Smc 9712G Software Configuraton Guide

Download

TigerChassis 10/100/1000

14-Slot Multilayer Chassis Switch

◆ IP routing with RIP and OSPF support

◆ Optional blades include 10BASE-T/100BASE-TX, 100BASE-FX,

1000BASE-SX/LX, 10/100/1000BASE-T, GBIC

◆ 12 slots available for media expansion

◆ 24 Gbps switch fabric for non-blocking switching performance

◆ Security features to prevent intruder access and ensure a safe network

environment

◆ Full support for IEEE 802.1Q VLANs with GVRP

◆ QoS support for IEEE 802.1p priority

◆ IGMP and DVMRP multicast support

◆ Optional redundant power, fan, and switch fabric failover support

◆ Manageable via console, web, SNMP/RMON

◆ Supports CIDR, multinetting

Software Configuraton Guide

SMC9712G

TigerChassis 10/100/1000 Key Information Guide

From SMC’s Tiger line of feature-rich workgroup LAN solutions

38 Tesla Irvine, CA 92618 Phone: (949) 679-8000

February 2002

Pub. # 150200009100A R01

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice.

SMC Networks, Inc.

38 Tesla

Irvine, CA 92618

Trademarks:

SMC is a registered trademark; and TigerChassis is a trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.

IMITED

Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term. SMC will endeavor to repair or replace any product returned under warranty within 30 days of receipt of the product.

The standard limited warranty can be upgraded to a Limited Lifetime* warranty by registering new products within 30 days of purchase from SMC or its Authorized Reseller. Registration can be accomplished via the enclosed product registration card or online via the SMC web site. Failure to register will not affect the standard limited warranty. The Limited Lifetime warranty covers a product during the Life of that Product, which is defined as the period of time during which the product is an “Active” SMC product. A product is considered to be “Active” while it is listed on the current SMC price list. As new technologies emerge, older technologies become obsolete and SMC will, at its discretion, replace an older product in its product line with one that incorporates these newer technologies. At that point, the obsolete product is discontinued and is no longer an “Active” SMC product. A list of discontinued products with their respective dates of discontinuance can be found at:

http://www.smc.com/index.cfm?action=customer_service_warranty.

All products that are replaced become the property of SMC. Replacement products may be either new or reconditioned. Any replaced or repaired product carries either a 30-day limited warranty or the remainder of the initial warranty, whichever is longer. SMC is not responsible for any custom software or firmware, configuration information, or memory data of Customer contained in, stored on, or integrated with any products returned to SMC pursuant to any warranty. Products returned to SMC should have any customer-installed accessory or add-on components, such as expansion modules, removed prior to returning the product for replacement. SMC is not responsible for these items if they are returned with the product.

Customers must contact SMC for a Return Material Authorization number prior to returning any product to SMC. Proof of purchase may be required. Any product returned to SMC without a valid Return Material Authorization (RMA) number clearly marked on the outside of the package will be returned to customers at customer’s expense. For warranty claims within North America, please call our toll-free customer support number at (800) 762-4968. Customers are responsible for all shipping charges from their facility to SMC. SMC is responsible for return shipping charges from SMC to customer.

WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY CUSTOMER’S OR ANY THIRD PERSON’S MISUSE, NEGLECT, IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.

LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT OR TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE, INSTALLATION,

ARRANTY

IMITED WARRANTY

MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.

* SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase.

SMC Networks, Inc.

38 Tesla

Irvine, CA 92618

CONTENTS

ABOUT THIS GUIDE

Audience 15 Scope of this Guide 15 Using This Book 15

Finding Information 16 Command Information 17 Conventions 18 Switch SMC9712G Documentation 19

1 DEFAULT SOFTWARE CONFIGURATION

What is Management Software? 21 Summary of Software Features 22 Software Features Explained 23

Duplex Modes 23

Flow Control 23

Traffic Prioritization 23

Security 24

Aggregate Links 24

Broadcast Storm Control 25

Virtual LANs 25

Spanning Tree Protocol 25

IGMP Snooping 25

ARP and Proxy ARP 26

Routing Protocols 26

RMON 26

Roving Analysis 26

Management 27 Default Settings 28

2 PREPARING FOR SYSTEM MANAGEMENT

Methods of Managing a Switch 30 Web Interface Management 30

Accessing the Web Interface 31 CLI Management 32

Accessing the CLI 32

Accessing the CLI through the Console Port 32 Accessing the CLI Over the Network via Direct Telnet 33

Accessing the CLI Over the Network via Indirect Telnet 33 SNMP-Based Network Management 33 Connecting to the System 35

Quick Configuration Reference 35 Saving Configuration Values 35 Initial Access 35 Logging into the System 36 Terminating a Connection 36 Configuring User Names, Passwords and Community Strings 36

Configuring User Logins 37

Determining IP Information 38

Which IP Addresses to Use in Your Network 38

Subnet Masks 38

Default Gateway Router 39

Configuring IP Settings 39

Manual Configuration 39

Automatic Configuration 40

Configuring Access for SNMP Management 40

Using the Web Interface 41

Browser and Platform Requirements 41

Color Recommendations 41

Browser Support 41

Embedded Web Management Applications 42 Interface Description 42 Device View Tab 43

Using Configuration Wizards 44

Using the Device Image 45

Help View Tab 46

Using the Administration Console 47

Administration Console Menus 47 Using Menus to Perform Tasks 48

Selecting Menu Options 48

Navigating Through the Menus 49

Entering a Command String 49

Entering Abbreviated Commands 49

Recommendations for Entering Commands 49

Understanding the Values Presented 50

Including Values in Command Strings 50

Keystroke Functions 50

3 SYSTEM MANAGEMENT FEATURES

Basic Configuration Procedure 52

Configure the Management Module 52 Configure Each Interface Module 52

Setting Baselines 53

Important Considerations 53

Roving Analysis 54

Key Guidelines for Implementation 54 feature rovingAnalysis summary 55 feature rovingAnalysis add 56 feature rovingAnalysis remove 57 feature rovingAnalysis start 57 feature rovingAnalysis stop 58

Security Options 58

system management password 58 security device user summary 59 security device user create 59 security device user modify 59 security device user delete 60 security device access summary 60 security device access modify 60 system management remoteAccess 61 security network access portSecurity 61

Ping 63

protocol ip ping 63

Ping Responses 63

Strategies for Using Ping 63 Upgrading System Software 63 Resetting System Components 64

Reboot the System 64 Reset to Factory Defaults 64 Reset IP Information to Factory Defaults 64

Remote Monitoring (RMON) 65

Overview of RMON 65 RMON Benefits 65 RMON in Your System 66 Supported RMON-1 Groups 66

Statistics Group 66

History Groups 67

Alarm Group 67

Event Group 69

RMON-2 Groups 69

Simple Network Management Protocol (SNMP) 69

Manager/Agent Operation 69 SNMP Messages 70 Trap Reporting 70

Administering SNMP Trap Reporting 70

Supported Trap Reports 71

Interpreting NMM Trap Messages 71 CLI Command List 72

4 ETHERNET PORTS

Ethernet Overview 78

Features 78

Benefits 79

Link Bandwidths 79 Link Availability 79 Other Benefits 79

Key Concepts 80

Ethernet Packet Processing 81

Key Guidelines for Implementation 82

Link Bandwidths 82 Trun ks 82

Administering Ethernet Ports 83

physicalInterface ethernet summary 83 physicalInterface ethernet detail 85 physicalInterface ethernet portState 87 physicalInterface ethernet autoNegotiation 88 physicalInterface ethernet portMode 90 physicalInterface ethernet flowControl 91 physicalInterface ethernet portCapabilities 92

Standards, Protocols, and Related Reading 93

Ethernet Protocol 93 Media Specifications 93 Related Reading 94

5 LINK AGGREGATION

Link Aggregation Overview 96

Features 96 Benefits 96 Key Concepts 96

Port Numbering in a Trunk 96

Key Guidelines for Implementation 98

General Guidelines 98 Trunk Capacity Guidelines 99

Administering Aggregate Links 100

bridge linkAggregation summary 100 bridge linkAggregation detail 101 bridge linkAggregation modify addPort 102 bridge linkAggregation modify removePort 103 bridge linkAggregation modify linkState 104

Standards, Protocols, and Related Reading 104

6 BRIDGING

Bridging Overview 106

Benefits 106

Key Bridging Concepts 107

Learning Addresses 107 Aging Addresses 107 Forwarding, Filtering, and Flooding 108

Loop Detection and Network Resiliency 108 Bridging Implementation Summary 109 Key Guidelines for Implementation 110

Physical Ports and Bridge Ports 110

Option For Fast Aging 110

If You Want To Use STP 110

Port Forwarding Behavior 110

STP Compatible with Trunking 110

Bridge Ports and Trunks 110

Broadcast Limits and Trunks 110 Displaying the Current Configuration 111

bridge summary 111

bridge port summary 113

bridge port detail 114 STP Overview 115

STP Algorithm 115

Bridge Hierarchy 115

Reconfiguring the Bridged Network Topology 116

Resulting Actions 116 Actions That Result from CBPDU Information 117

Spanning Tree Port States 118 STP Bridge and Port Parameters 119

Bridge-wide STP Parameters 119

Bridge-Wide STP State 119 Bridge Priority 119 Bridge Maximum Age 119 Bridge Hello Time 120 Bridge Forward Delay 120

Bridge Port STP Parameters 120

Port Path Cost 120 Port Fast Start 121

Configuring STP 121

bridge spanningTree stpState 121

bridge spanningTree stpPriority 122

bridge spanningTree stpMaxAge 123

bridge spanningTree stpHelloTime 124

bridge spanningTree stpForwardDelay 125

bridge port stpCost 126

bridge port stpFastStart 127 MAC Address Table Design 128

Address Space 128

Important Considerations 128 Address Aging 129

Address Table Dependencies 129

Normal Aging Process 129

If the STP State is Enabled 129

STP Topology Change 130 Port Down Events 130

If the STP State is Disabled 130 Important Considerations 130

Administering the Address Database 132

bridge addressDatabase summary 132 bridge addressDatabase add 133 bridge addressDatabase remove 134 bridge addressDatabase find 134 bridge addressDatabase agingTime 135 bridge addressDatabase flushDynamic 136 bridge addressDatabase flushAll 136

Setting Broadcast Limits 137

bridge broadcastStormControl 137

Standards, Protocols, and Related Reading 138

7 VIRTUAL LANS

VLAN Overview 140

Need for VLANs 140 Benefits 141 Features 141

Key Concepts 142

Related Standards and Protocols 142 Tagging Types 142 VLAN IDs 143 Independent VLAN Learning 143 Terminology 143

Key Guidelines for Implementation 144

Design Guidelines 144 Procedural Guidelines 144 General Guidelines 144

Port-based VLANs 145

The Default VLAN 145

Modifying the Default VLAN 145 Trunking and the Default VLAN 146

User-Configured Port-based VLANs 147

Important Considerations 147 Example 1: A Single VLAN Configuration 148 Example 2: Two VLANs with Untagged Ports 149 Example 3: VLANs with Tagged Ports 150

Rules of VLAN Operation 152

Ingress Rules 152 Egress Rules 154

Standard Bridging Rules for Outgoing Frames 154 Tag Status Rules 154

Examples of Flooding and Forwarding Decisions 154

Example 1: Flooding Decisions for VLANs 154 Example 2: VLAN Exception Flooding 155

Modifying and Removing VLANs 155

Configuring VLANs 156

bridge vlan summary 156

bridge vlan detail 157

bridge vlan create 158

bridge vlan modify addPort 159

bridge vlan modify removePort 160

bridge vlan modify name 160

bridge vlan delete 161 Standards, Protocols, and Related Reading 161

8 MULTICAST FILTERING

IP Multicast Overview 164

Unicast Model 164

Broadcast Model 164

Multicast Model 164

Benefits of IP Multicast 164 How a Network Supports IP Multicast 165

IP Multicast Routing 165

Supporting Protocols in Your Switch 165

IP Multicast Filtering 166

Supporting Protocols in Your Switch 166

Key Concepts 167

Traffic Movement 167

IP Multicast Groups 167

Source-Group Pairs 167

Multicast Addresses 167

Registered Groups 167 Reserved MAC Addresses 168

How IGMP Supports IP Multicast 169

Electing the Querier 169

Query Messages 169

Host Messages 169

Response to Queries 169 Join Message 169 Leave-Group Messages 169

Role of IGMP in IP Multicast Filtering 170 Key Guidelines for Implementation 170

Configuration Procedure 170

Impact of IEEE 802.1Q on Multicasts 170 Configuring IGMP Snooping 171

bridge multicastFilter igmp snoopMode 171 Configuring Multicast Router Ports 172

bridge multicastFilter routerPort summary 172

bridge multicastFilter routerPort autoDiscovery 173

bridge multicastFilter routerPort addPort 173

bridge multicastFilter routerPort removePort 174 Standards, Protocols, and Related Reading 174

9 PRIORITY QUEUEING

Overview 176 Key Concepts 177

Basic Elements of the Standard 177 Format of Prioritized Packets 177 Queues and Priority Levels 178

QoS in Your System 178

QoS Architecture 178

Important Considerations 179

Handling Tagged and Untagged Packets 179

Configuring QoS 180

trafficManagement qos modify 180 bridge port defaultPriority 181

Standards, Protocols, and Related Reading 181

10 IP ROUTING

Routing Overview 184

Routing in a Subnetworked Environment 185 Integrating Bridging and Routing 186 Bridging and Routing Models 186 SMC Bridging and Routing 187 IP Routing Overview 189 Features and Benefits 189

Key Concepts 190

Multiple IP Interfaces per VLAN 190 Media Access Control (MAC) Address 190 Network-Layer Address 190 IP Addresses 191

Dotted Decimal Notation 191 Network Portion 191 Subnetwork Portion 192 Subnet Mask Numbering 193

Variable Length Subnet Masks (VLSMs) 194

How VLSMs Work 194 Guidelines for Using VLSMs 194

Supernetting 195

Step 1 - Select a netmask for each supernet 195 Step 2 - Select a range of addresses for each supernet 196

Supernet Example 197 Router Interfaces 198 Routing Table 198

Default Route 199

VLAN-based Routing 200 Key Guidelines for Implementing IP Routing 200

Configure Trunks (Optional) 200 Configure IP VLANs 200 Establish IP Interfaces 201

Interface Parameters 201 Important Consideration 201 Defining an IP Interface 201

Administering IP Routing 202

Configuring IP Interfaces 203

protocol ip interface summary 203 protocol ip interface create 205 protocol ip interface modify 206 protocol ip interface delete 207

Configuring Static Routes 208

protocol ip route summary 208 protocol ip route add 209 protocol ip route findRoute 210

Important Considerations 210 protocol ip route remove 211 protocol ip route flush 211 protocol ip route default 212 protocol ip route noDefault 212

Address Resolution Protocol (ARP) 213 Configuring the ARP Cache 215

protocol ip arp display 215 protocol ip arp static 216 protocol ip arp remove 217 protocol ip arp flush 217 protocol ip arp flushDynamic 218 protocol ip arp flushFFT 218 protocol ip arp age 219 protocol ip arp statistics 220

ARP Proxy 221

Example 221 protocol ip interface arpproxy 222

Internet Control Message Protocol (ICMP) 223

ICMP Redirect 224

Important Considerations 224

Routing Information Protocol (RIP) 225

Basic RIP Parameters 225

Router Mode 225

Cost 225

Update Time 226

Send and Receive Modes 226

Poison Reverse 226

Advertisement Address 227 RIP-1 Versus RIP-2 227

Important Considerations 227

Configuring RIP 228

protocol ip rip summary 228 protocol ip rip mode 229 protocol ip rip cost 229

Options 229 protocol ip rip sendMode 230 protocol ip rip receiveMode 231 protocol ip rip updateTime 231 protocol ip rip poisonReverse 232 protocol ip rip authenticationMode 233 protocol ip rip statistics 234 protocol ip rip neighbors 234

Domain Name System (DNS) 235

Important Considerations 235

Standards, Protocols, and Related Reading 236

Requests For Comments (RFCs) 236 Standards Organizations 236

11 OSPF ROUTING

OSPF Overview 238

Features 238 Benefits 239

Key Concepts 241

Autonomous Systems 241 Areas 241 Neighbors and Adjacency 241 Router Types 241

Router IDs 242 Protocol Packets 242 How OSPF Routing Works 243

Starting Up 243

Finding Neighbors 243

Establishing Adjacencies 243

Electing the Backup Designated Router 243

Electing the Designated Router 243

Calculating Shortest Path Trees 244

Routing Packets 244

Key Guidelines for Implementing OSPF 245 Autonomous System Boundary Routers 246

Configuring an ASBR 246

Areas 247

Types of Areas 247 Area Border Routers 249 Routing Databases 249 Configuring Route Summarization in ABRs 249 Important Considerations 250

OSPF Interfaces 251

Mode 252 Priority 252

Using Priority to Select a Designated Router 252 Area ID 253

Cost 253

Specifying Cost Metrics for Preferred Paths 253 Delay 254 Hello Interval 254 Retransmit Interval 254 Dead Interval 255 Password 255 Statistics 255 Important Considerations 255

Link State Databases 257

Router Link State Advertisements 257 Network Link State Advertisements 258 Summary Link State Advertisements 258 External Link State Advertisements 259 Important Considerations 260

