SMC Networks TIGERSWITCH 10-100 User Manual

Download

TigerSwitch 10/100

24-Port Fast Ethernet Switch

◆ 24 10BASE-T/100BASE-TX auto MDI/MDI-X ports

◆ Optional 1000BASE-X or 100BASE-FX modules

◆ 8.8 Gbps of aggregate bandwidth

◆ Non-blocking switching architecture

◆ Spanning Tree Protocol

◆ Up to four port trunks

◆ RADIUS authentication

◆ Rate limiting for bandwidth management

◆ QoS support for four-level priority

◆ Full support for VLANs with GVRP

◆ IP Multicasting with IGMP Snooping

◆ Manageable via console, Web, SNMP/RMON

Management Guide

SMC6724L2

TigerSwitch 10/100 Management Guide

From SMC’s Tiger line of feature-rich workgroup LAN solutions

38 Tesla Irvine, CA 92618 Phone: (949) 679-8000

May 2003

Pub. # 150200033600A

Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable. However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications at any time without notice.

SMC Networks, Inc.

38 Tesla

Irvine, CA 92618

Trademarks:

SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.

IMITED

Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term. SMC will endeavor to repair or replace any product returned under warranty within 30 days of receipt of the product.

The standard limited warranty can be upgraded to a Limited Lifetime* warranty by registering new products within 30 days of purchase from SMC or its Authorized Reseller. Registration can be accomplished via the enclosed product registration card or online via the SMC web site. Failure to register will not affect the standard limited warranty. The Limited Lifetime warranty covers a product during the Life of that Product, which is defined as the period of time during which the product is an “Active” SMC product. A product is considered to be “Active” while it is listed on the current SMC price list. As new technologies emerge, older technologies become obsolete and SMC will, at its discretion, replace an older product in its product line with one that incorporates these newer technologies. At that point, the obsolete product is discontinued and is no longer an “Active” SMC product. A list of discontinued products with their respective dates of discontinuance can be found at: http://www.smc.com/index.cfm?action=customer_service_warranty.

All products that are replaced become the property of SMC. Replacement products may be either new or reconditioned. Any replaced or repaired product carries either a 30-day limited warranty or the remainder of the initial warranty, whichever is longer. SMC is not responsible for any custom software or firmware, configuration information, or memory data of Customer contained in, stored on, or integrated with any products returned to SMC pursuant to any warranty. Products returned to SMC should have any customer-installed accessory or add-on components, such as expansion modules, removed prior to returning the product for replacement. SMC is not responsible for these items if they are returned with the product.

Customers must contact SMC for a Return Material Authorization number prior to returning any product to SMC. Proof of purchase may be required. Any product returned to SMC without a valid Return Material Authorization (RMA) number clearly marked on the outside of the package will be returned to customer at customer’s expense. For warranty claims within North America, please call our toll-free customer support number at (800) 762-4968. Customers are responsible for all shipping charges from their facility to SMC. SMC is responsible for return shipping charges from SMC to customer.

WARRANTIES EXCLUSIVE: IF AN SMC PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE, CUSTOMER’S SOLE REMEDY SHALL BE REPAIR OR REPLACEMENT OF THE PRODUCT IN QUESTION, AT SMC’S OPTION. THE

ARRANTY

IMITED WARRANTY

FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES OR CONDITIONS, EXPRESS OR IMPLIED, EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING WARRANTIES OR CONDITIONS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. SMC NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE OR USE OF ITS PRODUCTS. SMC SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY CUSTOMER’S OR ANY THIRD PERSON’S MISUSE, NEGLECT, IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.

LIMITATION OF LIABILITY: IN NO EVENT, WHETHER BASED IN CONTRACT OR TORT (INCLUDING NEGLIGENCE), SHALL SMC BE LIABLE FOR INCIDENTAL, CONSEQUENTIAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE, LOSS OF BUSINESS, OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE, INSTALLATION, MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF ITS PRODUCTS, EVEN IF SMC OR ITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SOME STATES DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR THE LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES FOR CONSUMER PRODUCTS, SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS, WHICH MAY VARY FROM STATE TO STATE. NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS.

* SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase.

SMC Networks, Inc.

38 Tesla

Irvine, CA 92618

ONTENTS

1 Switch Management . . . . . . . . . . . . . . . . . . . . . . 1-1

Connecting to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Required Connections . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

Remote Connections . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-4

Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5

Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-5

Setting Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6

Setting an IP Address . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7

Enabling SNMP Management Access . . . . . . . . . . . . . . 1-10

Saving Configuration Settings . . . . . . . . . . . . . . . . . . . 1-12

Managing System Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-13

System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-14

2 Configuring the Switch . . . . . . . . . . . . . . . . . . . . 2-1

Using the Web Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Navigating the Web Browser Interface . . . . . . . . . . . . . . . . . . 2-2

Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Panel Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

Main Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

Basic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9

Displaying System Information . . . . . . . . . . . . . . . . . . . 2-9

Setting the IP Address . . . . . . . . . . . . . . . . . . . . . . . . 2-11

Configuring User Authentication . . . . . . . . . . . . . . . . . . . . . . 2-15

Configuring the Logon Password . . . . . . . . . . . . . . . . . 2-15

Configuring RADIUS Logon Authentication . . . . . . . . . 2-17

Managing Firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20

Downloading System Software from a Server . . . . . . . . 2-20

Saving or Restoring Configuration Settings . . . . . . . . . . 2-22

Resetting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-24

Displaying Bridge Extension Capabilities . . . . . . . . . . . . . . . 2-24

Enabling or Disabling GVRP

(Global Setting) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-27

Displaying Switch Hardware/Software Versions . . . . . . . . . . 2-28

ONTENTS

Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-30

Displaying Connection Status . . . . . . . . . . . . . . . . . . . 2-30

Configuring Interface Connections . . . . . . . . . . . . . . . 2-32

Setting Broadcast Storm Thresholds . . . . . . . . . . . . . . 2-34

Configuring Port Mirroring . . . . . . . . . . . . . . . . . . . . . 2-37

Address Table Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-38

Setting Static Addresses . . . . . . . . . . . . . . . . . . . . . . . 2-39

Displaying the Address Table . . . . . . . . . . . . . . . . . . . 2-40

Changing the Aging Time . . . . . . . . . . . . . . . . . . . . . 2-42

Spanning Tree Algorithm Configuration . . . . . . . . . . . . . . . . 2-42

Managing Global Settings . . . . . . . . . . . . . . . . . . . . . . 2-43

Displaying the Global Settings for STA . . . . . . . . . . . . 2-45

Configuring the Global Settings for STA . . . . . . . . . . . 2-47

Managing STA Interface Settings . . . . . . . . . . . . . . . . . 2-47

Displaying the Interface Settings for STA . . . . . . . . . . 2-51

Configuring the Interface Settings for STA . . . . . . . . . . 2-52

VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-52

Displaying Basic VLAN Information . . . . . . . . . . . . . . 2-56

Displaying Current VLANs . . . . . . . . . . . . . . . . . . . . . 2-57

Creating VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-59

Adding Static Members to VLANs (VLAN Index) . . . . . 2-61

Adding Static Members to VLANs (Port Index) . . . . . . 2-64

Configuring VLAN Behavior for Interfaces . . . . . . . . . 2-65

Configuring Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . 2-68

Displaying Current Private VLANs . . . . . . . . . . . . . . . 2-69

Configuring Private VLANs . . . . . . . . . . . . . . . . . . . . . 2-71

Associating Community VLANs . . . . . . . . . . . . . . . . . 2-72

Displaying Private VLAN Interface Information . . . . . . 2-73

Configuring Private VLAN Interfaces . . . . . . . . . . . . . . 2-75

Class of Service Configuration . . . . . . . . . . . . . . . . . . . . . . . 2-77

Setting the Queue Mode . . . . . . . . . . . . . . . . . . . . . . 2-78

Port Trunk Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 2-79

Configuring SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-82

Setting Community Access Strings . . . . . . . . . . . . . . . 2-83

Specifying Trap Managers and Trap Types . . . . . . . . . 2-84

Multicast Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-86

Configuring IGMP Parameters . . . . . . . . . . . . . . . . . . 2-87

ONTENTS

Interfaces Attached to a Multicast Router . . . . . . . . . . . 2-89

Specifying Interfaces Attached to a Multicast Router . . . 2-91

Displaying Port Members of Multicast Services . . . . . . . 2-92

Adding Multicast Addresses to VLANs . . . . . . . . . . . . . 2-94

Showing Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-96

Rate Limit Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-98

Configuring 802.1x Port Authentication . . . . . . . . . . . . . . . . 2-100

Displaying 802.1x Global Settings . . . . . . . . . . . . . . . 2-102

Configuring 802.1x Global Settings . . . . . . . . . . . . . . 2-103

Configuring a Port for Authorization . . . . . . . . . . . . . 2-105

Displaying 802.1x Statistics . . . . . . . . . . . . . . . . . . . . 2-107

3 Command Line Interface . . . . . . . . . . . . . . . . . . 3-1

Using the Command Line Interface . . . . . . . . . . . . . . . . . . . . . 3-1

Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Console Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Telnet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Entering Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Keywords and Arguments . . . . . . . . . . . . . . . . . . . . . . . 3-4

Minimum Abbreviation . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Command Completion . . . . . . . . . . . . . . . . . . . . . . . . . 3-5

