GarrettCom MNS-6K 4.1.4 Bedienungsanleitung

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364

Zur Seite of

Richtige Gebrauchsanleitung

Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung GarrettCom MNS-6K 4.1.4 an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von GarrettCom MNS-6K 4.1.4, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.

Was ist eine Gebrauchsanleitung?

Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung GarrettCom MNS-6K 4.1.4 die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.

Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung GarrettCom MNS-6K 4.1.4. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.

Was sollte also eine ideale Gebrauchsanleitung beinhalten?

Die Gebrauchsanleitung GarrettCom MNS-6K 4.1.4 sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts GarrettCom MNS-6K 4.1.4
- Den Namen des Produzenten und das Produktionsjahr des Geräts GarrettCom MNS-6K 4.1.4
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts GarrettCom MNS-6K 4.1.4
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen

Warum lesen wir keine Gebrauchsanleitungen?

Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von GarrettCom MNS-6K 4.1.4 zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von GarrettCom MNS-6K 4.1.4 und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service GarrettCom finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von GarrettCom MNS-6K 4.1.4 zu überspringen, wie es bei der Papierform passiert.

Warum sollte man Gebrauchsanleitungen lesen?

In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts GarrettCom MNS-6K 4.1.4, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.

Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von GarrettCom MNS-6K 4.1.4 widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.

Inhaltsverzeichnis der Gebrauchsanleitungen

  • Seite 1

    MAGNUM 6K F AMIL Y OF SWIT CHES Mana ged Netw or k Softw are (MNS) MNS-6K-SECURE 14.1.4 and MNS-6K 4.1.4 CLI User Guide[...]

  • Seite 2

    Pr eface This guide describes how to use the Command Line Interface (CLI) for the Magnum 6K family of switches. For the Web Management Interface please refer to the Web Management Guide. Some simple guidelines which will be use ful for configuring and using the Magnum 6K family of switches -  If you need information on a specific command in the [...]

  • Seite 3

    ii T r ademar ks GarrettCom Inc. reserves the right to change spe cifications, perform ance characteristics and/or model offerings with out notice. GarrettCom, Magnum, S-Ring, Link-Loss-Learn, Converter Switch, Conve nient Switch and Personal Swit ch are trademarks and Person al Hub is a registered trademark of Garrett Com, Inc. NEBS is a registere[...]

  • Seite 4

    T able of Contents 1 – Conventions Followed ............................................................... 19 Flow of the User Guide .......................................................... 21 2 – Getting Started ............................................................................ 23 Before starting ..................................[...]

  • Seite 5

    Upgrading to MNS-6K-SECURE ......................................... 36 List of commands in this chapter .......................................... 37 3 – IP Address and System Information ..................................... 39 IP Addressing ............................................................................... 39 Importance of an IP a[...]

  • Seite 6

    Configuring IPv6 ...................................................................... 74 List of commands in this chapter .......................................... 75 5 – DHCP Server .................................................................. 77 Modes of Operation ................................................................ 78 Techn[...]

  • Seite 7

    8 – Access Using RADIUS ................................................. 106 RADIUS ..................................................................................... 106 802.1x ....................................................................................... 106 Configuring 802.1x .......................................................[...]

  • Seite 8

    Using STP ................................................................................ 148 List of commands in this chapter ........................................ 158 13 – Rapid Spanning Tree Pr otocol (RSTP) ...................... 159 RSTP concepts ........................................................................... 159 Transition f[...]

  • Seite 9

    Configuring QoS .................................................................... 208 List of commands in this chapter ........................................ 213 18 – IGMP ........................................................................... 214 IGMP concepts .......................................................................... 21[...]

  • Seite 10

    System Events ......................................................................... 272 MAC Address Table .............................................................. 277 List of commands in this chapter ........................................ 278 APPENDIX 1 - Command listing by Chapter .................. 281 Chapter 2 – Getting Started ..[...]

  • Seite 11

    x Using Mozilla Firefox (ver. 3.x) ........................................... 329 Using Internet Explorer (ver 7.x) ........................................ 333 Using Other Browsers ........................................................... 334 APPENDIX 5 – Updating MNS-6K Software .................... 335 1. Getting Started ...................[...]