Neighbors 260

Neighbor Information 260 Static Neighbors 262 Important Considerations 262

Router IDs 263

Important Considerations 263

Stub Default Metrics 264

Important Considerations 264

Virtual Links 265

Important Considerations 266

OSPF Statistics 266 Configuring OSPF 267

protocol ip ospf areas display 267 protocol ip ospf areas defineArea 267 protocol ip ospf areas modifyArea 268 protocol ip ospf areas removeArea 268 protocol ip ospf areas addRange 268 protocol ip ospf areas modifyRange 269 protocol ip ospf areas removeRange 269 protocol ip ospf interface summary 270 protocol ip ospf interface detail 271 protocol ip ospf interface statistics 272 protocol ip ospf interface mode 274 protocol ip ospf interface priority 275 protocol ip ospf interface areaID 275 protocol ip ospf interface cost 276 protocol ip ospf interface delay 276 protocol ip ospf interface hello 277 protocol ip ospf interface retransmit 277 protocol ip ospf interface dead 278 protocol ip ospf interface password 278 protocol ip ospf linkStateData databaseSummary 279 protocol ip ospf linkStateData router 279

protocol ip ospf linkStateData network 281 protocol ip ospf linkStateData summary 282 protocol ip ospf linkStateData external 283 protocol ip ospf neighbors display 284 protocol ip ospf neighbors add 285 protocol ip ospf neighbors remove 285 protocol ip ospf routerID 286 protocol ip ospf stubDefaultMetric display 287 protocol ip ospf stubDefaultMetric define 287 protocol ip ospf stubDefaultMetric remove 288 protocol ip ospf virtualLinks summary 288 protocol ip ospf virtualLinks detail 289 protocol ip ospf virtualLinks statistics 291 protocol ip ospf virtualLinks define 294 protocol ip ospf virtualLinks remove 294 protocol ip ospf virtualLinks areaID 295 protocol ip ospf virtualLinks router 295 protocol ip ospf virtualLinks delay 296 protocol ip ospf virtualLinks hello 296 protocol ip ospf virtualLinks retransmit 297 protocol ip ospf virtualLinks dead 297 protocol ip ospf virtualLinks password 298 protocol ip ospf statistics 298

Standards, Protocols, and Related Reading 299

A TECHNICAL SUPPORT

Online Technical Services 301

World Wide Web Site 301

Support from Your Network Supplier 301

B MANAGEMENT INFORMATION BASE (MIB)

MIB Files 303 Compiler Support 304 MIB Objects 304 MIB Tree 305 MIB-II 306 RMON-1 MIB 306 RMON-2 MIB 307 SMC Enterprise MIBs 307

C TROUBLESHOOTING WEB MANAGEMENT

Browser Issues 309

Web Management and Internet Explorer 309 Improving Device View Download Speed 310 Web Management and Netscape Navigator 311 Additional Resources for Solving Problems 311

INDEX

ABOUT THIS GUIDE

This SMC9712G Software Configuration Guide provides information that you need to understand and use features of the SMC9712G after you install it and attach it to your network. This guide describes the commands used to configure and manage switching modules installed in the SMC9712G chassis. All commands are processed by the Management Module via a menu-driven command line interface or Web browser interface. These interfaces are also called the Administration Console and Web Management, respectively.

Before you start configuring the Switch:

■ Install your switch chassis and modular components. See the SMC9712G

Installation and Maintenance Guide for installation procedures, cabling

information, and environmental information.

■ Read Chapter 1 of this guide, which lists the default settings for each feature.

■ Read Chapter 2 of this guide, which provides an overview of the configuration

process.

Audience This guide is intended for the network administrator who is responsible for

configuring, using, and managing the SMC9712G. It assumes a working knowledge of local area network (LAN) operations and familiarity with communications protocols that are used on interconnected LANs.

Scope of this Guide The information in this guide pertains to Release 1.1 software.

The SMC9712G Network Management Module (NMM) is pre-loaded with software at the factory. However, the software that was loaded on the module that you received may be an earlier release. Connect to the module and use the

system summary command to determine what release is loaded. Go to the SMC

Web site

http://www.smc.com/index.cfm?action=tech_support_drivers_downloads) to

( download the latest software.

Using This Book This guide contains information for every command for the SMC9712G. It

includes specific information about command syntax, field descriptions, default values, and the possible range of values. Some command descriptions include a section called “Important Considerations” that contains additional information to be aware of when using the command. It also contains instructional material about feature concepts and guidelines for using the features. Where appropriate, examples are provided to help you understand the commands.

16 ABOUT THIS GUIDE

Finding Information Use this chart to help you find information about specific tasks:

If you are looking for information about Turn to

The purpose of this book

Sending feedback on this book

Description of software features

List of default settings for all features

Web Management interface

Command Line Interface

Connecting to the system

Administration Console menus

Configuring parameters, such as password, IP address, community string

Entering full and abbreviated commands

Basic configuration sequence

Description of key management features

Resetting the system and restoring system defaults

How to use Remote Monitoring (RMON)

Configuring SNMP settings, including trap reporting

Administering Ethernet port options such as setting the port speed and duplex mode

Displaying statistics for Ethernet ports

Increasing point-to-point bandwidth and resiliency by trunking multiple ports together into one logical port

Displaying the summary bridge configuration

Configuring bridging options such as the aging interval, and bridge-wide STP

Configuring STP options on individual bridge ports

Listing, adding, or removing information from the address table

Creating and administering virtual LANs (VLANs) Chapter 7:

Filtering IP multicast packets using the Internet Group Management Protocol (IGMP) function called snooping

Identifying ports attached to multicast routers

Controlling traffic flows with Quality of Service (QoS) by setting the number of priority queues, as well as setting the default priority for untagged frames

Configuring IP interfaces and IP protocol parameters, including ARP, RIP, and CIDR

About This Guide

Chapter 1: Default Software Configuration

Chapter 2: Preparing for System Management

Chapter 3: System Management Features

Chapter 4: Ethernet Ports

Chapter 5: Link Aggregation

Chapter 6: Bridging

Virtual LANs

Chapter 8: Multicast Filtering

Chapter 9: Priority Queueing

Chapter 10: IP Routing

Command Information 17

If you are looking for information about Turn to

Technical support Appendix A:

Technical Support

Troubleshooting and improving the performance of Netscape and Internet Explorer browsers.

Chapter C: Troubleshooting Web Management

Displaying all supported MIBs Appendix B:

Management Information Base (MIB)

Locating information on tasks and topics quickly Index

Command Information Each software command has its own description in this guide. Each command

description begins at the top of a page. A command description begins with these items:

■ The complete text of a command

■ A short description of the purpose of the command

■ The command description continues with one or more of the following

sections:

■ Valid Minimum Abbreviation — This section lists the shortest number of

characters that you can type to issue the command.

■ Important Considerations — These usage notes identify potential issues

or requirements.

■ Options — If the command begins a configuration process or other

procedure, this section presents each prompt that you see, its description,

the possible values that you can enter, and the default value.

■ Fields — If the command prompts the Switch to display information, this

section lists the display parameters and their definitions.

■ Procedure — Numbered steps walk you through complex commands.

■ Example — Examples show the interactive display when it provides

additional useful information.

18 ABOUT THIS GUIDE

Conventions Table 1 and Table 2 list conventions that are used throughout this guide.

Table 1 Notice Icons

Icon Notice Type Description

Information note Information that describes important features or instructions

Caution Information that alerts you to potential loss of data or potential

damage to an application, system, or device

Warning Information that alerts you to potential personal injury

Table 2 Text Conventions

Convention Description

Screen displays This typeface represents information as it appears on the screen.

Commands The word “command” means that you type the command exactly as

The words “enter” and “type”

Keyboard key names If you must press two or more keys simultaneously, the key names are

Words in italics Italics are used to:

shown in the text and then press Return or Enter. Commands appear in bold. Example:

To remove an IP interface, enter the following command:

protocol ip interface delete

This guide always gives the full form of a command in uppercase and lowercase letters. However, you can abbreviate commands by entering only enough characters to differentiate each command. Commands are not case sensitive.

When you see the word “enter” in this guide, you must type something, and then press Return or Enter. Do not press Return or Enter when an instruction simply says “type.”

linked with a plus sign (+). Example:

Press Ctrl+Alt+Del

■ Emphasize a point.

■ Denote a new term at the place where it is defined in the text.

■ Identify menu names, menu commands, and software button

names. Examples:

From the Help menu, select Contents.

Click OK.

Switch SMC9712G Documentation 19

Switch SMC9712G Documentation

The SMC9712G documentation set is comprised of several different titles.

Documents are available in two formats:

■ Paper Documents — All SMC9712G documents (software and hardware

guides), except for release notes (which you must download from the SMC Web site) are shipped with your chassis.

■ World Wide Web — All user guides and release notes are available in Adobe

Acrobat Reader PDF format from the SMC Web site at:

http://www.smc.com/

You can order an additional printed copy of the SMC9712G Installation and Maintenance Guide as well as the SMC9712G Software Configuration Guide (as a packaged set) .

SMC9712G Release Notes are not shipped in paper form. You must download all release notes from the SMC Web site.

20 ABOUT THIS GUIDE

DEFAULT SOFTWARE CONFIGURATION

This chapter contains introductory information about the SMC9712G management software and how it can be used in your network. It covers the following topics:

■ What is Management Software?

■ Summary of Software Features

■ Software Features Explained

■ Default Settings

What is Management Software?

Your Network Management Module (NMM) contains software that allows you to change and monitor the way the Switch works. It also includes Network that allows the Switch to forward traffic between ports on different interface modules. You do not need to configure the management software to get the Switch working. It will operate properly at Layer 2 using the default settings. However, you will need to use the management software to improve the efficiency of the Switch and thereby improve the overall performance of your network. Please refer to Chapter 2 “Preparing for System Management” for information on how to access the management software.

22 CHAPTER 1: DEFAULT SOFTWARE CONFIGURATION

Summary of Software Features

Table 3 describes the software features that are supported by the SMC9712G Network Management Module.

Table 3 Software features

Feature Description

No. of MAC Addresses Supported

No. of IP Interfaces Supported

No. of Static Routes Supported

Forwarding Modes Store and forward

Duplex Modes Half and full duplex on all RJ-45 ports,

Flow Control Supported on all ports,

Traffic Prioritization Supports up to four priorities based on IEEE 802.1p

Port Security Supported on all ports by limiting access to known nodes

Aggregate Links Support for 12 Aggregate Links

Broadcast Storm Control Supported

Virtual LANs (VLANs) Support for up to 256 VLANs using the IEEE 802.1Q

Spanning Tree Protocol Supported

Multicast Filtering IGMP Snooping supported

ARP and Proxy ARP Supported

RIP Supported

RMON Four groups supported: Statistics, History, Alarms, Events

Roving Analysis Supported

Management Web interface, command line interface, and SNMP

Up to 32,000

Up to 128

Up to 100

full duplex on all fiber optic ports

back pressure at half duplex and IEEE 802.3x at full duplex

standard

supported

Software Features Explained

Duplex Modes The RJ-45 ports on your Switch can be set to half duplex or full duplex. The fiber

Software Features Explained 23

ports on your switch are fixed at full duplex The duplex modes operate as described below:

■ Half duplex — Allows packets to be transmitted and received, but not

simultaneously.

■ Full duplex — Allows packets to be transmitted and received simultaneously

and, in effect, doubles the potential throughput of a link. In addition, full duplex supports longer runs of fiber optic cable.

To communicate effectively, both ends of a link must use the same duplex mode. If the link uses an auto-negotiating connection, this is done automatically. If the link uses a connection that is not auto-negotiating, both ends must be set to half duplex or full duplex manually.

For more information about setting the duplex mode of a port, see “physicalInterface ethernet portMode” on page 90.

Flow Control All the ports on your Switch support flow control, which is a congestion control

mechanism. Congestion is caused by one or more devices sending traffic to an already overloaded port on the Switch. Flow control prevents packet loss and inhibits the devices from generating more packets until the period of congestion ends.

Flow control is implemented in two ways:

■ Back pressure for ports operating in half duplex.

■ IEEE 802.3x standard for ports operating in full duplex.

For information about enabling flow control on a port, see “physicalInterface ethernet flowControl” on page 91.

Traffic Prioritization Your Switch supports IEEE 802.1p traffic prioritization, which allows data that has

been assigned a high priority to be forwarded through the Switch without being obstructed by other data. The system works by using the multiple traffic queues that are present in the hardware of the Switch — high priority traffic is forwarded on a different queue from other traffic, and it is always given preference over other traffic.

Traffic prioritization can be useful for critical applications that require a high Quality of Service from the network. This could include:

■ Financial applications — Accounts departments that need immediate access

to large files and spreadsheets at the end of the month.

■ CAD/CAM design applications — Design departments that need priority

connections to server farms and other devices for transferring large files.

■ Converged network applications — Organizations with a converged

network (that is, a network that uses the same infrastructure for voice data and traditional data) that require high quality voice data transmission at all times.

24 CHAPTER 1: DEFAULT SOFTWARE CONFIGURATION

If you use IEEE 802.1p traffic prioritization, we recommend that all relevant ports on your Switch are placed in one or more Virtual LANs (VLANs) using 802.1Q tagging. For a brief explanation of VLANs, see “Virtual LANs” on page 25. For more information, see Chapter 7 “Virtual LANs.”

Security Each port on your Switch can be configured with security features that guard

against unauthorized users connecting devices to your network.

When security mode is set to Continually Learn on a port, it enters Address Learning Mode. In this mode, the Switch:

■ Removes all the MAC (Ethernet) addresses stored for the port in the Switch

Database.

■ Continually learns the address of packets it receives on the port, overwriting

old addresses if the address budget is exceeded.

■ The address cannot be learned on another port until the address is overwritten,

security is disabled, or the address is manually removed from the database.

When port security mode is set to Auto Learn, it enters Address Learning Mode. In this mode, the Switch:

■ Removes all the MAC (Ethernet) addresses stored for the port in the Switch

Database.

■ Learns the address of packets it receives on the port until the address budget is

reached.

■ The address is defined as a permanent entry.

■ The address cannot be learned on another port until security is disabled or the

address is manually removed from the database.

■ No other address can be learned until security is disabled or the address is

manually removed from the database.

When port security mode is set to Auto Learn and to Disconnect Unauthorized Device, then once the address budget is filled:

■ The port is disabled if a different address is seen on the port.

Up to 896 addresses may be learned by the entire system. If security is enabled for a port, then you must provide the budget (or maximum number of addresses to be learned) for each port. For information, see “security network access portSecurity” on page 61.

Aggregate Links Your Switch can support 12 aggregate links — connections that allow devices to

communicate using up to four links in parallel. Port trunks provide two benefits:

■ They can potentially double, triple or quadruple the bandwidth of a

connection.

■ They can provide redundancy — if one link is broken, the other links share the

traffic for that link.

An aggregate link can only be created if the ports at both ends of each link are configured as aggregate links.

For more information, see Chapter 5 “Link Aggregation.”

Software Features Explained 25

Broadcast Storm Control Your Switch supports Broadcast Storm Control, a system that automatically

monitors the level of broadcast traffic on each port. If the broadcast traffic level rises above the configured threshold (set in frames per second), the broadcast traffic on that port is cut in half until it drops below the configured threshold. This system prevents the overwhelming broadcast traffic that can result from network equipment which is faulty or configured incorrectly.

For more information, see “Broadcast Limits and Trunks” on page 110.

Virtual LANs Your Switch provides support for up to 256 Virtual LANs (VLANs). A VLAN is a

flexible group of devices that can be located anywhere in a network, but they communicate as if they are on the same physical segment. With VLANs, you can segment your network without being restricted by physical connections — a drawback of traditional network design. As an example, with VLANs you can segment your network according to:

■ Departmental groups — For example, you can have one VLAN for the

Marketing department, another for the Finance department, and another for the Development department.

■ Hierarchical groups — For example, you can have one VLAN for directors,

another for managers, and another for general staff.

■ Usage groups — For example, you can have one VLAN for users of e-mail,

and another for users of multimedia.

For more information, see Chapter 7 “Virtual LANs.”

Spanning Tree Protocol Your Switch supports the Spanning Tree Protocol (STP), a bridge-based system

that makes your network more resilient to link failure and also provides a protection from loops — one of the major causes of broadcast storms.

STP allows you to implement parallel paths for network traffic and uses a loop-detection process to:

■ Discover the efficiency of each path.

■

Enable the most efficient path (that is, the one that has the highest bandwidth).

■ Disable the less efficient paths.

■ Enable one of the less efficient paths if the most efficient path fails.

For more information, see “STP Overview” on page 115.

IGMP Snooping Your Switch supports IGMP Snooping, which provides a way to forward IP

multicast application traffic to ports which are connected to subscribers and filter it on other ports to increase bandwidth efficiency in the network.

The Switch can passively snoop on IGMP Query and Report packets transferred between IP multicast routers/switches and IP multicast host groups to identify the IP multicast group members. The Switch simply monitors the IGMP packets passing through it, picks out the group registration information, and configures multicast filters accordingly. IGMP Snooping generates no additional network traffic, and allows you to significantly reduce the multicast traffic passing through your switch.

For more information, see “Configuring IGMP Snooping” on page 171.