Getting Help on Commands . . . . . . . . . . . . . . . . . . . . . 3-5

Partial Keyword Lookup . . . . . . . . . . . . . . . . . . . . . . . . 3-6

Negating the Effect of Commands . . . . . . . . . . . . . . . . . 3-6

Using Command History . . . . . . . . . . . . . . . . . . . . . . . . 3-6

Understanding Command Modes . . . . . . . . . . . . . . . . . 3-7

Exec Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7

Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . 3-8

Command Line Processing . . . . . . . . . . . . . . . . . . . . . 3-10

Command Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

General Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13

enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-13

disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14

configure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15

show history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16

reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17

end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17

iii

ONTENTS

exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18

quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19

Flash/File Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19

copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20

delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22

dir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23

whichboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24

boot system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25

System Management Commands . . . . . . . . . . . . . . . . . . . . . 3-26

hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27

username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27

enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29

ip http port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30

ip http server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-31

show startup-config . . . . . . . . . . . . . . . . . . . . . . . . . . 3-32

show running-config . . . . . . . . . . . . . . . . . . . . . . . . . 3-34

show system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-36

show users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-37

show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-37

Authentication Commands . . . . . . . . . . . . . . . . . . . . . . . . . 3-38

authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . 3-39

radius-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-40

radius-server port . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-41

radius-server key . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-42

radius-server retransmit . . . . . . . . . . . . . . . . . . . . . . . 3-42

radius-server timeout . . . . . . . . . . . . . . . . . . . . . . . . . 3-43

show radius-server . . . . . . . . . . . . . . . . . . . . . . . . . . 3-43

Port Authentication Commands . . . . . . . . . . . . . . . . . . . . . . 3-44

authentication dot1x . . . . . . . . . . . . . . . . . . . . . . . . . 3-45

dot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46

dot1x max-req . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-46

dot1x port-control . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-47

dot1x re-authenticate . . . . . . . . . . . . . . . . . . . . . . . . . 3-48

dot1x re-authentication . . . . . . . . . . . . . . . . . . . . . . . 3-48

dot1x timeout quiet-period . . . . . . . . . . . . . . . . . . . . 3-49

dot1x timeout re-authperiod . . . . . . . . . . . . . . . . . . . 3-49

dot1x timeout tx-period . . . . . . . . . . . . . . . . . . . . . . . 3-50

ONTENTS

show dot1x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-51

SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-54

snmp-server community . . . . . . . . . . . . . . . . . . . . . . . 3-54

snmp-server contact . . . . . . . . . . . . . . . . . . . . . . . . . . 3-55

snmp-server location . . . . . . . . . . . . . . . . . . . . . . . . . 3-56

snmp-server host . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-57

snmp-server enable traps . . . . . . . . . . . . . . . . . . . . . . 3-58

show snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-59

IGMP Snooping Commands . . . . . . . . . . . . . . . . . . . . . . . . . 3-61

ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-61

ip igmp snooping query-count . . . . . . . . . . . . . . . . . . 3-62

ip igmp snooping query-max-response-time . . . . . . . . 3-63

ip igmp snooping router-port-expire-time . . . . . . . . . . 3-64

ip igmp snooping version . . . . . . . . . . . . . . . . . . . . . . 3-65

show ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . 3-66

show mac-address-table multicast . . . . . . . . . . . . . . . . 3-67

Line Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-68

line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-69

password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-71

exec-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-72

password-thresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-73

silent-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-74

databits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-75

parity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-76

speed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-77

stopbits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78

show line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-78

IP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-79

ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-80

ip dhcp restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-81

ip default-gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-82

show ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-83

show ip redirects . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-84

ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-84

HOL Blocking Prevention Commands . . . . . . . . . . . . . . . . . . 3-86

queue hol-prevention . . . . . . . . . . . . . . . . . . . . . . . . . 3-86

ONTENTS

show queue hol-prevention . . . . . . . . . . . . . . . . . . . . 3-87

Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-88

interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-89

description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-90

speed-duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-90

negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-92

capabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-93

flowcontrol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-94

shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-96

switchport broadcast percent . . . . . . . . . . . . . . . . . . . 3-97

clear counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-98

show interfaces status . . . . . . . . . . . . . . . . . . . . . . . . 3-99

show interfaces counters . . . . . . . . . . . . . . . . . . . . . .3-100

show interfaces switchport . . . . . . . . . . . . . . . . . . . . .3-102

Rate Limit Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-104

rate-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-105

Address Table Commands . . . . . . . . . . . . . . . . . . . . . . . . . .3-106

mac-address-table static . . . . . . . . . . . . . . . . . . . . . . .3-107

clear mac-address-table dynamic . . . . . . . . . . . . . . . .3-108

show mac-address-table . . . . . . . . . . . . . . . . . . . . . . .3-109

mac-address-table aging-time . . . . . . . . . . . . . . . . . . .3-110

show mac-address-table aging-time . . . . . . . . . . . . . .3-111

Spanning Tree Commands . . . . . . . . . . . . . . . . . . . . . . . . .3-111

spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-112

spanning-tree forward-time . . . . . . . . . . . . . . . . . . . .3-113

spanning-tree hello-time . . . . . . . . . . . . . . . . . . . . . .3-114

spanning-tree max-age . . . . . . . . . . . . . . . . . . . . . . .3-115

spanning-tree priority . . . . . . . . . . . . . . . . . . . . . . . .3-116

spanning-tree cost . . . . . . . . . . . . . . . . . . . . . . . . . . .3-116

spanning-tree port-priority . . . . . . . . . . . . . . . . . . . . .3-117

spanning-tree portfast . . . . . . . . . . . . . . . . . . . . . . . .3-118

show spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . .3-119

VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-121

vlan database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-122

vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-123

interface vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-124

switchport mode . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-125

ONTENTS

switchport acceptable-frame-types . . . . . . . . . . . . . . 3-126

switchport ingress-filtering . . . . . . . . . . . . . . . . . . . . 3-127

switchport native vlan . . . . . . . . . . . . . . . . . . . . . . . 3-128

switchport allowed vlan . . . . . . . . . . . . . . . . . . . . . . 3-129

switchport forbidden vlan . . . . . . . . . . . . . . . . . . . . . 3-130

show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-131

Private VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 3-132

private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-134

private vlan association . . . . . . . . . . . . . . . . . . . . . . 3-135

switchport mode private-vlan . . . . . . . . . . . . . . . . . . 3-136

switchport private-vlan host-association . . . . . . . . . . . 3-137

switchport private-vlan mapping . . . . . . . . . . . . . . . . 3-138

show vlan private-vlan . . . . . . . . . . . . . . . . . . . . . . . 3-139

GVRP and Bridge Extension Commands . . . . . . . . . . . . . . . 3-140

switchport gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-140

show gvrp configuration . . . . . . . . . . . . . . . . . . . . . . 3-141

garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-142

show garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-143

bridge-ext gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-144

show bridge-ext . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-145

Priority Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-146

queue mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-147

show queue mode . . . . . . . . . . . . . . . . . . . . . . . . . . 3-147

Mirror Port Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-148

port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-148

show port monitor . . . . . . . . . . . . . . . . . . . . . . . . . . 3-149

Port Trunking Commands . . . . . . . . . . . . . . . . . . . . . . . . . 3-150

port-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-152

vii

ONTENTS

A Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . .A-1

Troubleshooting Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

B Upgrading Firmware via the Serial Port . . . . . . .B-1

Restoring Switch Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . B-4

C Pin Assignments . . . . . . . . . . . . . . . . . . . . . . . . . .C-1

Console Port Pin Assignments . . . . . . . . . . . . . . . . . . . . . . . . C-1

DB-9 Port Pin Assignments . . . . . . . . . . . . . . . . . . . . . C-2

Console Port to 9-Pin DTE Port on PC . . . . . . . . . . . . . C-2

Console Port to 25-Pin DTE Port on PC . . . . . . . . . . . . C-2

Glossary

Index

viii

HAPTER

WITCH

ANAGEMENT

Connecting to the Switch

Configuration Options

This switch includes a built-in network management agent. The agent offers a variety RMON and a Web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI).

Note: The IP address for this switch is unassigned by default. To

change this address, see “Setting an IP Address” on page 1-7.

The switch’s HTTP Web agent allows you to configure switch parameters, monitor port connections, and display statistics using a standard Web browser such as Netscape Navigator version 6.2 and higher or Microsoft IE version 5.0 and higher. The switch’s Web management interface can be accessed from any computer attached to the network.

of management options, including SNMP,

The switch’s management agent is based on SNMP (Simple Network Management Protocol). This SNMP agent permits the switch to be managed from any system in the network using the appropriate management software.

The CLI program can be accessed by a direct connection to the RS-232 serial console port on the switch, or remotely by a Telnet connection over the network.

1-1

WITCH MANAGEMENT

The switch’s CLI configuration program, Web interface, and SNMP agent allow you to perform the following management functions:

• Set user names and passwords for up to 16 users

• Set an IP interface for a management VLAN

• Configure SNMP parameters and enable traps

• Enable/disable any port

• Configure private VLANs for port isolation

• Set the speed/duplex mode for any port

• Configure the bandwidth of any port by rate limiting

• Configure up to 127 IEEE 802.1Q VLANs

• Enable GVRP automatic VLAN registration

• Upload and download of system firmware via TFTP

• Upload and download of switch configuration files via TFTP

• Configure Spanning Tree parameters

• Configure Class of Service (CoS) priority queuing

• Configure up to four static trunks

• Enable port mirroring

• DHCP filtering

• Set broadcast storm control on any port

• Display system information and statistics

• Configure port authentication

1-2

ONNECTING TO THE SWITCH

• RADIUS client support

• MAC filtering security

Required Connections

The switch provides an RS-232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch. A null-modem console cable is provided with the switch.

Attach a VT100-compatible terminal, or a PC running a terminal emulation program to the switch. You can use the console cable provided with this package, or use a null-modem cable that complies with the wiring assignments shown in Appendix B.

To connect a terminal to the console port, complete the following steps:

1. Connect the console cable to the serial port on a terminal, or a

PC running terminal emulation software, and tighten the captive retaining screws on the DB-9 connector.

2. Connect the other end of the cable to the RS-232 serial port on

the switch.

3. Make sure the terminal emulation software is set as follows:

• Select the appropriate serial port (COM port 1, or COM port 2).

• Set the data rate to 9600 baud.

• Set the data format to 8 data bits, 1 stop bit, and no parity.

• Set flow control to none.

• Set the emulation mode to VT100.

• When using HyperTerminal, select Terminal keys, not Windows keys.

1-3

WITCH MANAGEMENT

Note: When using HyperTerminal with Microsoft® Windows®

2000, make sure that you have Windows 2000 Service Pack 2 or later installed. Windows 2000 Service Pack 2 fixes the problem of arrow keys not functioning in HyperTerminal’s VT100 emulation. See www.microsoft.com for information on Windows 2000 service packs.

4. Once you have set up the terminal correctly, the console login screen will be displayed.

Note: Refer to “IGMP Snooping Commands” on page 3-61 for a

complete description of console configuration options.

For a description of how to use the CLI, see “Using the Command Line Interface” on page 3-1. For a list of all the CLI commands and detailed information on using the CLI, refer to “Command Groups” on page 3-10.

Remote Connections

Prior to accessing the switch’s onboard agent via a network connection, configure it with a valid IP address, subnet mask, and default gateway using a console connection, DHCP or BOOTP protocol.

The IP address for this switch is unassigned by default. To manually configure this address or enable dynamic address assignment via DHCP or BOOTP, see “Setting an IP Address” on page 1-7.

Note: This switch supports four concurrent Telnet sessions.

After configuring the switch’s IP parameters, you can access the onboard configuration program from anywhere within the attached network. The onboard configuration program can be accessed using Telnet from any computer attached to the network. The switch can also be managed by any computer using a Web

1-4

ASIC CONFIGURATION

browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above), or from a network computer using network management software.

Note: The onboard program only provides access to basic

configuration functions. To access the full range of SNMP management functions, you must use SNMP-based network management software.

Basic Configuration

Console Connection

The CLI program provides two different command levels — normal access level (Normal Exec) and privileged access level (Privileged Exec). The commands available at the Normal Exec level are a limited subset of those available at the Privileged Exec level and only allow you to display information and use basic utilities. To fully configure switch parameters, you must access the CLI at the Privileged Exec level.

Access to both CLI levels are controlled by user names and passwords. The switch has a default user name and password for each level. To log into the CLI at the Privileged Exec level using the default user name and password, perform these steps:

1. To initiate your console connection, press <Enter>. The “User Access Verification” procedure starts.

2. At the Username prompt, enter “admin.”

3. At the Password prompt, also enter “admin.” (The password characters are not displayed on the console screen.)

4. The session is opened and the CLI displays the “Console#” prompt indicating you have access at the Privileged Exec level.

1-5

WITCH MANAGEMENT

Setting Passwords

Note: If this is your first time to log into the CLI program, you

should define new passwords for both default user names using the “username” command, record them and put them in a safe place.

Passwords can consist of up to 8 alphanumeric characters and are case sensitive. To prevent unauthorized access to the switch, set the passwords as follows:

1. Open the console interface with the default user name and password “admin” to access the Privileged Exec level.

2. Type “configure” and press <Enter>.

3. Type “username guest password 0 password,” for the Normal Exec level, where password is your new password. Press <Enter>.

4. Type “username admin password 0 password,” for the Privileged Exec level, where password is your new password. Press <Enter>.

1-6

Username: admin Password:

CLI session with the TigerSwitch 10/100 6724L2 Managed 24+2 Standalone Switch is opened. To end the CLI session, enter [Exit].

Console#configure Console(config)#username guest password 0 [password] Console(config)#username admin password 0 [password] Console(config)#

ASIC CONFIGURATION

Setting an IP Address

You must establish IP address information for the switch to obtain management access through the network. This can be done in either of the following ways:

Manual — You have to input the information, including IP address and subnet mask. If your management station is not in the same IP subnet as the switch, you will also need to specify the default gateway router.

Dynamic — The switch sends IP configuration requests to BOOTP or DHCP address allocation servers on the network.

Note: Only one VLAN interface can be assigned an IP address

(the default is VLAN 1). This defines the management VLAN, the only VLAN through which you can gain management access to the switch. If you assign an IP address to any other VLAN, the new IP address overrides the original IP address and this becomes the new management VLAN.

Manual Configuration

You can manually assign an IP address to the switch. You may also need to specify a default gateway that resides between this device and management stations that exist on another network segment. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the CLI program.

Note: The IP address for this switch is unassigned by default.

