SMC Networks SMCGS10C User Manual
MANAGEMENT GUIDE
Web Smart
10-Port GE Switch
SMCGS10C-Smart
Web Smart 10-Port GE Switch
Management Guide
No. 1, Creation Road III,
Hsinchu Science Park,
30077, Taiwan, R.O.C.
TEL: +886 3 5770270
Fax: +886 3 5780764
October 2011
Pub. # 149100000170A
SMC-UG-1011-01
Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable.
However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or
other rights of third parties which may result from its use. No license is granted by implication or
otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications
at any time without notice.
Copyright © 2011 by
SMC Networks, Inc.
No. 1 Creation Road III,
Hsinchu Science Park,
30077, Taiwan, R.O.C.
All rights reserved
Trademarks:
SMC is a registered trademark; and Barricade, EZ Switch, TigerStack, TigerSwitch, and TigerAccess
are trademarks of SMC Networks, Inc. Other product and company names are trademarks or
registered trademarks of their respective holders.
WARRANTY AND PRODUCT REGISTRATION
To register SMC products and to review the detailed warranty statement,
please refer to the Support Section of the SMC Website at http://
www.smc.com.
– 4 –
ABOUT THIS GUIDE
PURPOSE This guide gives specific information on how to operate and use the
management functions of the switch.
AUDIENCE The guide is intended for use by network administrators who are
responsible for operating and maintaining network equipment;
consequently, it assumes a basic working knowledge of general switch
functions, the Internet Protocol (IP), and Simple Network Management
Protocol (SNMP).
CONVENTIONS The following conventions are used throughout this guide to show
information:
N
OTE
:
Emphasizes important information or calls your attention to related
features or instructions.
C
AUTION
damage the system or equipment.
W
ARNING
:
Alerts you to a potential hazard that could cause loss of data, or
:
Alerts you to a potential hazard that could cause personal injury.
RELATED PUBLICATIONS The following publication details the hardware features of the switch,
including the physical and performance-related characteristics, and how to
install the switch:
The Installation Guide
Also, as part of the switch’s software, there is an online web-based help
that describes all management related features.
REVISION HISTORY This section summarizes the changes in each revision of this guide.
OCTOBER 2011 REVISION
This is the first version of this guide. This guide is valid for software release
v1.0.0.3.
– 5 –
A
BOUT THIS GUIDE
– 6 –
CONTENTS
WARRANTY AND PRODUCT REGISTRATION 4
BOUT THIS GUIDE 5
A
ONTENTS 7
C
IGURES 13
F
ABLES 17
T
SECTION I GETTING STARTED 19
1INTRODUCTION 20
Key Features 20
Description of Software Features 21
System Defaults 25
2INITIAL SWITCH CONFIGURATION 28
SECTION II WEB CONFIGURATION 30
3USING THE WEB INTERFACE 31
Navigating the Web Browser Interface 31
Home Page 31
Configuration Options 32
Panel Display 32
Main Menu 33
4CONFIGURING THE SWITCH 41
Configuring System Information 41
Setting an IP Address 42
Setting an IPv4 Address 42
Setting an IPv6 Address 44
Configuring NTP Service 46
Configuring Remote Log Messages 47
Configuring Power Reduction 48
– 7 –
C
ONTENTS
Controlling LED Intensity 48
Reducing Power to Idle Queue Circuits 50
Configuring Thermal Protection 51
Configuring Port Connections 52
Configuring Security 55
Configuring User Accounts 55
Configuring User Privilege Levels 57
Configuring The Authentication Method For Management Access 59
Configuring SSH 61
Configuring HTTPS 62
Filtering IP Addresses for Management Access 63
Using Simple Network Management Protocol 65
Configuring Port Limit Controls 75
Configuring Authentication Through Network Access Servers 77
Filtering Traffic with Access Control Lists 88
Configuring DHCP Snooping 99
Configuring DHCP Relay and Option 82 Information 101