26 CHAPTER 1: DEFAULT SOFTWARE CONFIGURATION

ARP and Proxy ARP This Switch uses the Address Resolution Protocol (ARP) and Proxy ARP to convert

between IP addresses and physical addresses. This protocol supports the following functions:

■ ARP — A low-level protocol that locates the MAC address that corresponds to

a given IP address. This protocol allows a host or router to use IP addresses to make routing decisions while it uses MAC addresses to forward packets from one hop to the next. This switch supports ARP cache configuration for static and dynamic entries.

■ Proxy ARP — ARP proxy allows a host that has no routing ability to determine

the MAC address of a host on another network or subnet. When ARP proxy is enabled and a workstation sends an ARP request for a remote network, the Switch determines if it has the best route and then answers the ARP request by sending its own MAC address to the workstation. The workstation then sends the frames for the remote destination to the Switch, which uses its own routing table to reach the destination on the other network.

For more information, see “Address Resolution Protocol (ARP)” on page 213, or “ARP Proxy” on page 221.

Routing Protocols This Switch supports routing that allows it to pass traffic between distinct

subnetworks. Routing Information Protocol (RIP) supports routing for unicast packets as shown below:

■ RIP — This protocol uses Distance Vector Algorithms (DVAs) to calculate the

route with the fewest number of hops to the destination of a route request.

For information about routing, see Chapter 10 “IP Routing.”

RMON Your Switch supports RMON (Remote Monitoring), a system that allows you to

monitor LANs remotely. The Switch contains RMON probe software that continually collects statistics about the LAN segments connected to the Switch. If you have a management workstation with an RMON management application, the Switch can transfer these statistics to your workstation on request or when a pre-defined threshold is crossed.

For more information, see “Remote Monitoring (RMON)” on page 65.

Roving Analysis Your Switch supports roving analysis, a system that allows you to attach a network

analyzer to one port and use it to monitor the traffic of other ports on the Switch. The system works by allowing you to define an analysis port (the port that is connected to the analyzer), and a monitor port (the port that is to be monitored). Once the pair are defined, and you enable the system, the Switch takes all the traffic going in and out of the monitor port and copies it to the analysis port.

Roving analysis is used when you need the functions of a network analyzer, but do not want to change the physical characteristics of the monitored segment by attaching an analyzer to that segment.

For more information, see “Roving Analysis” on page 54.

Software Features Explained 27

Management Your Switch can be managed using three methods:

■ Web interface management — The Switch has an internal set of web pages

that allow you to manage it using any Java

-enabled Web browser. You can access the web interface using a management workstation connected over the network, SMC's powerful yet easy-to-use network management application.

■ Command line interface management — The Switch has a command line

interface that allows you to perform limited management. You can access the command line interface using:

■ A terminal or terminal emulator connected to the console port of the

Switch via a direct connection

■ A terminal or terminal emulator connected over the network using Telnet,

or by selecting TELNET Management from the Device menu in SMC Network Supervisor

■ SNMP management — You can manage the Switch using any network

management application running the Simple Network Management Protocol (SNMP). You can access the network management application using a management workstation connected over the network.

For information about preparing for system management, see Chapter 2. For information about system management features, see Chapter 3

There are dependencies between some of the features that require you to configure the Switch in a specific order. For more information on these dependencies, refer to “Basic Configuration Procedure” on page 52.

28 CHAPTER 1: DEFAULT SOFTWARE CONFIGURATION

Default Settings Table 4 shows the default settings of the SMC9712G. If you initialize or reset the

Switch, it is returned to these defaults.

Table 4 Default Settings

Feature Default Setting See

Port Status Enabled Chapter 4

Port Speed 10/100BASE-TX - 10 and 100 Mbps, auto-negotiated

100BASE-FX - 100 Mbps 1000BASE-SX - 1000 Mbps 1000BASE-T - 10,100 and 1000 Mbps, auto-negotiated*

Duplex Mode 10/100BASE-TX - half and full duplex, auto-negotiated

100BASE-FX - full duplex 1000BASE-SX - full duplex 1000BASE-T - half and full duplex, auto-negotiated*

Forwarding Mode

Flow Control Disabled Chapter 4

Traffic Prioritization

Port Security Disabled Chapter 4

Broadcast Storm Control

Virtual LANs (VLANs)

Spanning Tree Protocol

IGMP Snooping

ARP Enabled Chapter 10

ARP Proxy Disabled Chapter 10

RIP Disabled Chapter 10

RMON Alarm No default alarm entries are configured. Chapter 3

Roving Analysis

* The 1000BASE-T standard supports the listed modes. However, specific GBIC transceivers

may not support all the listed options.

Store-and-forward –

Four queues Chapter 9

Disabled Chapter 4

All ports belong to the Default VLAN (VLAN 1) only; 802.1Q learning is disabled

Enabled (Default value for all parameters conform to IEEE 802.1D)

Enabled (Default value for all parameters conform to RFC 2236)

Disabled Chapter 3

Chapter 4

Chapter 7

Chapter 6

Chapter 8

PREPARING FOR SYSTEM

ANAGEMENT

This chapter explains the various ways that you can manage the SMC9712G, details the prerequisite conditions for each management method, and explains how to connect to the system for initial access. It covers the following topics:

■ Methods of Managing a Switch

■ Web Interface Management

■ CLI Management

■ SNMP-Based Network Management

■ Connecting to the System

■ Using the Web Interface

■ Using the Administration Console

Before you start modifying the current configuration, check the “Default Settings” on

page 28 to determine the configuration changes you need to make.

30 CHAPTER 2: PREPARING FOR SYSTEM MANAGEMENT

Methods of Managing a Switch

You can manage a Switch using one of the following methods:

■ Web interface management — Each switch has an internal set of web pages

that allow you to manage the switch using a Java

■ Command line interface management — Each switch has a command line

-enabled Web browser.

interface that allows you to manage the switch via the Administration Console.

■ SNMP management — You can manage a switch using any Network Manager

running the Simple Network Management Protocol (SNMP).

Figure 1 shows each of these management methods.

Figure 1 Management methods

Terminal

Console port

connection

Terminal Emulator

Web Browser

Telnet Session

SNMP Network Manager

Network

Unless you are connected directly to the Switch via its console port, each of these methods requires that the switch have a unique identity established in the form of IP address information.

Your Switch has two ways to establish IP address information:

■ Manual — You have to input the information (IP address, subnet mask, and

default gateway router).

■ Automatic — The switch attempts to configure itself by communicating with

BOOTP address allocation servers on the network.

For more information on how to configure an IP address, see “Configuring IP Settings” on page 39.

Web Interface Management

An embedded Web management interface is available for the SMC9712G. You can use it to perform the same kinds of configuration tasks as you would using the Administration Console. The interface is graphical and you can configure all

Web Interface Management 31

interface modules by entering the single IP address for the system. HTML-based Help is also present to explain the options.

While multiple users can access the Web interface at any one time, too many users may result in a slow response time for the Web pages and the error message “document contains no data.” We therefore recommend that you allow only three users access to the interface at any one time.

Accessing the Web

Interface

You can access a switch’s Web interface from a PC anywhere on the LAN.

If you disabled the automatic configuration or if it fails, you must first program the Switch with a unique IP address that fits within your network addressing scheme. Then, in your PC’s browser window, you can enter that IP address as the URL.

To access a switch’s Web interface from a PC anywhere on the LAN:

1 If you disabled the automatic IP address configuration feature or if it fails, use a

console port connection and the CLI interface to manually establish a unique identity for the switch:

On the CLI, enter the

protocol ip basicConfig command to begin the

process of manual IP configuration. (See “Manual Configuration” on page 39.)

Your management workstation can be connected to any interface port on the Switch, regardless of the VLAN assignment.

2 Open your Web browser and enter the switch’s IP address to bring up the Web

Management Interface. (See “Using the Web Interface” on page 41.)

Verify that an approved browser is installed and operating correctly on your PC. Open your Web browser and enter the switch’s IP address. You can use any browser that conforms to the following W3C standards: HTML 4.0, CSS 1.0, DOM, ECMA. Browsers conforming to these standards include:

■ Netscape Navigator

version 4.5 or above.

■ Microsoft Internet Explorer version 4.0 or above.

If you can browse the World Wide Web, then the software is installed correctly.

For the browser to operate the switch’s Web interface correctly, JavaScript™ must be enabled on your browser. This feature is enabled on either approved browser by default. You will only need to enable them if you have changed your browser settings.

32 CHAPTER 2: PREPARING FOR SYSTEM MANAGEMENT

CLI Management Each Switch has an internal menu-driven command line interface (CLI) that allows

you to manage the switch from a terminal, from terminal emulation software on a PC, or from Telnet software on a PC.

Accessing the CLI You can access a switch’s CLI in three ways:

■ From a terminal or a PC with terminal emulation software that is

connected to the console port on the switch

You reach the CLI prompt of the management module when you first power up the system and connect to it with a terminal or a PC to establish the system IP address. Thereafter, you encounter this CLI prompt each time that you log in to the system. When you use the console port, you must be located next to the switch

■ From a remote PC on the LAN via direct Telnet

You can manage your system remotely using Telnet over an Ethernet network connection. If you disable the automatic IP configuration feature or if it fails, you must manually program the switch with a unique IP address that fits within your network addressing scheme. (See “Manual Configuration” on page 39.) You also must have Telnet software installed on your PC. Then, to reach the switch from your remote PC, you can enter that IP address in the appropriate field in your Telnet software window.

■ From a remote PC on the LAN via indirect Telnet

You can connect a LAN communications server to the switch’s console port. Then, in your Telnet software window on your remote PC, enter the IP address of the communications server and the port number on the server that is attached to the switch.

For more information about the Administration Console, see “Using the Administration Console” on page 47.

Accessing the CLI through the Console Port

To manage a Switch using the command line interface through the console port:

1 Connect a standard null modem cable from an RS-232 serial port on a terminal or

a PC running terminal emulation software directly to the switch’s console port.

The console port of the switch has a male 9-pin D-type connector. You can find pin-out diagrams for null modem cable in the SMC9712G Installation and Maintenance Guide.

2 Tighten the retaining screws on the cable to prevent it from being loosened.

3 Verify that the terminal or terminal emulator has the same settings as the console

port: 9600 baud, 8 data bits, no parity, 1 stop bit, no flow control.

If the Switch is set to automatically detect the baud rate (using the Web interface), the Switch will automatically detect the line speed (2400, 4800 9600, 19200 baud) when you enter two consecutive Return characters.

To configure the settings of the terminal or terminal emulator, see the documentation that accompanies it.

4 Access the command line interface using a valid user name and password. Default

user names and passwords are described in “Logging into the System” on page 36.

SNMP-Based Network Management 33

Accessing the CLI Over the Network via Direct Telnet

To access a switch’s command line interface over a direct network connection to the Switch, follow these steps:

1 If the automatic IP configuration feature is disabled or if it fails, you must manually

establish an identity (IP address information) for the Switch. You cannot do this from a LAN connection. Use a console port connection and the CLI to manually establish a unique identity for the Switch:

On the CLI, enter the process. (See “Manual Configuration” on page 39.)

Now that you have established the IP information, you can change to a LAN connection if you wish. Otherwise, continue with your console connection.

Your management workstation can be connected to any interface port on the Switch, regardless of the VLAN assignment.

2 Install software on your PC that allows Telnet communication. This allows your PC

to communicate via IP.

Telnet software comes with MS Windows. For example, from the Windows Start menu, select Programs/Accessories/Telnet.

3 Open the Telnet session by typing in the IP address of the switch in the appropriate

window. Consult the documentation supplied with the Telnet software if you are unsure how to do this.

When you enter the Switch via Telnet, this is called a session. The switch supports a total of four simultaneous Telnet sessions.

Accessing the CLI Over the Network via Indirect Telnet

To access a switch’s command line interface using an indirect network connection to the Switch, follow these steps:

1 Configure a communications server device with a unique IP address. For

instructions on how to do this, see the server’s documentation.

protocol ip basicConfig command to begin the

SNMP-Based Network Management

2 Connect a standard null modem cable from an RS-232 serial port on the

communications server directly to the switch’s console port.

The console port of the switch has a male 9-pin D-type connector. You can find pin-out diagrams for null modem cable in the SMC9712G Installation and Maintenance Guide.

3 Install software on your PC that allows Telnet communication. This allows your PC

to communicate via IP.

Telnet software comes with MS Windows. For example, from the Windows Start menu, select Programs/Accessories/Telnet.

4 Open the Telnet session to the switch by typing the IP address of the

communications server as well as the port number that is connected to the switch. Consult the documentation supplied with the Telnet software if you are unsure how to do this.

For a more comprehensive approach to network management, you can use an external application that uses the Simple Network Management Protocol (SNMP) to communicate with the SMC9712G. As part of the IP protocol suite, SNMP is the standard management protocol for multivendor networks. SNMP supports

34 CHAPTER 2: PREPARING FOR SYSTEM MANAGEMENT

transaction-based queries so that the protocol can format messages and transmit information between reporting devices and data-collection programs.

In order for SNMP requests to reach the SMC9712G, you must connect a cable from an Ethernet port on the switch to your network infrastructure (for example, a hub or a switch). You must also assign an IP address to the switch. (See “Manual Configuration” on page 39.)

The SNMP management software usually resides on a PC somewhere on the LAN. You can program your management software to periodically poll the switch for information and you can program the switch to initiate reports of activity.

Any SNMP software application can manage a switch if the correct Management Information Bases (MIBs) are installed on the management workstation. Your switch supports a number of public and private MIBs. For a complete list of MIBs used by this Switch, see “MIB Tree” on page 305.

Your management workstation can be connected to any interface port on the Switch, regardless of the VLAN assignment.

For information about using your SNMP-based network management application, see the documentation that is supplied with the software.

To allow network administration personnel to access the Switch from an SNMP network management station, you need to specify access levels and passwords called community strings. To do this through the CLI, refer to “Configuring Access for SNMP Management” on page 40.

Connecting to the System 35

Connecting to the System

Quick Configuration

Reference

This section addresses procedures and commands that you can use to prepare the system (the Management Module’s CLI) to receive connections from terminals or remote workstations or receive requests for access to the embedded Web server.

Table 5 outlines the basic steps for configuring your Network & Management Module (also called the NMM).

Tabl e 5 Basic Configuration Steps

Procedure Command

1 Configure your terminal to match the

default NMM communication settings.

2 Configure contact information.

Each string is limited to 255 characters.

3 Configure the login user name and

password.

See “Configuring User Names, Passwords and Community Strings” in this chapter.

4 Set the IP address, subnet mask, and

gateway IP address for the system to enable network access.

See “Configuring IP Settings” in this chapter.

5 Set the SNMP community string to

increase your management options.

See “Configuring Access for SNMP Management” in this chapter.

See your terminal vendor's documentation

system management contact system management location system management name

system management password security device user create security device user summary

protocol ip basicConfig

security device user create system management snmp community

Saving Configuration

Values

Initial Access When you first install a system, it does not have an IP address assigned to it. Thus,

When you make configuration changes to the NMM using any commands, they take effect immediately and they are saved permanently. Thus, do not make any configuration changes until you are fully aware of the consequences that these changes have on the system.

to get started, you must connect a terminal directly to the RS-232 serial port on the Network & Management Module (NMM). (Refer to the SMC9712G Installation and Maintenance Guide for a description of pinouts on the serial port.) To communicate with the NMM after you connect to the serial port, configure your PC or terminal to the following default settings:

■ 9600 baud

■ 8 data bits

■ no parity

■ 1 stop bit

■ no flow control

The Login prompt appears on the terminal screen after you properly connect a terminal to the serial port.

36 CHAPTER 2: PREPARING FOR SYSTEM MANAGEMENT

Logging into the System Before you can enter commands, you must log in to the system. To log in, enter

your user name at the password at the

Password: prompt (factory default is no password). User names

and passwords are case sensitive.

After you log in with your user name and password, the system prompt appears

Select menu option:). Enter commands at the prompt. Commands are not

( case-sensitive: you can mix uppercase and lowercase characters. For information about ways to enter commands, see “Entering a Command String” on page 49.

Ter m i n a t i n g a

Connection

Configuring User Names, Passwords and Community Strings

Whether you are connected in-band or out-of-band, when you no longer require a connection to the system, use the

Select menu option: logout

logout command to terminate the session:

CAUTION: If no input is received from the input stream (terminal or Telnet) within 15 minutes, the NMM terminates the session. For Telnet sessions, the automatic logout feature will also close down the TCP connection.

To manage a switch through the Web interface or the CLI, you first need to log in with a valid user name and password. There are three password levels, allowing you to create different levels of access for a range of network personnel. The access level determines the extent of menu commands that are available to you, as described in Table 6.

Tab l e 6 Password Access Levels

Access Level For users who need to Allows users to

monitor View module parameters Access only “display” menu items

manager Perform active network

management

security Perform switch setup and

management tasks (usually a single network administrator)

(such as summary and detail displays)

Configure network parameters (such as setting the aging time for a bridge)

Perform system-level administration (such as resetting the switch or changing passwords)

The Switch has three default user names, and each user name has a different password and level of access. These default user names are listed in Table 7.

Table 7 Default Users

User Name Default Password Access Level

monitor monitor monitor

manager manager manager

admin (no password) security

CAUTION: To protect your Switch from unauthorized access, you must change all default passwords as soon as possible.

