SMC Networks SMC8150L2 User Manual

MANAGEMENT GUIDE
SMC8126L2 SMC8150L2
TigerSwitchTM 10/100/1000 26-Port Gigabit Managed Switch 50-Port Gigabit Managed Switch
TigerSwitch 10/100/1000 Management Guide
From SMC’s Tiger line of feature-rich workgroup LAN solutions
20 Mason Irvine, CA 92618 Phone: (949) 679-8000
Pub. # 149100036100A
September 2007
E092007-AP-R01
Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice.
Copyright © 2007 by
SMC Networks, Inc.
20 Mason
Irvine, CA 92618
All rights reserved. Printed in Taiwan
Trademarks:
SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.
Contents
Chapter 1: Introduction 1-1
Key Features 1-1 Description of Software Features 1-2 System Defaults 1-6
Chapter 2: Initial Configuration 2-1
Connecting to the Switch 2-1
Configuration Options 2-1 Required Connections 2-2 Remote Connections 2-3
Basic Configuration 2-3
Console Connection 2-3 Setting Passwords 2-4 Setting an IP Address 2-4
Manual Configuration 2-4 Dynamic Configuration 2-5
Enabling SNMP Management Access 2-6
Community Strings (for SNMP version 1 and 2c clients) 2-6 Trap Receivers 2-7 Configuring Access for SNMP Version 3 Clients 2-8
Saving Configuration Settings 2-8
Managing System Files 2-9
Chapter 3: Configuring the Switch 3-1
Using the Web Interface 3-1 Navigating the Web Browser Interface 3-2
Home Page 3-2 Configuration Options 3-3 Panel Display 3-3 Main Menu 3-4
Basic Configuration 3-10
Displaying System Information 3-10 Displaying Switch Hardware/Software Versions 3-11 Displaying Bridge Extension Capabilities 3-13 Setting the Switch’s IP Address 3-14
Manual Configuration 3-15
Using DHCP/BOOTP 3-16 Enabling Jumbo Frames 3-17 Managing Firmware 3-17
Downloading System Software from a Server 3-18
i
Contents
Saving or Restoring Configuration Settings 3-19
Downloading Configuration Settings from a Server 3-20 Console Port Settings 3-21 Telnet Settings 3-23 Configuring Event Logging 3-25
Displaying Log Messages 3-25
System Log Configuration 3-26
Remote Log Configuration 3-27
Simple Mail Transfer Protocol 3-28 Renumbering the System 3-30 Resetting the System 3-30 Setting the System Clock 3-31
Configuring SNTP 3-31
Setting the Time Zone 3-32
Simple Network Management Protocol 3-33
Setting Community Access Strings 3-33 Specifying Trap Managers and Trap Types 3-34 Enabling SNMP Agent Status 3-35 Configuring SNMPv3 Management Access 3-36
Setting the Local Engine ID 3-36
Specifying a Remote Engine ID 3-37 Configuring SNMPv3 Users 3-37 Configuring Remote SNMPv3 Users 3-40 Configuring SNMPv3 Groups 3-41 Setting SNMPv3 Views 3-45
User Authentication 3-46
Configuring User Accounts 3-46 Configuring Local/Remote Logon Authentication 3-48 Configuring HTTPS 3-52
Replacing the Default Secure-site Certificate 3-53 Configuring the Secure Shell 3-54
Configuring the SSH Server 3-56
Generating the Host Key Pair 3-57 Configuring Port Security 3-59 Configuring 802.1X Port Authentication 3-60
Displaying 802.1X Global Settings 3-61
Configuring 802.1X Global Settings 3-62
Configuring Port Settings for 802.1X 3-63
Displaying 802.1X Statistics 3-66
Access Control Lists 3-67
Configuring Access Control Lists 3-67
Setting the ACL Name and Type 3-68
Configuring a Standard IP ACL 3-69
Configuring an Extended IP ACL 3-69
Configuring a MAC ACL 3-72
ii
Contents
Binding a Port to an Access Control List 3-73 Filtering IP Addresses for Management Access 3-74
Port Configuration 3-76
Displaying Connection Status 3-76 Configuring Interface Connections 3-78 Creating Trunk Groups 3-80
Statically Configuring a Trunk 3-81 Enabling LACP on Selected Ports 3-82 Configuring LACP Parameters 3-84 Displaying LACP Port Counters 3-86 Displaying LACP Settings and Status for the Local Side 3-88
Displaying LACP Settings and Status for the Remote Side 3-90 Setting Broadcast Storm Thresholds 3-91 Configuring Port Mirroring 3-93 Configuring Rate Limits 3-94
Rate Limit Configuration 3-94 Showing Port Statistics 3-95
Address Table Settings 3-99
Setting Static Addresses 3-99 Displaying the Address Table 3-100 Changing the Aging Time 3-102
Spanning Tree Algorithm Configuration 3-102
