration 3-45

Reboot Reboots the switch 3-45

identifier, and if limited to a specific protocol

for STP; also displays current port status

contact information

Restores configuration settings 3-44

Backs up configuration settings 3-44

3-28 3-29

3-34

3-40

3-5

ONFIGURING THE SWITCH

Basic System Information

Use the Switch Settings page to display basic information on the switch, including hardware/firmware version numbers for the main board and management software.

Field Attributes

• Description – Switch model number.

• MAC Address – The physical layer address for this switch.

• Firmware Version – Version number of runtime code.

• Hardware Version – Hardware version of the main board.

• Default config value version – Default configuration version.

Web – Click Switch Settings

Basic.

Global Switch Settings

Use the Switch Settings, Advanced menu to configure address aging, packet transmit delay, and broadcast storm control.

Command Usage

• Aging Time – The switch stores the addresses of known devices. This

information is used to route traffic directly between the inbound and outbound ports. The addresses are learned by monitoring traffic, and stored in the dynamic address table. You can set the aging time after which inactive entries are removed.

• Transmit Delay Bound – Sets the maximum queuing delay.

3-6

LOBAL SWITCH SETTINGS

• Broadcast Storm Control – Broadcast storms may occur when a

device on your network is malfunctioning, or if application programs are not well designed or properly configured. If there is too much broadcast traffic on your network, performance can be severely degraded or everything can come to a complete halt. You can protect your network from broadcast storms by setting a maximum threshold for broadcast traffic.

Field Attributes

• MAC Table Address Entry Age-Out Time – The time after which

a learned entry is discarded if no new traffic is seen from that address. (Range: 300-765 seconds; Default: 300 seconds)

• Max bridge transmit delay bound control – Limits the time

packets can be queued in the switch. If enabled, packets queued beyond the specified time will be dropped. (Range: OFF, 1, 2, 4 seconds; Default: OFF)

• Broadcast Storm Filter Mode – The percentage of a port’s total

bandwidth used by broadcast traffic. When broadcast traffic rises above the specified threshold, broadcast packets exceeding that threshold will then be dropped. (Range: OFF, 5, 10, 15, 20, 25%; Default: OFF)

Web – Click Administrator for the aging time, transmit delay bound, and broadcast storm filter threshold, then click Apply.

Switch Settings=>Advanced. Specify values

3-7

ONFIGURING THE SWITCH

Class of Service Configuration

Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with two priority queues for each port. Data packets in a port’s high-priority queue are transmitted before those in the lower-priority queue.

You can set the method used to process priority traffic (i.e., first-in first-out, all high before low, or weighted round-robin), and also map the frame priority tags (i.e., 0 - 7) to the high or low priority queues.

Field Attributes

• First Come First Served – Packets are processed first-in first-out.

• All High before Low – All packets in the high-priority queue are

processed before any packets in the low-priority queue.

• Weighted Round Robin – Sets the preference given to packets in the

high-priority queue. This specifies the number of high-priority packets sent before one low-priority packet is sent. (Range: 1-7; Default: 2)

• Enable Delay Bound – Limits the queuing time for low-priority

packets. Any low-priority packets that exceed the delay bound will be sent. Note that the “Max bridge transmit delay bound control” must be enabled (page 3-6) for the Enable Delay Bound to function. (Range: 0-255 ms; Default: 0 ms)

• QoS Policy (High Priority Levels) – The default priority levels are

assigned according to recommendations in the IEEE 802.1p standard. However, you can map the priority levels to the switch’s output queues in any way that benefits application traffic for your own network. (Range: Level 0 - 7; Default: Level 4 - 7)

Web – Click Administrator priority method (First Come First Serve, All High before Low, or WRR), set the high-priority queue weight preference when using WRR, set a delay

Switch Settings=>Advanced. Select the

3-8

ONSOLE PORT SETTINGS

bound for low-priority packets if required, select the priority tags that will be processed by the high-priority queue, and then click Apply.

Console Port Settings

If you have access to the Web interface, but are having problems connecting to the console port, you can display the current connection parameters via the Console Information page, and adjust the settings for the PC or terminal connected to this port. See “Required Connections” on page 2-2 for information on how to connect to the console port.

Field Attributes

• Baudrate – The console port’s baud rate.

• Data Bits – Number of data bits per character.

• Parity Check – Shows if a parity bit is set to none, odd or even.

• Stop Bits – Number of the stop bits transmitted per byte.

• Flow Control – Shows if flow control is set to none or hardware.

Web – Click Administrator

Console Port Info.

3-9

ONFIGURING THE SWITCH

Port Configuration

Displaying Connection Status

Use the Port Status page to display the current connection status, including link state, auto-negotiation, speed/duplex mode, and flow control.

Notes: 1. To set the port status, use the Port Control page as described

under “Configuring Interface Connections” on page 3-11.

2. The “Config” field shows the configured settings, and the

“Actual” field shows the current operational status.

Field Attributes

• State – Shows if the port is enabled or disabled.

• Link Status – Indicates if the link is Up or Down.

• Auto-negotiation – Shows if auto-negotiation is enabled or disabled.

• Speed Status – Shows the port speed.

• Duplex Status – Shows the port duplex mode.

• Flow Control – Indicates the type of flow control in use.

Web – Click Port Status.

3-10

ORT CONFIGURATION

Configuring Interface Connections

Use the Port Controls pages to enable/disable an interface, set auto-negotiation, or manually set the speed and duplex mode, and flow control parameters.

Field Attributes

• State – Allows you to manually disable an interface. You can disable an

interface due to abnormal behavior (e.g., excessive collisions), and then reenable it after the problem has been resolved. You may also disable an interface for security reasons.

• Autonegotiation – Enables/disables auto-negotiation.

• Speed – Allows manual selection of port speed.

• Duplex – Allows manual selection of duplex mode.

• Flow Control – Allows manual selection of flow control.

Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.3x for full-duplex operation. (Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem. Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub.)

Note: Autonegotiation must be disabled before you can configure or

force the interface to use the Speed, Duplex mode or Flow Control options.

Web – Click Administrator settings, and click Apply.

Port Controls. Modify the required interface

3-11

ONFIGURING THE SWITCH

Showing Port Statistics

You can display standard statistics on network traffic from the Interfaces Group MIB, Ethernet-like MIB, and RMOM MIB. These statistics display errors on the traffic passing through each port. This information can be used to identify potential problems with the switch (such as a faulty port or unusually heavy loading). All values displayed have been accumulated since the last system reboot, and are shown as counts per second. Statistics are refreshed every 5 seconds.

Note: RMON groups 2, 3 and 9 can only be accessed using SNMP

management software.

Field Attributes

• State – Shows whether or not the port is operational.

• Link – Indicates if the link is Up or Down.

• TxGoodPkt – The total number of packets transmitted out of the

interface, including framing characters.

• TxBadPkt – The number of outbound packets that could not be

transmitted because of errors.

• RxGoodPkt – The total number of packets received on the interface,

including framing characters.

• RxBadPkt – The number of inbound packets that contained errors

preventing them from being delivered to a higher-layer protocol.

• TxAbort – The number of outbound packets which were chosen to be

discarded even though no errors had been detected to prevent their being transmitted. One possible reason for discarding such a packet could be to free up buffer space.

• Collision – The best estimate of the total number of collisions on this

Ethernet segment.

• DropPkt – The total number of events in which packets were dropped

due to lack of resources.

3-12

RUNK CONFIGURATION

Web – Click Port Statistics. You can use the Reset button at the bottom of the page to update the screen.

Trunk Configuration

The switch supports both static trunking and dynamic Link Aggregation Control Protocol (LACP). You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault-tolerant link between two devices. You can create up to four trunks at a time.

Command Usage

Besides balancing the load across each port in the trunk, the other ports provide redundancy by taking over the load if a port in the trunk fails. However, before making any physical connections between devices, use the Web interface to specify the trunk on the devices at both ends. When using a port trunk, take note of the following points:

• Finish configuring port trunks before you connect the corresponding

network cables between switches to avoid creating a loop.