Connecting to the System 37

Configuring User Logins

You can set the password for the user currently logged into the system with the following command:

Select menu option: system management password Old password:***** Enter new password:****** Retype password:******

You can configure the user names and passwords for anyone who needs to access the management interfaces using the following commands:

Select menu option: security device user create Enter a new user name: thomas Enter the access level (monitor,manager,security)[security]: manager Enter the password:****** Re-enter the password:****** Enter the community string [thomas]: private

You can display all the user names and passwords configured for the Switch:

Select menu option: security device user summary User Name Access level Community String

----------------------------------------------------------admin security private monitor monitor public thomas manager private security security security

You can also use the following command to modify the SNMP community access string assigned to a user:

Select menu option: system management snmp community Enter new community for user 'manager' [manager]: acorn Enter new community for user 'admin' [private]: plum

To enable access to the Network & Management Module via SNMP management software, you must assign community strings to users. The NMM assigns community strings to specified users, and thereby maps the management access level of the user to the assigned community string. Since the access level of the community string is mapped to the corresponding user’s access level, you must assign a unique community string to each user.

38 CHAPTER 2: PREPARING FOR SYSTEM MANAGEMENT

Determining IP

Information

If you configure an IP address, you have more options for accessing the system, such as Telnet, Web Management, and SNMP from remote workstations. To manage a switch through a LAN connection, the Switch must be correctly configured with the following IP information:

■ An IP address — for more information, see “Which IP Addresses to Use in Your

Network” on page 38.

■ A subnet mask — for more information, see “Subnet Masks” on page 38.

■ A default gateway router — for more information, see “Default Gateway

Router” on page 39.

Which IP Addresses to Use in Your Network

If you are uncertain about what IP addresses to assign your equipment, contact your network administrator immediately.

The IP addresses that you can assign to equipment will depend on whether your network is closed or accessible to other networks.

Addresses for Closed Networks — If your network is internal to your organization only (i.e., there is no connection to the external Internet), you may use any arbitrary IP addresses because there is no chance of your addresses being confused with those of another company or organization.

In this case, we suggest that you use addresses in the series 192.168.100.X (where

X is a number between 1 and 254) with a subnet mask of 255.255.255.0.

These suggested IP addresses are part of a group of IP addresses that have been specified in international standards documents for use “in house” only.

Addresses for Accessible Networks — However, if your network has a connection to the external Internet, you must apply for a registered set of IP addresses. This registration system ensures that every accessible node has a unique IP address and that operational problems from duplicate address conditions do not occur.

InterNIC Registration Services is the organization responsible for supplying registered IP addresses. The following contact information is correct at the time of publication:

http://www.internic.net

Subnet Masks

You may want to divide your IP network into sub-networks, also known as subnets, either to control or track traffic flow or to maximize your IP address allocation. This latter point depends on the class of addresses that you were allocated. The number of bits in the device part of an IP address limits the number of devices that may be reached on any given network. For example, each subnetwork in a Class C addressing scheme is limited to 254 nodes. If you have more than 254 nodes in a Class C network, then you need to create additional subnets.

If the addressing that is allowed with a single network meets or exceeds your node count, then the only reasons to create subnets would be for traffic management or administration purposes.

Connecting to the System 39

A subnet mask is used to divide the device part of the IP address into two further parts:

■ The first part identifies the subnet number.

■ The second part identifies the device on that subnet.

The bits of the subnet mask are set to 1 if the device is to treat the corresponding bit in the IP address as part of the original network number or as part of the subnet number. These bits in the mask are set to 0 if the device is to treat the bit as part of the device number.

Default Gateway Router

If your management station is located in a different IP network from the Switch, then you must configure both the management station and the Switch with a default gateway IP address. Once you have configured a default gateway, all traffic passed between the management station and the Switch will travel through the default gateway.

If routing is enabled on the Switch, then you do not need to assign a default gateway to the NMM. For further information, refer to Chapter 10.

Configuring IP Settings To set up an IP address, you can use either manual or automatic configuration.

Manual Configuration

To manually configure IP settings for the Switch, follow these steps:

1 Verify that you have a direct terminal connection.

2 Log in to the system.

3 Use the

protocol ip basicConfig command to assign a unique IP address, subnet

mask, and gateway IP address to the NMM. Example:

Select menu option: protocol ip basicConfig Enter IP address [0.0.0.0]: 192.168.100.120 Enter subnet mask [0.0.0.0]: 255.255.0.0 Enter gateway IP address [0.0.0.0]: 192.168.100.254

In this example, the subnet mask is set for a class B device, without subnetworks.

4 Log out from your terminal session.

5 Connect any Ethernet port on your Switch to the network.

6 Use Telnet software to connect the system. Enter the system IP address in the

appropriate field in the software interface.

7 Log in to the NMM and manage the system as appropriate.

The NMM supports up to four incoming Telnet sessions.

The NMM supports and unlimited number of Web Management sessions, but we recommend restricting the number of sessions to three to minimize the impact on system resources.

The IP parameters for the NMM can also be automatically configured using BOOTP protocol. (Refer to Chapter 10 of this guide.)

CAUTION: Do not change the IP address of an NMM that is already up and running from an in-band network connection. Doing so will terminate the session.

40 CHAPTER 2: PREPARING FOR SYSTEM MANAGEMENT

Automatic Configuration

To automatically configure IP settings for the Switch, follow these steps:

1 Verify that you have a direct terminal connection.

2 Log in to the system.

Configuring Access for

SNMP Management

3 Use the

protocol ip interface bootp command to enable BOOTP protocol as

shown below:

Select menu option: protocol ip interface bootp Enter new value (enable,disable)[disable]: enable

BOOTP allows you to automatically set up the Switch with IP information. For BOOTP to work correctly you must have a BOOTP server on your network. After you enable BOOTP, you must reboot the system to automatically obtain IP information.

The NMM interacts with SNMP to:

■ Act as an agent for SNMP applications, enabling you to configure your NMM.

■ Respond to SNMP requests.

■ Generate SNMP traps.

If you plan to manage your Switch using an SNMP workstation, you must enable a port on one of the interface modules, and set the following attributes for the NMM:

■ IP connectivity (including a subnet mask, IP address, and default gateway)

For information on setting up IP connectivity, refer to “Determining IP Information” on page 38 and “Configuring IP Settings” on page 39.

■ Community strings

Community strings are used to control management access to SNMP stations, as well as to authorize SNMP stations to receive trap messages from the NMM. The NMM assigns community strings to specified users, and thereby maps the management access level of the user to the assigned community string.

For information on configuring community strings, refer to “Configuring User Names, Passwords and Community Strings” on page 36, and “Simple Network Management Protocol (SNMP)” on page 69.

■ Trap receivers

These are SNMP stations designated to receive traps from the NMM. (See “Trap Reporting” on page 70.

Using the Web Interface 41

Using the Web Interface

Browser and Platform

Requirements

The embedded Web Management interface provides a real-time image of the Switch, along with configuration menus and on-line help. You can manage each port or module, or the entire system, by clicking the part of the image that you want to manage. For details see the following section, “Browser and Platform Requirements.”

The Web Management interface has certain dependencies, as described in this section.

Color Recommendations

The minimum graphics capability is SVGA (800x600 resolution). For best performance, use XGA (1024x768 resolution).

Browser Support

The Web Management Interface can be accessed by any browser that conforms to the following W3C standards: HTML 4.0, CSS 1.0, DOM, ECMA. Browsers conforming to these standards include Microsoft Internet Explorer 4.0 or later OR Netscape Navigator 4.5 or later.

If you are using Internet Explorer, install the latest Service Pack. Service packs make Internet Explorer Year 2000-compliant and fix other product support issues. Download the Service Pack from the following URL:

http://http://www.microsoft.com/downloads/search.asp?

See “Web Management and Internet Explorer” on page 309 and “Web Management and Netscape Navigator” on page 311 for more details.

42 CHAPTER 2: PREPARING FOR SYSTEM MANAGEMENT

Embedded Web

Management

Applications

Tabs panel

Menu tree

Workspace

You can access these embedded Web Management applications from the Tabs panel of the opening screen (Figure 2):

■ Summary

■ Device View (including a menu navigation tree)

■ Help View (including various SMC support links)

Figure 2 Parts of the Web Management Opening Screen

Interface Description The screen for the embedded Web Management applications is divided into three

areas (Figure 2):

■ Tabs panel — At the top of the Web Management screen, the Tabs panel has

three tabs:

■ Summary tab — When you select this tab, the System icon is shown in the

menu tree, and a descriptive summary for the overall system, agent module, and interface modules is displayed in the workspace. You can update the summary screens with the latest information by clicking on the System icon.

■ Device View tab — When you select this tab, you see an image of the

device. You can configure some system and port parameters from this view. See “Browser and Platform Requirements” on page 41 for the required versions of Java-based browsers and “Using the Device Image” on page 45 for details about the functionality of this view.

■ Help View tab — When you select this tab, the menu tree lists several links

to SMC support sites.

■ Menu tree — The menu tree frame at the left of the interface lists the menu

options. Many of these options are the same as those found in the Administration Console command line interface.

■ Configuration form icons — Click a folder to view the menu options,

which appear as configuration form icons. Click a form icon to view the associated form in the workspace. See Figure 3.

Address Database forms

Using the Web Interface 43

■ Workspace — The workspace frame of the interface displays the

configuration form for the menu option that you select. See Figure 3.

Figure 3 Using the Device View

Device View Tab In the Device View application, the menu tree of folders contains icons for options

that you can change to manage your device. Click an icon to view the related configuration form.

Using the menu tree To modify many of the parameters and attributes on your system, follow these

steps:

1 In the menu tree, click the folder of the feature that you want to modify. See the

menu tree in Figure 3. Example: Click Bridge.

The expanded Bridge menu appears in the menu tree, showing the folders and form icons for the options with which you configure bridging on your system.

2 Click another folder or the form icon for the feature that you want to configure.

Example: Click the Address Database folder and then click the Add form.

The Add configuration form appears.

3 To complete the form, type the required information.

To get Help about a form and its fields, click the Help button at the bottom of the form.

4 Click Next, Back, OK or Finish (depending on the specific form).

■ Next displays an additional form with more fields where you enter information.

■ Back displays the preceding page in a form.

■ OK or Finish implements the requested configuration.

For some forms, you may need to reset the system for the changes to take effect.

5 To configure system parameters that are not supported through Device View, you

can launch a Telnet session to the Administration Console on the device, and then use the command line interface to configure the parameter.

44 CHAPTER 2: PREPARING FOR SYSTEM MANAGEMENT

For details about the commands in the Administration Console, see the appropriate chapter in this guide.

Using Configuration Wizards

The Web View menu tree also contains icons for configuration wizards. Use a wizard to create valid configurations, modify attributes and parameters, and prevent common configuration mishaps. See Figure 4.

Using configuration

wizards

To use a configuration wizard, click the wizard icon and follow the instructions. The Web View contains these configuration wizards:

■ Port Security wizard — Helps you define security options for selected ports.

■ IP In-band configuration wizard — Helps you configure IP on a device.

Figure 4 Opening Screen for a Configuration Wizard

Configuration

wizard icon

Using the Web Interface 45

Using the Device Image

The Device View application actively monitors the device so that you can configure parameters for the system, switching modules, and ports in an Internet browser. The live image in the Device View workspace allows you to monitor each element or the entire system in real time.

Using the Device Image To use the Device View application, on the Tabs panel on the Web Management

opening screen, click the Device View tab to launch an image of the device and its installed components. See Figure 5. (See “Browser and Platform Requirements” on page 41.)

About the Device Image – To access a subset of the management options that are available through the device image, click the image (Figure 5). Table 8 lists the color codes that report the status of interface ports.

A text popup describes the part of the device image under your pointer.

Tabl e 8 Status Color Codes for Ethernet Ports

Color/Shade Status

Red Port is disconnected

Green Port is connected

Figure 5 Device View Image

Configuring Parameters in Device View – To configure a parameter for the system, or for a port, click the image of the area that you want to configure. Configuration forms appear in the Device View workspace.

■ To view and modify system-level parameters, click the outline of a management

module.

■ To v i ew a nd m o di fy port-level parameters, click the image of the port that you

want to configure.

Commands are also included under the device image that allow you to perform the following tasks:

■ Polling Interval – Set the interval at which the device image is refreshed.

■ Poll now – Refresh the device image.

■ Color Key – Display the symbols and colors that represent the interface ports.

46 CHAPTER 2: PREPARING FOR SYSTEM MANAGEMENT

Help View Tab The third tab of the Web Management opening screen contains these links:

■ Various SMC support sites on the Web — Click a link to view the SMC

contacts list, home page, library of online manuals, and support page.

Some of the configuration forms also have Help buttons for related Help topics. See Figure 6.

The menu tree on the left side of the Help page provides access to SMC Contacts, Home Page, Library, and Support.

Figure 6 Help Page

Using the Administration Console 47

Using the Administration Console

Administration Console

Menus

The menu-driven CLI (called the Administration Console) resides in flash memory as part of the overall software suite on the management module. You use the Administration Console software to configure module options or display settings, statistics, and counters. (For information on how to access the Administration Console, see “Connecting to the System” on page 35.)

The top-level menu of the switch’s Administration Console groups the commands according to certain tasks and technologies, as listed in Table 9.

Tabl e 9 Types of Commands Associated with the Configuration Menus

Topic Menu Tasks

Bridging and related features

Monitoring network activity

Physical layer connectivity

Routing protocol/ip

Security administration

System administration

Traffic management

bridge

addressDatabase broadcastStormControl linkAggregation multicastFilter port spanningTree summary vlan

feature

rovingAnalysis

physicalInterface/ethernet

autoNegotiation detail flowControl portCapabilities portMode portState summary

arp basicConfig initializeConfig interface ospf ping rip route udpHelper

security

device network

system

control management summary

trafficManagement/qos

modify

Administer bridge-wide parameters:

Administer bridge addresses Enable/disable broadcast storm control Administer aggregated links Administer multicast filtering Administer bridge ports Administer spanning tree Display summary information Administer VLANs

Administer roving analysis:

Administer Ethernet ports:

Enable/disable auto-negotiation Display detailed information Enable/disable flow control Set the port capabilities Set the port speed and duplex mode Enable/disable an Ethernet port Display summary information

Administer IP:

Administer the ARP cache Basic IP management configuration Reset IP information to factory defaults Administer IP interface Administer OSPF features Poll remote device Administers RIP features Administer IP routes Administer UDP helper features

Administer security:

Administer device security for user access Administer network security for port access

Administer system-level functions

Administer system control Administer system management Display summary information

Administers Quality of Service:

Sets the number of priority queues for QoS

48 CHAPTER 2: PREPARING FOR SYSTEM MANAGEMENT

Using Menus to Perform

Ta sk s

When you access the Administration Console, the top-level menu appears; the menu options are on the left side and brief descriptions are on the right side. Most top-level menu options lead to submenus (an example of one that does not lead to submenus is logout), which in turn may lead to additional submenus.

Example: The top-level menu is shown below:

Menu options: --------------SMC9712G---------------------------- bridge - Administer bridge-wide parameters feature - Administer system features logout - Logout of the Command Line Interface physicalInterface - Administer physical interfaces protocol - Administer protocols security - Administer security system - Administer system-level functions trafficManagement - Administer traffic management

To perform any task, you must begin by selecting one of the options from the top-level menu. Next, you select an option from the submenu and continue in this fashion until you reach a point where no further input is required and you have either modified a parameter or received a display of information.

For information on the order in which to configure features (menu options), see “Basic Configuration Procedure” on page 52. For example, you should configure aggregate links before configuring VLANs.

The commands that you can use or view depend on your level of access.

An inclusive list of the commands for all modules is shown in Table 14 on page 72.

Selecting Menu Options

To select a menu option, at the prompt enter the complete text or enough of the name to uniquely identify it within the particular menu.

Example: To access the bridge submenu, at the top-level prompt simply enter:

Select menu option: bridge

Menu options are not case sensitive.

When you enter a menu option or command correctly, either you move to the next menu in the hierarchy, or the Administration Console displays information (a prompt or a screen display) for the option that you entered.

If you enter the menu option incorrectly, a message indicates that your entry is not valid or is ambiguous. Reenter the option from the point at which it became incorrect or expand an abbreviated command until it becomes unambiguous.

Using the Administration Console 49

Navigating Through the Menus

The Administration Console provides several shortcuts:

■ Press Esc (the Escape key) —

■ To move quickly to the top-level menu without backtracking through each

intermediate menu. The top-level menu immediately appears.

■ To cancel an operation that is currently in progress. The previous menu

appears.

■ Enter q — To move up through the menu hierarchy, that is, to move to the

menu that is one level higher in the hierarchy

Entering a Command

String

After you become familiar with the menu structure, you can enter a string of menu options or commands from the top-level menu prompt to move immediately to a task.

Example: The full command string for setting the Spanning Tree Protocol forward delay looks like this:

Select menu option: bridge spanningTree stpForwardDelay

Entering Abbreviated Commands

You can abbreviate command strings by typing only as much of the command as is necessary to make it unique.

Example: The most abbreviated command string for setting the Spanning Tree Protocol forward delay looks like this:

Select menu option: b sp stpf

When you correctly enter either a full or an abbreviated command string, you move to the last menu level or option that is specified in the string. Information that is relevant to that option appears as a menu, a prompt, or a display. If you enter a command string incorrectly, the Administration Console displays a message indicating that your entry was not valid or was ambiguous. Reenter the command from the point at which it became incorrect, or expand an abbreviated command until it becomes unambiguous.