Configuring IP Source Guard 102
Configuring ARP Inspection 106
Specifying Authentication Servers 109
Creating Trunk Groups 111
Configuring Static Trunks 112
Configuring LACP 114
Configuring the Spanning Tree Algorithm 116
Configuring Global Settings for STA 118
Configuring Multiple Spanning Trees 122
Configuring Spanning Tree Bridge Priorities 124
Configuring STP/RSTP/CIST Interfaces 125
Configuring MIST Interfaces 129
Multicast VLAN Registration 130
IGMP Snooping 133
Configuring Global and Port-Related Settings for IGMP Snooping 134
Configuring VLAN Settings for IGMP Snooping and Query 137
Configuring IGMP Filtering 139
MLD Snooping 140
Configuring Global and Port-Related Settings for MLD Snooping 140
– 8 –
C
ONTENTS
Configuring VLAN Settings for MLD Snooping and Query 143
Configuring MLD Filtering 145
Link Layer Discovery Protocol 146
Configuring LLDP Timing and TLVs 146
Configuring LLDP-MED TLVs 149
Configuring the MAC Address Table 155
IEEE 802.1Q VLANs 157
Assigning Ports to VLANs 158
Configuring VLAN Attributes for Port Members 159
Configuring Private VLANs 162
Using Port Isolation 163
Configuring MAC-based VLANs 164
Protocol VLANs 165
Configuring Protocol VLAN Groups 166
Mapping Protocol Groups to Ports 167
Managing VoIP Traffic 168
Configuring VoIP Traffic 169
Configuring Telephony OUI 171
Quality of Service 172
Configuring Port Classification 173
Configuring Egress Port Scheduler 175
Configuring Egress Port Shaper 178
Configuring Port Remarking Mode 178
Configuring Port DSCP Translation and Rewriting 181
Configuring DSCP-based QoS Ingress Classification 183
Configuring DSCP Translation 184
Configuring DSCP Classification 185
Configuring QoS Control Lists 186
Configuring Storm Control 190
Configuring Port Mirroring 191
Configuring UPnP 193
5MONITORING THE SWITCH 195
Displaying Basic Information About the System 195
Displaying System Information 195
Displaying CPU Utilization 196
Displaying Log Messages 197
– 9 –
C
ONTENTS
Displaying Log Details 199
Displaying Thermal Protection 199
Displaying Information About Ports 200
Displaying Port Status On the Front Panel 200
Displaying an Overview of Port Statistics 201
Displaying QoS Statistics 201
Displaying QCL Status 202
Displaying Detailed Port Statistics 203
Displaying Information About Security Settings 206
Displaying Access Management Statistics 206
Displaying Information About Switch Settings for Port Security 207
Displaying Information About Learned MAC Addresses 209
Displaying Port Status for Authentication Services 210
Displaying Port Statistics for 802.1X or Remote Authentication
Service 211
Displaying ACL Status 215
Displaying Statistics for DHCP Snooping 217
Displaying DHCP Relay Statistics 218
Displaying MAC Address Bindings for ARP Packets 219
Displaying Entries in the IP Source Guard Table 220
Displaying Information on Authentication Servers 221
Displaying a List of Authentication Servers 221
Displaying Statistics for Configured Authentication Servers 222
Displaying Information on LACP 225
Displaying an Overview of LACP Groups 225
Displaying LACP Port Status 226
Displaying LACP Port Statistics 227
Displaying Information on the Spanning Tree 228
Displaying Bridge Status for STA 228
Displaying Port Status for STA 230
Displaying Port Statistics for STA 231
Displaying MVR Information 232
Displaying MVR Statistics 232
Displaying MVR Group Information 233
Showing IGMP Snooping Information 234
Showing IGMP Snooping Status 234
Showing IGMP Snooping Group Information 235
– 10 –
C
ONTENTS
Showing IPv4 SSM Information 236
Showing MLD Snooping Information 237
Showing MLD Snooping Status 237
Showing MLD Snooping Group Information 238
Showing IPv6 SSM Information 239
Displaying LLDP Information 240
Displaying LLDP Neighbor Information 240
Displaying LLDP-MED Neighbor Information 241
Displaying LLDP Neighbor EEE Information 243