Displaying Global Settings 3-105 Configuring Global Settings 3-107 Displaying Interface Settings 3-111 Configuring Interface Settings 3-114 Configuring Multiple Spanning Trees 3-116 Displaying Interface Settings for MSTP 3-118 Configuring Interface Settings for MSTP 3-120
VLAN Configuration 3-122
IEEE 802.1Q VLANs 3-122
Enabling or Disabling GVRP (Global Setting) 3-125
Displaying Basic VLAN Information 3-126
Displaying Current VLANs 3-126
Creating VLANs 3-128
Adding Static Members to VLANs (VLAN Index) 3-129
Adding Static Members to VLANs (Port Index) 3-131
Configuring VLAN Behavior for Interfaces 3-132
Configuring IEEE 802.1Q Tunneling 3-133
Enabling QinQ Tunneling on the Switch 3-137 Adding an Interface to a QinQ Tunnel 3-138 Configuring Private VLANs 3-141 Enabling Private VLANs 3-141 Configuring Uplink and Downlink Ports 3-142 Protocol VLANs 3-142
iii
Contents
Protocol VLAN Group Configuration 3-142 Configuring Protocol VLAN Interfaces 3-143
Class of Service Configuration 3-144
Layer 2 Queue Settings 3-144
Setting the Default Priority for Interfaces 3-144 Mapping CoS Values to Egress Queues 3-145 Enabling CoS 3-147 Selecting the Queue Mode 3-147 Setting the Service Weight for Traffic Classes 3-148
Layer 3/4 Priority Settings 3-149
Mapping Layer 3/4 Priorities to CoS Values 3-149 Selecting IP Precedence/DSCP Priority 3-149 Mapping IP Precedence 3-150 Mapping DSCP Priority 3-152 Mapping IP Port Priority 3-153
Quality of Service 3-154
Configuring Quality of Service Parameters 3-155
Configuring a Class Map 3-155 Creating QoS Policies 3-158 Attaching a Policy Map to Ingress Queues 3-161
Multicast Filtering 3-162
Layer 2 IGMP (Snooping and Query) 3-162
Configuring IGMP Snooping and Query Parameters 3-163 Enabling IGMP Immediate Leave 3-164 Displaying Interfaces Attached to a Multicast Router 3-165 Specifying Static Interfaces for a Multicast Router 3-166 Displaying Port Members of Multicast Services 3-167 Assigning Ports to Multicast Services 3-168
IGMP Filtering and Throttling 3-169
Enabling IGMP Filtering and Throttling 3-170 Configuring IGMP Filtering and Throttling for Interfaces 3-171
Configuring IGMP Filter Profiles 3-172 Multicast VLAN Registration 3-174 Configuring Global MVR Settings 3-175 Displaying MVR Interface Status 3-176 Displaying Port Members of Multicast Groups 3-178 Configuring MVR Interface Status 3-179 Assigning Static Multicast Groups to Interfaces 3-180
Configuring Domain Name Service 3-181
Configuring General DNS Service Parameters 3-181 Configuring Static DNS Host to Address Entries 3-183 Displaying the DNS Cache 3-185
DHCP Snooping 3-186
DHCP Snooping Configuration 3-187 DHCP Snooping VLAN Configuration 3-188
iv
Contents
DHCP Snooping Information Option Configuration 3-188 DHCP Snooping Port Configuration 3-189 DHCP Snooping Binding Information 3-190
IP Source Guard 3-191
IP Source Guard Port Configuration 3-191 Static IP Source Guard Binding Configuration 3-192 Dynamic IP Source Guard Binding Information 3-193
Switch Clustering 3-194
Cluster Configuration 3-195 Cluster Member Configuration 3-196 Cluster Member Information 3-197 Cluster Candidate Information 3-198
Chapter 4: Command Line Interface 4-1
Using the Command Line Interface 4-1
Accessing the CLI 4-1 Console Connection 4-1 Telnet Connection 4-2
Entering Commands 4-3
Keywords and Arguments 4-3 Minimum Abbreviation 4-3 Command Completion 4-3 Getting Help on Commands 4-3 Showing Commands 4-4 Partial Keyword Lookup 4-5 Negating the Effect of Commands 4-5 Using Command History 4-5 Understanding Command Modes 4-5 Exec Commands 4-6 Configuration Commands 4-7
Command Line Processing 4-8 Command Groups 4-9 Line Commands 4-10
line 4-11
login 4-11
password 4-12
timeout login response 4-13
exec-timeout 4-13
password-thresh 4-14
silent-time 4-15
databits 4-15
parity 4-16
speed 4-17
stopbits 4-17
v
Contents
disconnect 4-18 show line 4-18
General Commands 4-19
enable 4-19 disable 4-20 configure 4-21 show history 4-21 reload 4-22 end 4-22 exit 4-23 quit 4-23
System Management Commands 4-24
Device Designation Commands 4-24
prompt 4-24 hostname 4-25
User Access Commands 4-25
username 4-25 enable password 4-26