• You can create up to four trunks, using up to eight ports in a trunk.

• Ports at both ends of a connection must be configured as trunk ports.

3-13

ONFIGURING THE SWITCH

• The ports at both ends of a trunk must be configured in an identical manner, including communication mode (i.e., speed, duplex mode and flow control), VLAN assignments, and CoS settings.

• All the ports in a trunk have to be treated as a whole when moved from/ to, added or deleted from a VLAN.

•The same STP, VLAN, and IGMP settings must be configured for all the ports in a trunk.

Configuring Static Trunks

You can manually assign specific ports to a static trunk.

Command Usage

• To avoid creating a loop in the network, be sure that you add a static trunk via the Web interface before connecting the ports, and also disconnect ports before removing a static trunk via the Web interface.

• When using static trunks, you may not be able to link to switches of different types, depending on the manufacturer’s implementation.

Field Attributes

Aggregator Setting page

• System Priority – Not applicable for static trunks.

• Group ID – Specifies the static trunk group. (Range: 1-4)

• LACP – Set this field to “Disable” when configuring a static trunk.

• Work Ports – Assigns port members to the static trunk. (Range: 1-8)

Aggregator Information page

• Group Key – Displays active static trunks.

• Port No – Shows the port members assigned to each static trunk.

3-14

RUNK CONFIGURATION

Web – Click Administrator=>Trunking=>Aggregator Setting. Select the group ID and click the Get button to display the settings for the specified group. Set LACP to “Disable.” Use the Add and Remove buttons to assign port members, and then click Apply.

Click Administrator currently configured static trunks and group members.

Trunking=>Aggregator Information to display

3-15

ONFIGURING THE SWITCH

Configuring Dynamic Trunks

Ports configured for LACP can automatically negotiate a trunked link with LACP-configured ports on another device.

Command Usage

• To avoid creating a loop in the network, be sure you enable LACP before connecting the ports; also disconnect the ports before disabling LACP.

• If the target switch has also enabled LACP on the connected ports, and port members at one or both ends of the link are set to actively initiate a link, the trunk will be activated automatically.

• If the number of active ports (i.e., Work Ports) is less than the number of assigned port, all the other ports will be placed in a standby mode. Should one link in the trunk fail, one of the standby ports will automatically be activated to replace it.

• All ports on both ends of an LACP trunk must be configured for full duplex, either by forced mode or auto-negotiation.

• The Spanning Tree Protocol must be enabled for LACP to function properly. (See “Configuring Global STP Settings” on page 3-34.)

3-16

RUNK CONFIGURATION

Aggregator Setting

Field Attributes

• System Priority – A value used to select the device that initiates an

LACP trunk. The device with the lowest value has the highest priority and will be selected as the active LACP partner.

• Group ID – Specifies the LACP trunk group.

• LACP – Set this field to “Enable” when configuring a dynamic trunk.

• Work Ports – Assigns port members to the dynamic trunk. (Range:

1-8) The number of active ports can also be specified in this field (i.e, using the text box to the right). If the number of active ports is less than the number of assigned members, excess ports will be placed in standby mode and only brought into service if an active link fails.

Web – Click Administrator System Priority (used to select the device that initiates a link). Select the group ID and click the Get button to display the settings for the specified group. Set LACP to “Enable.” Use the Add and Remove buttons to assign port members, enter the number of active ports in the Work Ports field, and then click Apply.

Trunking=>Aggregator Setting. Set the

3-17

ONFIGURING THE SWITCH

Aggregator Information

Field Attributes

Static Trunks

• Group Key – Displays static trunks.

• Port No – The port members assigned to the trunk.

Dynamic Trunks

• Actor – The device that initiated the trunk.

• Partner – The device that responded to a link initialization request.

• Priority – The priority used to select the device that initiates the trunk if both ends of the link are set to the LACP State of “Active.” This is the same as System Priority on the Aggregator Setting page.

• MAC – The physical address of the devices at both ends of the link.

• Port No – Active port members. (Other ports may be in standby mode.)

• Key – Only one dynamic trunk can be activated between two devices, so a key is sent to the partner device to uniquely identify each trunk. A trunk can only be formed if the devices at both ends of a link use the same key. A key is automatically generated by the switch when configuring a trunk.

• Active – Indicates whether a port has been set to actively initiate a trunk when an LACP partner is detected at the other end of the link. This field is configured in the State Activity page.

3-18

RUNK CONFIGURATION

Web – Click Administrator=>Trunking=>Aggregator Information to display currently configured trunks and group members.

3-19

ONFIGURING THE SWITCH

State Activity

Set the port members to actively or passively initiate an LACP trunk.

Field Attributes

• Port – Lists all ports that can be configured as LACP trunk members.

• LACP State Activity – When set to Active, a port can automatically initiate a trunk if an LACP partner is detected at the other end of the link.

Web – Click Administrator which can actively initiate an LACP trunk, and click Apply.

Trunking=>State Activity. Specify the ports

3-20

ORWARDING AND FILTERING

Forwarding and Filtering

This switch supports the following types of traffic filtering:

• Multicast Filtering – This switch can forward multicast traffic to host

devices that request to join a multicast service, and filter multicast traffic for all other ports which do not require multicast services.

• Static MAC Address – Binds a physical address to a specific port and

VLAN. Traffic with a source or destination address found in the static address table will only be passed through the specified interface.

• Port Security – Disables address learning for the specified port. Valid

addresses must be learned during a initial training period or statically configured.

• MAC Filtering – Filters specified addresses from the switch or from a

specific VLAN.

Configuring Multicast Filtering

Multicasting is used to support real-time applications such as video conferencing or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/router. Although this approach reduces the network overhead required by a multicast server, the broadcast traffic must be carefully pruned at every multicast switch/router it passes through to ensure that traffic is only passed on to hosts that subscribed to this service.

This switch uses Internet Group Management Protocol (IGMP) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting to join a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service. This procedure is also called multicast filtering.

3-21

ONFIGURING THE SWITCH

The purpose of multicast filtering is to optimize a switched network’s performance, so multicast packets will only be forwarded to those ports containing multicast group hosts or multicast routers/switches, instead of flooding traffic to all ports in the subnet.

You can enable IGMP Snooping and Query via the Switch Settings menu, and display information about multicast traffic being forwarded by the switch via the Filtering Database menu as shown below.

Field Attributes

• Enable IGMP Protocol – When enabled, the switch will monitor

network traffic to determine which hosts want to receive multicast traffic. This is also referred to as IGMP Snooping. (Default: Enabled)

•IGMP Query Mode – When enabled (or selected as the Querier through auto-negotiation), the switch will serve as the local Querier, which is responsible for asking hosts if they want to receive multicast traffic. This is also referred to as IGMP Query. Note that using the Auto option generates less protocol traffic compared to the Enable option. (Options: Auto, Enable, Disable; Default: Auto)

• IP Address – Multicast service addresses (224.0.0.0 - 239.255.255.255).

• VID – ID of configured VLAN (1-4094). This field is only displayed if IEEE 802.1Q tagged VLANs are enabled (page 3-29).

• Member Port – Ports receiving a specific multicast service.

Web – Click Administrator Protocol, set the IGMP Query Mode to the required option, and click Apply.

Switch Settings=>Advanced. Enable IGMP

3-22

ORWARDING AND FILTERING

Click Administrator=>Filtering Database=>IGMP Snooping.

3-23

ONFIGURING THE SWITCH

Setting Static Addresses

A static address can be assigned to a specific interface on this switch. Traffic sent from devices listed in the static address table will only be accepted on the specified interface. If any packets with a source address listed in this table enter another interface, they will be dropped.

When you add a static MAC address, it remains in the switch's address table, regardless of whether the device is physically connected to the switch. This saves the switch from having to re-learn a device's MAC address when the disconnected or powered-off device becomes active on the network again.