Displaying LLDP Port Statistics 245
Displaying the MAC Address Table 246
Displaying Information About VLANs 247
VLAN Membership 247
VLAN Port Status 248
Displaying Information About MAC-based VLANs 250
6PERFORMING BASIC DIAGNOSTICS 251
Pinging an IPv4 or IPv6 Address 251
Running Cable Diagnostics 252
7PERFORMING SYSTEM MAINTENANCE 255
Restarting the Switch 255
Restoring Factory Defaults 256
Upgrading Firmware 256
Managing Configuration Files 257
Saving Configuration Settings 257
Restoring Configuration Settings 258
SECTION III APPENDICES 259
ASOFTWARE SPECIFICATIONS 260
Software Features 260
Management Features 261
Standards 262
Management Information Bases 262
BTROUBLESHOOTING 264
Problems Accessing the Management Interface 264
Using System Logs 265
– 11 –
C
ONTENTS
CLICENSE INFORMATION 266
The GNU General Public License 266
GLOSSARY 270
NDEX 278
I
– 12 –
FIGURES
Figure 1: Home Page 31
Figure 2: Front Panel Indicators 32
Figure 3: System Information Configuration 42
Figure 4: IP Configuration 44
Figure 5: IPv6 Configuration 46
Figure 6: NTP Configuration 47
Figure 7: Configuring Settings for Remote Logging of Error Messages 48
Figure 8: Configuring LED Power Reduction 49
Figure 9: Configuring EEE Power Reduction 51
Figure 10: Configuring Thermal Protection 52
Figure 11: Port Configuration 54
Figure 12: Showing User Accounts 56
Figure 13: Configuring User Accounts 57
Figure 14: Configuring Privilege Levels 58
Figure 15: Authentication Server Operation 59
Figure 16: Authentication Method for Management Access 61
Figure 17: SSH Configuration 62
Figure 18: HTTPS Configuration 63
Figure 19: Access Management Configuration 64
Figure 20: SNMP System Configuration 69
Figure 21: SNMPv3 Community Configuration 70
Figure 22: SNMPv3 User Configuration 72
Figure 23: SNMPv3 Group Configuration 73
Figure 24: SNMPv3 View Configuration 74
Figure 25: SNMPv3 Access Configuration 75
Figure 26: Port Limit Control Configuration 77
Figure 27: Using Port Security 78
Figure 28: Network Access Server Configuration 88
Figure 29: ACL Port Configuration 90
Figure 30: ACL Rate Limiter Configuration 91
Figure 31: Access Control List Configuration 98
– 13 –
F
IGURES
Figure 32: DHCP Snooping Configuration 101
Figure 33: DHCP Relay Configuration 102
Figure 34: Configuring Global and Port-based Settings for IP Source Guard 104
Figure 35: Configuring Static Bindings for IP Source Guard 106
Figure 36: Configuring Global and Port Settings for ARP Inspection 108
Figure 37: Configuring Static Bindings for ARP Inspection 109
Figure 38: Authentication Configuration 110
Figure 39: Static Trunk Configuration 114
Figure 40: LACP Port Configuration 116
Figure 41: STP Root Ports and Designated Ports 117
Figure 42: MSTP Region, Internal Spanning Tree, Multiple Spanning Tree 117
Figure 43: Common Internal Spanning Tree, Common Spanning Tree, Internal
Spanning Tree 118
Figure 44: STA Bridge Configuration 122
Figure 45: Adding a VLAN to an MST Instance 124
Figure 46: Configuring STA Bridge Priorities 125
Figure 47: STP/RSTP/CIST Port Configuration 128
Figure 48: MSTI Port Configuration 130
Figure 49: MVR Concept 131
Figure 50: Configuring MVR 133
Figure 51: Configuring Global and Port-related Settings for IGMP Snooping 136
Figure 52: Configuring VLAN Settings for IGMP Snooping and Query 138
Figure 53: IGMP Snooping Port Group Filtering Configuration 139
Figure 54: Configuring Global and Port-related Settings for MLD Snooping 143
Figure 55: Configuring VLAN Settings for MLD Snooping and Query 145
Figure 56: MLD Snooping Port Group Filtering Configuration 146
Figure 57: LLDP Configuration 149
Figure 58: LLDP-MED Configuration 155
Figure 59: MAC Address Table Configuration 157
Figure 60: VLAN Membership Configuration 159
Figure 61: VLAN Port Configuration 161
Figure 62: Private VLAN Membership Configuration 163
Figure 63: Port Isolation Configuration 163