IP Filter Commands 4-27
management 4-27 show management 4-28
Web Server Commands 4-29
ip http port 4-29 ip http server 4-30 ip http secure-server 4-30 ip http secure-port 4-31
Telnet Server Commands 4-32
ip telnet port 4-32 ip telnet server 4-33
Secure Shell Commands 4-33
ip ssh server 4-35 ip ssh timeout 4-36 ip ssh authentication-retries 4-37 ip ssh server-key size 4-37 delete public-key 4-38 ip ssh crypto host-key generate 4-38 ip ssh crypto zeroize 4-39 ip ssh save host-key 4-39 show ip ssh 4-40 show ssh 4-40 show public-key 4-41
Event Logging Commands 4-43
logging on 4-43 logging history 4-44 logging host 4-45
vi
Contents
logging facility 4-45 logging trap 4-46 clear logging 4-46 show logging 4-47 show log 4-48
SMTP Alert Commands 4-49
logging sendmail host 4-49 logging sendmail level 4-50 logging sendmail source-email 4-51 logging sendmail destination-email 4-51 logging sendmail 4-52 show logging sendmail 4-52
Time Commands 4-53
sntp client 4-53 sntp server 4-54 sntp poll 4-55 show sntp 4-55 clock timezone 4-56 calendar set 4-56 show calendar 4-57
System Status Commands 4-57
show startup-config 4-57 show running-config 4-59 show system 4-61 show users 4-61 show version 4-62
Frame Size Commands 4-63
jumbo frame 4-63
Flash/File Commands 4-64
copy 4-64
delete 4-67
dir 4-68
whichboot 4-69
boot system 4-69 Authentication Commands 4-70
Authentication Sequence 4-70
authentication login 4-71 authentication enable 4-72
RADIUS Client 4-73
radius-server host 4-74 radius-server port 4-74 radius-server key 4-75 radius-server retransmit 4-75 radius-server timeout 4-76 show radius-server 4-76
vii
Contents
TACACS+ Client 4-77
tacacs-server host 4-77 tacacs-server port 4-77 tacacs-server key 4-78 show tacacs-server 4-78
Port Security Commands 4-79
port security 4-79
802.1X Port Authentication 4-81 dot1x system-auth-control 4-81 dot1x default 4-82 dot1x max-req 4-82 dot1x port-control 4-82 dot1x operation-mode 4-83 dot1x re-authenticate 4-84 dot1x re-authentication 4-84 dot1x timeout quiet-period 4-84 dot1x timeout re-authperiod 4-85 dot1x timeout tx-period 4-85 show dot1x 4-86
Access Control List Commands 4-89
IP ACLs 4-90
access-list ip 4-90 permit, deny (Standard ACL) 4-91 permit, deny (Extended ACL) 4-91 show ip access-list 4-93 ip access-group 4-93 show ip access-group 4-94
MAC ACLs 4-95
access-list mac 4-95 permit, deny (MAC ACL) 4-96 show mac access-list 4-97 mac access-group 4-98 show mac access-group 4-98
ACL Information 4-99
show access-list 4-99 show access-group 4-99
SNMP Commands 4-100
snmp-server 4-101 show snmp 4-101 snmp-server community 4-102 snmp-server contact 4-103 snmp-server location 4-103 snmp-server host 4-104 snmp-server enable traps 4-106 snmp-server engine-id 4-107
viii
Contents
show snmp engine-id 4-108 snmp-server view 4-109 show snmp view 4-110 snmp-server group 4-110 show snmp group 4-112 snmp-server user 4-113 show snmp user 4-115
Interface Commands 4-116
interface 4-116 description 4-117 speed-duplex 4-117 negotiation 4-118 capabilities 4-119 flowcontrol 4-120 shutdown 4-121 switchport broadcast packet-rate 4-122 clear counters 4-122 show interfaces status 4-123 show interfaces counters 4-124 show interfaces switchport 4-125
Mirror Port Commands 4-127
port monitor 4-127 show port monitor 4-128
Rate Limit Commands 4-129
rate-limit 4-129
Link Aggregation Commands 4-130
channel-group 4-131 lacp 4-132 lacp system-priority 4-133 lacp admin-key (Ethernet Interface) 4-134 lacp admin-key (Port Channel) 4-135 lacp port-priority 4-136 show lacp 4-136
Address Table Commands 4-140
mac-address-table static 4-140 clear mac-address-table dynamic 4-141 show mac-address-table 4-141 mac-address-table aging-time 4-142 show mac-address-table aging-time 4-143
Spanning Tree Commands 4-144
spanning-tree 4-145 spanning-tree mode 4-145 spanning-tree forward-time 4-146 spanning-tree hello-time 4-147 spanning-tree max-age 4-148
ix
Contents