Before you can assign an IP address to the switch, you must obtain the following information from your network administrator:

• IP address for the switch

1-7

WITCH MANAGEMENT

• Default gateway for the network

• Network mask for this network

To assign an IP address to the switch, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <Enter>.

2. Type “ip address ip-address netmask,” where “ip-address” is the switch IP address and “netmask” is the network mask for the network. Press <Enter>.

3. Type “exit” to return to the global configuration mode prompt. Press <Enter>.

4. To set the IP address of the default gateway for the network to which the switch belongs, type “ip default-gateway gateway,” where “gateway” is the IP address of the default gateway. Press <Enter>.

Console(config)#interface vlan 1 Console(config-if)#ip address 192.168.1.5 255.255.255.0 Console(config-if)#exit Console(config)#ip default-gateway 192.168.1.254 Console(config)#

Dynamic Configuration

If you select the “bootp” or “dhcp” option, IP will be enabled but will not function until a BOOTP or DHCP reply has been received. You therefore need to use the “ip dhcp restart” command to start broadcasting service requests. Requests will be sent periodically in an effort to obtain IP configuration information. (BOOTP and DHCP values can include the IP address, subnet mask, and default gateway.)

1-8

ASIC CONFIGURATION

If the “bootp” or “dhcp” option is saved to the startup-config file (step 6), then the switch will start broadcasting service requests as soon as it is powered on.

To automatically configure the switch by communicating with BOOTP or DHCP address allocation servers on the network, complete the following steps:

1. From the Global Configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <Enter>.

2. At the interface-configuration mode prompt, use one of the following commands:

• To obtain IP settings via DHCP, type “ip address dhcp” and press <Enter>.

• To obtain IP settings via BOOTP, type “ip address bootp” and press <Enter>.

3. Type “end” to return to the Privileged Exec mode. Press <Enter>.

4. Type “ip dhcp restart” to begin broadcasting service requests. Press <Enter>.

5. Wait a few minutes, and then check the IP configuration settings by typing the “show ip interface” command. Press <Enter>.

1-9

WITCH MANAGEMENT

6. Then save your configuration changes by typing “copy running-config startup-config.” Enter the startup file name and press <Enter>.

Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#exit Console#ip dhcp restart Console#show ip interface IP interface vlan

IP address and netmask: 10.1.0.54 255.255.255.0 on VLAN 1,

and address mode: User specified. Console#copy running-config startup-config Startup configuration file name []: startup

Console#

Enabling SNMP Management Access

The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications. You can configure the switch to (1) respond to SNMP requests or (2) generate SNMP traps.

When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter. The switch can also be configured to send information to SNMP managers (without being requested by the managers) through trap messages, which inform the manager that certain events have occurred.

Community Strings

Community strings are used to control management access to SNMP stations, as well as to authorize SNMP stations to receive trap messages from the switch. You therefore need to assign community strings to specified users or user groups, and set the access level.

1-10

ASIC CONFIGURATION

The default strings are:

• public - with read-only access. Authorized management stations are only able to retrieve MIB objects.

• private - with read-write access. Authorized management stations are able to both retrieve and modify MIB objects.

Note: If you do not intend to utilize SNMP, it is recommended

that you delete both of the default community strings. If there are no community strings, then SNMP management access to the switch is disabled.

To prevent unauthorized access to the switch via SNMP, it is recommended that you change the default community strings.

To configure a community string, complete the following steps:

1. From the Privileged Exec level global configuration mode

prompt, type “snmp-server community string mode,” where “string” is the community access string and “mode” is rw (read/write) or ro (read only). Press <Enter>.

2. To remove an existing string, simply type “no snmp-server

community string,” where “string” is the community access string to remove. Press <Enter>.

Console(config)#snmp-server community abc rw Console(config)#snmp-server community private Console(config)#

1-11

WITCH MANAGEMENT

Trap Receivers

You can also specify SNMP stations that are to receive traps from the switch.

To configure a trap receiver, complete the following steps:

1. From the Privileged Exec level global configuration mode prompt, type “snmp-server host host-address community-string,” where “host-address” is the IP address for the trap receiver and “community-string” is the string associated with that host. Press <Enter>.

2. In order to configure the switch to send SNMP notifications, you must enter at least one snmp-server enable traps command. Type “snmp-server enable traps type,” where “type” is either authentication or link-up-down. Press <Enter>.

Console(config)#snmp-server enable traps link-up-down Console(config)#

Saving Configuration Settings

Configuration commands only modify the running configuration file and are not saved when the switch is rebooted. To save all your configuration changes in nonvolatile storage, you must copy the running configuration file to the start-up configuration file using the “copy” command.

To save the current configuration settings, enter the following command:

1. From the Privileged Exec mode prompt, type “copy running-config startup-config” and press <Enter>.

1-12

ANAGING SYSTEM FILES

2. Enter the name of the start-up file. Press <Enter>.

Console#copy running-config startup-config Startup configuration file name []: startup \Write to FLASH Programming.

\Write to FLASH finish. Success.

Console#

Managing System Files

The switch’s flash memory supports three types of system files that can be managed by the CLI program, Web interface, or SNMP. The switch’s file system allows files to be uploaded and downloaded, copied, deleted, and set as a start-up file.

The three types of files are:

• Configuration — This file stores system configuration information and is created when configuration settings are saved. Saved configuration files can be selected as a system start-up file or can be uploaded via TFTP to a server for backup. A file named “Factory_Default_Config.cfg” contains all the system default settings and cannot be deleted from the system. See “Saving or Restoring Configuration Settings” on page 2-22 for more information.

• Operation Code — System software that is executed after boot-up, also known as run-time code. This code runs the switch operation and provides the CLI and Web management interfaces. See “Managing Firmware” on page 2-20 for more information.

• Diagnostic Code — Software that is run during system boot-up, also known as POST (Power On Self-Test). This code

1-13

WITCH MANAGEMENT

also provides a facility to upload firmware files to the system directly through the console port. See “Upgrading Firmware via the Serial Port” on page B-1.

Due to the size limit of the flash memory, the switch supports only one operation code file, and two diagnostic code files. However, you can have as many configuration files as available flash memory space allows.

In the system flash memory, one file of each type must be set as the start-up file. During a system boot, the diagnostic and operation code files set as the start-up file are run, and then the start-up configuration file is loaded. Configuration files can also be loaded while the system is running; however, this will automatically reboot the switch.

System Defaults

The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file (page 2-22).

The following table lists some of the basic system defaults.

Function Parameter Default

IP Settings Management VLAN 1

IP Address 0.0.0.0

Subnet Mask 255.0.0.0

Default Gateway 0.0.0.0

DHCP Disabled

BOOTP Disabled

Web Management

HTTP Server Enabled

HTTP Port Number 80

1-14

YSTEM DEFAULTS

Function Parameter Default

SNMP Community Strings “public” (read only)

“private” (read/write)

Traps Authentication traps: enabled

Link-up-down events: enabled

Security Privileged Exec Level Username “admin”

Password “admin”

Normal Exec Level Username “guest”

Password “guest”

Console Port Connection

Enable Privileged Exec from Normal Exec Level

RADIUS Authentication Disabled

Baud Rate 9600

Data bits 8

Stop bits 1

Parity none

Local Console Timeout 0 (disabled)

Password “super”

1-15

WITCH MANAGEMENT

Function Parameter Default

Port Status Admin Status Enabled

Auto-negotiation Enabled

Flow Control Disabled

10/100 Mbps Port Capability

10/100/1000 Mbps Port Capability

Link Aggregation

Spanning Tree Protocol

Address Table Aging Time 300 seconds

Static Trunks None

Status Enabled

Fast Forwarding Disabled

10 Mbps half duplex 10 Mbps full duplex 100 Mbps half duplex 100 Mbps full duplex Full-duplex flow control disabled

10 Mbps half duplex 10 Mbps full duplex 100 Mbps half duplex 100 Mbps full duplex 1000 Mbps full duplex Symmetric flow control disabled

(Defaults: All values based on IEEE 802.1D)

1-16

Function Parameter Default

Virtual LANs Default VLAN 1

PVID 1

Acceptable Frame Type All

Ingress Filtering Disabled

Switchport Mode (Egress Mode)

Private VLAN No Private VLAN

GVRP (global) Disabled

GVRP (port interface) Disabled

Class of Service Ingress Port Priority 0

Weighted Round Robin Class 0: 1

Broadcast Storm Protection

Status Enabled (all ports)

Broadcast Limit Rate 6% of buffer space

Untagged frames

Class 1: 3

Class 2: 12

Class 3: 48

YSTEM DEFAULTS

1-17

WITCH MANAGEMENT

1-18

HAPTER

ONFIGURING THE

WITCH

Using the Web Interface

This switch provides an embedded HTTP Web agent. Using a Web browser you can configure the switch and view statistics to monitor network activity. The Web agent can be accessed by any computer on the network using a standard Web browser (Internet Explorer 5.0 or above, or Netscape Navigator 6.2 or above).

Note: You can also use the Command Line Interface (CLI) to

manage the switch over a serial connection to the console port or via Telnet. For more information on using the CLI, refer to “Using the Command Line Interface.”

Prior to accessing the switch from a Web browser, first perform the following tasks:

1. Configure the switch with a valid IP address, subnet mask, and

default gateway using an out-of-band serial connection, BOOTP or DHCP protocol. (See “Setting the IP Address” on page 2-11.)

2. Set user names and passwords using an out-of-band serial

connection. Access to the Web agent is controlled by the same user names and passwords as the onboard configuration program. (See “Configuring the Logon Password” on page 2-15.)

3. After you enter a user name and password, you will have

access to the system configuration program.

2-1

ONFIGURING THE SWITCH

Notes: 1. You are allowed three attempts to enter the correct

password; on the third failed attempt the current connection is terminated.

2. If you log into the Web interface as guest (Normal Exec level), you can view page information but only change the guest password. If you log in as “admin” (Privileged Exec level), you can apply changes on all pages.

3. If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm, you can set the switch port attached to your management station to fast forwarding to improve the switch’s response time to management commands issued through the Web interface. See “Managing STA Interface Settings” on page 2-47.

Navigating the Web Browser Interface

To access the Web-browser interface you must first enter a user name and password. The administrator has Read/Write access to all configuration parameters and statistics. The default user name and password for the administrator is “admin.”

2-2

AVIGATING THE WEB BROWSER INTERFACE

Home Page

When your Web browser connects with the switch’s Web agent, the home page is displayed as shown below. The home page displays the Main Menu on the left side of the screen and System Information on the right side. The Main Menu links are used to navigate to other menus, and display configuration parameters and statistics.

Configuration Options

Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the “Apply” or “Apply Changes” button to confirm the

2-3

ONFIGURING THE SWITCH

new setting. The following table summarizes the Web page configuration buttons.

Button Action

Revert Cancels specified values and restores current

values prior to pressing “Apply” or “Apply Changes.”

Refresh Immediately updates values for the current page.

Apply Sets specified values to the system.

Apply Changes Sets specified values to the system.

Notes: 1. To ensure proper screen refresh, be sure that Internet

Explorer 5.x is configured as follows: Under the menu “Tools / Internet Options / General / Temporary Internet Files / Settings,” the setting for item “Check for newer versions of stored pages” should be “Every visit to the page.”

2. When using Internet Explorer 5.0, you may have to manually refresh the screen after making configuration changes by pressing the browser’s refresh button.

Panel Display

The Web agent displays an image of the switch’s ports, indicating whether each link is up or down. Clicking on the image of a port opens the Port Configuration page as described on page 2-32.

2-4

Main Menu

Using the onboard Web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program.