  • Seite 12

    List of Figures F IGURE 1 - HyperTerminal screen showing the serial settings ................................................................. 25 F IGURE 2 - Prompt indicating the switch model number as well as mode of operation – note the commands to switch between the levels is not shown here. ...................................................[...]

  • Seite 13

    F IGURE 24 - Changing telnet access – note in this case , the enable command was repeated without any effect to the switch ................................................................................................................ 42 F IGURE 25 - Reviewing the console parameters – note telnet is enabled ....................................[...]

  • Seite 14

    F IGURE 46 – displaying configuration for different mo dules. Note – multiple modules can be specified on the command line ..................................................................................................... 64 F IGURE 47 – Hide or display system passwords ......................................................................[...]

  • Seite 15

    F IGURE 70 – securing the network using port access ............................................................................ 113 F IGURE 71 – Flow chart describing the interact ion between local users and TACACS authorization ....................................................................................................................[...]

  • Seite 16

    F IGURE 94 – More than one S-Ring pair can be selec ted and more than one S-Ring can be defined per switch. Note – the mP62 as we ll as the ES42 switches support LLL and can participate in S-Ring as an acc ess switch .................................................................................. 180 F IGURE 95 – Activating S-Ring on the sw[...]

  • Seite 17

    F IGURE 112 – The network for the ‘show lacp’ command listed below .................................................. 203 F IGURE 113 – LACP information over a network ............................................................................. 204 F IGURE 114 – ToS and DSCP ...............................................................[...]

  • Seite 18

    F IGURE 136 – Predefined conditions for the relay ................................................................................ 257 F IGURE 137 – Setting up the external electrical relay and alerts .......................................................... 260 F IGURE 138 – setting SMTP to receive SNMP trap information via email ..........[...]

  • Seite 19

    xviii F IGURE 163 – Make sure to select the Xmodem protoc ol and the proper directory where t he configuration is saved. Click on Receive. This starts the file transfer. ......................................... 345 F IGURE 164 – Status window for Xmodem (using HyperTerminal under Windows X P) .................... 346 F IGURE 165 – Message wh[...]

  • Seite 20

    Chapter 1 1 – Con v entions F ollo w ed Conventions followed in the manual… o best use this document, please review some of the conventions followed in the manual, including screen captures, inte ractions and commands with the switch, etc. T Box shows interaction with the switch comma nd line or screen captures from the switch or computer for c[...]

  • Seite 21

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Re Re ab lated Topics lated topics show that GarrettCom strongly recommends reading out those topics. You may choose to skip those if you already have prior detailed knowledge on those subjects. j Tool box – Necessary software and hard ware components needed (or recommended to have) as a prerequisi te. These [...]

  • Seite 22

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Flow of the User Guide The manual is designed to guide th e user through a sequence of events. Chapter 1 – this chapter Chapter 2 is the basic setup as required by the Magnum 6K family of switc hes. After completing Chapter 2, the configuration can be done using the web interface. Chapter 2 is perhaps the mos[...]

  • Seite 23

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 22 Chapter 12 shows how STP can be setup and used. To day, RSTP is pref erred over STP. Chapter 13 shows how RSTP is setup and used as well as how RSTP can be used with legacy devices which support STP only. Chapter 14 focuses on S-Ring™ and setup of S-Ring. Chapter 15 talks about dual homing and how dual hom[...]

  • Seite 24

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Chapter 2 2 – Getting Star ted First few sim ple steps … his section explains how the GarrettCom Magnum 6K family of switches can be setup using the console port on the switch. So me of the functionality includes setting up the IP address of the switch, securing the switch with a user na me and password, se[...]

  • Seite 25

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE and a PC is networked to the switch, the switch’s command line interface (CLI) can be accessed via telnet. To manage the switch th rough in-band (networked) access (e.g. telnet, or Web Browser Interface), you should config ure the switch with an IP address an d subnet mask compatible with your network. You sh[...]