spanning-tree priority 4-148 spanning-tree pathcost method 4-149 spanning-tree transmission-limit 4-150 spanning-tree mst-configuration 4-150 mst vlan 4-151 mst priority 4-151 name 4-152 revision 4-153 max-hops 4-153 spanning-tree spanning-disabled 4-154 spanning-tree cost 4-154 spanning-tree port-priority 4-155 spanning-tree edge-port 4-156 spanning-tree portfast 4-156 spanning-tree link-type 4-157 spanning-tree mst cost 4-158 spanning-tree mst port-priority 4-159 spanning-tree protocol-migration 4-160 show spanning-tree 4-160 show spanning-tree mst configuration 4-162
VLAN Commands 4-163
GVRP and Bridge Extension Commands 4-163
bridge-ext gvrp 4-164 show bridge-ext 4-164 switchport gvrp 4-165 show gvrp configuration 4-165 garp timer 4-166 show garp timer 4-166
Editing VLAN Groups 4-167
vlan database 4-167 vlan 4-168
Configuring VLAN Interfaces 4-169
interface vlan 4-169 switchport mode 4-170 switchport acceptable-frame-types 4-171 switchport ingress-filtering 4-171 switchport native vlan 4-172 switchport allowed vlan 4-173 switchport forbidden vlan 4-174
Displaying VLAN Information 4-175
show vlan 4-175
Configuring IEEE 802.1Q Tunneling 4-176
dot1q-tunnel system-tunnel-control 4-176 switchport dot1q-tunnel mode 4-177 switchport dot1q-tunnel tpid 4-178
x
Contents
Related Commands 4-178 show dot1q-tunnel 4-178
Configuring Private VLANs 4-179
pvlan 4-179 show pvlan 4-180
Configuring Protocol-based VLANs 4-181
protocol-vlan protocol-group (Configuring Groups) 4-181 protocol-vlan protocol-group (Configuring Interfaces) 4-182 show protocol-vlan protocol-group 4-183 show interfaces protocol-vlan protocol-group 4-183
Priority Commands 4-184
Priority Commands (Layer 2) 4-184
queue mode 4-185 switchport priority default 4-185 queue bandwidth 4-186 queue cos-map 4-187 show queue mode 4-188 show queue bandwidth 4-188 show queue cos-map 4-189
Priority Commands (Layer 3 and 4) 4-189
map ip dscp (Global Configuration) 4-189 map ip dscp (Interface Configuration) 4-190 show map ip dscp 4-191
Quality of Service Commands 4-192
class-map 4-194 match 4-194 policy-map 4-195 class 4-196 set 4-197 police 4-198 service-policy 4-199 show class-map 4-199 show policy-map 4-200
show policy-map interface 4-200 Example 4-201 Multicast Filtering Commands 4-201
IGMP Snooping Commands 4-201
ip igmp snooping 4-202
ip igmp snooping vlan static 4-202
ip igmp snooping version 4-203
ip igmp snooping leave-proxy 4-203
ip igmp snooping immediate-leave 4-204
show ip igmp snooping 4-204
show mac-address-table multicast 4-205
IGMP Query Commands (Layer 2) 4-206
xi
Contents
ip igmp snooping querier 4-206 ip igmp snooping query-count 4-206 ip igmp snooping query-interval 4-207 ip igmp snooping query-max-response-time 4-208 ip igmp snooping router-port-expire-time 4-208
Static Multicast Routing Commands 4-209
ip igmp snooping vlan mrouter 4-209 show ip igmp snooping mrouter 4-210
IGMP Filtering and Throttling Commands 4-211
ip igmp filter (Global Configuration) 4-211 ip igmp profile 4-212 permit, deny 4-212 range 4-213 ip igmp filter (Interface Configuration) 4-213 ip igmp max-groups 4-214 ip igmp max-groups action 4-215 show ip igmp filter 4-215 show ip igmp profile 4-216 show ip igmp throttle interface 4-216
Multicast VLAN Registration Commands 4-217
mvr (Global Configuration) 4-218 mvr (Interface Configuration) 4-219 show mvr 4-221
IP Interface Commands 4-223
ip address 4-223 ip default-gateway 4-224 ip dhcp restart 4-225 show ip interface 4-225 show ip redirects 4-226 ping 4-226
IP Source Guard Commands 4-227
ip source-guard 4-227 ip source-guard binding 4-229 show ip source-guard 4-230 show ip source-guard binding 4-230
DHCP Snooping Commands 4-231
ip dhcp snooping 4-231 ip dhcp snooping vlan 4-233 ip dhcp snooping trust 4-234 ip dhcp snooping verify mac-address 4-235 ip dhcp snooping information option 4-235 ip dhcp snooping information policy 4-236 show ip dhcp snooping 4-237 show ip dhcp snooping binding 4-237
Switch Cluster Commands 4-237
xii
Contents
cluster 4-238 cluster commander 4-239 cluster ip-pool 4-239 cluster member 4-240 rcommand 4-240 show cluster 4-241 show cluster members 4-241 show cluster candidates 4-242
Appendix A: Software Specifications A-1
Software Features A-1 Management Features A-2 Standards A-2 Management Information Bases A-3
Appendix B: Troubleshooting B-1