Menu Description Page

System

System Information

IP Sets the IP address for management access 2-11

Passwords Assigns a new password for the logon user

Radius Configures RADIUS authentication parameters 2-17

Firmware Manages code image files 2-20

Configuration Manages switch configuration files 2-22

Reset Restarts the switch 2-24

Bridge Extension Shows the bridge extension parameters;

Switch Information

Port

Port Information Displays port connection status 2-30

Trunk Information

Port Configuration

Trunk Configuration

Port Broadcast Control

Provides basic system description, including contact information

name

enables GVRP VLAN registration protocol

Shows the number of ports, hardware/ firmware version numbers, and power status

Displays trunk connection status 2-30

Configures port connection settings 2-32

Configures trunk connection settings 2-32

Sets the broadcast storm threshold for each port

AIN MENU

2-9

2-15

2-24

2-28

2-34

2-5

ONFIGURING THE SWITCH

Menu Description Page

Trunk Broadcast Control

Mirror Sets the source and target ports for mirroring 2-37

Address Table

Static Addresses Displays entries for interface or address 2-39

Dynamic Addresses

Address Aging Sets timeout for dynamically learned entries 2-42

Spanning Tree

STA Information Displays STA values used for the bridge 2-45

STA Configuration

STA Port Information

STA Trunk Information

STA Port Configuration

STA Trunk Configuration

VLAN

VLAN Base Information

VLAN Current Table

VLAN Static List Used to create or remove VLAN groups 2-59

VLAN Static Table Modifies the settings for an existing VLAN 2-61

VLAN Static Membership

VLAN Port Configuration

Sets the broadcast storm threshold for each trunk

Displays or edits static entries in the Address Table

Configures global bridge settings for STA 2-47

Displays individual port settings for STA 2-51

Displays individual trunk settings for STA 2-51

Configures individual port settings for STA 2-52

Configures individual trunk settings for STA 2-52

Displays information on VLAN types supported by this switch

Shows the current port members of each VLAN and whether or not the port supports VLAN tagging

Configures membership type for interfaces, including tagged, untagged or forbidden

Specifies default PVID and VLAN attributes 2-65

2-34

2-40

2-56

2-57

2-64

2-6

AIN MENU

Menu Description Page

VLAN Trunk Configuration

Private VLAN

Private VLAN Information

Private VLAN Configuration

Private VLAN Association

Private VLAN Port Information

Private VLAN Port Configuration

Private VLAN Trunk Information

Private VLAN Trunk Configuration

Priority - Queue Mode

Trunk - Trunk Configuration

SNMP - SNMP Configuration

Specifies default trunk VID and VLAN attributes 2-65

Shows private VLANs and associated ports 2-69

Configures private VLANs 2-71

Maps a secondary VLAN to a primary VLAN 2-72

Shows VLAN port type, and associated primary or secondary VLANs

Configures VLAN port type, and associated primary or secondary VLANs

Shows VLAN trunk type, and associated primary or secondary VLANs

Configures VLAN trunk type, and associated primary or secondary VLANs

Sets the queue mode to strict service or Weighted Round-Robin

Specifies ports to group into static trunks 2-79

Configures community strings and related trap functions

2-73

2-75

2-73

2-75

2-78

2-82

2-7

ONFIGURING THE SWITCH

Menu Description Page

IGMP

IGMP Configuration

Multicast Router Port Information

Static Multicast Router Port Configuration

IP Multicast Registration Table

IGMP Member Port Table

Statistics - Port Statistics

Rate Limit

Input Rate Limit Port Configuration

Input Rate Limit Trunk Configuration

Output Rate Limit Port Configuration

Output Rate Limit Trunk Configuration

Port Authentication

Information Displays general port authentication status

Configuration Enables the changing of general port

Enables multicast filtering; configures parameters for multicast query

Displays the ports that are attached to a neighboring multicast router/switch for each VLAN ID

Assigns ports that are attached to a neighboring multicast router/switch

Displays all multicast groups active on this switch, including multicast IP addresses and VLAN ID

Indicates multicast addresses associated with the selected VLAN

Lists Ethernet and RMON port statistics 2-96

Sets the rate limit on input traffic for specified port

Sets the rate limit on input traffic for specified trunk

Sets the rate limit on output traffic for specified port

Sets the rate limit on output traffic for specified trunk

information

authentication features

2-87

2-89

2-91

2-92

2-94

2-98

2-100

2-103

2-8

ASIC CONFIGURATION

Menu Description Page

Port Configuration

Statistics Displays a per-port statistical readout 2-107

Enables the changing of port authentication features

Basic Configuration

Displaying System Information

You can easily identify the system by providing a descriptive name, location and contact information.

Command Attributes

• System Name – Name assigned to the switch system.

• Object ID – MIB II object ID for switch’s network management subsystem.

• Location – Specifies the system location.

• Contact – Administrator responsible for the system.

2-103

• System Up Time – Length of time the management agent has been up.

• MAC Address

• Web server

– The physical layer address for this switch.

– Shows if management access via HTTP is

enabled or disabled.

• Web server port

– Shows the TCP port number used by the

Web interface.

• POST result

1: Web: See “Setting the IP Address” on page 2-11.

2: CLI Only

– Shows results of the power-on self-test

2-9

ONFIGURING THE SWITCH

Web – Click System, System Information. Specify the system name, location, and contact information for the system administrator, then click Apply. (This page also allows access to the Command Line Interface via Telnet.)

includes a Telnet button that

2-10

ASIC CONFIGURATION

CLI – Specify the hostname, location and contact information.

Console(config)#hostname R&D 5 3-27 Console(config)#snmp-server location WC 9 3-56 Console(config)#snmp-server contact Geoff 3-55 Console#show system 3-36 System description: TigerSwitch 10/100 - 6724L2 Managed 24+2

System OID string: 1.3.6.1.4.1.259.6.10.42 System information

System Up time: 0 days, 1 hours, 1 minutes, and 41.64 seconds System Name : R&D 5 System Location : WC 9 System Contact : Geoff MAC address : 00-55-FF-FF-DD-DD Web server : enable Web server port : 80 POST result

--- Performing Power-On Self Tests (POST) ---

UART Loopback Test......................PASS

Flash Memory Checksum Test..............PASS

CPU Self Test...........................PASS

MPC850 clock Timer and Interrupt TEST...PASS

WatchDog Timer and Interrupt Test.......PASS

DRAM Test...............................PASS

ACD Chip Test...........................PASS

Switch Driver Initialization............PASS

Switch Internal Loopback Test ..........PASS

------------------- DONE -------------------Console#

Standalone Switch

Setting the IP Address

The IP address for this switch is unassigned by default. To manually configure an address, you need to change the switch’s default settings (IP address 0.0.0.0 and netmask 255.0.0.0) to values that are compatible with your network. You may also need to a establish a default gateway between the switch and management stations that exist on another network segment.

You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods. Anything outside this format will not be accepted by the configuration program.

2-11

ONFIGURING THE SWITCH

Command Attributes

• Management VLAN – This is the only VLAN through which you can manage the switch. By default, all ports on the switch are members of VLAN 1, so a management station can be connected to any port on the switch. However, if you change the Management VLAN to another VLAN, you will lose access to the switch unless the management port has already been configured as a member of the new VLAN. If you lose access, you can reconnect the management station to a port that is a member of the Management VLAN or use the console interface to add the management port to the newly configured Management VLAN. (See “switchport allowed vlan” on page 129.)

• IP Address Mode – Specifies whether IP functionality is enabled via manual configuration (Static), Dynamic Host Configuration Protocol (DHCP), or Boot Protocol (BOOTP). If DHCP/BOOTP is enabled, IP will not function until a reply has been received from the server. Requests will be broadcast periodically by the switch for IP configuration settings. (DHCP/ BOOTP values can include the IP address, subnet mask, and default gateway.)

• IP Address – Address of the VLAN interface that is allowed management access. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. (Default: 0.0.0.0)

• Subnet Mask – This mask identifies the host address bits used for routing to specific subnets. (Default: 255.0.0.0)

• Gateway IP Address – IP address of the gateway router between this device and management stations that exist on other network segments. (Default: 0.0.0.0)

• MAC Address – The physical layer address for this switch.

2-12

ASIC CONFIGURATION

Manual Configuration

Web – Click System, IP. Specify the management interface, IP

address and default gateway, then click Apply.

CLI – Specify the management interface, IP address and default gateway.

Console#config Console(config)#interface vlan 1 3-89 Console(config-if)#ip address 10.1.0.3 255.255.255.0 3-80 Console(config-if)#exit Console(config)#ip default-gateway 10.1.0.254 3-82 Console(config)#

Using DHCP/BOOTP

If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by these services.

2-13

ONFIGURING THE SWITCH

Web – Click System, IP. Specify the Management VLAN, and set the IP Address Mode to DHCP or BOOTP. Click Apply to save your changes. Then click Restart DHCP to immediately request a new address. Note that the switch will also broadcast a request for IP configuration settings on the each power reset.

Note: If you lose your management connection, use a console

connection and enter “show ip interface” to determine the new switch address.

CLI – Specify the management interface, set the IP Address Mode to DHCP or BOOTP, and then enter the “ip dhcp restart” command.

Console#config Console(config)#interface vlan 1 3-89 Console(config-if)#ip address dhcp 3-80 Console(config-if)#end Console#ip dhcp restart 3-81 Console#show ip interface 3-83 IP address and netmask: 10.1.0.3 255.255.255.0 on VLAN 1,

and address mode: Dhcp.

Console#

2-14

ONFIGURING USER AUTHENTICATION

Renewing DCHP – DHCP may lease addresses to clients indefinitely or for a specific period of time. If the address expires or the switch is moved to another network segment, you will lose management access to the switch. In this case, you can reboot the switch or submit a client request to restart DHCP service.

Web – If the address assigned by DHCP is no longer functioning, you will not be able to renew the IP settings via the Web interface. You can only restart DHCP service via the Web interface if the current address is still available.

CLI – Enter the following command to restart DHCP service.

Console#ip dhcp restart 3-81

Configuring User Authentication

Use the Passwords or Radius menu to restrict management access based on specified user names and passwords. You can manually configure access rights on the switch (Passwords menu), or you can use a remote access authentication server based on the RADIUS protocol (Radius menu).

Configuring the Logon Password

The guest only has read access for most configuration parameters. However, the administrator has write access for all parameters governing the onboard agent. You should therefore assign a new administrator password as soon as possible, and store it in a safe place. (If for some reason your password is lost, you can reload the factory default settings to restore the default password as described in “Upgrading Firmware via the Serial Port” on page B-1.)

2-15

ONFIGURING THE SWITCH

The default guest name is “guest” with the password “guest.” The default administrator name is “admin” with the password “admin.” Note that user names can only be assigned via the CLI.

Command Attributes

• User Name* – The name of the user. (Maximum length: 8 characters; maximum number of users: 16)

• Access Level* – Specifies the user level. (Options: Normal and Privileged.)

• Password – Specifies the user password. (Maximum length: 8 characters plain text, case sensitive)

* CLI only.

Web – Click System, Passwords. To change the password for the current user, enter the old password, enter the new password, confirm it by entering it again, then click Apply.

CLI – Assign a user name and access-level 15 (i.e., administrator), then specify the password.

Console(config)#username bob access-level 15 3-27 Console(config)#username bob password 0 smith Console(config)#

2-16

ONFIGURING USER AUTHENTICATION

Configuring RADIUS Logon Authentication

Remote Authentication Dial-in User Service (RADIUS) is a logon authentication protocol that uses software running on a central server to control access to RADIUS-compliant devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch.

Command Usage

• By default, management access is always checked against the authentication database stored on the local switch. If a remote authentication server is used, you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol.

• RADIUS uses UDP, which only offers best-effort delivery. Also, RADIUS encrypts only the password in the access-request packet from the client to the server.

• RADIUS logon authentication assigns a specific privilege level for each user name/password pair. The user name, password, and privilege level must be configured on the authentication server.

• You can specify one to two authentication methods for any user to indicate the authentication sequence. For example, if you select (1) RADIUS and (2) Local, the user name and password on the RADIUS server is verified first. If the RADIUS server is not available, then the local user name and password is checked.

2-17

ONFIGURING THE SWITCH

Command Attributes

• Authentication – Select the authentication, or authentication sequence required:

- Radius – User authentication is performed using a RADIUS server only.