Recommendations for Entering Commands

Before you enter any command, SMC recommends that you:

■ Examine the interface menu carefully for the full command string:

■ Consult the appropriate chapter in this guide for the valid minimum

abbreviation for the command string.

If you are unfamiliar with the Administration Console, always enter the complete text of the command. If you abbreviate commands, you may make errors or omissions that have undesirable consequences. For example, to set the Spanning Tree Protocol forward delay, the proper full command is

stpForwardDelay

. If you enter bridge port stpf (thinking that it is a valid

bridge spanningTree

abbreviation), the Switch interprets your entry as an abbreviated version of the

bridge port stpFast command — a command which enables or disables a fast

mode of the Spanning Tree Protocol.

50 CHAPTER 2: PREPARING FOR SYSTEM MANAGEMENT

Understanding the Values Presented

When you reach the level at which you can perform a task, the Administration Console prompts you for a value. The prompt usually shows all valid values (if applicable) and typically suggests a default value. The default may be either the factory default value or the current value that you had previously defined. Valid values appear in parentheses and the default or current value appears in brackets. Example:

Enter a new value (disabled,enabled) [enabled]:

To accept the default or current value, press Enter.

Including Values in Command Strings

A command string can also contain the value of a command parameter. If you include a value at the end of a command string and press Enter, the Administration Console executes the task and the previous menu appears on the screen.

Keystroke Functions

You can alter your keyboard input using specific keyboard functions and control sequences. If you press Enter in the middle of a command entry when a parameter is expected, the NMM prompts you for additional information.

Table 10 lists these keystrokes and their functions.

Table 10 Terminal Keystroke Functions

Keystroke Function

Backspace Moves the cursor back one character and deletes that character

Delete Moves the cursor back one character and deletes that character

Enter Implements the command

? Provides a description of how to enter commands

SYSTEM MANAGEMENT FEATURES

This chapter describes how to configure the interface modules and Management Module on the SMC9712G. This chapter contains the following sections:

■ Basic Configuration Procedure

■ Setting Baselines

■ Roving Analysis

■ Security Options

■ Ping

■ Upgrading System Software

■ Resetting System Components

■ Remote Monitoring (RMON)

■ Simple Network Management Protocol (SNMP)

■ CLI Command List

52 CHAPTER 3: SYSTEM MANAGEMENT FEATURES

Basic Configuration Procedure

Configure the

Management Module

Follow the steps that apply to your system configuration and network needs and ignore the steps that do not apply. You should follow the steps in the order listed. There are dependencies between certain features. For example, aggregate links must be configured before VLANs, and VLANs must be configured before you assign IP interfaces.

You must configure the Network Management Module (NMM) with certain parameters before you access the Administration Console and before you access the system through an external Simple Network Management Protocol (SNMP) application. See Chapter 2 in this guide for more information.

After you gain access to the NMM, you can check the device identity and hardware/firmware versions with the following command:

Select menu option: system summary SMC SMC9712G System Name : Marketing Location : Boston Contact : Andrew

Time since reset : 494 Hrs 39 Mins 13 Seconds Operational Version: 01.00.00 Hardware Version : V1.0 (850 CPU) Boot Version : V1.00 MAC Address : 00:00:0a:01:11:10 Serial Number : 00-10-b5-7a-6b-c0

Configure Each Interface

Module

See “Upgrading System Software” on page 59 to verify that you have the most recent firmware installed in your Switch.

There are some dependencies between features, so please configure the Switch in the sequence described below:

1 Configure basic management or physical link parameters. One or more of the

following topics may apply to each module:

■ Ethernet — To set the port mode, enable flow control, and control

autonegotiation and other settings, see Chapter 4.

■ Bridge-wide and bridge port parameters — To set parameters for Spanning

Tree Protocol, and address aging options, see Chapter 6.

■ Aggregate Links — To increase the bandwidth and resiliency between two

points, you can aggregate several individual links into a single logical link called a trunk. Configure trunks before you define VLANs. For more information, see Chapter 5.

2 Define virtual LANs (VLANs).

To create logical workgroups, you can define port-based VLANs, and set related modes. You must define VLANs before you define routing interfaces.

For more information about VLANs, see Chapter 7.

Setting Baselines 53

3 Configure routing interfaces and set related parameters.

You can use the following protocol to configure routing interfaces and set related parameters:

■ IP — See Chapter 10

■ Routing Information Protocol (RIP) — See Chapter 10

4 Take advantage of device monitoring features as you monitor network operations.

You can use device monitoring features such as event logging, baselining, and roving analysis to analyze your network periodically and identify potential network problems before they become serious problems. To test and validate paths in your network, use tools like ping. SNMP and Management Information Bases (MIBs) provide ways to collect performance data on your network. For more information about these features, see the following sections in this chapter.

Setting Baselines Normally, statistics for MACs and ports start to compile when you turn the system

on. Baselining allows you to view statistics compiled over the period of time since the statistics were reset. By viewing statistics relative to a baseline, you can more easily evaluate recent activity in your system or on your network. All statistical counters in the Switch can be reset by any of the following methods:

Important

Considerations

■ Entering the system control initialize command.

■ Entering the system control reboot command.

■ Resetting system power.

■ Baselining is maintained across Administration Console sessions.

■ Baselining affects the statistics that are displayed for Ethernet ports and

bridges.

54 CHAPTER 3: SYSTEM MANAGEMENT FEATURES

Roving Analysis Roving analysis is the mirroring of Fast Ethernet or Gigabit Ethernet port traffic to

another port of the same media type. This second port has an external RMON-1 probe or analyzer attached. Through the probe, you can monitor traffic on any switched segment. Figure 7 shows a sample configuration.

■ The port with the analyzer attached is called the analyzer port.

■ The port that is being monitored is called the monitor port.

Figure 7 Connecting an Analyzer to the System

LAN Analyzer

(port designated as analyzer port)

L2/3

Key Guidelines for

Implementation

(port designated as monitor port)

The monitor port and the analyzer port do not have to be on the same module.

The purpose of roving analysis is to:

■ Analyze traffic loads on each segment so that you can continually optimize

your network loads by moving network segments

■ Troubleshoot switched network problems (for example, to find out why a

particular segment has so much traffic)

When you set up a roving analysis configuration, the system copies both transmit and receive port data and forwards it to the port on which the network analyzer is attached — without disrupting the regular processing of the packets.

To enable the monitoring of ports on a system, follow these general steps:

1 Add the port on which you want to attach the network analyzer.

2 Start roving analysis by selecting the port that you want to monitor.

The system provides commands to add and remove (define and undefine) the analyzer port, to display the current analyzer and monitor ports, and to start and stop analysis as described in the following sections.

Roving Analysis 55

feature rovingAnalysis

summary

Displays the roving analysis configuration, showing which ports are currently being monitored and which port is designated as the analyzer port.

Valid Minimum Abbreviation

f r su

Example

Select menu option: feature rovingAnalysis summary

Monitor Port Analyzer Port State

-------------------------------------------------------Slot 3 Port 5 Slot 1 Port 2 Enabled

Fields in the Roving Analysis Summary

Field Description

Ports being monitored List of ports that are being monitoring.

Port configured as the analyzer port

State Shows whether or not roving analysis is active for the

Shows the analyzer port. This is the port that can accept traffic that is mirrored from a monitored port. The analyzer port is typically connected to a network analyzer or probe. Only one analyzer port may be defined.

listed monitor/analyzer port pair.

56 CHAPTER 3: SYSTEM MANAGEMENT FEATURES

feature rovingAnalysis

add

Defines a bridge port to serve as a dedicated analyzer port.

Valid Minimum Abbreviation

f r a

Important Considerations

■ The port to which the analyzer is attached and the port you wish to monitor do

not have to be on the same module.

■ You can only enable one analyzer port at a time. For more accurate analysis,

attach the analyzer to a dedicated port instead of through a repeater.

■ After a port is selected to serve as an analyzer port, it cannot receive or

transmit any other data. Instead, it receives only the data from the ports to be monitored. If you have enabled the Spanning Tree Protocol (STP) on the port, STP is automatically disabled.

■ When you configure a port that is part of a virtual LAN (VLAN) as an analyzer

port, a warning is displayed because adding the port removes the port from all VLANs. When the port is restored (when you remove the analyzer port), it becomes a member of the default VLAN.

■ If the probe is attached to a 100 Mbps Ethernet analyzer port and the roving

analysis port (RAP) is monitoring a 1000 Mbps Ethernet port with a sustained traffic rate greater than 100 Mbps, the analyzer may not see all of the frames.

■ Mirroring between different VLAN groups is not supported.

■ Trunked ports can not be configured as analyzer ports.

Example

Select menu option: feature rovingAnalysis add Select analyzer slot (1-12): 1 Select analyzer port (1-8): 2

Options

Prompt Description Possible Values [Default]

Select analyzer slot

Select analyzer port

Number of the slot containing the analyzer port

Number of the bridge port to which you want to attach the analyzer

A valid slot number –

A valid bridge port number

–

Roving Analysis 57

feature rovingAnalysis

remove

feature rovingAnalysis

start

Restores the port to be a regular bridge port. Also restores the Spanning Tree state to its state before the port was configured as an analyzer port.

Valid Minimum Abbreviation

f r r

Important Considerations

■ Use this command when you no longer need the bridge port for the analyzer.

■ Monitoring must be stopped before you can remove the analyzer port. See

“feature rovingAnalysis stop” on page 54 for details.

■ The port becomes a member of the default virtual LAN (VLAN) when it is

restored (when you remove it as an analyzer port).

■ The port will not be automatically restored to any VLAN it might have been a

member of before it was configured as an analyzer port — you must do this yourself.

Starts port monitoring activity on the selected bridge port.

Valid Minimum Abbreviation

f r sta

Important Considerations

■ You must already have an analyzer port configured. First designate a bridge

port to serve as the analyzer port and connect the analyzer to that port. See “feature rovingAnalysis add” on page 52 for details. The analyzer port and the monitor port do not have to be on the same module.

■ The media type of the analyzer port must match the media type of the port

being monitored. Fast Ethernet and Gigabit Ethernet are the same media type. You can use a Fast Ethernet (100 Mbps) port to monitor a Gigabit Ethernet (1000 Mbps) port, but a warning message will be printed. If the sustained traffic load is greater than 100 Mbps, the analyzer on the slower port may not see all the frames on the faster port.

■ If you replace the module that the monitored port resides on with a module of

a different media type, the roving analysis port (RAP) configuration for the monitored port is reset.

Example

Select menu option: feature rovingAnalysis start Select slot to monitor (1-12): 1 Select port to monitor (1-8): 3

Options

Prompt Description Possible Values [Default]

Select slot to monitor

Select port to monitor

Number of the slot containing the monitor port

Number of the bridge port to be monitored

A valid slot number –

A valid bridge port number

–

58 CHAPTER 3: SYSTEM MANAGEMENT FEATURES

feature rovingAnalysis

Stops port monitoring activity on the selected bridge port.

stop

Valid Minimum Abbreviation

f r sto

Important Considerations

■ Use this command when you no longer need the bridge port for the analyzer.

■ The port becomes a member of the default virtual LAN (VLAN) when it is

restored (when you remove it as an analyzer port).

■ The port will not be automatically restored to any VLAN it might have been a

member of before it was configured as an analyzer port — you must do this yourself.

Security Options The SMC9712G supports network security in several ways:

■ Management access via the Command Line Interface or Web Management is

controlled with user names and passwords.

■ Management access for a specified user access level via the different

management interface types can be disabled or enabled.

■ Management access via remote command interfaces can be disabled or

enabled.

system management

password

■ Network access to ports can also be limited to a specified number of addresses

to prevent users from connecting unauthorized devices to the network. This feature is described in “security network access portSecurity” on page 57.

■ Management access via external Simple Network Management Protocol

(SNMP) is controlled via community strings. Community strings are assigned when you create a new user. (See “Configuring User Names, Passwords and Community Strings” on page 32.)

Changes the password of the user currently logged into the system.

Valid Minimum Abbreviation

sy m p

Important Consideration

■ The password and confirmation of the password are not echoed to the screen.

Example

Select menu option: system management password Old password: Enter new password: Retype password:

The command line interface password has been successfully changed.

Security Options 59

security device user

summary

security device user

create

Displays the access level and associated community string for all the users.

Valid Minimum Abbreviation

se d u s

Example

Select menu option: security device user summary

User Name Access level Community String

----------------------------------------------------------admin security private manager manager manager monitor monitor public security security security

Creates a new user with the specified access level for console, Telnet and Web browser management interfaces. Also assigns a community string to the user for SNMP access.

Valid Minimum Abbreviation

se d u c

Important Considerations

security device user

modify

■ The password and confirmation of the password are not echoed to the screen.

■ The default community string is the user name.

Example

Select menu option: security device user create Enter a new user name: thomas Enter the access level (monitor,manager,security)[security]: manager Enter the password: Re-enter the password: Enter the community string [thomas]: test

Modifies the password or community string for a selected user.

Valid Minimum Abbreviation

se d u m

Important Considerations

■ The password and confirmation of the password are not echoed to the screen.

■ The user's access level cannot be modified – to change it you would need to

remove the user and define a new one with the same name.

Example

Select menu option: security device user modify Select the user name (admin,thomas,manager,security): thomas Enter the password: Re-enter the password: Enter the community string [test]: anomaly

60 CHAPTER 3: SYSTEM MANAGEMENT FEATURES

security device user

delete

security device access

summary

Deletes one or all of the users.

Valid Minimum Abbreviation

se d u d

Example

Select menu option: security device user delete Select the user name (fred,thomas,all): all

Displays access to the command interfaces for all management access levels.

Valid Minimum Abbreviation

se d a s

Example

Select menu option: security device access summary

Access Level SNMP Console Telnet Web

-------------------------------------------------------admin enable disable disable enable manager enable disable disable enable monitor enable disable enable enable

security device access

modify

Modifies access to the command interfaces for a specified user access level.

Important Consideration

Disabling access will not terminate any existing console, Telnet or Web sessions – however it does immediately stop any SNMP traffic for all users on that access level.

Valid Minimum Abbreviation

se d a m

Example

Select menu option: security device access modify Select access level (monitor,manager,security): manager Enter new value for SNMP (enable,disable)[enable]: disable Enter new value for web (enable,disable)[enable]: disable Enter new value for telnet (enable,disable)[enable]: Enter new value for console (enable,disable)[enable]: enable

Security Options 61

system management

remoteAccess

security network access

portSecurity

Enables or disables all remote access to the Switch.

Valid Minimum Abbreviation

sy m r

Important Consideration

■ When remote access is disabled, no new Telnet, SNMP or Web requests will be

accepted. Disabling remote access will not terminate any existing Telnet CLI sessions. Once disabled, remote access can only be enabled via the console port (or possibly an existing Telnet session).

Example

Select menu option: system management remoteAccess Enter new value (enable,disable)[enable]: disable WARNING: This change will lock out all SNMP, Telnet and Web based management access. Do you wish to continue (yes/no)[no]: yes

Port security can be used to prevent unauthorized users from connecting devices to the network.

Valid Minimum Abbreviation

se n a p

noSecurity Example

When noSecurity is entered as the mode of operation, then no further questions will be asked — all port security mechanisms have been disabled as shown in the following example.

Select menu option: security network access portSecurity Select slot (1-12): 1 Select bridge port (1-8,all)[all]: 5 Enter mode of operation (noSecurity,continuallyLearn,autoLearn)[noSecurity]: noSecurity

continuallyLearn Example

When continuallyLearn is entered as the mode of operation, you will be prompted for the number of addresses to be learned as shown in the following example:

Select menu option: security network access portSecurity Select slot (1-12): 1 Select Ethernet port (1-8): 5 Enter the mode of operation (noSecurity,continuallyLearn,autoLearn)[noSecurity]: continuallyLearn Enter the number of authorized addresses (0-516)[0]: 20

Authorized Addresses — You can specify up to 896 addresses for the entire Switch. (However, note that a minimum of four addresses is reserved for each port.) The number of available addresses is listed in the prompt message. Be sure you allocate enough slots to support all the nodes attached to the specified port. When continuallyLearn is selected as the security mode, the switch will continue to add all the new addresses it learns to the port’s address table, overwriting older addresses as required.

62 CHAPTER 3: SYSTEM MANAGEMENT FEATURES

autoLearn Example

When autoLearn is entered as the mode of operation, you will be prompted for the number of addresses to be learned (as described in the preceding section). You will also be asked whether or not to Disconnect Unauthorized Devices as shown in the following example:

Select menu option: security network access portSecurity Select bridge slot (1-12): 1 Select Ethernet port (1-8): 5 Enter the mode of operation (noSecurity,continuallyLearn,autoLearn)[noSecurity]: autoLearn Enter the number of authorized addresses (0-459)[1]: 20 Enter Disconnect Unauthorized Device (DUD) mode (enable,disable)[disable]: enable

Disconnect Unauthorized Device — When Disconnect Unauthorized Device is enabled, and traffic is received from a device not in the authorization table, the port will be disabled.

Important Considerations

■ Need to Know (NTK) is set to “permanently on” in the MIB. This ensures that

frames are addressed to the authorized devices only.

Ping 63

Ping The ping feature is a useful tool for network testing, performance measurement,

and management. It uses the Internet Control Message Protocol (ICMP) echo facility to send ICMP echo request packets to the IP destination that you specify. See Chapter 10 for more information about ICMP.