Problems Accessing the Management Interface B-1 Using System Logs B-2
Glossary
Index
xiii
Contents
xiv
Tables
Table 1-1 Key Features 1-1 Table 1-2 System Defaults 1-6 Table 3-1 Configuration Options 3-3 Table 3-2 Main Menu 3-4 Table 3-3 Logging Levels 3-26 Table 3-4 Supported Notification Messages 3-41 Table 3-5 HTTPS System Support 3-52 Table 3-6 802.1X Statistics 3-66 Table 3-7 LACP Port Counters 3-86 Table 3-8 LACP Internal Configuration Information 3-88 Table 3-9 LACP Neighbor Configuration Information 3-90 Table 3-10 Port Statistics 3-95 Table 3-11 Mapping CoS Values to Egress Queues 3-145 Table 3-12 CoS Priority Levels 3-146 Table 3-13 Mapping IP Precedence 3-150 Table 3-14 Mapping DSCP Priority Values 3-152 Table 4-1 Command Modes 4-6 Table 4-2 Configuration Modes 4-7 Table 4-3 Command Line Processing 4-8 Table 4-4 Command Groups 4-9 Table 4-5 Line Commands 4-10 Table 4-6 General Commands 4-19 Table 4-7 System Management Commands 4-24 Table 4-8 Device Designation Commands 4-24 Table 4-9 User Access Commands 4-25 Table 4-10 Default Login Settings 4-26 Table 4-11 IP Filter Commands 4-27 Table 4-12 Web Server Commands 4-29 Table 4-13 HTTPS System Support 4-31 Table 4-14 Telnet Server Commands 4-32 Table 4-15 SSH Commands 4-33 Table 4-16 show ssh - display description 4-40 Table 4-17 Event Logging Commands 4-43 Table 4-18 Logging Levels 4-44 Table 4-19 show logging flash/ram - display description 4-47 Table 4-20 show logging trap - display description 4-48 Table 4-21 SMTP Alert Commands 4-49 Table 4-22 Time Commands 4-53 Table 4-23 System Status Commands 4-57 Table 4-24 Frame Size Commands 4-63 Table 4-25 Flash/File Commands 4-64 Table 4-26 File Directory Information 4-68
xv
Tables
Table 4-27 Authentication Commands 4-70 Table 4-28 Authentication Sequence 4-70 Table 4-29 RADIUS Client Commands 4-73 Table 4-30 TACACS Commands 4-77 Table 4-31 Port Security Commands 4-79 Table 4-32 802.1X Port Authentication 4-81 Table 4-33 Access Control Lists 4-89 Table 4-34 IP ACLs 4-90 Table 4-35 MAC ACL Commands 4-95 Table 4-36 ACL Information 4-99 Table 4-37 SNMP Commands 4-100 Table 4-38 show snmp engine-id - display description 4-108 Table 4-39 show snmp view - display description 4-110 Table 4-40 show snmp group - display description 4-113 Table 4-41 show snmp user - display description 4-115 Table 4-42 Interface Commands 4-116 Table 4-43 Interfaces Switchport Statistics 4-126 Table 4-44 Mirror Port Commands 4-127 Table 4-45 Rate Limit Commands 4-129 Table 4-46 Link Aggregation Commands 4-130 Table 4-47 show lacp counters - display description 4-137 Table 4-48 show lacp internal - display description 4-138 Table 4-49 show lacp neighbors - display description 4-139 Table 4-50 show lacp sysid - display description 4-139 Table 4-51 Address Table Commands 4-140 Table 4-52 Spanning Tree Commands 4-144 Table 4-53 VLANs 4-163 Table 4-54 GVRP and Bridge Extension Commands 4-163 Table 4-55 Editing VLAN Groups 4-167 Table 4-56 Configuring VLAN Interfaces 4-169 Table 4-57 Show VLAN Commands 4-175 Table 4-58 Command 4-176 Table 4-58 Function 4-176 Table 4-58 Mode 4-176 Table 4-58 Page 4-176 Table 4-59 Private VLAN Commands 4-179 Table 4-60 Protocol-based VLAN Commands 4-181 Table 4-61 Priority Commands 4-184 Table 4-62 Priority Commands (Layer 2) 4-184 Table 4-63 Default CoS Values to Egress Queues 4-187 Table 4-64 Priority Commands (Layer 3 and 4) 4-189 Table 4-65 IP DSCP to CoS Vales 4-190 Table 4-66 Quality of Service Commands 4-193 Table 4-67 Multicast Filtering Commands 4-201 Table 4-68 IGMP Snooping Commands 4-201
xvi
Ta bl e s
Table 4-69 IGMP Query Commands (Layer 2) 4-206 Table 4-70 Static Multicast Routing Commands 4-209 Table 4-71 IGMP Filtering and Throttling Commands 4-211 Table 4-72 Multicast VLAN Registration Commands 4-217 Table 4-73 show mvr - display description 4-221 Table 4-74 show mvr interface - display description 4-222 Table 4-75 show mvr members - display description 4-222 Table 4-76 IP Interface Commands 4-223 Table 4-77 IP Source Guard Commands 4-227 Table 4-78 DHCP Snooping Commands 4-231 Table 4-79 Switch Cluster Commands 4-237 Table B-1 Troubleshooting Chart B-1