Field Attributes

• MAC Address – Physical address of a device mapped to this interface.

• Port Num – Port associated with the device assigned a static address.

•Vlan ID – ID of configured VLAN (1-4094). This option is only

available if IEEE 802.1Q tagged VLANs are enabled (page 3-29).

Web – Click Administrator Specify the MAC address, port number, and VLAN ID, then click Apply.

Filtering Database=>Static MAC Addresses.

3-24

ORWARDING AND FILTERING

Configuring Port Security

If you enable port security, the switch will stop learning new addresses on the specified port. Only incoming traffic with source addresses already stored in the dynamic address table will be accepted. The MAC addresses already in the address table will be retained and will not age out. This can be used to prevent unauthorized access to the switch.

To use port security, first allow the switch to dynamically learn the source MAC address for frames received on an interface for an initial training period, and then enable port security to stop address learning. Be sure you enable the learning function long enough to ensure that all valid members have been registered on the selected interface.

To add new members at a later time, you can manually add static addresses, or turn off port security to reenable the learning function long enough for new members to be registered. Learning may then be disabled again, if desired, for security.

Web – Click Administrator the ports for which you want to enable port security, then click Apply.

Filtering Database=>Port Security. Mark the

3-25

ONFIGURING THE SWITCH

Configuring Address Filtering

You can drop traffic from unwanted stations based on the source MAC address (and associated VLAN if tagged VLANs are enabled).

Field Attributes

• MAC Address – Source MAC address.

•Vlan ID – ID of configured VLAN (1-4094). This option is only

available if IEEE 802.1Q tagged VLANs are enabled (page 3-29).

Web – Click Administrator MAC address and associated VLAN, then click Apply.

Filtering Database=>MAC Filtering. Enter a

3-26

VLAN C

VLAN Configuration

Overview

In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service by using VLANs to organize any group of network nodes into separate broadcast domains. VLANs confine broadcast traffic to the originating group, and can eliminate broadcast storms in large networks. This also provides a more secure and cleaner network environment.

VLANs provide greater network efficiency by reducing broadcast traffic, and allow you to make network changes without having to update IP addresses or IP subnets. VLANs provide a high level of network security since traffic must pass through a Layer 3 switch to reach a different VLAN.

This switch supports the following VLAN features:

• Port-based VLANs for isolating user groups or subnets

• IEEE 802.1Q tagged VLANs that can span across the network (Up to 128 VLANs based on the IEEE 802.1Q standard)

• Distributed VLAN learning across multiple switches using tagging and GVRP dynamic registration protocol

• Port overlapping, allowing a port to participate in multiple VLANs

ONFIGURATION

3-27

ONFIGURING THE SWITCH

Port-based VLANs

Port-based VLANs are typically used to reduce broadcast traffic and to increase security. A group of network users assigned to a VLAN form a broadcast domain that is separate from other VLANs configured on the switch. Packets are forwarded only between ports that are designated for the same VLAN. Port-based VLANs can be used to manually isolate user groups or subnets. However, you should use IEEE 802.3 tagged VLANs with GVRP whenever possible to fully automate VLAN registration.

Web – Click Administrator Operation Mode to Port Based, then click Apply.

Click Administrator Enter the VLAN Name (1-15 characters) and Group ID (1-4094). Use the Add or Remove buttons to configure port members, then click Apply.

Switch Settings=>Advanced. Set VLAN

VLAN Configuration. Click Add to create a group.

3-28

VLAN C

Tag-based VLANs

An IEEE 802.1Q VLAN is a group of ports located anywhere in the network, but communicate as though they belong to the same physical segment by using frame tags to indicate VLAN membership. Tagged VLANs can help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical connections. You can also configure the switch to interoperate with existing tag-based VLAN networks and legacy non-tag networks by specifying whether or not the switch ports transmit tagged frames.

Assigning Ports to VLANs – You must assign each port to the VLAN group(s) in which it will participate. By default all ports are assigned to VLAN 1 as untagged ports. Add a port as a tagged port if you want it to carry traffic for one or more VLANs, and any intermediate network devices or the host at the other end of the connection supports VLANs. Then assign ports on the other VLAN-aware network devices along the path that will carry this traffic to the same VLAN(s), either manually or dynamically using GVRP. However, if you want a port on this switch to participate in one or more VLANs, but none of the intermediate network devices nor the host at the other end of the connection supports VLANs, then you should add this port to the VLAN as an untagged port.

ONFIGURATION

Note: VLAN-tagged frames can pass through VLAN-aware or VLAN-

unaware network interconnection devices, but should not be used for any end-node host that does not support VLAN tagging.

VLAN Classification – When the switch receives a frame, it classifies the frame in one of two ways. If the frame is untagged, the switch assigns the frame to an associated VLAN (based on the PVID of the receiving port). If the frame is tagged, the switch uses the tagged VLAN ID to identify the port broadcast domain of the frame.

Port Overlapping – Port overlapping can be used to allow access to commonly shared network resources among different VLAN groups, such as file servers or printers. Note that if you implement VLANs which do

3-29

ONFIGURING THE SWITCH

not overlap, but still need to communicate, you can connect them by using a Layer-3 router or switch.

Protocol VLANs – This switch also supports VLANs based on specific protocol types, such as IPX and AppleTalk. When a protocol is bound to a VLAN, the switch will only forward packets carrying the specified protocol tag. However, regardless of the protocol type, remember that traffic must still be passed though a router to reach a different subnet.

Automatic VLAN Registration – GVRP (GARP VLAN Registration Protocol) defines a system whereby the switch can automatically learn the VLANs to which each endstation should be assigned. If an endstation (or its network adapter) supports the IEEE 802.1Q VLAN protocol, it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join. When this switch receives these messages, it will automatically place the receiving port in the specified VLANs and forward the message to all other ports. When the message arrives at another switch that supports GVRP, it will also place the receiving port in the specified VLANs and pass the message on to all other ports. VLAN requirements are propagated in this way throughout the network. This allows GVRP-compliant devices to be automatically configured for VLAN groups based solely on endstation requests.

To implement GVRP in a network, first add the host devices to the required VLANs (using the operating system or other application software), so that these VLANs can be propagated onto the network. For both the edge switches attached directly to these hosts, and core switches in the network, enable GVRP on the links between these devices. You should also determine security boundaries in the network and disable GVRP on ports to prevent advertisements from being propagated.

Note: If you have host devices that do not support GVRP, you should

configure port-based or untagged VLANs for the switch ports connected to these devices. But you can still enable GVRP on network ports for these edge switches, as well as on the core switches in the network.

3-30

Creating Tagged VLANs

VLAN C

ONFIGURATION

Web – Click Administrator Operation Mode to 802.1Q with or without GVRP, then click Apply.

Click Administrator group. Enter the VLAN Name (1-15 characters) and Group ID (2-4094). Select a protocol type if you want to create a protocol based VLAN. Use the Add or Remove buttons to configure port members, then click Next.

Switch Settings=>Advanced. Set VLAN

VLAN Configuration=>Basic. Click Add to create a

3-31

ONFIGURING THE SWITCH

Set each port to transmit tagged or untagged frames, then click Apply.

Configuring the PVID and Ingress Filters

You also need to configure the default port VLAN ID (PVID), ingress filtering, and acceptable frame types.

Field Attributes

• PVID – VLAN ID assigned to untagged frames received on the port.

(Default: 1)

• Ingress Filtering 1 – If ingress filtering is enabled, incoming frames

for VLANs which do not include this ingress port in their member set will be discarded at the ingress port. (Default: Enabled)

- Ingress filtering only affects tagged frames.

- If enabled, the port will discard incoming frames tagged for VLANs which do not include this ingress port in their member set.

- If disabled, the port will accept any VLAN-tagged frame if the tag matches a VLAN known to the switch.