  • Seite 26

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Once the switch is configured with an IP address, the Command Line Interface (or CLI) is also accessible using telnet as well as the serial port. Access to th e switch can be either through the console interface or remotely over the network. The Command Line Interface (CLI) enables local or remote unit installa[...]

  • Seite 27

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE The switch has three modes of operation – Operator (least privilege), Manager and Configuration. The prompts for the switches change as the switch changes modes from Operator to Manager to Configuration. The pr ompts are shown in Figure 2 below, with a brief explanation of what the different prompts indicate.[...]

  • Seite 28

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Should a situation arise when there are mult iple new switches powered up at the same time, there could be a situati on of duplicate IP addresses. In this situation, only one Magnum switch will be assigned the IP address of 192.168.1.2 and netmask of 255.255.255.0. The other switches will not be assigned an IP [...]

  • Seite 29

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE • Power on the switch • Once the login prompt appears, login as manager using default password (manager) • Configure the IP address, network mask and default gateway as per the IP addressing scheme for your network • Set the Manager Password (recommended–refer to next section) • Save the settings (w[...]

  • Seite 30

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Version : Magnum 6K25 build 14.1 Jul 28 2008 07:51: 45 MAC Address : 00:20:06:25:b7:e0 IP Address : 192.168.1.150 Subnet Mask : 255.255.255.0 Gateway Address : 192.168.1.10 CLI Mode : Manager System Name : Magnum6K25 System Description : 25 Port Modular Ethernet Switch System Contact : support@garrettcom.com Sy[...]

  • Seite 31

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE command is shown below in Figure 6 Magnum6K25> enable manager Password: ******* Magnum6K25# F IGURE 7 - Switching users and privilege levels. Note the prompt changes with the new privilege level. Operator Privileges Operator privileges allow views of the current configurations but do not allow changes to the[...]

  • Seite 32

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25# user Magnum6K25(user)## add user=peter level=2 Enter User Password :****** Confirm New Password :***** * Magnum6K25(user)## F IGURE 8 - Adding a user with Manager level privilege In this example, user ‘peter’ was added with Manager privilege. Delete User Syntax delete user=<name> Magnum6K2[...]

  • Seite 33

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25(user)## F IGURE 11 - Changing the privileg e levels for a user In this example, user ‘peter’ was modified to Operator privileges. Modifying Access Privile ges User access allows the network adm inistrators to control as to who has read and write access and for which set of command groups. T h e c[...]

  • Seite 34

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25( u s e r )# # useraccess user=peter group=vlan,user,system type=read enable Access rules set for Read Operation. Groups: All Command Group s. ML2400(user)## show users Sl# Username Access Permissions --- -------- ------------------ 1 manager Manager Read Access: All Command Groups Write Access: All C[...]

  • Seite 35

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Help Typing the ‘ help ’ command lists the commands you can execute at the current privilege level. For example, typing ‘ help ’ at the Operator level shows Magnum6K25> help logout ping set terminal telnet walk mib Contextless Commands: ! ? clear enable exit help show whoami alarm Magnum6K25> F IG[...]

  • Seite 36

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE show active-vlan show address-table show ag e show alarm show ar p show auth <config|ports> show backpressure show bootmode --more-- F IGURE 16 - Options for the ‘show’ command Conte xt help Other ways to display help, specifically, wi th reference to a command or a set of commands, use the TAB key. S[...]

  • Seite 37

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25> se<TAB> passwor d timeout vlan Magnum6K25> set F IGURE 19 - Listing commands options – note the comma nd was not completed and the TAB key completed the command. Exiting To exit from the CLI interface and terminate the console session use the ‘ logout ’ command. The logout command [...]

  • Seite 38

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Saving current configuration Configuration saved Saving current event logs Event logs saved Magnum6K25# F IGURE 21 – Upgrading to MNS-6K-SECURE After the license key is entered – please use the save command to save the key in flash memory. It is recommended to preserve the information for future use. List o[...]

  • Seite 39

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 38 Syntax <TAB> - listing all commands available at the privilege level Syntax <command string> <TAB> - options for a command Syntax <first character of the command> <TAB> - listing commands starting with the character Syntax logout – logout from the CLI session Syntax useraccess[...]