Figure 64: Configuring MAC-Based VLANs 165
Figure 65: Configuring Protocol VLANs 167
Figure 66: Assigning Ports to Protocol VLANs 168
Figure 67: Configuring Global and Port Settings for a Voice VLAN 171
– 14 –
F
IGURES
Figure 68: Configuring an OUI Telephony List 172
Figure 69: Configuring Ingress Port QoS Classification 174
Figure 70: Configuring Ingress Port Tag Classification 175
Figure 71: Displaying Egress Port Schedulers 177
Figure 72: Configuring Egress Port Schedulers and Shapers 177
Figure 73: Displaying Egress Port Shapers 178
Figure 74: Displaying Port Tag Remarking Mode 180
Figure 75: Configuring Port Tag Remarking Mode 181
Figure 76: Configuring Port DSCP Translation and Rewriting 183
Figure 77: Configuring DSCP-based QoS Ingress Classification 184
Figure 78: Configuring DSCP Translation and Re-mapping 185
Figure 79: Mapping DSCP to CoS/DPL Values 186
Figure 80: QoS Control List Configuration 190
Figure 81: Storm Control Configuration 191
Figure 82: Mirror Configuration 192
Figure 83: UPnP Configuration 194
Figure 84: System Information 196
Figure 85: CPU Load 197
Figure 86: System Log Information 198
Figure 87: Detailed System Log Information 199
Figure 88: Thermal Protection Status 200
Figure 89: Port State Overview 200
Figure 90: Port Statistics Overview 201
Figure 91: Queueing Counters 202
Figure 92: QoS Control List Status 203
Figure 93: Detailed Port Statistics 205
Figure 94: Access Management Statistics 206
Figure 95: Port Security Switch Status 208
Figure 96: Port Security Port Status 209
Figure 97: Network Access Server Switch Status 211
Figure 98: NAS Statistics for Specified Port 215
Figure 99: ACL Status 216
Figure 100: DHCP Snooping Statistics 218
Figure 101: DHCP Relay Statistics 219
Figure 102: Dynamic ARP Inspection Table 220
Figure 103: Dynamic IP Source Guard Table 220
– 15 –
F
IGURES
Figure 104: RADIUS Overview 221
Figure 105: RADIUS Details 225
Figure 106: LACP System Status 226
Figure 107: LACP Port Status 227
Figure 108: LACP Port Statistics 227
Figure 109: Spanning Tree Bridge Status 230
Figure 110: Spanning Tree Detailed Bridge Status 230
Figure 111: Spanning Tree Port Status 231
Figure 112: Spanning Tree Port Statistics 232
Figure 113: MVR Statistics 233
Figure 114: MVR Group Information 234
Figure 115: IGMP Snooping Status 235
Figure 116: IGMP Snooping Group Information 236
Figure 117: IPv4 SSM Information 237
Figure 118: MLD Snooping Status 238
Figure 119: MLD Snooping Group Information 239
Figure 120: IPv6 SSM Information 239
Figure 121: LLDP Neighbor Information 241
Figure 122: LLDP-MED Neighbor Information 243
Figure 123: LLDP Neighbor EEE Information 244
Figure 124: LLDP Port Statistics 246
Figure 125: MAC Address Table 247
Figure 126: Showing VLAN Members 248
Figure 127: Showing VLAN Port Status 249
Figure 128: Showing MAC-based VLAN Configuration 250
Figure 129: ICMP Ping 252
Figure 130: VeriPHY Cable Diagnostics 253
Figure 131: Restart Device 255
Figure 132: Factory Defaults 256
Figure 133: Software Upload 257
Figure 134: Configuration Save 258
Figure 135: Configuration Upload 258
– 16 –
TABLES
Table 1: Key Features 20
Table 2: System Defaults 25
Table 3: Web Page Configuration Buttons 32
Table 4: Main Menu 33
Table 5: HTTPS System Support 63
Table 6: SNMP Security Models and Levels 65
Table 7: Dynamic QoS Profiles 81
Table 8: QCE Modification Buttons 92
Table 9: Recommended STA Path Cost Range 126
Table 10: Recommended STA Path Costs 126
Table 11: Default STA Path Costs 126
Table 12: QCE Modification Buttons 187
Table 13: System Capabilities 240
Table 14: Troubleshooting Chart 264
– 17 –
T
ABLES
– 18 –
S
ECTION
GETTING STARTED
This section provides an overview of the switch, and introduces some basic
concepts about network switches. It also describes the basic settings
required to access the management interface.