- Ingress filtering does not affect VLAN independent BPDU frames, such as GVRP or STP.

• Ingress Filtering 2 – Sets the port to drop untagged frames. If only

tagged frames are accepted, the switch will only accept frames if the frame tag matches a VLAN to which this port has been assigned. (Default: Disabled)

3-32

VLAN C

Web – Click Administrator=>VLAN Configuration=>Port VID. Set the PVID and Ingress Filtering rules, then click Apply.

ONFIGURATION

3-33

ONFIGURING THE SWITCH

Spanning Tree Protocol Configuration

The Spanning Tree Protocol (STP) detects and disables network loops and provides backup links between switches, bridges, and routers to ensure that only one route exists between any two stations on the network. The backup links automatically take over when a primary link goes down.

Enabling STP

To configure STP, first enable the protocol as shown below.

Web – Click Administrator Protocol, and click Apply.

Switch Settings=>Advanced. Enable STP

Configuring Global STP Settings

Global settings apply to the entire switch.

Field Attributes

• Priority – Bridge priority is used in selecting the root device, root port,

and designated port. The device with the highest priority becomes the STA root device. However, if all devices have the same priority, the device with the lowest MAC address will then become the root device. (Note that lower numeric values indicate higher priority.)

- Default: 32768

- Range: 0 - 65535

• Maximum Age – The maximum time (in seconds) a device can wait

without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals. Any port that ages out STA

3-34

PANNING TREE PROTOCOL CONFIGURATION

information (provided in the last configuration message) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the device ports attached to the network.

-Default: 20

- Minimum: The higher of 6 or [2 x (Hello Time + 1)]

- Maximum: The lower of 40 or [2 x (Forward Delay - 1)]

• Hello Time – Interval (in seconds) at which the root device transmits

a configuration message.

-Default: 2

- Minimum: 1

- Maximum: The lower of 10 or [(Max. Message Age / 2) -1]

• Forward Delay Time – The maximum time (in seconds) the root

device will wait before changing states (i.e., listening to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a blocking state; otherwise, temporary data loops might result.

-Default: 15

- Minimum: The higher of 4 or [(Max. Message Age / 2) + 1]

-Maximum: 30

Web – Click Administrator attributes, and click Apply.

Spanning Tree. Modify the required

3-35

ONFIGURING THE SWITCH

Displaying Information About the Root Bridge

The root bridge of the spanning tree is selected whenever the network is reconfigured. The root bridge is uniquely identified in the spanning tree by its priority and MAC address. The maximum age, hello time, and forward delay currently used by all bridges in the spanning tree are set to those values configured on the root bridge. (See the preceding page for a description of these parameters.)

Field Attributes

• Priority – Bridge priority for the root device.

• MAC Address – MAC address of the root device.

• Root Path Cost – The path cost from the root port on this switch to

the root device.

• Root Port – The number of the port on this switch that is closest to the

root. This switch communicates with the root device through this port. If there is no root port, then this switch has been accepted as the root device of the Spanning Tree network.

See the preceding page for a description of the other fields.

Web – Click Administrator

Spanning Tree.

Configuring Port STP Settings

You can configure STA attributes for specific ports, including port priority and path cost. You can use a different priority or path cost for ports of the same media type to indicate the preferred path.

3-36

PANNING TREE PROTOCOL CONFIGURATION

Field Attributes

• Priority – Defines the priority used for this port in the Spanning Tree

Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree. This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops. Where more than one port is assigned the highest priority, the port with lowest numeric identifier will be enabled.

- Default: 128

- Range: 0 - 255

• Path Cost – This parameter is used by STP to determine the best path

between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. (Path cost takes precedence over port priority.)

• Full Range: 1-65535

• Recommended Range –

- Ethernet: 50-600

- Fast Ethernet: 10-60

- Gigabit Ethernet: 3-10

•Defaults –

- Ethernet – half duplex: 100; full duplex: 95; trunk: 90

- Fast Ethernet – half duplex: 19; full duplex: 18; trunk: 15

- Gigabit Ethernet – full duplex: 4

Web – Click Administrator attributes, then click Apply.

Spanning Tree. Modify the required

3-37

ONFIGURING THE SWITCH

Displaying Port Status for STP

You can display the current STP settings and state for each port.

Field Attributes

• Port State – Displays the current state of this port in the Spanning Tree:

- Disabled - No link has been established on this port. Otherwise, the port has been disabled by the user or has failed diagnostics.

- Blocking - Port receives STP configuration messages, but does not forward packets.

- Listening - Port will leave blocking state due to a topology change, start transmitting configuration messages, but will not yet forward packets.

- Learning - Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving contradictory information. Port address table is cleared, and the port begins learning addresses.

- Forwarding - Port forwards packets, and continues learning addresses.

- Broken - Port is malfunctioning or no link has been established.

See the preceding page for a description of the other fields.

Web – Click Administrator

Spanning Tree.

3-38

ORT MIRRORING

Port Mirroring

You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner.

Command Usage

• Monitor port speed should match or exceed source port speed, otherwise traffic may be dropped from the monitor port.

• All mirror sessions must share the same destination port.

• When mirroring port traffic, the target port must be included in the same VLAN as the source port.

Field Attributes

• Roving Analysis State – Enables / disables port mirroring.

• Analysis Port – The port that mirrors traffic from the source port.

• Monitor Ports – The ports whose traffic will be monitored.

• Monitor Rx – Mirrors receive traffic.

• Monitor Tx – Mirrors transmit traffic.

Web – Click Administrator=>Port Sniffer. Specify the analysis port, the monitor ports and traffic types to mirror, enable the Roving Analysis State, and then click Apply.

3-39

ONFIGURING THE SWITCH

Simple Network Management Protocol

The switch includes an onboard agent that continuously monitors the status of its hardware, as well as the traffic passing through its ports, based on the Simple Network Management Protocol (SNMP). A network management station can access this information using software. Access rights to the onboard agent are controlled by community strings. To communicate with the switch, the management station must first submit a valid community string for authentication. The options for configuring community strings and related trap functions are described in the following sections.

Configuring System Information

Use the SNMP page to identify the system by providing a descriptive name, location, and contact information.

Field Attributes

• Name – Name assigned to the switch system.

• Location – Specifies the system location.

• Contact – Administrator responsible for the system.

Web – Click Administrator and contact information for the system administrator, then click Apply.

SNMP. Specify the system name, location,

Setting Community Access Strings

You may configure up to five community strings authorized for management access. For security reasons, you should consider removing the default strings.

3-40

IMPLE NETWORK MANAGEMENT PROTOCOL

Field Attributes

• Community String – A community string acts as a password and permits access to the SNMP protocol.

• RO – Specifies read-only access. Authorized management stations are only able to retrieve MIB objects.

• RW – Specifies read/write access. Authorized management stations are able to both retrieve and modify MIB objects.

Web – Click Administrator and select the access rights, then click Add.

SNMP. Enter a new string in the text box

Specifying Trap Managers

You can specify up to five management stations that will receive authentication failure messages and other trap messages from the switch.

Field Attributes

• IP Address – IP address of trap manager.

• Community – A community string acts as a password and allows the trap manager to receive trap messages via the SNMP protocol.

Web – Click Administrator string for a trap manager, then click Add.

SNMP. Fill in the IP address and community

3-41

ONFIGURING THE SWITCH

User Authentication

The administrator has write access for parameters governing the onboard agent. You should therefore assign a password as soon as possible, and store it in a safe place. (If your password is lost, reload the system firmware as described in Appendix B.)

The default administrator name is “admin” with the password “admin.” Note that the user name and password controls access to both the Web interface and the console menu.

Field Attributes

• User Name – The name of the user. (Range: 1-8 characters)

• Password – Specifies the user password. (Range: 1-8 characters)

Web – Click Administrator required. Enter the old password, enter the new password, confirm it by entering it again, then click Apply.