  • Seite 40

    Chapter 3 3 – IP Addr ess and System Inf or ma tion First simple steps to follow … his section explains how the Magnum 6K fam ily of switches can be setup using other automatic methods such as bootp and DHCP . Besides this, other parameters required for proper operation of the switch in a network are discussed. T IP Addressing It is assumed tha[...]

  • Seite 41

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 40 To verify the IP address settings, the ‘show ipconfig’ command can be used. Magnum6K25> show ipconfig IP Address : 192.168.1.150 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.1.10 Magnum6K25> F IGURE 22 - Checking the IP settings Besides manually assigning IP addresses, ther e are other mea[...]

  • Seite 42

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE ht: is the “hardware type”. For the Magnum 6K family of switches, set this to ether (for Ethernet). This tag must precede the “ ha” ta g. ha: is the “hardware address”. Use th e switch’s 12-digit MAC address ip: is the IP address to be assigned to the switch sm: is the subnet mask of the subnet in[...]

  • Seite 43

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE switch is put on a network and the speci fic configurations are loaded from a centralized BootP server Magnum6K25# set bootmode type=dhcp Save Configuration and Restart System Magnum6K25# set bootmode type=aut o Save Configuration and Restart System Magnum6K25# set bootmode type=bootp bo otimg=enable bootcfg=di[...]

  • Seite 44

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25# show console Console/Serial Link Inbound Telnet Enabled : Yes Outbound Telnet Enabled : Yes Web Console Enabled : Yes SNMP Enabled : Yes Terminal Type : VT100 Screen Refresh Interval (sec) : 3 Baud Rate : 38400 Flow Control : None Session Inactivity Time (min) : 10 Magnum6K25# F IGURE 25 - Reviewing[...]

  • Seite 45

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25# user Magnum6K25(us er)## useraccess user=peter service=telnet enable Telnet Access Enabled. Magnum6K25(us er)## exit Magnum6K25# show session Current Sessions: SL # Session Id Connection User Name User Mode 1 1 163.10.10.14 manager Manager 2 2 163.11. 11.15 peter Manager 3 3 163.12.12.16 operator Op[...]

  • Seite 46

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE strong algorithms such as blowfish, 3DES, IDEA etc.). Encryption provides confidentiality and integrity of data. . The goal of SSH was to repl ace the earlier rlogin, Telnet and rsh protocols, which did not provide strong authentication or guarantee confidentiality. In 1995, Tatu Ylönen, a researcher at Helsin[...]

  • Seite 47

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE • The user authentication layer (RFC 4252). This layer handles client authentication and provides a number of authentication methods. Authentica tion is client-driven , a fact commonly misunderstood by users; when one is prompted for a password, it may be the SSH client prompting, not the server. Th e server [...]

  • Seite 48

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25 (access)# # ssh ? ssh <enable|disable > : Enable s or Di sa bles the SSH ssh keygen : Generate Security Keys. ssh port=<port|default> : Set TCP/IP Port Usage ssh <enable|disable|keygen> ssh port=<port|default> Magnum6K25 (access)# # show ssh SSH is disabled Magnum6K25 (access)[...]

  • Seite 49

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Boot Mode : manual Inactivity Timeout(min) : 500 Address Age Interval(min) : 300 Inbound Telnet Enabled : Yes Web Agent Enabled : Yes SSH Server enabled : Yes Modbus Server Enabled : Yes Time Zone : GMT-08hours:00minutes Day Light Time Rule : None System UpTime : 0 Days 0 Hours 2 Mins 31 Secs ML2400# F IGURE 28[...]

  • Seite 50

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25# show dns DNS Server Address : 0.0.0.0 Domain Name : Not Set DNS Status : Disabled. Magnum6K25# set dns server=192.168.5.254 domain=customer-doma in.com Domain Name Server Set. Magnum6K25# show dns DNS Server Address : 192.168.5.254 Domain Name : cu stomer-domain.com DNS Status : Disabled. Magnum6K25[...]

  • Seite 51

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Setting serial por t par ameter s To be compliant with IT or other policies the console parameters can be changed from the CLI interface. This is best done by setting the IP address and then telnet over to the switch. Once connected using telnet, the serial parameters can be changed. If you are using the serial[...]