This section includes these chapters:
◆ "Introduction" on page 20
◆ "Initial Switch Configuration" on page 28
I
– 19 –
1 INTRODUCTION
This switch provides a broad range of features for Layer 2 switching. It
includes a management agent that allows you to configure the features
listed in this manual. The default configuration can be used for most of the
features provided by this switch. However, there are many options that you
should configure to maximize the switch’s performance for your particular
network environment.
KEY FEATURES
Table 1: Key Features
Feature Description
Configuration Backup
and Restore
Backup to management station using Web
Authentication Telnet, Web – user name/password, RADIUS, TACACS+
Web – H TTPS
Telne t – S S H
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering
General Security
Measures
Access Control Lists Supports up to 256 rules
DHCP Client
DNS Client and Proxy service
Port Configuration Speed, duplex mode, flow control, MTU, response to excessive
Rate Limiting Input rate limiting per port (manual setting or ACL)
Port Mirroring 1 sessions, up to 10 source port to one analysis port per session
Port Trunking Supports up to 5 trunks – static or dynamic trunking (LACP)
Congestion Control Throttling for broadcast, multicast, unknown unicast storms
Address Table 8K MAC addresses in the forwarding table, 1000 static MAC
IP Version 4 and 6 Supports IPv4 and IPv6 addressing, management, and QoS
Private VLANs
Port Authentication
Port Security
DHCP Snooping (with Option 82 relay information)
IP Source Guard
collisions, power saving mode
addresses, 1K L2 IGMP multicast groups and 128 MVR groups
IEEE 802.1D Bridge Supports dynamic data switching and addresses learning
Store-and-Forward
Switching
Supported to ensure wire-speed switching while eliminating bad
frames
– 20 –
C
HAPTER
Description of Software Features
1
| Introduction
Table 1: Key Features (Continued)
Feature Description
Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and
Virtual LANs Up to 4K using IEEE 802.1Q, port-based, protocol-based, private
Traffic Prioritization Queue mode and CoS configured by Ethernet type, VLAN ID, TCP/
Qualify of Service Supports Differentiated Services (DiffServ), and DSCP remarking
Link Layer Discovery
Protocol
Multicast Filtering Supports IGMP snooping and query, MLD snooping, and Multicast
DESCRIPTION OF SOFTWARE FEATURES
The switch provides a wide range of advanced performance enhancing
features. Flow control eliminates the loss of packets due to bottlenecks
caused by port saturation. Storm suppression prevents broadcast,
multicast, and unknown unicast traffic storms from engulfing the network.
Untagged (port-based), tagged, and protocol-based VLANs provide traffic
security and efficient use of network bandwidth. CoS priority queueing
ensures the minimum delay for moving real-time multimedia data across
the network. While multicast filtering provides support for real-time
network applications.
Multiple Spanning Trees (MSTP)
VLANs, and voice VLANs, and QinQ tunnel
UDP port, DSCP, ToS bit, VLAN tag priority, or port
Used to discover basic information about neighboring devices
VLAN Registration
Some of the management features are briefly described below.
CONFIGURATION
BACKUP AND
RESTORE
You can save the current configuration settings to a file on the
management station (using the web interface) or a TFTP server (using the
console interface through Telnet), and later download this file to restore
the switch configuration settings.
AUTHENTICATION This switch authenticates management access via a web browser. User
names and passwords can be configured locally or can be verified via a
remote authentication server (i.e., RADIUS or TACACS+). Port-based
authentication is also supported via the IEEE 802.1X protocol. This protocol
uses Extensible Authentication Protocol over LANs (EAPOL) to request user
credentials from the 802.1X client, and then uses the EAP between the
switch and the authentication server to verify the client’s right to access
the network via an authentication server (i.e., RADIUS or TACACS+
server).
Other authentication options include HTTPS for secure management access
via the web, SSH for secure management access over a Telnet-equivalent
connection, SNMP Version 3, IP address filtering for SNMP/Telnet/web
management access, and MAC address filtering for port access.