xvii
Tables
xviii
Figures
Figure 3-1 Home Page 3-2 Figure 3-2 Panel Display 3-3 Figure 3-3 System Information 3-10 Figure 3-4 Switch Information 3-12 Figure 3-5 Bridge Extension Configuration 3-13 Figure 3-6 Manual IP Configuration 3-15 Figure 3-7 DHCP IP Configuration 3-16 Figure 3-8 Bridge Extension Configuration 3-17 Figure 3-9 Copy Firmware 3-18 Figure 3-10 Setting the Startup Code 3-18 Figure 3-11 Deleting Files 3-19 Figure 3-12 Downloading Configuration Settings for Startup 3-20 Figure 3-13 Setting the Startup Configuration Settings 3-21 Figure 3-14 Console Port Settings 3-22 Figure 3-15 Enabling Telnet 3-24 Figure 3-16 Displaying Logs 3-25 Figure 3-17 System Logs 3-27 Figure 3-18 Remote Logs 3-28 Figure 3-19 Enabling and Configuring SMTP 3-29 Figure 3-20 Renumbering the System 3-30 Figure 3-21 Resetting the System 3-30 Figure 3-22 SNTP Configuration 3-31 Figure 3-23 Setting the System Clock 3-32 Figure 3-24 Configuring SNMP Community Strings 3-34 Figure 3-25 Configuring IP Trap Managers 3-35 Figure 3-26 Enabling SNMP Agent Status 3-35 Figure 3-27 Setting an Engine ID 3-36 Figure 3-28 Setting a Remote Engine ID 3-37 Figure 3-29 Configuring SNMPv3 Users 3-39 Figure 3-30 Configuring Remote SNMPv3 Users 3-40 Figure 3-31 Configuring SNMPv3 Groups 3-44 Figure 3-32 Configuring SNMPv3 Views 3-45 Figure 3-33 Access Levels 3-47 Figure 3-34 Authentication Settings 3-50 Figure 3-35 HTTPS Settings 3-52 Figure 3-36 SSH Server Settings 3-56 Figure 3-37 SSH Host-Key Settings 3-58 Figure 3-38 Configuring Port Security 3-60 Figure 3-39 802.1X Global Information 3-62 Figure 3-40 802.1X Global Configuration 3-62 Figure 3-41 802.1X Port Configuration 3-64 Figure 3-42 Displaying 802.1X Port Statistics 3-66
xix
Figures
Figure 3-43 Selecting ACL Type 3-68 Figure 3-44 Configuring Standard IP ACLs 3-69 Figure 3-45 Configuring Extended IP ACLs 3-71 Figure 3-46 Configuring MAC ACLs 3-73 Figure 3-47 Configuring ACL Port Binding 3-74 Figure 3-48 Creating an IP Filter List 3-75 Figure 3-49 Displaying Port/Trunk Information 3-77 Figure 3-50 Port/Trunk Configuration 3-79 Figure 3-51 Configuring Static Trunks 3-81 Figure 3-52 LACP Trunk Configuration 3-83 Figure 3-53 LACP Port Configuration 3-85 Figure 3-54 LACP - Port Counters Information 3-87 Figure 3-55 LACP - Port Internal Information 3-89 Figure 3-56 LACP - Port Neighbors Information 3-90 Figure 3-57 Port Broadcast Control 3-92 Figure 3-58 Mirror Port Configuration 3-93 Figure 3-59 Input Rate Limit Port Configuration 3-94 Figure 3-60 Port Statistics 3-98 Figure 3-61 Configuring a Static Address Table 3-100 Figure 3-62 Configuring a Dynamic Address Table 3-101 Figure 3-63 Setting the Address Aging Time 3-102 Figure 3-64 Displaying Spanning Tree Information 3-106 Figure 3-65 Configuring Spanning Tree 3-110 Figure 3-66 Displaying Spanning Tree Port Information 3-113 Figure 3-67 Configuring Spanning Tree per Port 3-115 Figure 3-68 Configuring Multiple Spanning Trees 3-117 Figure 3-69 Displaying MSTP Interface Settings 3-119 Figure 3-70 Displaying MSTP Interface Settings 3-122 Figure 3-71 Globally Enabling GVRP 3-125 Figure 3-72 Displaying Basic VLAN Information 3-126 Figure 3-73 Displaying Current VLANs 3-127 Figure 3-74 Configuring a VLAN Static List 3-129 Figure 3-75 Configuring a VLAN Static Table 3-131 Figure 3-76 VLAN Static Membership by Port 3-131 Figure 3-77 Configuring VLANs per Port 3-133 Figure 3-78 802.1Q Tunnel Status 3-137 Figure 3-79 Tunnel Port Configuration 3-139 Figure 3-80 Private VLAN Status 3-141 Figure 3-81 Private VLAN Link Status 3-142 Figure 3-82 Protocol VLAN Configuration 3-143 Figure 3-83 Protocol VLAN Port Configuration 3-143 Figure 3-84 Port Priority Configuration 3-145 Figure 3-85 Traffic Classes 3-146 Figure 3-86 Enable Traffic Classes 3-147 Figure 3-87 Queue Mode 3-148
xx
Figures