  • Seite 52

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE System Contact : support@garrettcom.com System Location : Fremont, CA System ObjectId : 1.3.6.1.4.1.553.12.6 Magnum6K25# F IGURE 31 - System parameters using the show setup co mmand. Most parameters here cannot be changed Magnum6K25# show sysconfig System Name : Magnum6K25 System Contact : support@garrettcom.co[...]

  • Seite 53

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25# snmp Magnum6K25(snmp)## setvar ? setvar : Configures system name, co ntact or location Usage: setvar [sysname|syscontac t|syslocation] =<string> Magnum6K25(snmp)## setvar syslocation=Fremont System variable(s) set successfully Magnum6K25(snmp)## exit Magnum6K25# F IGURE 33 - Setting the system[...]

  • Seite 54

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax set timeformat format=<12|24> Syntax set daylight country=< country name> Magnum6K25# set daylight ? set daylight : Sets the day light loc ation Usage set daylight country=<name> Magnum6K25# set daylight country=USA Success in setting daylight savings to the given location/country USA M[...]

  • Seite 55

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 54 Syntax sntp [enable|disable] For example, to set the SNTP server to be 204.65.129.201 2 (with a time out of 3 seconds and a number of retries set to 3 times); allowi ng the synchronization to be ever 5 hours, the following commands are used Magnum6K25# sntp Magnum6K25(sntp)## se tsntp server=204.65.129.201 t[...]

  • Seite 56

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 55 To upgrade to MNS-6K 4.x or MNS-6K-SEC URE 14.x, make sure the switch is first upgraded to version 3.7 or higher Once the configuration is saved – the saved conf iguration can be loaded to restore back the settings. At this time the configuration parameter saved or loaded are not in a human readable format[...]

  • Seite 57

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax show ftp - display the current ftp operation mode With MNS-6K additional capabilities have been added to save and load configurations. The commands are: Syntax ftp <get|put|list|del> [type=<app |config|oldconf|script|hos ts|log>] [host=<hostname>] [ip=<ipaddress>] [file=<filena[...]

  • Seite 58

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE This can also perform the task of exporti ng a configuration file or uploading a new image to the switch [host=<hostname>] [ip=<ipa ddress>] [file=<filename>] – parameters associated with tftp server for pr oper communications with the server Syntax xmodem <get|put> [type=<app|confi[...]

  • Seite 59

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE object or in a newer format as an ASCII (readable) file. The new format is preferred by GarrettCom and GarrettCom recommends all configuration f iles be saved in the new format. GarrettCom recommends saving the configuration in the old format only if there are multiple Magnum 6K family of switches on the networ[...]

  • Seite 60

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE # of Magnum 6K switch configurations. As such, this script # provides insights into the configuratio n of Magnum 6K switch's # settings. GarrettCom recommends th at modifications of this # file and the commands should be verified by the User in a # test environment prior to use in a "live" produc[...]

  • Seite 61

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE System portion of the file only. GarrettCom r ecommends editing the “scr ipt” file (see below) Note 2 – File names cannot have special characters such as *#!@$^&* space and control characters. Script files Script file is a file containing a set of CLI commands which are used to configure the switch. C[...]

  • Seite 62

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE # System Manager - This area configures System rel ated # # i nformation. # ################### ######################### ############## set bootmode type=manual ipconfig ip=192.168.5.5 mask=0.0.0.0 dgw=0.0.0.0 set timeout=10 access telnet enable snmp enable web=enable exit ################### #################[...]

  • Seite 63

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE ============== ================= ================ ==================== = 1 server 192.168.5.2 -- ****** 2 -- -- -- -- 3 -- -- -- -- 4 -- -- -- -- 5 -- -- -- -- 6 -- -- -- -- 7 -- -- -- -- 8 -- -- -- -- 9 -- -- -- -- 10 -- -- -- -- Magnum6K25(access)# # F IGURE 42 – Creating host entries on MNS-6K Syntax more [...]