Security Manager. Set a new user name if

3-42

IRMWARE AND CONFIGURATION SETTINGS

Firmware and Configuration Settings

Downloading System Software from a Server

You can download firmware from a TFTP server.

Field Attributes

• TFTP Server IP Address – The IP address of a TFTP server.

• Destination File Name – The file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names is 25 characters. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

Web – Click TFTP Update Firmware. Enter the IP address of the TFTP server, enter the file name of the software to download, then click Apply. After downloading the image, click the Update Firmware button.

To start the new firmware, reboot the system.

3-43

ONFIGURING THE SWITCH

Saving or Restoring Configuration Settings

You can upload/download configuration settings to/from a TFTP server. The configuration file can be later downloaded to restore the switch’s settings.

Field Attributes

• TFTP Server IP Address – The IP address of a TFTP server.

• Destination File Name – The configuration file name should not

contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names is 15 characters. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

Web – Click Configuration Backup.

Click TFTP Restore Configuration to restore the configuration settings from a TFTP server, or click TFTP Backup Configuration to copy the current settings to a TFTP server.

Enter the IP address of the TFTP server, enter the file name of the configuration file, then click Apply.

3-44

ESETTING THE SYSTEM

Resetting the System

Web – Click Reset System. Click the Reset button to restore the default

configuration settings.

Note: When restarting the system, it always runs the Power-On Self-Test.

Rebooting the System

Web – Click Reboot. Click the Reboot button to restart the switch.

Note: When restarting the system, it always runs the Power-On Self-Test.

3-45

ONFIGURING THE SWITCH

3-46

HAPTER

ONSOLE INTERFACE

This chapter provides a basic description of the console menus. For a more detailed description about specific features, please refer to the appropriate section in Chapter 3, Configuring the Switch.

Log-in Screen

Once a direct connection to the serial port or a Telnet connection is established, the log-in screen for the onboard configuration program appears as shown below.

Tiger Switch 10/100 6709FL2

username:

password:

If this is your first time to log into the configuration program, then use the default “admin” for both the user name and password. The administrator has read/write access to all configuration parameters and statistics.

You should define a new administrator password, record it and put it in a safe place. Select Switch Static Configuration

Configuration administrator. Note that passwords can consist of up to 15 alphanumeric characters and are not case sensitive.

Change Password, and enter a new password for the

Administration

4-1

ONSOLE INTERFACE

Main Menu

With the system configuration program you can define system parameters, manage and control the switch and all its ports, or monitor network conditions. The screen below of the Main Menu and the following table briefly describe the selections available from this program.

Notes: 1. Options for the currently selected item are displayed in the

highlighted area at the bottom of the interface screen.

2. The console interface will time out and return to the login

screen if no keyboard input is detected after one minute.

Main Menu =========

Status and Counters

Switch Static Configuration

Protocol Related Configuration

Reboot Switch

Logout

4-2

Show the status of the switch. Tab=Next Item BackSpace=Previous Item Enter=Select Item

AIN MENU

The system configuration program is illustrated by the following menu map, and described in the table on the next page.

Status and Counters

Port Status Port Counters System Information

Device Information IP Configuration Change Username Change Password

Switch Static Configuration

Administration Configuration Port/Trunk Configuration Port Mirroring Configuration VLAN Configuration Priority Configuration MAC Address Configuration Misc Configuration

Protocol Related Configuration

STP SNMP GVRP LACP

Reboot Switch

Logout

VLAN Configure Create a VLAN Group Edit/Delete a VLAN Group

Static MAC Address Filtering MAC Address

Port Security MAC Age Interval Broadcast Storm Filtering Bridge Transmit Delay Bound

STP Enable System Configuration Perport Configuration

System Options Community Strings Trap Managers

Aggregator Setting State Activity LACP Status

4-3

ONSOLE INTERFACE

Menu Description Page

Status and Counters Displays connection status and statistics 4-6

Port Status Displays port connection status 4-7

Port Counters Lists Ethernet statistics 4-8

System Information Shows system model number, MAC address,

hardware version, and firmware version

Switch Static Configuration

Administration Configuration

Device Information Provides basic system description, including

IP Configuration Set IP address, subnet mask and gateway 4-13

Change Username Specifies user name for management access 4-14

Change Password Specifies password for management access 4-15

Port/Trunk Configuration

Port Mirroring Configuration

VLAN Configuration Sets VLAN groups and ingress filtering 4-20

VLAN Configure Sets the VLAN Mode; also sets port VID

Create a VLAN Group

Edit/Delete a VLAN Group

Priority Configuration Assigns priority tagged frames to high or low

MAC Address Configuration

Static MAC Addresses

Configures device information, IP address, user name and password

contact information

Configures connection settings including speed, duplex mode, and flow control; also assigns ports to trunks

Sets the source and target ports for mirroring 4-18

and ingress filters for tagged-based VLANs

Configures VLAN groups, including name, identifier, and if limited to a specific protocol

Modifies VLAN groups, including name, identifier, and if limited to a specific protocol; or deletes a specified group

queue; sets the service method to a specified ratio, high before low, or first-in first-out

Configures static addresses and address filtering

Sets entries for address, port number, and VLAN identifier

4-9

4-10

4-11

4-12

4-16

4-21 4-23

4-26

4-28

4-4

AIN MENU

Menu Description Page

Filtering MAC Address

Misc Configuration 4-32

Port Security Enables and disables address learning 4-33

MAC Age Interval Sets the address aging time 4-35

Broadcast Storm Filtering

Max bridge transmit delay bound

Protocol Related Configuration

STP Configures the Spanning Tree Protocol 4-40

STP Enable/Disable Enables/disables Spanning Tree Protocol 4-41

System Configuration Configures global bridge parameters for STP 4-43

Perport Configuration

SNMP Configures SNMP management access 4-47

System Options Provides basic system description, including

Community Strings Configures community strings 4-49

Trap Managers Sets trap management stations 4-50

GVRP Enables/disables automatic VLAN

LACP Configures dynamic trunks; displays status 4-52

Aggregator Setting Configures dynamic trunks 4-53

State Activity Actively or passively configures a trunk 4-55

LACP Status Shows trunks and associated ports, and

Reboot Switch Reboots the switch, or resets to defaults 4-58

Filters specified addresses 4-30

Sets the threshold above which broadcast traffic will be filtered

Sets the maximum overall queue delay, and low-priority queue delay

Configures port-specific parameters for STP 4-45

contact information

registration via GVRP

detailed information for dynamic links

4-36

4-37

4-39

4-48

4-51

4-56

4-5

ONSOLE INTERFACE

Status and Counters Menu

Use the Status and Counters menu to display port status, port statistics, and system information.

Tiger Switch 10/100 6709FL2 : Status and Counters ===========================

Port Status

Port Counters

System Information

Main Menu

Displays current status of all the switch ports. Tab=Next Item BackSpace=Previous Item Enter=Select Item

Menu Description Page

Port Status Displays port connection status 4-7

Port Counters Lists Ethernet statistics 4-8

System Information Shows system model number, MAC address,

hardware version, and firmware version

4-9

4-6

TATUS AND COUNTERS MENU

Displaying Connection Status

Use the Port Status page to display the current connection status, including link state, auto-negotiation, speed/duplex mode, and flow control.

Field Attributes

• Type – Shows port type as:

- 10/100TX 10BASE-T / 100BASE-TX

- 100FX: 100BASE-FX

• Enabled – Shows if the port is enabled or disabled.

• Status – Indicates if the link is Up or Down.

• Mode – Shows the port speed and duplex mode.

• Flow Control – Indicates the type of flow control in use.