Figure 3-88 Configuring Queue Scheduling 3-148 Figure 3-89 IP Precedence/DSCP Priority Status 3-150 Figure 3-90 Mapping IP Precedence Priority Values 3-151 Figure 3-91 Mapping IP DSCP Priority Values 3-152 Figure 3-92 IP Port Priority Status 3-153 Figure 3-93 IP Port Priority 3-154 Figure 3-94 Configuring Class Maps 3-157 Figure 3-95 Configuring Policy Maps 3-160 Figure 3-96 Service Policy Settings 3-161 Figure 3-97 IGMP Configuration 3-164 Figure 3-98 IGMP Immediate Leave 3-165 Figure 3-99 Displaying Multicast Router Port Information 3-166 Figure 3-100 Static Multicast Router Port Configuration 3-167 Figure 3-101 IP Multicast Registration Table 3-168 Figure 3-102 IGMP Member Port Table 3-169 Figure 3-103 Enabling IGMP Filtering and Throttling 3-170 Figure 3-104 IGMP Filter and Throttling Port Configuration 3-172 Figure 3-105 IGMP Profile Configuration 3-173 Figure 3-106 MVR Global Configuration 3-176 Figure 3-107 MVR Port Information 3-177 Figure 3-108 MVR Group IP Information 3-178 Figure 3-109 MVR Port Configuration 3-180 Figure 3-110 MVR Group Member Configuration 3-181 Figure 3-111 DNS General Configuration 3-182 Figure 3-112 DNS Static Host Table 3-184 Figure 3-113 DNS Cache 3-185 Figure 3-114 DHCP Snooping Configuration 3-187 Figure 3-115 DHCP Snooping VLAN Configuration 3-188 Figure 3-116 DHCP Snooping Information Option Configuration 3-189 Figure 3-117 DHCP Snooping Port Configuration 3-190 Figure 3-118 DHCP Snooping Binding Information 3-191 Figure 3-119 IP Source Guard Port Configuration 3-192 Figure 3-120 Static IP Source Guard Binding Configuration 3-193 Figure 3-121 Dynamic IP Source Guard Binding Information 3-194 Figure 3-122 Cluster Member Choice 3-195 Figure 3-123 Cluster Configuration 3-196 Figure 3-124 Cluster Member Configuration 3-197 Figure 3-125 Cluster Member Information 3-197 Figure 3-126 Cluster Candidate Information 3-198
xxi
Figures
xxii
Chapter 1: Introduction
This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
Key Features
Table 1-1 Key Features
Feature Description
Configuration Backup and Restore
Authentication Console, Telnet, web – User name / password, RADIUS, TACACS+
Access Control Lists Supports up to 128 ACLs, 96 MAC rules and 96 rules per system
DHCP Client Supported
DHCP Snooping Supported with Option 82 relay information
Port Configuration Speed, duplex mode and flow control
Rate Limiting Input rate and output limiting per port
Port Mirroring One or more port mirrored to a single analysis port
Port Trunking Supports up to 32 trunks using either static or dynamic trunking (LACP)
Broadcast Storm Control Supported
Static Address Up to 8K MAC addresses in the forwarding table
IEEE 802.1D Bridge Supports dynamic data switching and addresses learning
Store-and-Forward Switching Supported to ensure wire-speed switching while eliminating bad frames
Spanning Tree Algorithm Supports standard STP, and Rapid Spanning Tree Protocol (RSTP) and
Virtual LANs Up to 256 using IEEE 802.1Q, port-based, protocol-based or private VLANs
Traffic Prioritization Default port priority, traffic class map, queue scheduling, or Differentiated
Qualify of Service Supports Differentiated Services (DiffServ)
Multicast Filtering Supports IGMP snooping and query, as well as Multicast VLAN Registration
Backup to TFTP server
Web – HTTPS Telnet – SSH SNMP v1/2c - Community strings SNMP version 3 – MD5 or SHA password Port – IEEE 802.1X, MAC address filtering
Multiple Spanning Trees(MSTP)
Services Code Point (DSCP), and TCP/UDP Port
1-1
Introduction
1
Table 1-1 Key Features
Feature Description
Switch Clustering Supports up to 16 Member switches in a cluster
Description of Software Features
The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Broadcast storm suppression prevents broadcast traffic storms from engulfing the network. Port-based, private VLANs and protocol-based VLANs, plus support for automatic GVRP VLAN registration provide traffic security and efficient use of network bandwidth. CoS priority queueing ensures the minimum delay for moving real-time multimedia data across the network. While multicast filtering provides support for real-time network applications. Some of the management features are briefly described below.
Configuration Backup and Restore – You can save the current configuration settings to a file on a TFTP server, and later download this file to restore the switch configuration settings.