  • Seite 64

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE gvrp GVRP settings snmp SNMP settings web Web and SSL/TLS settings tacacs TACACS+ settings auth 802.1x Settings igmp IGMP Settings smtp SMTP settings If the module name is not specified the whole configuration is displayed. Magnum6K25# show config [HARDWARE] type=Magnum6K25 slotB=8 Port TP Mod ule ########### #[...]

  • Seite 65

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE deftrapcomm=public authtrap=disa ble com2sec _cou nt=0 group_count =0 view_count=1 view1_name=all view1_type=inc luded view1_subtree=.1 view1_mask=ff --more— <additional lines deleted for succinct viewing> F IGURE 45 – displaying specific modules using the ‘show config’ command Magnum6K25# show co[...]

  • Seite 66

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25# set secrets hide Secrets will be hidden. Magnum6K25# set secrets show Secrets will be visible. Magnum6K25# F IGURE 47 – Hide or display system passwords Er asing configur ation To erase the configuration and reset the configurations to factory default, you can use the command ‘kill config’. Th[...]

  • Seite 67

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE smtp SMTP settings If the module name is not specified the whole configuration is erased. For example, ‘kill config save=system’ preserves the system IP address, netmask and default gateway. Magnum6K25# kill config save=system Do you want to erase the c onfiguration? [ 'Y' or 'N'] Y Succ[...]

  • Seite 68

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE List of commands in this c ha pter Syntax set bootmode type=<dhcp|bootp|manual |auto> [bootimg=<enable|disable>] [bootcfg=[<enable|disable>] – assign the boot mode for the switch Where <dhcp|bootp|manual|auto> - where dhcp – look only for DHCP servers on the network for the IP addres[...]

  • Seite 69

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax set serial [baud=<rate>] [data=<5|6 |7|8>] [parity=<none|odd|even>] [stop=<1|1.5|2>] [flowctrl=<none|xonxoff> ] – sets serial port parameters Syntax snmp – enter the snmp configuration mode Syntax setvar [sysname|syscontact|syslocation]=<string> - sets the system n[...]

  • Seite 70

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Where <get|put|list|del> - different ftp operations [type=<app|config|oldco nf|script|hosts|log>] – optional type field. This is useful to specify whether a log file or host file is uploaded or downloaded. This can also perform the task of exporting a configurat ion file or uploading a new image t[...]

  • Seite 71

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Where <get|put> - different xmodem file transfer operations – get a file from the server or put the information on the server [type=<app|config|oldco nf|script|hosts|log>] – optional type field. This is useful to specify whether a log file or host file is uploaded or downloaded. This can also pe[...]

  • Seite 72

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 71 Syntax show timezone – shows the system timezone Syntax show date – shows the system date Syntax show uptime – shows the amount of time the switch has been o perational[...]

  • Seite 73

    Chapter 4 4 – IPv6 Next generation IP addr essing his section explains how the access to the GarrettCom Magnum MNS-6K can setup using IPv6 instead of IPv4 addressing described earlie r. IPv6 provides a much larger address space and is required today by many. IPv6 is a vailable in MNS-6K-SECURE version only. T Assumptions It h o is assumed here th[...]

  • Seite 74

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE incremental, with few or no critical interdepe ndencies. Most of today's internet uses IPv4, which is now nearly twenty years old. IPv4 has b een remarkably resilient in spite of its age, but it is beginning to have problems. Most importantly, there is a growing shortage of IPv4 addresses, which are needed[...]

  • Seite 75

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 74 used as an identifier for the node. A single interface may be assigned multiple IPv6 addresses of any type. There are three types of IPv6 addresses. These are unicast, anycast, and multicast. Unicast addresses identify a single interface. Anycast a ddresses identify a set of interfaces such that a packet sen[...]

  • Seite 76

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 75 Magnum6K25# ipconfig ip=fe80::220 :6ff:fe 25:ed80 mask=ffff:ffff:ffff:ffff:: Action Parameter Missing. "add" assumed. IPv6 Parameters Set. Magnum6K25# show ipv6 IPv6 Address : fe80::220:6 ff:fe25:ed80 mask : ffff:ffff:ffff :ffff:: Magnum6K25# show ipconfig IP Address : 192.168.5.5 Subnet Mask : 255[...]