– 21 –
C
HAPTER
Description of Software Features
1
| Introduction
ACCESS CONTROL
LISTS
ACLs provide packet filtering for IP frames (based on protocol, TCP/UDP
port number or frame type) or layer 2 frames (based on any destination
MAC address for unicast, broadcast or multicast, or based on VLAN ID or
VLAN tag priority). ACLs can by used to improve performance by blocking
unnecessary network traffic or to implement security controls by restricting
access to specific network resources or protocols. Policies can be used to
differentiate service for client ports, server ports, network ports or guest
ports. They can also be used to strictly control network traffic by only
allowing incoming frames that match the source MAC and source IP on
specific port.
PORT CONFIGURATION You can manually configure the speed and duplex mode, and flow control
used on specific ports, or use auto-negotiation to detect the connection
settings used by the attached device. Use the full-duplex mode on ports
whenever possible to double the throughput of switch connections. Flow
control should also be enabled to control network traffic during periods of
congestion and prevent the loss of packets when port buffer thresholds are
exceeded. The switch supports flow control based on the IEEE 802.3x
standard (now incorporated in IEEE 802.3-2002).
RATE LIMITING This feature controls the maximum rate for traffic transmitted or received
on an interface. Rate limiting is configured on interfaces at the edge of a
network to limit traffic into or out of the network. Traffic that falls within
the rate limit is transmitted, while packets that exceed the acceptable
amount of traffic are dropped.
PORT MIRRORING The switch can unobtrusively mirror traffic from any port to a monitor port.
You can then attach a protocol analyzer or RMON probe to this port to
perform traffic analysis and verify connection integrity.
PORT TRUNKING Ports can be combined into an aggregate connection. Trunks can be
manually set up or dynamically configured using Link Aggregation Control
Protocol (LACP – IEEE 802.3-2005). The additional ports dramatically
increase the throughput across any connection, and provide redundancy by
taking over the load if a port in the trunk should fail. The switch supports
up to 5 trunks.
STORM CONTROL Broadcast, multicast and unknown unicast storm suppression prevents
traffic from overwhelming the network.When enabled on a port, the level of
broadcast traffic passing through the port is restricted. If broadcast traffic
rises above a pre-defined threshold, it will be throttled until the level falls
back beneath the threshold.
STATIC ADDRESSES A static address can be assigned to a specific interface on this switch.
Static addresses are bound to the assigned interface and will not be
moved. When a static address is seen on another interface, the address will
– 22 –
C
HAPTER
Description of Software Features
1
| Introduction
be ignored and will not be written to the address table. Static addresses
can be used to provide network security by restricting access for a known
host to a specific port.
IEEE 802.1D BRIDGE The switch supports IEEE 802.1D transparent bridging. The address table
facilitates data switching by learning addresses, and then filtering or
forwarding traffic based on this information. The address table supports up
to 16K addresses.
STORE-AND-FORWARD
SWITCHING
SPANNING TREE
ALGORITHM
The switch copies each frame into its memory before forwarding them to
another port. This ensures that all frames are a standard Ethernet size and
have been verified for accuracy with the cyclic redundancy check (CRC).
This prevents bad frames from entering the network and wasting
bandwidth.
To avoid dropping frames on congested ports, the switch provides 8 MB for
frame buffering. This buffer can queue packets awaiting transmission on
congested networks.
The switch supports these spanning tree protocols:
◆ Spanning Tree Protocol (STP, IEEE 802.1D) – Supported by using the
STP backward compatible mode provided by RSTP. STP provides loop
detection. When there are multiple physical paths between segments,
this protocol will choose a single path and disable all others to ensure
that only one route exists between any two stations on the network.
This prevents the creation of network loops. However, if the chosen
path should fail for any reason, an alternate path will be activated to
maintain the connection.
◆ Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol
reduces the convergence time for network topology changes to about 3
to 5 seconds, compared to 30 seconds or more for the older IEEE
802.1D STP standard. It is intended as a complete replacement for STP,
but can still interoperate with switches running the older standard by
automatically reconfiguring ports to STP-compliant mode if they detect
STP protocol messages from attached devices.
◆ Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is
a direct extension of RSTP. It can provide an independent spanning tree
for different VLANs. It simplifies network management, provides for
even faster convergence than RSTP by limiting the size of each region,
and prevents VLAN members from being segmented from the rest of
the group (as sometimes occurs with IEEE 802.1D STP).