Authentication – This switch authenticates management access via the console port, Telnet or web browser. User names and passwords can be configured locally or can be verified via a remote authentication server (i.e., RADIUS or TACACS+). Port-based authentication is also supported via the IEEE 802.1X protocol. This protocol uses the Extensible Authentication Protocol over LANs (EAPOL) to request user credentials from the 802.1X client, and then verifies the client’s right to access the network via an authentication server.
Other authentication options include HTTPS for secure management access via the web, SSH for secure management access over a Telnet-equivalent connection, IP address filtering for SNMP/web/Telnet management access, and MAC address filtering for port access.
Access Control Lists – ACLs provide packet filtering for IP frames (based on address, protocol, or TCP/UDP port number) or any frames (based on MAC address or Ethernet type). ACLs can be used to improve performance by blocking unnecessary network traffic or to implement security controls by restricting access to specific network resources or protocols.
Port Configuration – You can manually configure the speed, duplex mode, and flow control used on specific ports, or use auto-negotiation to detect the connection settings used by the attached device. Use the full-duplex mode on ports whenever possible to double the throughput of switch connections. Flow control should also be enabled to control network traffic during periods of congestion and prevent the loss of packets when port buffer thresholds are exceeded. The switch supports flow control based on the IEEE 802.3x standard.
1-2
Description of Software Features
Rate Limiting – This feature controls the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into the network. Traffic that falls within the rate limit is transmitted while packets that exceed the acceptable amount of traffic are dropped.
Port Mirroring – The switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity.
Port Trunking – Ports can be combined into an aggregate connection. Trunks can be manually set up or dynamically configured using IEEE 802.3ad Link Aggregation Control Protocol (LACP). The additional ports dramatically increase the throughput across any connection, and provide redundancy by taking over the load if a port in the trunk should fail. The switch supports up to 32 trunks.
Broadcast Storm Control – Broadcast suppression prevents broadcast traffic from overwhelming the network. When enabled on a port, the level of broadcast traffic passing through the port is restricted. If broadcast traffic rises above a pre-defined threshold, it will be throttled until the level falls back beneath the threshold.
Static Addresses – A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table. Static addresses can be used to provide network security by restricting access for a known host to a specific port.
IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent bridging. The address table facilitates data switching by learning addresses, and then filtering or forwarding traffic based on this information. The address table supports up to 8K addresses.
Store-and-Forward Switching – The switch copies each frame into its memory before forwarding them to another port. This ensures that all frames are a standard Ethernet size and have been verified for accuracy with the cyclic redundancy check (CRC). This prevents bad frames from entering the network and wasting bandwidth.
To avoid dropping frames on congested ports, the SMC8126L2 and SMC8150L2 provide 4 Mbits respectively for frame buffering. This buffer can queue packets awaiting transmission on congested networks.
Spanning Tree Algorithm – The switch supports these spanning tree protocols:
Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides loop detection and recovery by allowing two or more redundant connections to be created between a pair of LAN segments. When there are multiple physical paths between segments, this protocol will choose a single path and disable all others to ensure that only one route exists between any two stations on the network. This prevents the creation of network loops. However, if the chosen path should fail for any reason, an alternate path will be activated to maintain the connection.
Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the convergence time for network topology changes to 3 to 5 seconds, compared to 30
1
1-3
Introduction
1
seconds or more for the older IEEE 802.1D STP standard. It is intended as a complete replacement for STP, but can still interoperate with switches running the older standard by automatically reconfiguring ports to STP-compliant mode if they detect STP protocol messages from attached devices.
Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is a direct extension of RSTP. It can provide an independent spanning tree for different VLANs. It simplifies network management, provides for even faster convergence than RSTP by limiting the size of each region, and prevents VLAN members from being segmented from the rest of the group (as sometimes occurs with IEEE 802.1D STP).
Virtual LANs – The switch supports up to 256 VLANs. A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN groups can be dynamically learned via GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can:
• Eliminate broadcast storms which severely degrade performance in a flat network.
• Simplify network management for node changes/moves by remotely configuring VLAN membership for any port, rather than having to manually change the network connection.
• Provide data security by restricting all traffic to the originating VLAN.
• Use private VLANs to restrict traffic to pass only between data ports and the uplink ports, thereby isolating adjacent ports within the same VLAN, and allowing you to limit the total number of VLANs that need to be configured.
• Use protocol VLANs to restrict traffic to specified interfaces based on protocol type.
Traffic Prioritization – This switch prioritizes each packet based on the required level of service, using four priority queues with strict or Weighted Round Robin Queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on input from the end-station application. These functions can independent priorities for delay-sensitive data and best-effort data.
This switch also supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic can be prioritized based on the DSCP field in the IP frame. When these services are enabled, the priorities are mapped to a Class of Service value by the switch, and the traffic then sent to the corresponding output queue.
Quality of Service – Differentiated Services (DiffServ) provides policy-based management mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per-hop basis. Each packet is classified upon entry into the network based on access lists, IP Precedence or DSCP values, or VLAN lists. Using access lists allows you select traffic based on Layer 2, Layer 3, or Layer 4 information contained in each packet. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding.
be used to provide
1-4
Loading...
+ 472 hidden pages