- Local – User authentication is performed only locally by the switch.

- Radius, Local – User authentication is attempted first using a RADIUS server, then locally by the switch.

- Local, Radius – User authentication is first attempted locally by the switch, then using a RADIUS server.

• Server IP Address – Address of authentication server. (Default: 10.1.0.1)

• Server Port Number – Network (UDP) port of authentication server used for authentication messages. (Range: 1-65535; Default: 1812)

• Secret Text String – Encryption key used to authenticate logon access for client. Do not use blank spaces in the string. (Maximum length: 20 characters)

• Number of Server Transmits – Number of times the switch will try to authenticate logon access via the authentication server. (Range: 1-30; Default: 2)

• Timeout for a reply – The number of seconds the switch waits for a reply from the RADIUS server before it resends the request. (Range: 1-65535; Default: 5)

Note: The local switch user database has to be set up by manually

entering user names and passwords using the CLI.

2-18

ONFIGURING USER AUTHENTICATION

Web – Click System, Radius. To configure local or remote authentication preferences, specify the authentication sequence (i.e., one to two methods), fill in the parameters for RADIUS authentication if selected, and click Apply.

CLI – Specify all the required parameters to enable logon authentication.

Console(config)#authentication login radius 3-39 Console(config)#radius-server host 192.168.1.25 3-40 Console(config)#radius-server port 181 3-41 Console(config)#radius-server key green 3-42 Console(config)#radius-server retransmit 5 3-42 Console(config)#radius-server timeout 10 3-43 Console#show radius-server 3-43 Server IP address: 192.168.1.25

Communication key with radius server: Server port number: 181 Retransmit times: 5 Request timeout: 10

Console(config)#

2-19

ONFIGURING THE SWITCH

Managing Firmware

You can upload/download firmware to or from a TFTP server. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation.

Command Attributes

• TFTP Server IP Address – The IP address of a TFTP server.

• Destination File Name – slashes (\ or /), be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

Note: Only one copy of the system software (i.e., the runtime

firmware) can be stored in the file directory on the switch. The system software file cannot be deleted.

the leading letter of the file name should not

The file name should not contain

Downloading System Software from a Server

When downloading runtime code, you must select “Destination File Name” to replace the current image. This switch can only contain one operation code file.

2-20

ANAGING FIRMWARE

Web – Click System, Firmware. Enter the IP address of the TFTP server, enter the file name of the software to download, enter the Destination File Name to overwrite the current file on the switch then click Transfer from Server. To start the new firmware, reboot the system via the Reset menu.

CLI – Enter the IP address of the TFTP server, select “config” or “opcode” file type, then enter the source and destination file names, set the new file to start up the system, and then restart the switch.

Console#copy tftp file 3-20 TFTP server ip address: 10.1.0.19 Choose file type:

1. config: 2. opcode: <1-2>: 2

Source file name: ACD_v1.0.0.8.bix Destination file name: acd \Write to FLASH Programming.

-Write to FLASH finish. Success. Console#config Console(config)#boot system opcode: acd 3-25 Console(config)#exit Console#reload 3-17

2-21

ONFIGURING THE SWITCH

Saving or Restoring Configuration Settings

You can upload/download configuration settings to/from a TFTP server. The configuration file can be later downloaded to restore the switch’s settings.

Command Attributes

• TFTP Server IP Address – The IP address of a TFTP server.

•

Destination File Name

not contain slashes (\ or /), should not be a period (.), and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch. (Valid characters: A-Z, a-z, 0-9, “.”, “-”, “_”)

Note: The maximum number of user-defined configuration files is

limited only by available Flash memory space.

Downloading Configuration Settings from a Server

You can download the configuration file under a new file name and then set it as the startup file, or you can specify the current startup configuration file as the destination file to directly replace it. Note that the file “Factory_Default_Config.cfg” can be copied to the TFTP server, but cannot be used as the destination on the switch.

— The configuration file name should

the leading letter of the file name

2-22

ANAGING FIRMWARE

Web – Click System, Configuration. Enter the IP address of the TFTP server, enter the name of the file to download, select a file on the switch to overwrite or specify a new file name, and then click Transfer from Server.

If you download to a new file name, select the new file from the drop-down box for Startup Configuration File, and press Apply Changes. To use the new settings, reboot the system with the System/Reset command or reset power to the switch.

CLI – Enter the IP address of the TFTP server, specify the source file on the server, set the startup file name on the switch, and then restart the switch.

Console#copy tftp startup-config 3-20 TFTP server ip address: 10.1.0.19 Source configuration file name: config-1 Startup configuration file name [] : startup \Write to FLASH Programming.

-Write to FLASH finish. Success.

Console#reload Console#

2-23

ONFIGURING THE SWITCH

If you download the startup configuration file under a new file name, you can set this file as the startup file at a later time, and then restart the switch.

Console#config Console(config)#boot system config: startup-new 3-25 Console(config)#exit Console#reload 3-17

Resetting the System

Web – Click System, Reset. Click the Reset button to restart the

switch.

CLI – Use the reload command to restart the switch.

Console#reload 3-17 System will be restarted, continue <y/n>?

Note: When restarting the system, it will always run the

Power-On Self-Test.

Displaying Bridge Extension Capabilities

The Bridge MIB includes extensions for managed devices that support Multicast Filtering, Traffic Classes, and Virtual LANs. You can access these extensions to display default settings for the key variables, or to configure the global setting for GARP VLAN Registration Protocol (GVRP).

2-24

ISPLAYING BRIDGE EXTENSION CAPABILITIES

Command Attributes

• Extended Multicast Filtering Services – This switch does not support the filtering of individual multicast addresses based on GMRP (GARP Multicast Registration Protocol).

• Traffic Classes – This switch provides mapping of user priorities to multiple traffic classes. (Refer to “Class of Service Configuration” on page 2-77.)

• Static Entry Individual Port – This switch allows static filtering for unicast and multicast addresses. (Refer to “Setting Static Addresses” on page 2-39.)

• VLAN Learning – This switch uses Shared VLAN Learning (SVL), where each port shares a common filtering database.

• Configurable PVID Tagging – This switch allows you to override the default Port VLAN ID (PVID used in frame tags) and egress status (VLAN-Tagged or Untagged) on each port. (Refer to “VLAN Configuration” on page 2-52.)

• Local VLAN Capable – This switch does not support multiple local bridges; i.e., multiple Spanning Trees.

• GMRP – GARP Multicast Registration Protocol (GMRP) allows network devices to register endstations with multicast groups. This switch does not support GMRP; it uses the Internet Group Management Protocol (IGMP) to provide automatic multicast filtering.

• GVRP – GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports across the network. This function should be enabled to permit VLANs groups which extend beyond the local switch. (Default: Enabled)

2-25

ONFIGURING THE SWITCH

Web – Click System, Bridge Extension.

CLI – Enter the following command.

Console#show bridge-ext 3-145

Max support vlan numbers: 127 Max support vlan ID: 4094 Extended multicast filtering services: No Static entry individual port: Yes VLAN learning: SVL Configurable PVID tagging: Yes Local VLAN capable: No Traffic classes: Enabled Global GVRP status: Enabled GMRP: Disabled

Console#

2-26

NABLING OR DISABLING

GVRP (G

LOBAL SETTING

Enabling or Disabling GVRP

(Global Setting)

GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network. GVRP must be enabled to permit automatic VLAN registration, and to support VLANs which extend beyond the local switch. (Default: Enabled)

Web – Click System, Bridge Extension. Enable or disable GVRP, click Apply

)

CLI – This example enables GVRP for the switch.

Console(config)#bridge-ext gvrp 3-144 Console(config)#

2-27

ONFIGURING THE SWITCH

Displaying Switch Hardware/Software Versions

Use the Switch Information page to display hardware/firmware version numbers for the main board and management software, as well as the power status of the system.

Command Attributes

Main Board

• Serial Number – The serial number of the switch.

• Number of Ports – Number of built-in RJ-45 ports and expansion ports.

• Hardware Version – Hardware version of the main board.

• Internal Power Status – Displays the status of the internal power supply.

Management Software

• Loader Version – Version number of loader code.

• Boot-ROM Version – Version number of Power-On Self-Test (POST) and boot code.

• Operation Code Version – Version number of runtime code.

• Role – Shows that this switch is operating as Master (i.e., operating stand-alone).

Expansion Slots

• Expansion Slot – Indicates any installed module type.

2-28

ISPLAYING SWITCH HARDWARE/SOFTWARE VERSIONS

Web – Click System, Switch Information.

CLI – Use the following command to display version information.

Console#show version 3-37 Unit1

Serial number :12345 Hardware version :012 Module A type :not present Module B type :not present Number of ports :26 Main power status :up

Agent(master)

Unit id :1 Loader version :1.0.0.5 Boot rom version :1.0.0.5 Operation code version :1.0.1.1

Console#

2-29

ONFIGURING THE SWITCH

Port Configuration

Displaying Connection Status

You can use the Port Information or Trunk Information pages to display the current connection status, including link state, speed/ duplex mode, flow control, and auto-negotiation.

Command Attributes

• Name – Interface label.

• Type – Indicates the port type (100BASE-TX, 1000BASE-T, 1000BASE-SX, 1000BASE-LX or 100BASE-FX).

• Admin Status – Shows if the interface is enabled or disabled.

- Web - Displays Enabled or Disabled.

- CLI - Displays Port Admin (up or down).

• Link Status – Indicates if the link is Up or Down. (CLI only)

• Oper Status – Indicates if the link is Up or Down. (Web only)

• Port Operation Status – Provides detailed information on port state.

- CLI only; displays this item only if the link is up.

• Speed/Duplex Status – Shows the current speed and duplex mode.

• Flow Control Status – Indicates the type of flow control currently in use.

- Web - IEEE 802.3x, Back-Pressure or None.

- CLI - Enabled or Disabled. Flow Type shows IEEE 802.3x,

Back-Pressure or None.

• Autonegotiation – Shows if auto-negotiation is enabled or disabled.

2-30

ORT CONFIGURATION

• MAC Address – The physical layer address for this port.

- CLI only; to access this on the Web, see “Setting the IP Address” on page -11.

• Trunk Member – Shows if port is a trunk member. (Port Information only)

• Creation – Shows if a trunk is manually configured. (Trunk Information only)

• Port Capabilities

– Specifies the capabilities to be advertised for a port during auto-negotiation. The following capabilities are supported:

- 10half - Supports 10 Mbps half-duplex operation

- 10full - Supports 10 Mbps full-duplex operation

- 100half - Supports 100 Mbps half-duplex operation

- 100full - Supports 100 Mbps full-duplex operation

- 1000full - Supports 1000 Mbps full-duplex operation

- Sym - Transmits and receives pause frames for flow control

- FC - Supports flow control

*To access this item on the Web, see “Configuring Interface Connections” on

page -32.

Web – Click Port, Port Information or Trunk Information.

2-31

ONFIGURING THE SWITCH

CLI – This example shows the connection status for Port 13.

Console#show interfaces status ethernet 1/13 3-99 Information of Eth 1/13

Basic information:

Port type: 100TX Mac address: 00-55-FF-FF-DD-EA

Configuration:

Name: Port admin: Up Speed-duplex: Auto Capabilities: 10half, 10full, 100half, 100full, Broadcast storm: Enabled Broadcast storm limit: 6 percent Flow control: Disabled

Current status:

Link status: Up

Port operation status: Up Operation speed-duplex: 100full Flow control type: None

Console#

Configuring Interface Connections

You can use the Port Configuration or Trunk Configuration page to enable/disable an interface, set auto-negotiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control. All switches have to comply with the Cisco EtherChannel standard.

Command Attributes

• Name – Allows you to label an interface. (Range: 1-64 characters)

• Admin – Allows you to manually disable an interface. You can disable an interface due to abnormal behavior (e.g., excessive collisions), and then reenable it after the problem has been resolved. You may also disable an interface for security reasons.

• Speed/Duplex* – Allows you to manually set the port speed and duplex mode.