– 23 –
C
HAPTER
Description of Software Features
1
| Introduction
VIRTUAL LANS The switch supports up to 4096 VLANs. A Virtual LAN is a collection of
network nodes that share the same collision domain regardless of their
physical location or connection point in the network. The switch supports
tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN
groups can be manually assigned to a specific set of VLANs. This allows the
switch to restrict traffic to the VLAN groups to which a user has been
assigned. By segmenting your network into VLANs, you can:
◆ Eliminate broadcast storms which severely degrade performance in a
flat network.
◆ Simplify network management for node changes/moves by remotely
configuring VLAN membership for any port, rather than having to
manually change the network connection.
◆ Provide data security by restricting all traffic to the originating VLAN.
◆ Use private VLANs to restrict traffic to pass only between data ports
and the uplink ports, thereby isolating adjacent ports within the same
VLAN, and allowing you to limit the total number of VLANs that need to
be configured.
IEEE 802.1Q
TUNNELING (QINQ)
TRAFFIC
PRIORITIZATION
◆ Use protocol VLANs to restrict traffic to specified interfaces based on
protocol type.
This feature is designed for service providers carrying traffic for multiple
customers across their networks. QinQ tunneling is used to maintain
customer-specific VLAN and Layer 2 protocol configurations even when
different customers use the same internal VLAN IDs. This is accomplished
by inserting Service Provider VLAN (SPVLAN) tags into the customer’s
frames when they enter the service provider’s network, and then stripping
the tags when the frames leave the network.
This switch prioritizes each packet based on the required level of service,
using four priority queues with strict or Weighted Round Robin queuing. It
uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on
input from the end-station application. These functions can
provide independent priorities for delay-sensitive data and best-effort data.
This switch also supports several common methods of prioritizing layer 3/4
traffic to meet application requirements. Traffic can be prioritized based on
the priority bits in the IP frame’s Type of Service (ToS) octet or the number
of the TCP/UDP port. When these services are enabled, the priorities are
mapped to a Class of Service value by the switch, and the traffic then sent
to the corresponding output queue.
be used to
– 24 –
C
HAPTER
System Defaults
1
| Introduction
QUALITY OF SERVICE Differentiated Services (DiffServ) provides policy-based management
mechanisms used for prioritizing network resources to meet the
requirements of specific traffic types on a per-hop basis. Each packet is
classified upon entry into the network based on access lists, DSCP values,
or VLAN lists. Using access lists allows you select traffic based on Layer 2,
Layer 3, or Layer 4 information contained in each packet. Based on
network policies, different kinds of traffic can be marked for different kinds
of forwarding.
MULTICAST FILTERING Specific multicast traffic can be assigned to its own VLAN to ensure that it
does not interfere with normal network traffic and to guarantee real-time
delivery by setting the required priority level for the designated VLAN. The
switch uses IGMP Snooping and Query to manage multicast group
registration for IPv4 traffic, and MLD Snooping for IPv6 traffic. It also
supports Multicast VLAN Registration (MVR) which allows common
multicast traffic, such as television channels, to be transmitted across a
single network-wide multicast VLAN shared by hosts residing in other
standard or private VLAN groups, while preserving security and data
isolation for normal traffic.
SYSTEM DEFAULTS
The switch’s system defaults are provided in the configuration file
“Factory_Default_Config.cfg.” To reset the switch defaults, this file should
be set as the startup configuration file.
The following table lists some of the basic system defaults.