When a router sends an echo request packet to an IP station using ping, the router waits for an ICMP echo reply packet. The response indicates whether the remote IP is available, unreachable, or not responding.

protocol ip ping The system uses the IP address you provide and pings the host with a default

polling interval of 10 milliseconds.

Valid Minimum Abbreviation

pr i p

Example

Select menu option: protocol ip ping Enter destination IP address: 1.2.3.4 Starting ping, resolution of displayed time is 10 milli-seconds. Response from 1.2.3.4: 3 router hops. time = 10ms

Upgrading System Software

Ping Responses

This list gives the possible responses to a ping:

■ If the host is reachable, the system displays the response time to the ping.

■ If the host does not respond, the system displays this message: no answer

from ...

(You may see this message if routing has not been enabled on the

Switch and you have not configured your gateway IP address.)

■ If the packets cannot reach the host, the system displays the ICMP packet

information and this message:

Host is Unreachable. A host is unreachable

when there is no route to that host.

Strategies for Using Ping

Follow these strategies for using ping:

■ Ping devices when your network is operating normally so that you have a

performance baseline for comparison.

■ Ping when you want to test devices on different subnetworks.

Software in the interface modules is stored in nonvolatile memory, and can only be upgraded by authorized SMC field service personnel. Software for the Management Module may be updated periodically by SMC as required. To check for the latest software version, contact your network supplier or SMC representative, or visit the SMC Web site at:

http://www.smc.com/index.cfm?action=tech_support_drivers_downloads

To learn more about upgrading your system software, see the SMC9712G Release Notes.

64 CHAPTER 3: SYSTEM MANAGEMENT FEATURES

Resetting System Components

Reboot the System Use the

Reset to Factory

Defaults

Certain situations require that you reset power to the entire chassis or the NMM. This section describes the commands for performing such actions.

system control reboot command to reboot all of the installed modules

and the chassis itself, including the NMM.

This command performs a hardware reset of the chassis and all installed modules. Diagnostic routines execute and traffic forwarding may be briefly interrupted. After the chassis reset is complete, you must log back in to the primary NMM before you can enter any other commands. The configuration in non-volatile memory will not be modified.

Use this command after you download software releases. This command cycles the power (off/on) and runs the NMM diagnostic software.

You can reset the NMM’s user-configurable values and options to their default values using the

system control initialize command. This command resets all

NMM and module configuration settings (excluding IP information) to the factory defaults. If you have forgotten or lost the Administer password, this command is the only way to reset this password to the default value, which is no password.

CAUTION: Do not use this command unless absolutely necessary. This command resets all user-configurable values and options to defaults, and terminates all network communications. You will need to reenter all values and options that you changed.

Reset IP Information to

Factory Defaults

Choose an Administer password that you can remember, so that you do not have to use the

You can now log in to the NMM using default values. (At the enter

After you perform the

system control initialize command.

admin, and at the Password: prompt, press Enter.)

system control initialize operation, the NMM that

was previously configured as the Secondary NMM becomes the Primary NMM.

Use the

protocol ip initializeConfig command to reset all IP information to

factory defaults. The Switch does not undergo a power reset, and the UDP Helper is not triggered.

Remote Monitoring (RMON) 65

Remote Monitoring (RMON)

This section provides information about Remote Monitoring (RMON). The Statistics, History, Alarm and Event groups from the RMON-1 Management Information Base (MIB) are implemented in your system. The ProbeConfig object from the RMON-2 MIB is also implemented in your system.

RMON is implemented for all the Interface Modules and the NMM module of the SMC9712G system.

To manage RMON, you use the IP address that is assigned to the NMM. See Chapter 10 for information about managing IP interfaces.

You can gain access to the RMON capabilities of the system through SNMP applications, not through the serial interface or Telnet. For more information about the details of managing SMC devices using RMON tools, see the appropriate user documentation.

Overview of RMON RMON provides a way to monitor and analyze a local area network (LAN) from a

remote location. The Internet Engineering Task Force (IETF) defines RMON-1 (RMON Version 1) in documents RFC 1271 and RFC 1757; RFC 2021 defines the extension of RMON-1, RMON-2 (RMON Version V2).

A typical RMON implementation has two components:

■ Your system — Your system’s built-in probe functionality examines all the LAN

traffic on its segments, and keeps a summary of statistics (including historical data) in its local memory.

■ Management station — Communicates with your system and collects the

summarized data from it. The station can be on a different network from the system and can manage the system’s probe function through either in-band or out-of-band connections.

The RMON specification consists almost entirely of the definition of the MIB. The RMON MIB contains standard MIB variables that are defined to collect comprehensive network statistics that alert you to significant network events. If the embedded RMON agent operates full time, it collects data on the correct port when the relevant network event occurs.

RMON Benefits From a network management console, traditional network management

applications poll network devices such as switches, bridges, and routers at regular intervals. The console gathers statistics, identifies trends, and highlights network events. The console polls network devices constantly to determine if the network is within its normal operating conditions.

As network size and traffic levels grow, however, the network management console can become overburdened by the amount of data it must collect. Frequent console polling also generates significant network traffic that itself can create problems for the network.

The RMON implementation in your system offers solutions to both of these problems:

■ The system examines the network without affecting the characteristics and

performance of the network.

66 CHAPTER 3: SYSTEM MANAGEMENT FEATURES

■ The system can report by exception rather than by reporting constant or

frequent information. That is, the system informs the network management console directly if the network enters an abnormal state. The console can then use more information gathered by the system, such as historical information, to diagnose the abnormal condition.

RMON in Your System Your system supports RMON as follows:

■ RMON-1 support — The system software offers full-time embedded RMON

support using SNMP for four RMON-1 groups (including the Statistics, History, Alarm and Event groups).

■ RMON-2 support — The system software offers embedded RMON support for

one RMON-2 object (known as ProbeConfig). This object defines the system configuration, firmware upgrade and trap destination information.

Supported RMON-1

Groups

The system supports four of the RMON-1 groups (1, 2, 3, 9) that the IETF defines. Table 11 briefly describes these groups.

Table 11 RMON-1 Groups Supported in the System

Group

RMON-1 Group

Number

Purpose

Statistics 1 Maintains utilization and error statistics for

the segment being monitored

History 2 Gathers and stores periodic statistical

samples from the statistics group

Alarm 3 Allows you to define thresholds for any MIB

variable and trigger alarms

Event 9 Allows you to define actions (generate traps,

log alarms, or both) based on alarms

Statistics Group

The statistics group records frame statistics for Ethernet interfaces. The information available per interface segment includes:

■ Number of received octets

■ Number of received packets

■ Number of received broadcast packets

■ Number of received multicast packets

■ Number of received packets with CRC or alignment errors

■ Number of received packets that are undersized but otherwise well-formed

■ Number of received packets that are oversized but otherwise well-formed

■ Number of received undersized packets with either a CRC or an alignment

error

■ Number of detected transmit collisions

Byte sizes include the 4-byte FCS, but exclude the framing bits. Table 12 lists the Ethernet packet length counters that are implemented in the RMON-1 statistics group to keep track of the frame sizes that are encountered.

Remote Monitoring (RMON) 67

Table 12 Supported Frame Sizes for Ethernet

Ethernet Frame Lengths (Bytes)

65 - 127

128 - 511

512 - 1023

1024 - 1518 (1024 - 1522 bytes when tagging is enabled)

History Groups

The history group records periodic statistical samples for Ethernet interfaces and stores them for later retrieval. The information available per interface for each time interval includes:

■ Number of received octets

■ Number of received packets

■ Number of received broadcast packets

■ Number of received multicast packets

■ Number of received packets with CRC or alignment errors

■ Number of received packets that are undersized but otherwise well-formed

■ Number of received packets that are oversized but otherwise well-formed

■ Number of received undersized packets with either a CRC or an alignment

error

■ Number of detected transmit collisions

■ Estimate of the mean physical layer network utilization

Alarm Group

The system supports the following RMON alarm mechanisms:

■ Counters

■ Gauges

■ Integers

■ Timeticks

These RMON MIB objects yield alarms when the network exceeds predefined limits. The most frequently used objects are counters, although the other objects may be used in much the same way. The balance of this chapter illustrates RMON functions using counters.

Counters hold and update the number of times an event occurs on a port, module, or switch. Alarms monitor the counters and report when counters exceed their set threshold.

Counters are useful when you compare their values at specific time intervals to determine rates of change. The time intervals can be short or long, depending on what you measure.

Occasionally, counters can produce misleading results. Because counters are finite, they are useful for comparing rates. When counters reach a predetermined limit,

68 CHAPTER 3: SYSTEM MANAGEMENT FEATURES

they roll over (that is, return to 0). A single low counter value may accurately represent a condition on the network. On the other hand, the same value may simply indicate a rollover.

When you disable a port, the application may not update some of its associated statistics counters.

An alarm calculates the difference in counter values over a set time interval and remembers the high and low values. When the value of a counter exceeds a preset threshold, the alarm reports this occurrence.

Setting Alarm Thresholds Thresholds determine when an alarm reports that a counter has exceeded a certain value. You can set alarm thresholds manually through the network, choosing any value for them that is appropriate for your application. The network management software monitors the counters and thresholds continually during normal operations to provide data for later calibration.

Figure 8 shows a counter with thresholds set manually.

Figure 8 Manually Set Thresholds

Counter

User specified high threshold

User specified

low threshold

Time

You can associate an alarm with the high threshold, the low threshold, or both. The actions that occur because of an alarm depend on the network management application.

Simple Network Management Protocol (SNMP) 69

RMON Hysteresis Mechanism The RMON hysteresis mechanism prevents small fluctuations in counter values from causing alarms. Alarms occur only when either:

■ The counter value exceeds the high threshold after previously falling below the

low threshold. (An alarm does not occur if the value has not fallen below the low threshold before rising above the high threshold.)

■ The counter value falls below the low threshold after previously exceeding the

high threshold. (An alarm does not occur if the value has not first risen above the high threshold.)

For example, in Figure 8, an alarm occurs the first time that the counter exceeds the high threshold, but not the second time. At the first instance, the counter is rising from below the low threshold. In the second instance, the counter is not rising from below the low threshold.

Event Group

The event group logs alarms or traps network event descriptions. Although alarm group thresholds trigger most events, other RMON groups may define event conditions.

RMON-2 Groups The system software supports only one object from RMON-2 as defined by the

Simple Network Management Protocol (SNMP)

Manager/Agent

Operation

IETF in RFC 2021. This is the probeConfig object which defines system configuration, firmware upgrade, and trap destination information.

The Simple Network Management Protocol (SNMP) is a standard that is defined by the Internet Engineering Task Force (IETF). SNMP information is encapsulated in a UDP and IP packet, which in turn, is encapsulated in an appropriate protocol-specific frame.

This section describes the configurable options on the Network & Management Module (NMM) that relate to SNMP management.

SNMP communication requires a manager (the station that is managing network devices) and an agent (the software in the devices that talks to the management station). SNMP provides the language and the rules that the manager and agent use to communicate.

Managers can discover agents:

■ Through autodiscovery tools on Network Management Platforms (such as HP

OpenView Network Node Manager)

■ When you manually enter IP addresses of the devices that you want to manage

For agents to discover their managers, you must provide the agent with the IP address of the management station or stations.

Managers send requests to agents (either to send information or to set a parameter), and agents provide the requested data or set the parameter. Agents can also send information to the managers (without being requested by the managers) through trap messages, which inform the manager that certain events have occurred.

70 CHAPTER 3: SYSTEM MANAGEMENT FEATURES

SNMP Messages SNMP supports queries (called messages) that allow the protocol to transmit

information between the managers and the agents. Types of SNMP messages:

■ Get and Get-next — The management station requests an agent to report

information.

■ Set — The management station requests an agent to change one of its

parameters.

■ Get Responses — The agent responds to a Get, Get-next, or Set operation.

■ Trap — The agent sends an unsolicited message informing the management

station that an event has occurred.

Management Information Bases (MIBs) define what can be monitored and controlled within a device (that is, what the manager can Get and Set). An agent can implement one or more groups from one or more MIBs. See Appendix B “Management Information Base (MIB)” for more information.

Trap Reporting Traps are events that devices generate to indicate status changes. Every agent

supports some trap reporting. You must configure trap reporting at the devices so that these events are reported to your management station to be used by the Network Management Platforms (such as HP OpenView Network Node Manager or SunNet Manager).

You do not need to enable all traps to effectively manage a switch. To decrease the burden on the management station and on your network, you can limit the traps reported to the management station.

MIBs are not required to document traps. The SNMP agent supports the limited number of traps defined in Table 13 on page 67. More traps may be defined in vendors’ private MIBs.

Administering SNMP Trap Reporting

For network management applications, you can use the Administration Console to manually administer the trap reporting address information.

■ Displaying Trap Reporting Information — When you display the trap

reporting information, the system displays the various SNMP traps and their currently configured destinations as shown in the following example:

Select menu option: system management snmp trap summary

Index Community String Destination Address

---------------------------------------------------1 security 192.168.163.173 2 bill 192.168.163.172 3 fred 192.168.163.172 4 mike 192.168.163.170

■ Configuring Trap Reporting — You can add new trap reporting destination

configurations and modify existing configurations as shown in the following examples. You can define up to 10 destination addresses.

Select menu option: system management snmp trap create Enter the trap community string [monitor]: fred Enter the trap destination address: 141.11.163.123

Simple Network Management Protocol (SNMP) 71

Select menu option: system management snmp trap modify Select trap index (1,2,3,4): 2 Enter the trap community string [bill]: dick Enter the trap destination address [192.168.163.172]: 192.168.163.123

All supported traps are sent to the destination address when the events occur.

■ Removing Trap Destinations — When you remove a destination, no SNMP

traps are reported to that destination. See the following example:

Select menu option: system management snmp trap delete Select trap index (1,2,3,4,all)[all]: 2

■ Flushing All SNMP Trap Destinations — When you flush the SNMP trap

reporting destinations, you remove all trap destination address information for the SNMP agent. See the following example:

Select menu option: system management snmp trap delete Select trap index (1,2,35,2322,all)[all] : all

Supported Trap Reports

Table 13 describes the first two fields in the trap message. The remainder of the fields are dependent upon the type of trap that is received and are self-explanatory.

Table 13 NMM Trap Message Fields

Field Description

Enterprise Describes the enterprise (organization) responsible

for this type of trap message.

Enterprise-Specific Trap One of the following trap messages:

Cold Start Link Down Link Up Authentication Failure New Root Topology Change Power Supply Failure Card Insertion Trap Card Extraction Trap Address Threshold System Fan Failure Rising Alarm Falling Alarm Response Received Response Not Received

Interpreting NMM Trap Messages

SNMP traps are sent to the NMM console when traps occur. An example of an SNMP trap is when a device attempts to gather information (read) from the NMM, but the address of the device was not added to the community table with that access level. The message that appears in this instance is similar to the following example:

Message received from this device on 15:58 Fri 09 Jul 99: Enterprise: SMC SNMP Generic Trap: SNMP Authentication Failure Message Information: Authentication Failure Address: 192.168.6.163

72 CHAPTER 3: SYSTEM MANAGEMENT FEATURES

CLI Command List The full list of commands for the Administration Console are shown in Table 14.