  • Seite 77

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 76[...]

  • Seite 78

    77 5 – DHCP Ser v er Access to other devices on the netw ork…. his feature is available in MNS-6K-SECUR E only. This section explains how DHCP services can be provided for devices on the network. MNS-6K can provide DHCP services. Network administrators use Dynamic Host Configur ation Protocol (DHCP) servers to administer IP addresses and other [...]

  • Seite 79

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 78 As described earlier, the Dynamic Host Configuration Protocol (DHCP) automates the assignment of IP addresses, subnet masks, defa ult gateway, DNS servers and other IP parameters. When a DHCP configured machine boots up or regains connectivity after a power outage or network outage, the DHCP client sends a q[...]

  • Seite 80

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE intervention. Most administrators prefer to use static IP addresses (which are allocated out for such purposes) instead of using the manual mode. Allocating specific IP address for specific network s or VLANs also aids in securing the network. Firewall rules or access rules can be written and designed for speci[...]

  • Seite 81

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE The client broadcasts on the physical subnet to find available servers. Network administrators can configure a local router to forward DHCP packets to a DHCP server on a different subnet. This client-implementation creates a UDP packet with th e broadcast destination of 255.255.255.255 or subnet broadcast addre[...]

  • Seite 82

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE acknowledgement to the client. The system as a whole expects the client to configure its network interface with the supplied options. DHCP Inf or ma tion The client sends a request to the DHCP server: eith er to request more information than the server sent with the original DHCP ACK; or to repeat data for a pa[...]

  • Seite 83

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax - reserve-ip ip=<ip> [mac=<mac>] - reserve a specific IP address for a device Syntax - clear-reserveip ip=<ip> - clear the reverse IP assigned Syntax - show dhcpsrv <config|stat us|leases> - display the DHCP server co nfiguration, leases as well as status DHCP Services are availab[...]

  • Seite 84

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 83 Gateway : 192.168.10.1 Lease time : 8 Hours Magnum6K25(dhcpserv er)## dhcpsrv stop The Server takes few seconds to Stop...................... ........... Magnum6K25(dhcpserv er)## exit Magnum6K25# F IGURE 51 – Setting up DHCP Server on MNS-6K-SECURE List of commands in this c ha pter Syntax - dhcpsrv <s[...]

  • Seite 85

    Chapter 6 6 – SNTP Ser v er Synchr oniz ing the time…. fter discussing how to setup an SNTP client in an earlier chapter, it is important to figure out where the synchronizing server or the clock synchronization information comes from. This chapter discusses the details on how a Magnum switch can be setup as a SNTP server. A SNTP - prerequisite[...]

  • Seite 86

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Time or Temps Atomique International (TAI) by inserting leap seconds at intervals of about 18 months. UTC time is disseminated by various m eans, including radio and satellite navigation systems, telephone modems and portable clocks. In 1981 the time synchronizati on technology was documented in the now histori[...]

  • Seite 87

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Stratum 2 devices will peer with other Stratum 2 devices to provide more stable and robust time for all devices in the peer group. Stratum 2 devices normally act as servers for Stratum 3 NTP requests. Stratum 3 These devices employ exactly the same NTP functions of peering and data sampling as Stratum 2, and ca[...]

  • Seite 88

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE MNS-6K-SECURE Implementa tion Syntax sntpserver – enter the SNTP Server configuration mode Syntax sntpsrv <start|stop> - Start or stop the SNTP Services Syntax show sntpsrv – display the status of SNTP server The usage of the commands are shown below. Magnum6K25# sntpserver Magnum6K25(sntpserv er)## M[...]

  • Seite 89

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 88 List of commands in this c ha pter Syntax sntpserver – enter the SNTP Server configuration mode Syntax sntpsrv <start|stop> - Start or stop the SNTP Services Syntax show sntpsrv – display the status of SNTP server[...]

  • Seite 90

    Chapter 7 7 – Access Consider a tions Securing the switch access…. his section explains how the access to the GarrettCom Magnum MNS-6K can be secured. Further security considerations are also covered such as securing access by IP address or MAC address. T Securing access It as ac is assumed here that the user is familiar with issues concerning [...]