2-32

ORT CONFIGURATION

• Flow Control* – Allows you to manually enable or disable flow control.

• Autonegotiation (Port Capabilities) – Allows auto-negotiation to be enabled/disabled. When auto-negotiation is enabled, you need to specify the capabilities to be advertised. When auto-negotiation is disabled, you can force the settings for speed, mode, and flow control.The following capabilities are supported.

- 10half - Supports 10 Mbps half-duplex operation

- 10full - Supports 10 Mbps full-duplex operation

- 100half - Supports 100 Mbps half-duplex operation

- 100full - Supports 100 Mbps full-duplex operation

- 1000full - Supports 1000 Mbps full-duplex operation

- Sym (Gigabit only) - Check this item to transmit and receive pause frames, or clear it to auto-negotiate the sender and receiver for asymmetric pause frames. (The current switch chip only supports symmetric pause frames.)

- FC - Supports flow control

- Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.3x for full-duplex operation. (Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem. Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub.)

• Trunk – Indicates if a port is a member of a trunk. To create trunks and select port members, see “Port Trunk Configuration” on page 2-79.

*Auto-negotiation must be disabled before you can configure or force the

interface to use the Speed/Duplex Mode or Flow Control options.

2-33

ONFIGURING THE SWITCH

Web – Click Port, Port Configuration or Trunk Configuration. Modify the required interface settings, and click Apply.

CLI – Select the interface, and then enter the required settings.

Console(config)#interface ethernet 1/3 3-89 Console(config-if)#description RD SW#13 3-90 Console(config-if)#shutdown 3-98 . Console(config-if)#no shutdown Console(config-if)#no negotiation 3-92 Console(config-if)#speed-duplex 100half 3-90 Console(config-if)#flowcontrol 3-94 . Console(config-if)#negotiation Console(config-if)#capabilities 100half 3-93 Console(config-if)#capabilities 100full Console(config-if)#capabilities flowcontrol Console(config-if)#

Setting Broadcast Storm Thresholds

Broadcast storms may occur when a device on your network is malfunctioning, or if application programs are not well designed or properly configured. If there is too much broadcast traffic on your network, performance can be severely degraded or everything can come to complete halt.

2-34

ORT CONFIGURATION

You can protect your network from broadcast storms by setting a port or trunk threshold for broadcast traffic. Any broadcast packets exceeding the specified threshold will then be dropped.

Command Usage

• Broadcast Storm Control is enabled by default.

• The default threshold is six percent of the port bandwidth.

• Broadcast control does not effect IP multicast traffic.

Command Attributes

• Type – Indicates the port type (100BASE-TX, 1000BASE-T, 1000BASE-SX, 1000BASE-LX or 100BASE-FX).

• Protect Status – Shows whether or not broadcast storm control has been enabled on this interface. (Default: Enabled)

• Threshold – Threshold as percentage of port bandwidth. (Options: 6%, 20%; Default: 6%)

• Trunk – Indicates if a port is a member of a trunk. To create trunks and select port members, see “Port Trunk Configuration” on page 2-79.

2-35

ONFIGURING THE SWITCH

Web – Click Port, Port Broadcast Control or Trunk Broadcast Control. Set the threshold for each port or trunk, and then click

Apply.

CLI – Specify an interface, and then enter the threshold. The

following sets broadcast suppression at twenty percent of the port bandwidth for Port 3.

Console(config)#interface ethernet 1/3 3-89 Console(config-if)#switchport broadcast percent 20 3-97 Console(config-if)#end Console#show interface switchport ethernet 1/3 3-102 Information of Eth 1/3

Broadcast threshold: Enabled, 20 percent Ingress rate limit: Disabled Egress rate limit: Disabled VLAN membership mode: Access Ingress rule: Disabled Acceptable frame type: All frames Native VLAN: 1 Priority for untagged traffic: 0 Gvrp status: Disabled Allowed Vlan: 1(u), Forbidden Vlan: Private-vlan mode: NONE Private-vlan host-association: NONE Private-vlan mapping: NONE

Console#

2-36

ORT CONFIGURATION

Configuring Port Mirroring

You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner.

Command Usage

• Monitor port speed should match or exceed source port speed, otherwise traffic may be dropped from the monitor port.

• All mirror sessions have to share the same destination port.

• When mirroring port traffic, the target port must be included in the same VLAN as the source port.

• The switch can only mirror one port at a time.

Command Attributes

• Mirror Sessions – Displays a list of current mirror sessions.

• Source Port – The port whose traffic will be monitored.

• Type – Allows you to select which traffic to mirror to the target port, Rx (receive), Tx (transmit), or Both.

• Target Port – The port that will “duplicate” or “mirror” the traffic on the source port.

2-37

ONFIGURING THE SWITCH

Web – Click Port, Mirror. Specify the source port, the traffic type to be mirrored, and the monitor port, then click Add.

CLI – Use the interface command to select the monitor port, then use the port monitor command to specify the source port. Note that default mirroring under the CLI is for both received and transmitted packets.

Console(config)#interface ethernet 1/10 3-89 Console(config-if)#port monitor ethernet 1/13 3-148 Console(config-if)#

Address Table Settings

Switches store the addresses for all known devices. This information is used to route traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table. You can also manually configure static addresses that are bound to a specific port.

2-38

DDRESS TABLE SETTINGS

Setting Static Addresses

A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table.

Command Attributes

• Static Address Counts* – The number of manually configured addresses.

• Current Static Address Table – Lists all the static addresses.

• Mode – Indicates if a packet with a destination address matching an entry in the static address table will be forwarded or discarded.

• Interface – Port or trunk associated with the device assigned a static address.

• MAC Address – Physical address of a device mapped to this interface.

• Duration – The address can be set to the following type:

- Permanent - Assignment is permanent, and restored after

the switch is reset.

- Delete on Reset - Assignment lasts until the switch is reset.

*Web Only

2-39

ONFIGURING THE SWITCH

Web – Click Address Table, Static Addresses. Specify the mode, the interface, the MAC address and duration, then click Add Static Address.

CLI – This example adds an address to the static address table, and sets it to permanent by default.

Console(config)#mac-address-table static 00-e0-29-94-34-de interface ethernet 1/3 3-107 Console(config)#

Displaying the Address Table

The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch. When the destination address for inbound traffic is found in the database, the packets intended for that address are forwarded directly to the associated port. Otherwise, the traffic is flooded to all ports.

2-40

DDRESS TABLE SETTINGS

Command Attributes

• Interface – Indicates a port or trunk.

• MAC Address – Physical address associated with this interface.

• Address Table Sort Key – You can sort the information displayed based on interface (port or trunk) or MAC address.

Web – Click Address Table, Dynamic Addresses. Specify the search type (i.e. mark the Interface or MAC Address checkbox), select the method of sorting the displayed addresses, and then click Query.

CLI – This example also displays the address table entries for port 1.

Console#sh mac-address-table ethernet 1/1 sort address 3-109 Mac Address Interface Type

----------------- --------- ----------------00-10-B5-62-03-74 Eth 1/ 1 Learned

Console#

2-41

ONFIGURING THE SWITCH

Changing the Aging Time

You can set the aging time for entries in the dynamic address table.

Command Attributes

• Aging Time – The time after which a learned entry is discarded. (Range: 2-172800 seconds; Default: 300 seconds)

Web – Click Address Table, Address Aging. Specify the new aging time, click Apply.

CLI – This example sets the aging time to 400 seconds.

Console(config)#mac-address-table aging-time 400 3-110

Spanning Tree Algorithm Configuration

The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (that is, an STA-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link goes down.

STA uses a distributed algorithm to select a bridging device (STA-compliant switch, bridge or router) that serves as the root of the spanning tree network. It selects a root port on each bridging

2-42

PANNING TREE ALGORITHM CONFIGURATION

device (except for the root device) which incurs the lowest path cost when forwarding a packet from that device to the root device. Then it selects a designated bridging device from each LAN which incurs the lowest path cost when forwarding a packet from that LAN to the root device. All ports connected to designated bridging devices are assigned as designated ports. After determining the lowest cost spanning tree, it enables all root ports and designated ports, and disables all other ports. Network packets are therefore only forwarded between root ports and designated ports, eliminating any possible network loops.

Managing Global Settings

Global settings apply to the entire switch.

Command Attributes

The following global attributes are fixed and cannot be changed:

• Bridge ID – The priority and MAC address of this device.

• Designated Root – The priority and MAC address of the device in the Spanning Tree that this switch has accepted as the root device.

• Root Port – The number of the port on this switch that is closest to the root. This switch communicates with the root device through this port. If there is no root port, has been accepted as the root device of the Spanning Tree network.

• Root Path Cost – The path cost from the root port on this switch to the root device.

then this switch

2-43

ONFIGURING THE SWITCH

The following global attributes display statistical values and cannot be changed:

• Configuration Changes – The number of times the Spanning Tree has been reconfigured.

• Last Topology Change – Time since the Spanning Tree was last reconfigured.

The following global attributes can be configured:

• Spanning Tree State – Enables/disables this switch to participate in a STA-compliant network.

• Priority – Bridge priority is used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STA root device. However, if all devices have the same priority, the device with the lowest MAC address will then become the root device. (Note that lower numeric values indicate higher priority.)

- Default: 32768

- Range: 0 - 65535

• Hello Time – Interval (in seconds) at which the root device transmits a configuration message.

- Default: 2

- Minimum: 1

- Maximum: The lower of 10 or [(Max. Message Age / 2) -1]

• Maximum Age – The maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals. Any port that ages out STA information (provided in the last configuration message) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the device ports attached to

2-44

PANNING TREE ALGORITHM CONFIGURATION

the network. (References to “ports” in this section means “interfaces,” which includes both ports and trunks.)

- Default: 20

- Minimum: The higher of 6 or [2 x (Hello Time + 1)].

- Maximum: The lower of 40 or [2 x (Forward Delay - 1)]

• Forward Delay – The maximum time (in seconds) the root device will wait before changing states (i.e., listening to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a blocking state; otherwise, temporary data loops might result.

- Default: 15

- Minimum: The higher of 4 or [(Max. Message Age / 2) + 1]

- Maximum: 30

Displaying the Global Settings for STA

Web – Click Spanning Tree, STA Information.

2-45

ONFIGURING THE SWITCH

CLI

– This command displays global STA settings, followed by

settings for each port.

Console#show spanning-tree 3-119 Bridge-group information

-------------------------------------------------------------Spanning tree protocol :IEEE Std 8021D Spanning tree enable/disable :enable Priority :32768 Hello Time (sec.) :2 Max Age (sec.) :20 Forward Delay (sec.) :15 Designated Root :32768.0030f147583a Current root port :0 Current root cost :0 Number of topology changes :1 Last topology changes time (sec.):26696 Hold times (sec.) :1

---------------------------------------------------------------

Eth 1/ 1 information

-------------------------------------------------------------Admin status : enable STA state : broken Path cost : 18 Priority : 128 Designated cost : 0 Designated port : 128.1 Designated root : 32768.0030f147583a Designated bridge : 32768.0030f147583a Fast forwarding : disable Forward transitions : 0

. . .

Note: The current root port and current root cost display as zero

when this device is not connected to the network.

2-46

PANNING TREE ALGORITHM CONFIGURATION

Configuring the Global Settings for STA

Web – Click Spanning Tree, STA Configuration. Modify the

required attributes, and click Apply.

CLI – This example enables Spanning Tree Protocol, and then sets the indicated attributes.

Console(config)#spanning-tree 3-112 Console(config)#spanning-tree priority 40000 3-116 Console(config)#spanning-tree hello-time 5 3-114 Console(config)#spanning-tree max-age 38 3-115 Console(config)#spanning-tree forward-time 20 3-113 Console(config)#

Managing STA Interface Settings

You can configure STA attributes for specific interfaces, including port priority, path cost, and fast forwarding. You may use a different priority or path cost for ports of same media type to indicate the preferred path.