Console – Click Status and Counters

Tiger Switch 10/100 6709FL2 : Port Status ===========================

Port Type Enabled Status Mode FlowCtrl

---- -------- ------- ------ --------- --------

1. 10/100TX No Down 100 Full On

2. 10/100TX Yes Up 100 Full Off

3. 10/100TX No Down 100 Full On

4. 10/100TX No Down 100 Full On

5. 10/100TX No Down 100 Full On

6. 10/100TX Yes Up 100 Full Off

7. 10/100TX No Down 100 Full On

8. 10/100TX Yes Up 100 Full Off

9. 100FX No Down 100 Full On

actions-> <Quit> Select the action menu. Tab=NextItem BackSpace=Previous Item Quit=Previous menu Enter=Select Item

Port Status.

4-7

ONSOLE INTERFACE

Showing Port Statistics

Field Attributes

See “Showing Port Statistics” on page 3-12.

Console – Click Status and Counters

Tiger Switch 10/100 6709FL2 : Port Counters ===========================

Port TxGoodPkt TxBadPkt RxGoodPkt RxBadPkt TxAbort Collision DropPkt

----------------------------------------------------------------------------

1. 0 0 0 0 0 0 0

2. 386113 0 481088 0 0 0 0

3. 0 0 0 0 0 0 0

4. 0 0 0 0 0 0 0

5. 0 0 0 0 0 0 0

6. 2527 0 136 0 0 0 0

7. 0 0 0 0 0 0 0

8. 2928 0 136 0 0 0 0

9.0000000

actions-> <Quit> Configure the action menu. Tab=NextItem BackSpace=Previous Item Quit=Previous menu Enter=Select Item

Port Counters.

4-8

TATUS AND COUNTERS MENU

Displaying System Information

Use the System Information page to display basic information on the switch, including hardware/firmware version numbers for the main board and management software.

Field Attributes

• System Description – Switch model number.

• MAC Address – The physical layer address for this switch.

• Firmware Version – Version number of runtime code.

• Hardware Version – Hardware version of the main board.

• Default config value version – Default configuration version.

Console – Click Status and Counters

Tiger Switch 10/100 6709FL2:Management Address Information ===========================

System Description : Tiger Switch 10/100

MAC Address : 0050BF97A4E0

Firmware version : V003.6

Hardware version : A002.000

Default config value version : V026.000

Display the switch system. ESC = Previous menu

System Information.

4-9

ONSOLE INTERFACE

Switch Static Configuration Menu

Use the Switch Static Configuration menu to configure the items listed in

the following table.

Tiger Switch 10/100 6709FL2 : Switch Configuration ===========================

Administration Configuration

Port/Trunk Configuration

Port Mirroring Configuration

VLAN Configuration

Priority Configuration

MAC Address Configuration

Misc Configuration

Main Menu

Configure the system,IP,and password. Tab=Next Item BackSpace=Previous Item Enter=Select Item

Menu Description Page

Administration Configuration

Port/Trunk Configuration

Configures device information, IP address, user name and password

Configures connection settings including speed, duplex mode, and flow control; also assigns ports to trunks

Port Mirroring

Sets the source and target ports for mirroring 4-18

Configuration

VLAN Configuration Sets VLAN groups and ingress filtering 4-20

Priority Configuration Assigns priority tagged frames to high or low

queue; sets the service method to a specified ratio, high before low, or first-in first-out

4-10

4-11

4-16

4-26

WITCH STATIC CONFIGURATION MENU

Menu Description Page

MAC Address Configuration

Configures static addresses and address filtering

Misc Configuration Configures port security, address aging,

broadcast storm control, and maximum queue delay

Administration Configuration Menu

Use the Administration Configuration menu to configure device

information, the switch’s IP address, and user name and password.

Tiger Switch 10/100 6709FL2 : Device Configuration ===========================

Device Information

IP Configuration

Change Username

Change Password

Previous Menu

4-28

4-32

Configure the device information. Tab=Next Item BackSpace=Previous Item Enter=Select Item

Menu Description Page

Device Information Provides basic system description, including

4-12

contact information

IP Configuration Set IP address, subnet mask and gateway 4-13

Change Username Specifies user name for management access 4-14

Change Password Specifies password for management access 4-15

4-11

ONSOLE INTERFACE

Configuring Device Information

Use the Device Information page to identify the system by providing a descriptive name, location, and other information.

Field Attributes

• Device Name – Name assigned to the switch system.

• Device Content – Lists the supported ports or other information.

• Device Location – Specifies the system location.

• Device Description – Descriptive information about the system.

Console – Click Switch Static Configuration Configuration

Device Information. Specify the system name, location,

Administration

and other information, and save your changes.

Tiger Switch 10/100 6709FL2 : Device Information ===========================

Device Name : Tiger Switch 10/100

Device Content : 8 + 1FX PORTS

Device Location : EARTH

Device Description : 8TP + 100FX Intelligent Switch

actions-> <Edit> <Save> <Quit> Select the action menu. Tab=Next Item BackSpace=Previous Item Quit=Previous Menu Enter=Select Item

Note: Maximum string length is 32 alphanumeric characters.

4-12

WITCH STATIC CONFIGURATION MENU

Configuring the IP Address

Use the IP Configuration page to configure the switch’s IP parameters.

Field Attributes

• IP Address – IP address of the switch. Valid IP addresses consist of four numbers, 0 and 255, separated by periods. Anything outside this format will not be accepted by the configuration program.

• Subnet Mask – Subnet mask of the switch. This mask identifies the host address bits used for routing to specific subnets.

• Gateway – Gateway used to pass trap messages from the system’s agent to the management station. Note that the gateway must be defined if the management station is located in a different IP segment.

Console – Click Switch Static Configuration Configuration

IP Configuration. Specify the IP address and other

Administration

parameters. Save your changes, and then reboot the switch to enable the new settings.

Tiger Switch 10/100 6709FL2 : IP Configuration ===========================

IP Address : 192.168.16.1

Subnet Mask : 255.255.255.0

Gateway : 192.168.16.254

actions-> <Edit> <Save> <Quit> Select the action menu. Tab=Next Item BackSpace=Previous Item Quit=Previous Menu Enter=Select Item

4-13

ONSOLE INTERFACE

Configuring the User Name

Use the Change Username page to change the user name used to authenticate management access.

The default administrator name is “admin.” Note that the user name and password control access to both the Web interface and the console menu.

Console – Click Switch Static Configuration Configuration

Tiger Switch 10/100 6709FL2 : UserName Configuration. ===========================

UserName : admin

actions-> <Edit> <Save> <Quit> Select the action menu. Tab=Next Item BackSpace=Previous Item Quit=Previous Menu Enter=Select Item

Change Username. Set a new user name, and save it.

Administration

Note: Maximum string length is 8 alphanumeric characters.

4-14

WITCH STATIC CONFIGURATION MENU

Configuring the Password

Use the Change Password page to change the password used to authenticate management access.

The default administrator password is “admin.” Note that the user name and password control access to both the Web interface and the console menu.

Console – Click Switch Static Configuration Configuration

Change Password. Enter the old password, enter the new

Administration

password, confirm it by entering it again. Press the <Enter> key to save it.

Tiger Switch 10/100 6709FL2 : Password Configuration ===========================

Old Password:*****

new password:*****

enter again :*****

password changed successfully!press any key to return! Esc=Previous menu

Note: Maximum string length is 8 alphanumeric characters.

4-15

ONSOLE INTERFACE

Configuring Interface Connections

Use the Port/Trunk Configuration page to enable/disable an interface, set auto-negotiation, or manually set the speed and duplex mode, and flow control parameters.

Field Attributes

• Type – Shows port type (page 4-7).

• Enabled – Allows you to manually disable an interface. You can disable

an interface due to abnormal behavior (e.g., excessive collisions), and then reenable it after the problem has been resolved. You may also disable an interface for security reasons.

• Auto Negotiate – Enables/disables auto-negotiation.

• Speed/Duplex Config – Manually sets port speed and duplex mode.

• Flow Control – Allows automatic or manual selection of flow control.

• Group – Assigns a port to a trunk group. (Range: 1-4)

To set a trunk as a dynamic link, use the LACP menu (page 4-52).