Table 14 CLI Command List

Command Description See

bridge Administer bridge-wide parameters –

bridge addressDatabase Administer address database –

bridge addressDatabase add Add a statically configured address page 129

bridge addressDatabase agingTime Set the bridge address aging time page 131

bridge addressDatabase find Find an address page 130

bridge addressDatabase flushAll Delete all address table entries page 132

bridge addressDatabase flushDynamic Delete all dynamic address table entries page 132

bridge addressDatabase remove Remove an address page 130

bridge addressDatabase summary Displays summary information page 128

bridge broadcastStormControl Enable/disable broadcast storm control page 133

bridge linkAggregation Administer aggregated links –

bridge linkAggregation detail Display detailed information page 97

bridge linkAggregation modify Modify Aggregated Links –

bridge linkAggregation modify addPort Add a port to a aggregated link page 98

bridge linkAggregation modify linkState Enable/disable aggregated links page 100

bridge linkAggregation modify removePort Remove a port from a aggregated link page 99

bridge linkAggregation summary Display summary information page 96

bridge multicastFilter Administer multicast filtering –

bridge multicastFilter igmp Administer IGMP –

bridge multicastFilter igmp snoopMode Enable/disable IGMP multicast learning page 167

bridge multicastFilter routerPort Administer router ports –

bridge multicastFilter routerPort addPort Add a statically configured router port page 169

bridge multicastFilter routerPort autoDiscovery Enable/Disable router port auto discovery page 169

bridge multicastFilter routerPort removePort Remove a router port page 170

bridge multicastFilter routerPort summary Display summary information page 168

bridge port Administer bridge ports –

bridge port defaultPriority Set the default 802.1D priority for untagged frames page 177

bridge port detail Display detailed information page 110

bridge port stpCost Set the Spanning Tree path cost parameter page 122

bridge port stpFastStart Enable/disable Spanning Tree fast start page 123

bridge port summary Display summary information page 109

bridge spanningTree Administer the spanning tree protocol –

bridge spanningTree stpForwardDelay Set the bridge Spanning Tree forward delay parameter page 121

bridge spanningTree stpHelloTime Set the bridge Spanning Tree hello time parameter page 120

bridge spanningTree stpMaxAge Set the bridge Spanning Tree maximum age parameter page 119

bridge spanningTree stpPriority Set the bridge Spanning Tree priority parameter page 118

bridge spanningTree stpState Enable/disable Spanning Tree on a bridge page 117

bridge summary Display summary information page 107

CLI Command List 73

Table 14 CLI Command List

Command Description See

bridge vlan Administer VLANs –

bridge vlan create Create a VLAN page 154

bridge vlan delete Delete a VLAN page 157

bridge vlan detail Display detailed information page 153

bridge vlan modify Modify a VLAN –

bridge vlan modify addPort Add a port to a VLAN page 155

bridge vlan modify name Name a VLAN page 156

bridge vlan modify removePort Remove a port from a VLAN page 156

bridge vlan summary Display summary information page 152

feature Administer system features –

feature rovingAnalysis Administer roving analysis –

feature rovingAnalysis add Configure the roving analysis port page 52

feature rovingAnalysis remove Clear the roving analysis port page 53

feature rovingAnalysis start Start monitoring page 53

feature rovingAnalysis stop Stop monitoring page 54

feature rovingAnalysis summary Display summary information page 51

physicalInterface Administer physical interfaces –

physicalInterface ethernet Administer Ethernet ports –

physicalInterface ethernet autoNegotiation Enable/disable auto-negotiation page 84

physicalInterface ethernet detail Display detailed information page 81

physicalInterface ethernet flowControl Enable/disable flow control page 87

physicalInterface ethernet portCapabilities Set the port capabilities page 88

physicalInterface ethernet portMode Set the port speed and duplex mode page 86

physicalInterface ethernet portState Enable/disable an Ethernet port page 83

physicalInterface ethernet summary Display summary information page 79

74 CHAPTER 3: SYSTEM MANAGEMENT FEATURES

Table 14 CLI Command List

Command Description See

protocol Administer protocols –

protocol ip Administer IP –

protocol ip arp Administer the ARP cache –

protocol ip arp age Set the age time for dynamic ARP entries page 213

protocol ip arp display Display the ARP cache page 210

protocol ip arp flushAll Flush all dynamic and static ARP entries page 212

protocol ip arp flushDynamic Flush all dynamic ARP entries page 213

protocol ip arp remove Remove an ARP entry page 212

protocol ip arp static Define a static ARP entry page 211

protocol ip arp statistics Display ARP statistics page 214

protocol ip basicConfig Basic IP management configuration page 35

protocol ip initializeConfig Reset IP information to factory defaults page 60

protocol ip interface Administer IP interface –

protocol ip interface arpProxy Enable/disable ARP proxy page 216

protocol ip interface bootp Enable/disable BOOTP page 36

protocol ip interface create Create a new IP interface page 201

protocol ip interface delete Delete an existing IP address definition page 203

protocol ip interface modify Modify IP interface information page 202

protocol ip interface summary Display IP interface information page 204

protocol ip ping Poll remote device page 59

protocol ip rip Administers RIP features –

protocol ip rip authenticationMode Sets RIPv2 authentication mode and key page 227

protocol ip rip cost Set RIP cost for selected interface page 223

protocol ip rip mode Enable/disable global RIP operation page 223

protocol ip rip neighbours Displays “well known” neighbours information page 228

protocol ip rip poisonReverse Enable/disable poison reverse on the interface page 226

protocol ip rip receiveMode Sets interface receive mode page 225

protocol ip rip sendMode Sets interface send mode page 224

protocol ip rip statistics Displays RIP interface statistics page 228

protocol ip rip summary Displays RIP information page 222

protocol ip rip updateTime Sets the time of RIP updates transmission page 225

protocol ip route Administer IP routes –

protocol ip route default Define the default route page 207

protocol ip route flush Removes all learned routes from the routing table page 206

protocol ip route noDefault Remove the default route page 207

protocol ip route remove Removes an existing route page 206

protocol ip route static Adds a static route page 205

protocol ip route summary Display summary information page 204

CLI Command List 75

Table 14 CLI Command List

Command Description See

security Administer security –

security device Administer device security –

security device access Administer access rights –

security device access modify Modify access rights page 56

security device access summary Display summary information page 56

security device user Administer users –

security device user create Create a new user page 55

security device user delete Delete a user page 56

security device user modify Modify a user page 55

security device user summary Display summary information page 55

security network Administer network security –

security network access Administer network access security –

security network access portSecurity Set the learning mode and enable/disable DUD page 57

system Administer system-level functions –

system control Administer system control –

system control initialize Reset to factory defaults page 60

system control reboot Perform system reboot page 60

system control softwareUpgrade Perform agent software upgrade page 59

system management Administer system management –

system management contact Set the system contact page 31

system management location Set the system location page 31

system management name Set the system name page 31

system management password Set the system password page 54

system management remoteAccess Change Remote Access permissions page 57

system management snmp Administer SNMP –

system management snmp community Set the SNMP community string page 32

system management snmp trap Administer SNMP trap destinations –

system management snmp trap create Create a new trap destination page 66

system management snmp trap delete Delete a trap destination page 66

system management snmp trap modify Modify a trap destination page 66

system management snmp trap summary Display summary information page 66

system summary Display summary information page 48

trafficManagement Administer traffic management –

trafficManagement qos Administer Quality of Service –

trafficManagement qos modify Modify the traffic prioritization settings page 176

76 CHAPTER 3: SYSTEM MANAGEMENT FEATURES

ETHERNET PORTS

This chapter provides guidelines and other key information about how to implement Ethernet ports.

The chapter covers these topics:

■ Ethernet Overview

■ Key Concepts

■ Key Guidelines for Implementation

■ Administering Ethernet Ports

■ Standards, Protocols, and Related Reading

78 CHAPTER 4: ETHERNET PORTS

Ethernet Overview Ethernet is a standardized, switched, packet-based network that supports an

exponential hierarchy of three line speeds:

■ 10 Mbps — Ethernet

■ 100 Mbps — Fast Ethernet

■ 1000 Mbps — Gigabit Ethernet

All speeds of Ethernet are based on an IEEE 802.3 standard protocol called Carrier Sense Multiple Access with Collision Detection (CSMA/CD), which controls network access. With CSMA/CD, a station that intends to transmit listens for other Ethernet traffic on the network. When the station does not detect network activity, the station transmits.

Features You can configure these features on Ethernet ports:

■ Port state — Whether a port is enabled (placed online) or disabled (placed

off-line)

■ Port mode — Port speed (10 Mbps, 100 Mbps, or 1000 Mbps) and duplex

mode (half-duplex or full-duplex)

■ Autonegotiation — A feature that allows some ports to automatically

identify and negotiate speed and duplex mode with a receiving device

■ Flow control — A Fast Ethernet or Gigabit Ethernet port mode that pauses

and resumes transmissions to reduce congestion on specific links

In addition, some important Ethernet features depend on which Ethernet equipment you use, how you configure it, and how you connect it:

■ Trunking — Increases bandwidth between switches and servers

■ Gigabit Interface Converter (GBIC) — A Gigabit Ethernet port media type

that allows you to hot-swap one media connector without affecting the other connectors

Ethernet Overview 79

Benefits Ethernet, Fast Ethernet, and Gigabit Ethernet technologies allow you to configure

and optimize:

■ Link bandwidths

■ Link availability

Link Bandwidths

As your network needs to support more users and increasingly bandwidth-intensive applications, you can configure Ethernet networks to keep pace with (or exceed) the capacity demands at two locations:

■ To end stations — Depending on your application needs and network

growth, you can migrate workstation connections from shared 10-Mbps to switched 100-Mbps Fast Ethernet. SMC’s Ethernet network interface cards (NICs) can automatically sense and configure themselves to an upgraded connection speed.

■ Between servers and switches — Ethernet systems allow you to increase the

bandwidth between switches or between servers and switches as your network requires. This increase is accomplished using trunking technology (also called link aggregation), which works at Open Systems Interconnection (OSI) Layer 2. For more information about trunking, see Chapter 5.

Link Availability

Ethernet technologies also allow you to design high levels of availability into your network through the use of trunking. A trunk enhances network availability because it dramatically increases the throughput on point-to-point links, and provides backup in case an individual port fails. For more information about trunking, see Chapter 5.

Other Benefits

The hierarchy of Ethernet, Fast Ethernet, and Gigabit Ethernet technologies offers these additional network benefits:

■ Ease of configuration and expansion of point-to-point links

■ Increased support for workstation changes, and upgrades

■ Low-cost expansion of switch-to-switch or switch-to-server bandwidths

without having to change device modules or cabling

80 CHAPTER 4: ETHERNET PORTS

Key Concepts These concepts are important to implementing Ethernet:

■ Carrier Sense Multiple Access with Collision Detection (CSMA/CD) —

The standardized Ethernet protocol that controls device access to the network

■ Collision — When two or more stations attempt to transmit simultaneously

■ Port mode — An Ethernet port’s speed and duplex mode

■ Port speed — 10 Mbps (Ethernet), 100 Mbps (Fast Ethernet), 1000 Mbps

(Gigabit Ethernet)

■ Port state — Whether a port is enabled (placed online) or disabled (placed

off-line)

■ Duplex mode — Whether a port supports one-way (half-duplex) or two-way

(full-duplex) transmissions

■ Autonegotiation — A feature that allows some ports to identify and

negotiate speed and duplex mode with a receiving device.

■ Flow control — A Fast Ethernet or Gigabit Ethernet port mode that pauses

and resumes transmissions to reduce the congestion on specific links

■ Trunking — A technology that combines multiple Fast Ethernet or Gigabit

Ethernet ports into a single high-speed channel, thereby increasing bandwidth between switches and between servers and switches

■ Gigabit Interface Converter (GBIC) — A Gigabit Ethernet port media type

that allows you to hot-swap one media connector without affecting the other connectors

■ Network areas — SMC uses a three-tiered framework to describe the

different functional areas in a LAN:

■ Wiring closet — This area provides connections to user workstations. It

also includes downlinks into the data center or campus interconnect.

■ Data center — This area receives connections from wiring closets and

campus interconnect areas. Most local server farms reside here.

■ Campus interconnect — This area appears as a separate location only in

larger networks; smaller networks usually have only wiring closets and data centers. The campus interconnect links campus data centers to each other. It may also include an enterprise server farm and connections to a wide area network.

Key Concepts 81

Ethernet Packet

Processing

All frames on an Ethernet network are received promiscuously by an Ethernet port. A port can discard frames for either of the following reasons:

■ There is no buffer space available.

■ The frame is in error.

Figure 9 shows the order in which frame discard tests are made.

Figure 9 How Frame Processing Affects Ethernet Receive Frame Statistics

rxFrames

noRxBuffers

rxInternalErrs lengthErrs alignmentErrs fcsErrs

rxUcastFrames rxMcastFrames

Frames received from the network

Frames discarded because buffer space was exhausted

Frames discarded because frame was in error

Frames delivered by the Ethernet port

processing of frames

Frames also may be delivered directly to an Ethernet port by bridge, router, or management applications. However, a transmitted frame can be discarded for any of the following reasons:

■ The Ethernet port is disabled.

■ There is no room on the transmit queue.

■ An error occurred during frame transmission.

Figure 10 shows the order in which these discard tests are made.

Figure 10 How Frame Processing Affects Ethernet Transmit Frame Statistics

txUcastFrames txMcastFrames

txDiscards

txQOverflows

excessDeferrals excessCollision carrierSenseErr txInternalErrs

txFrames

Frames delivered to the port

Frames discarded because port was disabled

Frames discarded because transmit queue was full

Frames discarded because of transmission error

Frames successfully transmitted to the network

processing of frames

82 CHAPTER 4: ETHERNET PORTS

Key Guidelines for Implementation

Link Bandwidths Recommended link capacities in a network normally depend on the speed

Trun k s Consider these important factors when you implement and trunk Fast Ethernet or

Consider these important factors when you implement and configure Ethernet networks:

requirements of end-user workstations, as shown in Table 15. In areas that may benefit from 1000-Mbps pipelines, you may be able to substitute trunked Fast Ethernet, subject to the issues raised in Chapter 5.

Table 15 Recommendations for Structuring Bandwidth Across the LAN

Mainstream networks

Power networks

Desktops to Wiring Closet

Switched 10 or Shared 10/100

Switched 10/100 Switched 1000 Switched 1000+

Wiring Closet to Data Center

Switched 100 Switched 1000

Data Center to Campus Interconnect

Gigabit Ethernet links:

■ SMC recommends that you use trunks to increase network availability in the

following circumstances:

■ Switch-to-switch connections in the data center and campus interconnect

areas

■ Switch-to-server connections in the data center and campus interconnect

areas

■ Downlinks from the data center to the campus interconnect area

■ When multiple links are trunked, it can be difficult to manage and troubleshoot

individual port-to-port connections if a connectivity problem occurs. This issue may not be of concern in a server farm room. But if you use trunking extensively between wiring closets and data centers, the large number of connections involved and their distributed nature may make their management and troubleshooting difficult.

Administering Ethernet Ports 83

Administering Ethernet Ports

physicalInterface

ethernet summary

This section describes commands for configuring the physical interface on Ethernet ports.

Displays a summary of Ethernet port information. The summary shows the port’s status, as well as the most pertinent statistics about general port activity and port errors.

Valid Minimum Abbreviation

ph e s

Important Considerations

■ Port numbering includes unused ports.

■ The Rx Packets value that the Ethernet summary command reports for a

bridge port may differ from the value that the bridge port summary command reports. The Ethernet summary command counts all frames that are delivered to the port while the bridge port summary command reports only valid frames that are passed to the port. Therefore, the Ethernet summary value should exceed the bridge port summary value by the number of receive errors

Errors).

(

Example

Select menu option: physicalInterface ethernet summary Select slot (1-12): 1 Select bridge port (1-8,all)[all] :all

Port State Mode Rx Packets Rx Octets Errors

-------------------------------------------------------------------1 enabled 100half auto 254 5456 1 2 enabled 100full auto 0 0 0 3 enabled link down 0 0 0 4 enabled link down 0 0 0 5 enabled link down 0 0 0 6 enabled link down 0 0 0 7 enabled link down 0 0 0 8 enabled link down 0 0 0

Options

Prompt Description Possible Values [Default]

Slot Number of slot with an

interface module

Port numbers Port numbers for which you

want to display summary information

A single slot –

■ A single port

■ all

all

84 CHAPTER 4: ETHERNET PORTS

Fields in the Ethernet Summary Display

Field Description

Port Port index number.

State Current software operational state of this port. Possible

values are enabled, disabled, tx-fault, and config-error. The value enabled appears when the port is both enabled and connected to a cable.

Mode Actual operating port mode. When autonegotiation is

completed, the values shown are the autonegotiated settings. When autonegotiation is disabled, the value is the user-selected port mode.

Rx Packets Number of packets that were copied into receive buffers by

this port.

Rx Octets Number of octets received by this port, including framing

characters.

Errors Total of all errors that are associated with this port.

Administering Ethernet Ports 85

physicalInterface

ethernet detail

Displays detailed Ethernet port information including the information in the summary and additional Ethernet port statistics, such as collision counters.

Valid Minimum Abbreviation

ph e d

Important Considerations

■ Port numbering includes unused ports.

■ The Rx Packets value that the Ethernet detail command reports for a bridge

port may differ from the value that the bridge port detail command reports. The Ethernet detail command counts all frames that are delivered to the port while the bridge port detail command reports only valid frames that are passed to the port. Therefore, the Ethernet detail value should exceed the bridge port detail value by the number of receive errors (

Errors).

Example

Select menu option: physicalInterface ethernet detail Select slot (1-12): 1 Select bridge port (1-8,all)[all]: 3

Slot 1, Port 1 Detailed Information

Port Type: RJ45 Port State: Enabled Port Mode: 100half Auto

Received Stats Transmit Stats

-------------- -------------Unicast Packets: 186 Unicast Packets: 32 Non Unicast Packets: 2970 Non Unicast Packets: 8 Octets: 441788 Octets: 2560 Fragments: 0 Collisions: 0 Discarded Packets: 0

Errors

-----Undersize: 0 Oversize: 0 CRC Error: 0 Jabbers: 0

Packet Size Analysis

-------------------64 Octets: 37732 256 to 511 Octets: 13798 65 to 127 Octets: 35527 512 to 1023 Octets: 120 128 to 255 Octets: 25551 1024 to 1518 Octets: 0

Options

Prompt Description Possible Values [Default]

Slot Number of slot with an

interface module

Port numbers Port numbers for which you

want to display detailed information

A single slot –

■ A single port

■ all

all

86 CHAPTER 4: ETHERNET PORTS

Fields in the Ethernet Detail Display

Field Description

Port Type Specific description of this port’s type. Values for each port

type: 10/100BASE-T (RJ45), 100BASE-FX (SC),

1000BASE-SX (SC), 1000BASE-LX (GBIC), 1000BASE-SX (GBIC).

Port State Shows if the port has been enabled (placed on-line) or disabled

(placed off-line) by the portState command.

Port Mode Actual operating port mode. When autonegotiation is

completed, the value shown is the autonegotiated setting. When autonegotiation is disabled, the value is the port mode.

Received Stats

Unicast Packets Number of unicast (nonmulticast or nonbroadcast) packets

that were delivered by this port to a higher-level protocol or application.

Non Unicast Packets Number of non-unicast (multicast or broadcast) packets

delivered to a higher-layer protocol or application.