2-47

ONFIGURING THE SWITCH

Command Attributes

The following attributes are read-only and cannot be changed:

• Port Status – Displays current state of this port within the Spanning Tree:

- Disabled - The port has been disabled by the user or has failed diagnostics.

- Blocking - Port receives STA configuration messages, but does not forward packets.

- Listening - Port will leave blocking state due to a topology change, start transmitting configuration messages, but does not yet forward packets.

- Learning - Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving contradictory information. Port address table is cleared, and the port begins learning addresses.

- Forwarding - Port forwards packets, and continues learning addresses.

- Broken - Port is malfunctioning or no link has been established.

The rules defining port status are:

• A port on a network segment with no other STA compliant bridging device is always forwarding.

• If two ports of a switch are connected to the same segment and there is no other STA device attached to this segment, the port with the smaller ID forwards packets and the other is blocked.

• All ports are blocked when the switch is booted, then some of them change state to listening, to learning, and then to forwarding.

• Forward Transitions – The number of times this port has transitioned from the Learning state to the Forwarding state.

2-48

PANNING TREE ALGORITHM CONFIGURATION

• Designated Cost – The cost for a packet to travel from this port to the root in the current Spanning Tree configuration. The slower the media, the higher the cost.

• Designated Bridge – The priority and MAC address of the device through which this port must communicate to reach the root of the Spanning Tree.

• Designated Port – The priority and number of the port on the designated bridging device through which this switch must communicate with the root of the Spanning Tree.

• Trunk Member – Indicates if a port is a member of a trunk. (STA Port Information only)

The following interface attributes can be configured:

• Priority – Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree. This makes a port with higher priority less likely to be blocked if the Spanning Tree Protocol is detecting network loops. Where more than one port is assigned the highest priority, the port with lowest numeric identifier will be enabled.

- Default: 128

- Range: 0 - 255

2-49

ONFIGURING THE SWITCH

• Path Cost – This parameter is used by the STP to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. (Path cost takes precedence over port priority.)

- Full Range: 1-65535

- Recommended Range –

- Ethernet: 50-600

- Fast Ethernet: 10-6

- Gigabit Ethernet: 3-10

- Defaults –

- Ethernet – half duplex: 100; full duplex: 95; trunk: 90

- Fast Ethernet – half duplex: 19; full duplex: 18; trunk: 15

- Gigabit Ethernet – full duplex: 4; trunk: 3

• Fast Forwarding – You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node. Since end-nodes cannot cause forwarding loops, they can pass directly through to the forwarding state. Fast Forwarding can achieve quicker convergence for end-node workstations and servers, and also overcome other STA related timeout problems. (Remember that Fast Forwarding should only be enabled for ports connected to an end-node device.)

2-50

- Default: disabled

PANNING TREE ALGORITHM CONFIGURATION

Displaying the Interface Settings for STA

Web – Click Spanning Tree, STA Port Information or STA Trunk

Information.

CLI – This example shows the STA attributes for port 5.

Console#show spanning tree ethernet 1/5 3-119 Bridge-group information

-------------------------------------------------------------Spanning tree protocol :IEEE Std 802.1D Spanning tree enable/disable :enable Priority :32768 Hello Time (sec.) :2 Max Age (sec.) :20 Forward Delay (sec.) :15 Designated Root :32768.0030F154F880 Current root port :2 Current root cost :18 Number of topology changes :5 Last topology changes time (sec.):12828 Hold times (sec.) :1

---------------------------------------------------------------

Eth 1/ 1 information

-------------------------------------------------------------Admin status : enable STA state : forwarding Path cost : 18 Priority : 128 Designated cost : 18 Designated port : 128.1 Designated root : 32768.0030F154F880 Designated bridge : 32768.0055FFFFDDDD Fast forwarding : disable Forward transitions : 2

Console#

2-51

ONFIGURING THE SWITCH

Configuring the Interface Settings for STA

Web – Click Spanning Tree, STA Port Configuration or STA Trunk

Configuration. Modify the required attributes, then click Apply.

CLI – This example sets STA attributes for port 5.

Console(config)#interface ethernet 1/5 3-89 Console(config-if)#spanning-tree port-priority 0 3-117 Console(config-if)#spanning-tree cost 50 3-116 Console(config-if)#spanning-tree portfast 3-118

VLAN Configuration

In conventional networks with routers, broadcast traffic is split up into separate domains. Switches do not inherently support broadcast domains. This can lead to broadcast storms in large networks that handle traffic such as IPX or NetBeui. By using IEEE

802.1Q-compliant VLANs, you can organize any group of network nodes into separate broadcast domains, thus confining broadcast traffic to the originating group. This also provides a more secure and cleaner network environment.

An IEEE 802.1Q VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment.

2-52

VLAN C

VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical connections. VLANs can be easily organized to reflect departmental groups (such as Marketing or R&D), usage groups (such as e-mail), or multicast groups (used for multimedia applications such as videoconferencing).

VLANs provide greater network efficiency by reducing broadcast traffic, and allow you to make network changes without having to update IP addresses or IP subnets. VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN.

This switch supports the following VLAN features:

• Up to 127 VLANs based on the IEEE 802.1Q standard

• Distributed VLAN learning across multiple switches using explicit or implicit tagging and GVRP protocol

• Port overlapping, allowing a port to participate in multiple VLANs

ONFIGURATION

• End stations can belong to multiple VLANs

• Passing traffic between VLAN-aware and VLAN-unaware devices

• Priority tagging

Assigning Ports to VLANs

Before enabling VLANs for the switch, you must first assign each port to the VLAN group(s) in which it will participate. By default all ports are assigned to VLAN 1 as untagged ports. Add a port as a tagged port if you want it to carry traffic for one or more VLANs, and any intermediate network devices or the host at the other end of the connection supports VLANs. Then assign ports on the other VLAN-aware network devices along the path that will carry this

2-53

ONFIGURING THE SWITCH

traffic to the same VLAN(s), either manually or dynamically using GVRP. However, if you want a port on this switch to participate in one or more VLANs, but none of the intermediate network devices nor the host at the other end of the connection supports VLANs, then you should add this port to the VLAN as an untagged port.

Note: VLAN-tagged frames can pass through VLAN-aware or

VLAN-unaware network interconnection devices, but should not be used for any end-node host that does not support VLAN tagging.

VLAN Classification – When the switch receives a frame, it classifies the frame in one of two ways. If the frame is untagged, the switch assigns the frame to an associated VLAN (based on the PVID of the receiving port). But if the frame is tagged, the switch uses the tagged VLAN ID to identify the port broadcast domain of the frame.

Port Overlapping – Port overlapping can be used to allow access to commonly shared network resources among different VLAN groups, such as file servers or printers. Note that if you implement VLANs which do not overlap, but still need to communicate, you can connect them by using a Layer-3 router or switch.

Untagged VLANs – Untagged (or static) VLANs are typically used to reduce broadcast traffic and to increase security. A group of network users assigned to a VLAN form a broadcast domain that is separate from other VLANs configured on the switch. Packets are forwarded only between ports that are designated for the same VLAN. Untagged VLANs can be used to manually isolate user groups or subnets. However, you should use IEEE 802.3 tagged VLANs with GVRP whenever possible to fully automate VLAN registration.

2-54

VLAN C

Automatic VLAN Registration – GVRP (GARP VLAN Registration Protocol) defines a system whereby the switch can automatically learn the VLANs to which each endstation should be assigned. If an endstation (or its network adapter) supports the IEEE 802.1Q VLAN protocol, it can be configured to broadcast a message to your network indicating the VLAN groups it wants to join. When this switch receives these messages, it will automatically place the receiving port in the specified VLANs, and then forward the message to all other ports. When the message arrives at another switch that supports GVRP, it will also place the receiving port in the specified VLANs, and pass the message on to all other ports. VLAN requirements are propagated in this way throughout the network. This allows GVRP-compliant devices to be automatically configured for VLAN groups based solely on endstation requests.

To implement GVRP in a network, first add the host devices to the required VLANs (using the operating system or other application software), so that these VLANs can be propagated onto the network. For both the edge switches attached directly to these hosts, and core switches in the network, enable GVRP on the links between these devices. You should also determine security boundaries in the network and disable GVRP on ports to prevent advertisements being propagated, or forbid ports from joining restricted VLANs.

ONFIGURATION

Note: If you have host devices that do not support GVRP, you

must configure static VLANs for the switch ports connected to these devices (as described in “Adding Static Members to VLANs (VLAN Index)” on page 2-61). But you still need to enable GVRP on these edge switches, as well as on the core switches in the network.

2-55

ONFIGURING THE SWITCH

Forwarding Tagged/Untagged Frames

If you want to create a small port-based VLAN for devices attached directly to a single switch, you can assign ports to the same untagged VLAN. However, to participate in a VLAN group that crosses several switches, you need to create a VLAN for that group and enable tagging on all ports.

Ports can be assigned to multiple tagged or untagged VLANs. Each port on the switch is therefore capable of passing tagged or untagged frames. When forwarding a frame from this switch along a path that contains any VLAN-aware devices, the switch should include VLAN tags. When forwarding a frame from this switch along a path that does not contain any VLAN-aware devices (including the destination host), the switch must first strip off the VLAN tag before forwarding the frame. When the switch receives a tagged frame, it will pass this frame onto the VLAN(s) indicated by the frame tag. However, when this switch receives an untagged frame from a VLAN-unaware device, it first decides where to forward the frame, and then inserts a VLAN tag reflecting the ingress port’s default VID.

Displaying Basic VLAN Information

The VLAN Basic Information page displays basic information on the VLAN type supported by the switch.

Command Attributes

• VLAN Version Number* – The VLAN version used by this switch as specified in the IEEE 802.1Q standard.

• Maximum VLAN ID – Maximum VLAN ID recognized by this switch.

• Maximum Number of Supported VLANs – Maximum number of VLANs that can be configured on this switch.

2-56

VLAN C

*Web Only

ONFIGURATION

Web – Click VLAN, VLAN Base Information.

CLI – Enter the following command.

Console#show bridge-ext 3-145

Console#

Displaying Current VLANs

The VLAN Current Table shows the current port members of each VLAN and whether or not the port supports VLAN tagging. Ports assigned to a large VLAN group that crosses several switches should use VLAN tagging. However, if you just want to create a small port-based VLAN for one or two switches, you can disable tagging.

Command Attributes (Web)

• VLAN ID – ID of configured VLAN (1-4094, no leading zeroes).

• Up Time at Creation – Time this VLAN was created (i.e., System Up Time).

2-57

ONFIGURING THE SWITCH

• Status – Shows how this VLAN was added to the switch.

- Dynamic GVRP: Automatically learned via GVRP.

- Permanent: Added as a static entry.

• Egress Ports – Shows all the VLAN port members.

• Untagged Ports – Shows the untagged VLAN port members.

Web – Click VLAN, VLAN Current Table. Select any ID from the scroll-down list.

Command Attributes (CLI)

• VLAN – ID of configured VLAN (1-4094, no leading zeroes).

• Type – Shows how this VLAN was added to the switch.

- Dynamic: Automatically learned via GVRP.

- Static: Added as a static entry.

• Name – Name of the VLAN (1 to 32 characters).

• Status – Shows if this VLAN is enabled or disabled.

- Active: VLAN is operational.

- Suspend: VLAN is suspended; i.e., does not pass packets.

2-58

VLAN C

• Ports / Channel groups – Shows the VLAN interface members.

CLI – Current VLAN information can be displayed with the following command.

Console#show vlan id 1 3-131 VLAN Type Name Status Ports/Channel groups

---- ------- ----------- ------ ------------- ------1 Static DefaultVlan Active Eth1/1 Eth1/2 Eth1/3 Eth1/4

Console#

Eth1/5 Eth1/6 Eth1/7 Eth1/8 Eth1/9 Eth1/10 Eth1/11 Eth1/12 Eth1/13 Eth1/14 Eth1/15 Eth1/16 Eth1/17 Eth1/18 Eth1/19 Eth1/20 Eth1/21 Eth1/22 Eth1/23 Eth1/24

Creating VLANs

Use the VLAN Static List to create or remove VLAN groups. To propagate information about VLAN groups used on this switch to external network devices, you must specify a VLAN ID for each of these groups.