Note: Auto-negotiation must be disabled before you can manually force

a port to use the speed/duplex mode or flow control options.

4-16

WITCH STATIC CONFIGURATION MENU

Console – Click Switch Static Configuration=>Port/Trunk Configuration. Modify the required interface settings, and save your settings.

Tiger Switch 10/100 6709FL2 : Port Configuration ===========================

Port Type Enabled Auto Speed/Duplex Flow Group Negotiate Config Control

----------------------------------------------------------------------------

1. 10/100TX Yes Enabled 100 Full On

2. 10/100TX Yes Enabled 100 Full On

3. 10/100TX Yes Enabled 100 Full On

4. 10/100TX Yes Enabled 100 Full On

5. 10/100TX Yes Enabled 100 Full On

6. 10/100TX Yes Enabled 100 Full On

7. 10/100TX Yes Enabled 100 Full On

8. 10/100TX Yes Enabled 100 Full On

9. 100FX Yes Disabled 100 Full On

actions-> <Quit> <Edit> <Save> Configure the port group status. Tab=Next Item BackSpace=Previous Item Quit=Previous Menu Enter=Select Item

4-17

ONSOLE INTERFACE

Configuring Port Mirroring

Command Usage

• Monitor port speed should match or exceed source port speed, otherwise traffic may be dropped from the monitor port.

• All mirror sessions must share the same destination port.

• When mirroring port traffic, the target port must be included in the same VLAN as the source port.

4-18

WITCH STATIC CONFIGURATION MENU

Field Attributes

• Monitoring enable – Enables/disables port mirroring.

• Monitoring Port – The port that mirrors traffic from the source port.

• Monitored Ports – The ports whose traffic will be monitored.

• Type – Shows port type (page 4-7).

• Action – Mirrors specified traffic. (Range: RX, TX, Both, none)

Console – Click Switch Static Configuration

Port Mirroring Configuration. Enable monitoring, specify the monitoring (or analysis) port, the monitor ports and traffic types to mirror, then save your settings.

Tiger Switch 10/100 6709FL2 : Port Monitoring Configuration ===========================

Monitoring enable :YES

Monitoring Port :5 Monitored Port :

Port Type Action

------------------------------------------

1. 10/100TX

2. 10/100TX

3. 10/100TX

4. 10/100TX

5. 10/100TX

7. 10/100TX RX Trk1. 10/100TX

actions-> <Quit> <Edit> <Save> Save successfully!Press any key to return! Tab=Next Item BackSpace=Previous Item Quit=Previous Menu Enter=Select Item

4-19

ONSOLE INTERFACE

VLAN Configuration Menu

Use the VLAN Configuration menu to specify the VLAN type used on this switch, configure VLAN groups, or set the default VLAN identifier

and ingress filtering for each port.

Tiger Switch 10/100 6709FL2 : VLAN Configuration ===========================

VLAN Configure

Create a VLAN Group

Edit/Delete a VLAN Group

Previous Menu

Configure the VLAN PVID and Ingress Rule. Tab=Next Item BackSpace=Previous Item Quit=Previous Menu Enter=Select Item

Menu Description Page

VLAN Configure Sets port VID and ingress filters 4-21

Create a VLAN Group Configures VLAN groups, including name,

identifier, and if limited to a specific protocol

Edit/Delete a VLAN Group

Modifies VLAN groups, including name, identifier, and if limited to a specific protocol; or deletes a specified group

4-20

4-23

4-21 4-23

WITCH STATIC CONFIGURATION MENU

Configuring Port-based VLANs

Use the VLAN Configuration menu to create port-based VLANs.

Console – Click Switch Static Configuration

VLAN Configuration=> VLAN Configure. Set VLAN Mode to “PortBased,” and save this setting.

Tiger Switch 10/100 6709FL2 : VLAN Support Configuraton ============================

VLAN Mode :PortBased

actions-> <Quit> <Edit> <Save> Select the Action menu. Tab=Next Item BackSpace=Previous Item Quit=Previous Menu Enter=Select Item

Click Switch Static Configuration

VLAN Configuration=>Create a VLAN Group. Enter the VLAN Name (1-15 characters) and Group ID (1-4094). Use the Space bar to select port members, and save your settings.

4-21

ONSOLE INTERFACE

Add a VLAN Group

--------------------------

VLAN Name: [TPS ] Grp ID: [2 ](1~4094)

Port Member

------------------------

1. No

2. No

3. Member

4. Member

5. Member

6. No

7. No

8. No

actions-> <Quit> <Edit> <Save> Select the Action menu. Tab=Next Item BackSpace=Previous Item Quit=Previous Menu Enter=Select Item

9. No

4-22

WITCH STATIC CONFIGURATION MENU

Configuring Tag-based VLANs

Use the VLAN Configuration menu to create tag-based VLANs.

Field Attributes

When the VLAN mode is set “802.1Q” or “802.1QwithGVRP” (on the VLAN Configure page), the following attributes are displayed.

• PVID – VLAN ID assigned to untagged frames received on the port.

(Default: 1)

• Ingress Filter 1 (NonMember Pkt) – If ingress filtering is enabled,

incoming frames for VLANs which do not include this ingress port in their member set will be discarded at the ingress port. (Default: Drop)

- Ingress filtering only affects tagged frames.

- If enabled, the port will discard incoming frames tagged for VLANs which do not include this ingress port in their member set.

- If disabled, the port will accept any VLAN-tagged frame if the tag matches a VLAN known to the switch.

- Ingress filtering does not affect VLAN independent BPDU frames, such as GVRP or STP.

• Ingress Filter 2 (Untagged Pkt) – Sets the port to drop untagged

frames. If only tagged frames are accepted, the switch will only accept frames if the frame tag matches a VLAN to which this port has been assigned. (Default: Forward)

4-23

ONSOLE INTERFACE

Console – Click Switch Static Configuration=>VLAN Configuration=> VLAN Configure. Set VLAN Mode to “802.1Q” or “802.1QwithGVRP.” Set the PVID and Ingress Filtering rules, and save your settings.

Tiger Switch 10/100 6709FL2 : VLAN Support Configuraton ===========================

VLAN Mode :802.1Q

IngressFilter1 IngressFilter2 Port PVID NonMember Pkt Untagged Pkt

-------------------------------------------------------

1. 1 Enable Disable

actions-> <Quit> <Edit> <Save> Select the Action menu. Tab=Next Item BackSpace=Previous Item Quit=Previous Menu Enter=Select Item

2. 1 Enable Disable

3. 1 Enable Disable

4. 1 Enable Disable

5. 1 Enable Disable

6. 1 Enable Disable

7. 1 Enable Disable

8. 1 Enable Disable

9. 1 Enable Disable

Click Switch Static Configuration

VLAN Configuration=>Create a VLAN Group. Enter the VLAN Name (1-15 characters) and Group ID (2-4094). Select a protocol type if you want to create a protocol based VLAN. Use the Space bar to set each port to transmit tagged or untagged frames, then save your settings.

4-24

WITCH STATIC CONFIGURATION MENU

Add a VLAN Group

--------------------------

VLAN Name: [TPS ] VLAN ID: [2 ](1~4094)

Protocol VLAN : None

Port Member

------------------------

1. No

2. No

3. Tagged

4. UnTagged

5. UnTagged

6. No

7. No

8. No

actions-> <Quit> <Edit> <Save> Select the Action menu. Tab=Next Item BackSpace=Previous Item Quit=Previous Menu Enter=Select Item

9. No

4-25

ONSOLE INTERFACE

Configuring Queue Priorities

Use the Priority Configuration page to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch has two priority queues for each port. Data packets in a port’s high-priority queue is transmitted before those in the lower-priority queue.

You can map the frame priority tags (i.e., 0 - 7) to the high or low priority queues, and also set the method used to process priority traffic (i.e., first-in first-out, all high before low, or weighted round-robin).