Table 2: System Defaults
Function Parameter Default
Authentication User Name “admin”
Password “admin”
RADIUS Authentication Disabled
TACACS+ Authentication Disabled
802.1X Port Authentication Disabled
HTTPS Enabled
SSH Enabled
Port Security Disabled
IP Filtering Disabled
Web Management HTTP Server Enabled
HTTP Port Number 80
HTTP Secure Server Disabled
HTTP Secure Server Redirect Disabled
– 25 –
C
HAPTER
Table 2: System Defaults (Continued)
Function Parameter Default
SNMP SNMP Agent Disabled
Community Strings “public” (read only)
“private” (read/write)
1
| Introduction
System Defaults
Traps Global: disabled
SNMP V3 View: default_view
Port Configuration Admin Status Enabled
Auto-negotiation Enabled
Flow Control Disabled
Rate Limiting Input and output limits Disabled
Po r t Tru n k ing S tati c Trun k s N one
LACP (all ports) Disabled
Storm Protection Status Broadcast: Enabled (1 kpps)
Spanning Tree Algorithm Status Enabled, RSTP
Edge Ports Enabled
Address Table Aging Time 300 seconds
Virtual LANs Default VLAN 1
PVID 1
Authentication traps: enabled
Link-up-down events: enabled
Group: default_rw_group
Multicast: disabled
Unknown unicast: disabled
(Defaults: RSTP standard)
Acceptable Frame Type All
Ingress Filtering Disabled
Switchport Mode (Egress Mode) Access
Traffic Prioritization Ingress Port Priority 0
Queue Mode Strict
Weighted Round Robin Queue: 0 1 2 3 4 5 6 7
Weight: Disabled in strict mode
Ethernet Type Disabled
VLAN ID Disabled
VLAN Priority Tag Disabled
ToS Prio r i t y Disa b l e d
IP DSCP Priority Disabled
TCP/UDP Port Priority Disabled
LLDP Status Enabled
– 26 –
C
HAPTER
1
| Introduction
System Defaults
Table 2: System Defaults (Continued)
Function Parameter Default
IP Settings Management. VLAN VLAN 1
IP Address 192.168.1.10
Subnet Mask 255.255.255.0
Default Gateway 0.0.0.0
DHCP Client: Disabled
Snooping: Disabled
DNS Proxy service: Disabled
Multicast Filtering IGMP Snooping Snooping: Disabled
MLD Snooping Disabled
Multicast VLAN Registration Disabled
System Log
(console only)
NTP Clock Synchronization Disabled
Status Disabled
Messages Logged to Flash All levels
Querier: Disabled
– 27 –
2 INITIAL SWITCH CONFIGURATION
This chapter includes information on connecting to the switch and basic
configuration procedures.
To make use of the management features of your switch, you must first
configure it with an IP address that is compatible with the network in which
it is being installed. This should be done before you permanently install the
switch in the network.
Follow this procedure:
1. Place the switch close to the PC that you intend to use for configuration.
It helps if you can see the front panel of the switch while working on
your PC.
2. Connect the Ethernet port of your PC to any port on the front panel of
the switch. Connect power to the switch and verify that you have a link
by checking the front-panel LEDs.
3. Check that your PC has an IP address on the same subnet as the
switch. The default IP address of the switch is 192.168.1.10 and the
subnet mask is 255.255.255.0, so the PC and switch are on the same
subnet if they both have addresses that start 192.168.1.x. If the PC
and switch are not on the same subnet, you must manually set the PC’s
IP address to 192.168.1.x (where “x” is any number from 1 to 254,
except 10).
4. Open your web browser and enter the address http://192.168.1.10. If
your PC is properly configured, you will see the login page of the
switch. If you do not see the login page, repeat step 3.
5. Enter “admin” for the user name and password, and then click on the
Login button.
6. From the menu, click System, and then IP. To request an address from
a local DHCP Server, mark the DHCP Client check box. To configure a
static address, enter the new IP Address, IP Mask, and other optional
parameters for the switch, and then click on the Save button.
If you need to configure an IPv6 address, select IPv6 from the System
menu, and either submit a request for an address from a local DHCPv6
server by marking the Auto Configuration check box, or configure a
static address by filling in the parameters for an address, network
prefix length, and gateway router.
No other configuration changes are required at this stage, but it is
recommended that you change the administrator’s password before
– 28 –
C
HAPTER
2
| Initial Switch Configuration
logging out. To change the password, click Security and then Users. Select
“admin” from the User Configuration list, fill in the Password fields, and
then click Save.
– 29 –
S
ECTION
WEB CONFIGURATION
This section describes the basic switch features, along with a detailed
description of how to configure each feature via a web browser.
This section includes these chapters:
◆ "Using the Web Interface" on page 31
◆ "Configuring the Switch" on page 41
◆ "Monitoring the Switch" on page 195
◆ "Performing Basic Diagnostics" on page 251
II
◆ "Performing System Maintenance" on page 255
– 30 –
Loading...