Command Attributes

ONFIGURATION

• Current – Lists all the current VLAN groups created for this system. Up to 127 VLAN groups can be defined. VLAN 1 is the default untagged VLAN.

• New – Allows you to specify the name and numeric identifier for a new VLAN group. (The VLAN name is only used for management on this system; it is not added to the VLAN tag.)

• VLAN ID – ID of configured VLAN (1-4094, no leading zeroes).

• VLAN Name – Name of the VLAN (1 to 32 characters).

• Status (Web) – Shows if this VLAN is enabled or disabled.

- Enable: VLAN is operational.

- Disable: VLAN is suspended; i.e., does not pass packets.

2-59

ONFIGURING THE SWITCH

• State (CLI) – Shows if this VLAN is enabled or disabled.

- Active: VLAN is operational.

- Suspend: VLAN is suspended; i.e., does not pass packets.

• Add – Adds a new VLAN group to the current list.

• Remove – Removes a VLAN group from the current list. If any port is assigned to this group as untagged, it will be reassigned to VLAN group 1 as untagged.

Web – Click VLAN, VLAN Static List. To create a new VLAN, enter the VLAN ID and VLAN name, mark the Enable checkbox to activate the VLAN, and then click Add.

CLI – This example creates a new VLAN.

Console(config)#vlan database 3-122 Console(config-vlan)#vlan 2 name R&D media ethernet state active

3-123

Console(config-vlan)#end Console#show vlan VLAN Type Name Status Ports/Channel groups

---- ------- -------------- ------- ---------------------1 Static DefaultVlan Active Eth1/ 1 Eth1/ 2 Eth1/ 3

2 Static R&D Active Console#

Eth1/ 4 Eth1/ 5 Eth1/ 6 Eth1/ 7 Eth1/ 8 Eth1/ 9 Eth1/10 Eth1/11 Eth1/12 Eth1/13 Eth1/14 Eth1/15 Eth1/16 Eth1/17 Eth1/18 Eth1/19 Eth1/20 Eth1/21 Eth1/22 Eth1/23 Eth1/24

2-60

VLAN C

Adding Static Members to VLANs (VLAN Index)

Use the VLAN Static Table to configure port members for the selected VLAN index. Assign ports as tagged if they are connected to 802.1Q VLAN compliant devices, or untagged they are not connected to any VLAN-aware devices. Or configure a port as forbidden to prevent the switch from automatically adding it to a VLAN via the GVRP protocol.

Notes: 1. You can also use the VLAN Static Membership by Port

page to configure VLAN groups based on the port index. However, note that this configuration page can only add ports to a VLAN as tagged members.

2. VLAN 1 is the default untagged VLAN containing all ports on the switch, and can only be modified by first reassigning the default port VLAN ID as described under “Configuring VLAN Behavior for Interfaces” on page 2-65.

Command Attributes

ONFIGURATION

• VLAN – ID of configured VLAN (1-4094, no leading zeroes).

• Name – Name of the VLAN (1 to 32 characters).

• Status – Shows if this VLAN is enabled or disabled.

- Enable: VLAN is operational.

- Disable: VLAN is suspended; i.e., does not pass packets.

• Port – Port identifier.

• Trunk – Trunk identifier.

2-61

ONFIGURING THE SWITCH

• Membership Type – Select VLAN membership for each interface by marking the appropriate radio button for a port or trunk:

- Tagged: Interface is a member of the VLAN. All packets transmitted by the port will be tagged, that is, carry a tag and therefore carry VLAN or CoS information.

- Untagged: Interface is a member of the VLAN. All packets transmitted by the port will be untagged, that is, not carry a tag and therefore not carry VLAN or CoS information. Note that an interface must be assigned to at least one group as an untagged port.

- Forbidden: Interface is forbidden from automatically joining the VLAN via GVRP.

- None: Interface is not a member of the VLAN. Packets associated with this VLAN will not be transmitted by the interface.

• Trunk Member – Indicates if a port is a member of a trunk. To add a trunk to the selected VLAN, use the last table on the VLAN Static Table page.

2-62

VLAN C

ONFIGURATION

Web – Click VLAN, VLAN Static Table. Select a VLAN ID from the scroll-down list. Modify the VLAN name and status if required. Select the membership type by marking the appropriate radio button in the list of ports or trunks. Click Apply.

CLI – This example adds the required interfaces.

Console(config)#interface ethernet 1/1 3-89 Console(config-if)#switchport allowed vlan add 2 tagged 3-129 Console(config-if)#exit Console(config)#interface ethernet 1/2 Console(config-if)#switchport allowed vlan add 2 untagged Console(config-if)#exit Console(config)#interface ethernet 1/13 Console(config-if)#switchport forbidden vlan add 2 3-130

2-63

ONFIGURING THE SWITCH

Adding Static Members to VLANs (Port Index)

Use the VLAN Static Membership by Port menu to assign VLAN groups to the selected interface add an interface to the selected VLAN as a tagged member.

Command Attributes

• Interface – Port or trunk identifier.

• Member – VLANs for which the selected interface is a tagged member.

• Non-Member – VLANs for which the selected interface is not a member.

Web – Click VLAN, VLAN Static Membership by Port. Select an interface from the scroll-down box (Port or Trunk). Click Query to display membership information for the interface. Select a VLAN ID, and then click Add to add the interface as a tagged member, or click Remove to remove the interface. After configuring VLAN membership for each interface, click Apply.

2-64

VLAN C

CLI – This example adds Port 3 to VLAN 1 as a tagged port.

Console(config)#interface ethernet 1/3 3-89 Console(config-if)#switchport allowed vlan add 1 tagged 3-129

Configuring VLAN Behavior for Interfaces

You can configure VLAN behavior for specific interfaces, including the default VLAN identifier (PVID), accepted frame types, ingress filtering, GVRP status, and GARP timers.

Command Usage

• GVRP – GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network.

• GARP – Group Address Registration Protocol is used by GVRP to register or deregister client attributes for client services within a bridged LAN. The default values for the GARP timers are independent of the media access method or data rate. These values should not be changed unless you are experiencing difficulties with GVRP registration/deregistration.

ONFIGURATION

Command Attributes

• Ingress Filtering – If ingress filtering is enabled, incoming frames for VLANs which do not include this ingress port in their member set will be discarded at the ingress port. (Default: Disabled)

- Ingress filtering only affects tagged frames.

- If ingress filtering is disabled, the interface will accept any VLAN-tagged frame if the tag matches a VLAN known to the switch (except for those VLANs explicitly forbidden on this port).

2-65

ONFIGURING THE SWITCH

- If ingress filtering is enabled, the interface will discard incoming frames tagged for VLANs which do not include this ingress port in their member set.

Ingress filtering does not affect VLAN independent BPDU frames, such as GVRP dependent BPDU frames, such as GMRP.

or STP. However, it does affect VLAN

• PVID – interface. (Default: 1)

- If an interface is not a member of VLAN 1 and you assign its

• Acceptable Frame Type – Sets the interface to accept all frame types, including tagged or untagged frames, or only tagged frames. When set to receive all frame types, any received frames that are untagged are assigned to the default VLAN. (Option: All, Tagged; Default: All)

- This field is read-only for the Web, and read/write for the CLI

• GVRP Status – Enables/disables GVRP for the interface. GVRP must be globally enabled for the switch before this setting can take effect. (See “Displaying Bridge Extension Capabilities” on page 2-24.) When disabled, any GVRP packets received on this port will be discarded and no GVRP registrations will be propagated from other ports. (Default: Disabled)

- GVRP can only be enabled for tagged ports.

- You must set Mode to 1Q Trunk to configure a tagged port.

VLAN ID assigned to untagged frames received on the

PVID to this VLAN, the interface will automatically be added to VLAN 1 as an untagged member. For all other VLANs, an interface must first be configured as an untagged member before you can assign its PVID to that group.

(page 3-126).

• GARP Join Timer* – The interval between transmitting requests/queries to participate in a VLAN group. (Range: 20-1000 centiseconds; Default: 20)

2-66

VLAN C

ONFIGURATION

• GARP Leave Timer* – The interval a port waits before leaving a VLAN group. This time should be set to more than twice the join time. This ensures that after a Leave or LeaveAll message has been issued, the applicants can rejoin before the port actually leaves the group. (Range: 60-3000 centiseconds; Default: 60)

• GARP LeaveAll Timer* – The interval between sending out a LeaveAll query message for VLAN group participants and the port leaving the group. This interval should be considerably larger than the Leave Time to minimize the amount of traffic generated by nodes rejoining the group. (Range: 500-18000 centiseconds; Default: 1000)

*Timer settings must follow this rule:

2 x (join timer) < leave timer < leaveAll timer

• Trunk Member – Indicates if a port is a member of a trunk. To add a trunk to the selected VLAN, use the last table on the VLAN Static Table page.

• Mode – Indicates VLAN membership egress mode for an interface. (Default: Access)

- Access – Sets the port to operate as an untagged interface. All frames are sent untagged.

- 1Q Trunk – Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port transmits tagged frames that identify the source VLAN. However, note that frames belonging to the port’s default VLAN (i.e., associated with the PVID) are sent untagged.

2-67

ONFIGURING THE SWITCH

Web – Click VLAN, VLAN Port Configuration or VLAN Trunk Configuration. Fill in the required settings for each interface, click Apply.

CLI – This example sets port 3 to accept only tagged frames, assigns PVID 2 as the native VLAN ID, enables GVRP, sets the GARP timers, and then sets the switchport mode to trunk.

Console(config)#interface ethernet 1/3 3-89 Console(config-if)#switchport acceptable-frame-types tagged 3-126 Console(config-if)#switchport ingress-filtering 3-127 Console(config-if)#switchport native vlan 2 3-128 Console(config-if)#switchport gvrp 3-140 Console(config-if)#garp timer join 30 3-142 Console(config-if)#garp timer leave 90 3-142 Console(config-if)#garp timer leaveall 2000 3-142 Console(config-if)#switchport mode trunk 3-125 Console(config-if)#

Configuring Private VLANs

Private VLANs provide port-based security and isolation between ports within the assigned VLAN. This switch supports two types of private VLAN ports: promiscuous, and community ports. A promiscuous port can communicate with all interfaces within a private VLAN. Community ports can only communicate with other

2-68

SMC Networks TIGERSWITCH 10-100 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Connecting to the Switch

Configuration Options

Required Connections

Remote Connections

Basic Configuration

Console Connection

Setting Passwords

Setting an IP Address

Enabling SNMP Management Access

Saving Configuration Settings

Managing System Files

System Defaults

Using the Web Interface

Navigating the Web Browser Interface

Home Page

Configuration Options

Panel Display

Main Menu

Basic Configuration

Displaying System Information

Setting the IP Address

Configuring User Authentication

Configuring the Logon Password

Configuring RADIUS Logon Authentication

Managing Firmware

Downloading System Software from a Server

Saving or Restoring Configuration Settings

Resetting the System

Displaying Bridge Extension Capabilities

Displaying Switch Hardware/Software Versions

Port Configuration

Displaying Connection Status

Configuring Interface Connections

Setting Broadcast Storm Thresholds

Configuring Port Mirroring

Address Table Settings

Setting Static Addresses

Displaying the Address Table

Changing the Aging Time

Spanning Tree Algorithm Configuration

Managing Global Settings

Displaying the Global Settings for STA

Configuring the Global Settings for STA

Managing STA Interface Settings

Displaying the Interface Settings for STA

Configuring the Interface Settings for STA

VLAN Configuration

Displaying Basic VLAN Information

Displaying Current VLANs

Creating VLANs

Adding Static Members to VLANs (VLAN Index)

Adding Static Members to VLANs (Port Index)

Configuring VLAN Behavior for Interfaces

Configuring Private VLANs