Field Attributes

• Queue Assignment – The default priority levels are assigned

according to recommendations in the IEEE 802.1p standard. However, you can map the priority levels to the switch’s output queues in any way that benefits application traffic for your own network. (Range: Low, High; Default: Low - Priority Tags 0-3, High - Priority Tags 4-7)

• High/Low Queue Service Ratio (H:L)

- #:# (Weighted Round Robin) – Sets the preference given to packets

in the high-priority queue. This specifies the number of high-priority packets sent before one low-priority packet is sent. You can set this field to 1:1 to disable priority service. (Range: 1:1 - 7:1; Default: 2)

- FIFO (First Come First Served) – Packets are processed first-in

first-out.

- H->L (All High before Low) – All packets in the high-priority queue

are processed before any packets in the low-priority queue.

4-26

WITCH STATIC CONFIGURATION MENU

Console – Click Switch Static Configuration=>Priority Configuration. Assign frames tagged with priority 0-7 to the low or high priority queue. Set the method of servicing the priority queues, and save your settings.

Tiger Switch 10/100 6709FL2 : Priority Configuration ===========================

Priority 0 : Low Priority 1 : Low Priority 2 : Low Priority 3 : Low Priority 4 : High Priority 5 : High Priority 6 : High Priority 7 : High

High/Low Queue Service Ratio H:L :[2:1 ]

actions-> <Edit> <Save> <Quit> Select the action menu. Tab=Next Item BackSpace=Previous Item Quit=Previous Menu Enter=Select Item

4-27

ONSOLE INTERFACE

MAC Address Configuration Menu

Use the MAC Address Configuration menu to statically bind MAC

addresses to a specific port or to filter MAC addresses from the system.

Tiger Switch 10/100 6709FL2 : MAC Address Configuration ===========================

Static MAC Address

Filtering MAC Address

Previous Menu

Return to main menu. Tab=Next Item BackSpace=Previous Item Enter=Select Item

Menu Description Page

Static MAC Addresses Sets entries for address, port number, and

VLAN identifier

Filtering MAC Address Filters specified addresses 4-30

4-28

Note: Multicast filtering can only be configured from the Web interface.

(See “Configuring Multicast Filtering” on page 3-21.)

Setting Static Addresses

When you configure static MAC addresses, traffic sent from devices listed in the static address table will only be accepted on the specified interface. Static addresses remain in the switch’s address table, regardless of whether the device is physically connected to the switch. This saves the switch from having to re-learn a device’s MAC address when the disconnected or powered-off device becomes active on the network again.

4-28

WITCH STATIC CONFIGURATION MENU

Field Attributes

• MAC Address – Physical address of a device mapped to this interface.

• Port Num – Port associated with the device assigned a static address.

•Vlan ID – ID of configured VLAN (1-4094). This option is only

available if IEEE 802.1Q tagged VLANs are enabled (page 4-23).

Console – Click Switch Static Configuration Configuration

Static MAC Address. Click <Add> to open the Add Static

MAC Address

MAC Address page. Specify the MAC address, port number, and VLAN ID, then save your settings.

Tiger Switch 10/100 6709FL2 : Add Static MAC Address ===========================

Mac Address :0030299434DE

Port num :2

Vlan ID :1

actions-> <Edit> <Save> <Quit> Save successfully!Press any key to return! Tab=Next Item BackSpace=Previous Item Quit=Previous Menu Enter=Select Item

After you configure a new address, it will be displayed on the Static MAC Address Configuration page as shown below.

4-29

ONSOLE INTERFACE

Tiger Switch 10/100 6709FL2 : Static MAC Address Configuration ===========================

Mac Address Port num Vlan ID Mac Address Port num Vlan ID

------------------------------- ------------------------------ 0030299434DE 2 1

actions-> <Add> <Edit> <Delete> <Save> <Quit> Add/Edit/Delete static MAC addresses. Tab=Next Item BackSpace=Previous Item Quit=Previous Menu Enter=Select Item

Configuring Address Filtering

Use the Filtering MAC Address page to drop traffic from unwanted stations based on the source MAC address (and associated VLAN if tagged VLANs are enabled).

Field Attributes

• MAC Address – Source MAC address.

•Vlan ID – ID of configured VLAN (1-4094). This option is only

available if IEEE 802.1Q tagged VLANs are enabled (page 4-23).

Console – Click Switch Static Configuration Configuration

Filtering MAC Address. Click <Add> to open the Add

MAC Address

Filter MAC Address page. Enter a MAC address and associated VLAN, then save your settings.

4-30

WITCH STATIC CONFIGURATION MENU

Tiger Switch 10/100 6709FL2 : Add Filter MAC Address ===========================

Mac Address :00E0299434DE

Vlan ID :2

actions-> <Edit> <Save> <Quit> Save successfully!Press any key to return! Tab=Next Item BackSpace=Previous Item Quit=Previous Menu Enter=Select Item

After you configure a new address, it will be displayed on the Filter MAC Address Configuration page as shown below.

Tiger Switch 10/100 6709FL2 : Filter MAC Address Configuration ===========================

Mac Address Vlan ID Mac Address Vlan ID

------------------------------- ------------------------------ 00E0299434DE 2

actions-> <Add> <Edit> <Delete> <Save> <Quit> Add/Edit/Delete filter MAC addresses. Tab=Next Item BackSpace=Previous Item Quit=Previous Menu Enter=Select Item

4-31

ONSOLE INTERFACE

Miscellaneous Configuration Menu

Use the Misc Configuration menu to configure the features listed in the

following table.

Tiger Switch 10/100 6709FL2 : Misc Configuration ===========================

Port Security

MAC Age Interval

Broadcast Storm Filtering

Bridge Transmit Delay Bound

Previous Menu

Configurate the port security. Tab=Next Item BackSpace=Previous Item Enter=Select Item

Menu Description Page

Port Security Enables and disables address learning 4-33

MAC Age Interval Sets the address aging time 4-35

Broadcast Storm Filtering Sets the threshold above which broadcast

traffic will be filtered

Max bridge transmit delay bound

Sets the maximum overall queue delay, and low-priority queue delay

4-36

4-37

4-32

Smc 6709FL2 Management Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Key Features

Description of Software Features

System Defaults

Connecting to the Switch

Configuration Options

Required Connections

Remote Connections

Basic Configuration

Console Connection

Setting Passwords

Setting an IP Address

Enabling SNMP Management Access

Community Strings

Using the Web Interface

Navigating the Web Browser Interface

Home Page

Configuration Options

Panel Display

Main Menu

Basic System Information

Global Switch Settings

Class of Service Configuration

Console Port Settings

Port Configuration

Displaying Connection Status

Configuring Interface Connections

Showing Port Statistics

Trunk Configuration

Configuring Static Trunks

Configuring Dynamic Trunks

Aggregator Setting

Aggregator Information

State Activity

Forwarding and Filtering

Configuring Multicast Filtering

Setting Static Addresses

Configuring Port Security

Configuring Address Filtering

VLAN Configuration

Overview

Port-based VLANs

Tag-based VLANs

Creating Tagged VLANs

Configuring the PVID and Ingress Filters

Spanning Tree Protocol Configuration

Enabling STP

Configuring Global STP Settings

Displaying Information About the Root Bridge

Configuring Port STP Settings

Displaying Port Status for STP

Port Mirroring

Simple Network Management Protocol

Configuring System Information

Setting Community Access Strings

Specifying Trap Managers

User Authentication

Firmware and Configuration Settings

Downloading System Software from a Server

Saving or Restoring Configuration Settings

Resetting the System

Rebooting the System

Log-in Screen

Main Menu

Status and Counters Menu

Displaying Connection Status

Showing Port Statistics

Displaying System Information

Switch Static Configuration Menu

Administration Configuration Menu

Configuring Interface Connections

Configuring Port Mirroring

VLAN Configuration Menu

Configuring Queue Priorities

MAC Address Configuration Menu

Miscellaneous Configuration Menu