Octets Number of octets received by this port, including framing

characters.

Fragments Number of packets received by this port that were shorter than

64 bytes and had CRC or alignment errors.

Discarded Packets Number of received frames that were discarded because there

was no higher layer to receive them or because the port was disabled.

Transmit Stats

Unicast Packets Number of unicast (nonmulticast and nonbroadcast) packets

that are queued for transmission by a higher-level protocol or application, including packets not transmitted successfully.

Non Unicast Packets The total number of packets that higher-level protocols

requested be transmitted to a non-unicast (multicast or broadcast) address, including those that were discarded or not sent.

Octets Number of octets that were transmitted by this port.

Collisions The best estimate of the total number of collisions on this

Ethernet segment.

Errors

Undersize The total number of packets received that were less than 64

octets long (excluding framing bits, but including FCS octets) and were otherwise well formed.

CRC and Align Error Number of Ethernet Cyclic Redundancy Check errors and

alignment errors (missynchronized data packets).

Oversize The total number of packets received that were longer than

1518 octets (excluding framing bits, but including FCS octets) and were otherwise well formed.

Jabbers The total number of packets received that were longer than

1518 octets (excluding framing bits, but including FCS octets), and had either an FCS or alignment error.

Administering Ethernet Ports 87

Field Description

Packet Size Analysis

64 Octets The total number of frames (including bad packets) received

and transmitted that were 64 octets in length (excluding framing bits but including FCS octets).

65 to 127 Octets 128 to 255 Octets 256 to 511 Octets 512 to 1023 Octets

The total number of frames (including bad packets) received and transmitted where the number of octets fall within the specified range (excluding framing bits but including FCS octets).

1024 to 1518 Octets

physicalInterface

ethernet portState

You can enable Ethernet ports (place them on-line) or disable them (place them off-line).

Valid Minimum Abbreviation

ph e ports

Important Considerations

■ Disabling a port may adversely affect a live network because it stops all

network traffic through the port.

■ When an Ethernet port is enabled, frames are transmitted normally over that

port. When an Ethernet port is disabled, the port does not send or receive frames.

■ The Mode value shown in the Ethernet summary and detail displays reports

enabled for enabled ports and disabled for disabled ports. The Port Link LED

for each disabled port on the module also indicates the status.

■ If the Ethernet state of a port is enabled and you have the Spanning Tree

Protocol (STP) enabled, the port may be disabled by STP. However, this state is subject to change, depending on the calculations of the STP algorithm and the state of the network.

Example

Select menu option: physicalInterface ethernet portState Select slot (1-12): 1 Select bridge port (1-8,all)[all]: 1 Enter new value (enable,disable)[enable]: disable

Options

Prompt Description Possible Values [Default]

Slot Number of slot with an

interface module

Port Ports that you want to enable

or disable

State setting Value shown in the summary

and detail displays reports: enabled for all enabled ports displayed and disabled for all disabled ports displayed

A single slot –

■ Individual ports

■ all

■ enabled

■ disabled

all

enabled

88 CHAPTER 4: ETHERNET PORTS

physicalInterface

ethernet

autoNegotiation

This feature allows some ports to identify and negotiate speed and duplex mode with a remote device.

Valid Minimum Abbreviation

ph e a

Important Considerations

■ Autonegotiation is enabled by default on the ports that support it.

■ Use the portMode option to manually configure or modify the port speed and

duplex mode. Use the

flowControl option to manually configure or modify

flow control.

■ When you enable autonegotiation, the module ignores your requested

portMode information for 10/100BASE-TX ports and your requested flowControl information for 1000BASE-SX, SX GBIC and LX GBIC ports.

■ When you disable autonegotiation, the module recognizes the requested

portMode values for ports that have portMode options and the requested flowControl values for 1000BASE-SX, SX GBIC and LX GBIC ports.

100BASE-FX ports do not support autonegotiation.

■ When you disable autonegotiation, the portMode and flowControl

commands specify speed, duplex mode, and flow control for the port. When you enable auto-negotiation, the

portMode and flowControl commands are

not directly used to configure the port. They set the default for when auto-negotiation is disabled or fails. Therefore, when auto-negotiation is enabled, the

portMode and flowControl commands do not show the current

speed, duplex mode, or flow control of the port.

■ In most cases, if autonegotiation does not properly detect the remote port

speed, the vendor of the remote device implemented either autonegotiation or a change in port speed in a noncompliant way. If autonegotiation does not properly detect the port speed, you can manually set the port speed and duplex mode.

■ Ta bl e 16 lists Ethernet port types on your system, whether they support

autonegotiation, and which features they negotiate.

Table 16 Port Types and Autonegotiation Attributes

Supports

Port Type

10/100BASE-TX Yes Port speed

100BASE-FX No Not applicable Not applicable

1000BASE-SX Yes Duplex mode*

Autonegotiation

Negotiable Attributes

Duplex mode

Flow control

Default Values for Negotiable Attributes

10 Mbps

Half-duplex

Full-duplex*

If autonegotiation is enabled, the system’s best effort is On

Table 16 Port Types and Autonegotiation Attributes

Administering Ethernet Ports 89

Port Type

Autonegotiation

1000BASE-LX GBIC Yes Duplex mode

Supports

Negotiable Attributes

Flow control

for Negotiable Attributes

Full-duplex*

If autonegotiation is enabled, the system’s best effort is On

Default Values

1000BASE-SX GBIC Yes Duplex mode*

Flow control

Full-duplex*

If autonegotiation is enabled, the system’s best effort is On

* 1000BASE-SX, SX GBIC, and LX GBIC duplex modes are fixed at full-duplex at this release.

■ 10/100BASE-TX ports — Enabling autonegotiation causes both the port

speed and duplex mode attributes to be autonegotiated.

■ 100BASE-FX ports — No autonegotiation of duplex mode occurs. The port

speed is fixed at 100 Mbps. The duplex mode is fixed at

■ 1000BASE-SX, SX GBIC and LX GBIC ports — Both link partners must either

full-duplex.

enable or disable autonegotiation. As long as autonegotiation is enabled, the system’s best effort for handling flow control is

On.

Example

Select menu option: physicalInterface ethernet autoNegotiation Select slot (1-12): 1 Select bridge port (1-8,all)[all]: 1 Enter new value (enable,disable)[enable]: disable

Options

Prompt Description Possible Values [Default]

Slot Number of slot with an

interface module

Port Port numbers for which you

want to enable or disable autonegotiation

Autonegotiation setting

Whether to enable or disable autonegotiation on each of the ports that you selected

A single slot –

■ A single port

■ all

■ enable

■ disable

all

enable

90 CHAPTER 4: ETHERNET PORTS

physicalInterface

ethernet portMode

You can change the port speed and duplex mode for 10/100BASE-TX ports. You cannot change the port speed or duplex mode for the 100BASE-FX or Gigabit Ethernet ports.

Valid Minimum Abbreviation

ph e portm

Important Considerations

■ When you configure duplex mode, configure both sending and receiving ports

comparably. If the port speeds differ, the link does not come up. If the duplex modes differ, link errors occur.

■ Autonegotiation must be disabled on a port before you can use the port mode

command.

■ 100BASE-FX and Gigabit Ethernet ports do not support mode options. The

all refers only to ports that support port mode options.

value

■ Enabling full-duplex mode on a port disables collision detection.

■ You should disable autonegotiation on any port on which you are manually

setting a specific port mode.

Example

Select menu option: physicalInterface ethernet portMode Select slot (1-12): 1 Select bridge port (1-8,all)[all]: 1 Enter new value (100full,100half,10full,10half)[100full]: 100half Select menu option: physicalInterface ethernet portMode Select slot (1-12): 2 Select bridge port (1): Enter new value (1000full)[1000full]:

Options

Prompt Description Possible Values [Default]

Slot Number of slot with an

interface module

Port Ports for which you want to

change the portMode values

Port mode setting

Speed and duplex mode for each of the ports that you selected

A single slot –

■ A single port

■ A range of ports

separated by a hyphen

■ Nonconsecutive

ports separated by commas

■ all

See “Important Considerations” earlier in this section.

all

10half (10/100BASE-TX)

100full (100BASE-FX)

1000full (Gigabit)

Administering Ethernet Ports 91

physicalInterface

ethernet flowControl

The flow control mode allows a Fast Ethernet port or a Gigabit Ethernet port to decrease the frequency with which it sends packets to a receiving device if packets are being sent too rapidly, or to send flow control packets to a sending device to request that the device slow its speed of transmission.

Valid Minimum Abbreviation

ph e f

Important Considerations

■ The default setting for flow control is off.

■ The system does not count flow control packets in receive or transmit statistics.

Example

Select menu option: physicalInterface ethernet flowControl Select slot (1-12): 1 Select bridge port (1-8,all)[all]: 1 Enter new value (on,off)[off]: on

Options

Prompt Description Possible Values [Default]

Slot Number of slot with an

interface module

Port selection

Flow control setting

Ports for which you want to set flow control characteristics

Flow control characteristics for each of the ports that you selected

A single slot –

■ A single port

■ all

■ on

■ off

all

off

Description of Flow Control Settings

Setting Description

on Port recognizes flow control packets and

responds by pausing transmission. The port can generate flow control packets as necessary to slow incoming traffic.

off Port ignores flow control packets and does not

generate them.

Available on Port Type

Gigabit Ethernet

Fast Ethernet

Gigabit Ethernet

Fast Ethernet

92 CHAPTER 4: ETHERNET PORTS

physicalInterface

ethernet

portCapabilities

This Switch allows you to configure the port capabilities which are advertised in autonegotiation. Greater control over autonegotiation may be required when there are compatibility issues. It may also be useful to restrict the bandwidth of network PCs (while allowing autonegotiation of duplex mode), or to restrict autonegotiation where there are compatibility issues.

Valid Minimum Abbreviation

ph e portc

Example

Select menu option: physicalInterface ethernet portCapabilities Select slot (1-12): 1 Select bridge port (1-8,all)[all]: 1 Enter new advertised capabilities - comma separated OR all (10half,10full,100half,100full,all) [all]:10f,10h,f Select menu option: physicalInterface ethernet portCapabilities Select slot (1-12): 1 Select Ethernet port (1): Enter new advertised capabilities - comma separated OR all (1000full,flowcontrol,all) [all]:1000f

Options

Prompt Description Possible Values [Default]

Slot Number of slot with an

A single slot –

interface module

Port selection

Advertised capabilities

Port for which you want to set flow control characteristics

Port capabilities to be advertised for autonegotiation

■ A single port

■ all

■ 10half

■ 10full

■ 100half

■ 100full

■ 1000full

■ all

all

See Table 16

Standards, Protocols, and Related Reading 93

Standards, Protocols, and Related Reading

The system supports these Ethernet standards:

■ IEEE 802.3 — 10BASE-T Ethernet over unshielded twisted pair (UTP)

■ IEEE 802.3u — 100BASE-T Fast Ethernet over UTP or fiber-optic cable

■ IEEE 802.3z — 1000BASE-SX Gigabit Ethernet over multimode fiber-optic

cable and 1000BASE-LX Gigabit Ethernet over multimode or single-mode fiber-optic cable

■ IEEE 802.3x — Full duplex operation with flow control

Ethernet Protocol

■ IEEE 802.3 — Carrier Sense Multiple Access with Collision Detection, which

controls Ethernet access. A station that intends to transmit listens for network traffic. If it detects none, it transmits.

If two or more stations transmit at about the same time, their packets experience a collision and the colliding data streams do not reach their destinations. The sending stations stop transmitting, broadcast a collision alert, and wait a random amount of time before trying again.

Media Specifications Table 17 summarizes the system’s Ethernet media options.

Table 17 Ethernet Media Specifications

Type Speed Media Connector Recommended Distance (max)

10/100BASE-TX 10/100

100BASE-FX 100 Mbps single-mode fiber

1000BASE-SX 1000 Mbps multimode fiber SC 220 m (62.5 micron @

1000BASE-LX GBIC

1000BASE-SX GBIC

Mbps

1000 Mbps single-mode fiber

1000 Mbps multimode fiber GBIC 550 m (62.5 and 50 micron @

Category 5 UTP RJ-45 100 m

multimode fiber

GBIC

GBIC, with duplex SC conditioned launch cable

20 km

412 m (half-duplex) 2 km (full-duplex)

160 MHz*km modal bandwidth)

275 m (62.5 micron @ 200 MHz*km modal bandwidth)

500 m (50 micron @ 400 MHz*km modal bandwidth)

550 m (50 micron @ 500 MHz*km modal bandwidth)

5 km (9 micron) (qualified for up to 10 km)

550 m (62.5 and 50 micron @ all modal bandwidths)

all modal bandwidths)

1000BASE Gigabit Interface Converter (GBIC) ports are hot-swappable, that is, you can replace one GBIC connector while the other connectors continue to carry traffic.

94 CHAPTER 4: ETHERNET PORTS

Smc 9712G Software Configuraton Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

ABOUT THIS GUIDE

Audience This guide is intended for the network administrator who is responsible for

Scope of this Guide The information in this guide pertains to Release 1.1 software.

Using This Book This guide contains information for every command for the SMC9712G. It

Finding Information Use this chart to help you find information about specific tasks:

Command Information 17

Conventions Table 1 and Table 2 list conventions that are used throughout this guide.

DEFAULT SOFTWARE CONFIGURATION

What is Management Software?

Summary of Software Features

Software Features Explained

Duplex Modes The RJ-45 ports on your Switch can be set to half duplex or full duplex. The fiber

Flow Control All the ports on your Switch support flow control, which is a congestion control

Traffic Prioritization Your Switch supports IEEE 802.1p traffic prioritization, which allows data that has

Security Each port on your Switch can be configured with security features that guard

Aggregate Links Your Switch can support 12 aggregate links — connections that allow devices to

Broadcast Storm Control Your Switch supports Broadcast Storm Control, a system that automatically

Virtual LANs Your Switch provides support for up to 256 Virtual LANs (VLANs). A VLAN is a

Spanning Tree Protocol Your Switch supports the Spanning Tree Protocol (STP), a bridge-based system

IGMP Snooping Your Switch supports IGMP Snooping, which provides a way to forward IP

ARP and Proxy ARP This Switch uses the Address Resolution Protocol (ARP) and Proxy ARP to convert

Routing Protocols This Switch supports routing that allows it to pass traffic between distinct

RMON Your Switch supports RMON (Remote Monitoring), a system that allows you to

Roving Analysis Your Switch supports roving analysis, a system that allows you to attach a network

Management Your Switch can be managed using three methods:

Default Settings Table 4 shows the default settings of the SMC9712G. If you initialize or reset the

Methods of Managing a Switch

Web Interface Management

CLI Management Each Switch has an internal menu-driven command line interface (CLI) that allows

Accessing the CLI You can access a switch’s CLI in three ways:

Accessing the CLI through the Console Port

Accessing the CLI Over the Network via Direct Telnet

Accessing the CLI Over the Network via Indirect Telnet

SNMP-Based Network Management

Connecting to the System

Initial Access When you first install a system, it does not have an IP address assigned to it. Thus,

Logging into the System Before you can enter commands, you must log in to the system. To log in, enter

Configuring User Logins

Which IP Addresses to Use in Your Network

Subnet Masks

Default Gateway Router

Configuring IP Settings To set up an IP address, you can use either manual or automatic configuration.

Manual Configuration

Automatic Configuration

Using the Web Interface

Color Recommendations

Browser Support

Interface Description The screen for the embedded Web Management applications is divided into three

Device View Tab In the Device View application, the menu tree of folders contains icons for options

Using Configuration Wizards

Using the Device Image

About the Device Image – To access a subset of the management options that are available through the device image, click the image (Figure 5). Table 8 lists the color codes that report the status of interface ports.

Configuring Parameters in Device View – To configure a parameter for the system, or for a port, click the image of the area that you want to configure. Configuration forms appear in the Device View workspace.

Help View Tab The third tab of the Web Management opening screen contains these links:

Using the Administration Console

Selecting Menu Options

Entering Abbreviated Commands

Recommendations for Entering Commands

Understanding the Values Presented

Including Values in Command Strings

Keystroke Functions

SYSTEM MANAGEMENT FEATURES

Basic Configuration Procedure

Setting Baselines 53

Roving Analysis Roving analysis is the mirroring of Fast Ethernet or Gigabit Ethernet port traffic to

Select menu option: feature rovingAnalysis summary

Select menu option: feature rovingAnalysis add Select analyzer slot (1-12): 1 Select analyzer port (1-8): 2

Select menu option: feature rovingAnalysis start Select slot to monitor (1-12): 1 Select port to monitor (1-8): 3

Security Options The SMC9712G supports network security in several ways:

Select menu option: system management password Old password: Enter new password: Retype password:

Select menu option: security device user summary

Select menu option: security device user create Enter a new user name: thomas Enter the access level (monitor,manager,security)[security]: manager Enter the password: Re-enter the password: Enter the community string [thomas]: test

Select menu option: security device user modify Select the user name (admin,thomas,manager,security): thomas Enter the password: Re-enter the password: Enter the community string [test]: anomaly

Select menu option: security device user delete Select the user name (fred,thomas,all): all

Select menu option: security device access summary

Select menu option: system management remoteAccess Enter new value (enable,disable)[enable]: disable WARNING: This change will lock out all SNMP, Telnet and Web based management access. Do you wish to continue (yes/no)[no]: yes