  • Seite 91

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE P or t Security The port security feature can be used to bloc k computers from accessing the network by requiring the port to validate the MAC addre ss against a known list of MAC addresses. This port security feature is provided on an Et hernet, Fast Ethernet, or Gigabit Ethernet port. In case of a security vi[...]

  • Seite 92

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25(port-security )## F IGURE 56 – Port security configuration mode From the port-security configuration mode , the switch can be configured to: 1) Auto-learn the MAC addresses 2) Specify individual MAC addresses to allow access to the network 3) Validate or change the settings The commands for doing t[...]

  • Seite 93

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Note 1: There is a limitation of 200 MA C addresses per port and 500 MAC addresses per Switch for Port Security. Note 2: All the commands listed above have to be executed under the port-security configuration mode. Syntax clear <history|log [1..5 |informational |activity |critical |fatal |debug] |terminal |a[...]

  • Seite 94

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 11 ENABLE NONE NONE DISABLE 0 Not Configured 12 ENABLE NONE NONE DISABLE 0 Not Configured 13 ENABLE NONE NONE DISABLE 0 Not Configured 14 ENABLE NONE NONE DISABLE 0 Not Configured 15 ENABLE NONE NONE DISABLE 0 Not Configured 16 ENABLE NONE NONE DISABLE 0 Not Configured Magnum6K25(port-security )## F IGURE 60 ?[...]

  • Seite 95

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 00:07:50:ef:31:40 00:e0:29:22:15:85 00:03:47:ca:ac:45 00:30:48:70:71:23 00:c1:00:7f:ec:00 11 ENABLE NONE NONE ENABLE 0 00:c1:00:7f:ec:00 13 ENABLE NONE NONE DISABLE 0 00:c1:00:7f:ec:00 F IGURE 62 – Allowing specific MAC address on specific ports. After the MAC addr ess is specified, the port or specific ports[...]

  • Seite 96

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 9) (Optional step) Set the notification to notif y the management station on security breach attempts (Use command ‘signal port’ to make a log entry or send a trap) Magnum6K25# port-security Magnum6K25(port-security )## ps enable Port Security is already enabled Magnum6K25(port-se curity)## learn p ort=11 e[...]

  • Seite 97

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Once port security is setup, it is important to manage the log and review the log often. If the signals are sent to the trap receiver, the traps should also be reviewed for intrusion and other infractions. Syslog and Logs Logs are available on MNS-6K as well as MNS-6K-SECURE. Syslog functionality is a feature o[...]

  • Seite 98

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Code Description 0 Emergency (or Fatal) system is unusable – called “fatal” in show log command 1 Alert : action must be taken immediately 2 Critical : critical conditions 3 Error : error conditions 4 Warning : warning conditions 5 Notice : normal but significant condition – called “note” in show lo[...]

  • Seite 99

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE The ‘show log’ command displays the log information and the ‘clear log’ command clears the log entries. Syntax show log [fatal|alert|crit| error|warn|note|info|debug] – display the log Syntax clear log [fatal|alert|c rit|error|warn|note|info|debug] – clear the log Syntax set logsize size=<1-1000&[...]

  • Seite 100

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Note 06-23-2007 05:59:02 P.M SNTP:SNTP Clie nt Started Note 06-23-2007 05:59:09 P.M SNTP:SNTP Time Synch roni zed Note 06-23-2007 05:59:10 P.M SNTP:SNTP Time Synch roni zed Note 06-23-2007 05:59:36 P.M CLI:Sessi on Started from Telnet: 192.168.5.2 Note 06-23-2007 05:59:39 P.M SNTP:SNTP Time Synch roni zed Note [...]

  • Seite 101

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Server Added Magnum6K25 (syslog)## show syslog SysLog Status: Disabled Server ID: 1 SysLog Server Host : 192.168.5.2 Server Logging : Disabled Log Events : Default Server ID: 2 SysLog Server Host : 192.168.5.98 Server Logging : Disabled Log Events : Default Local Log Events : Default Magnum6K25 (syslog)## serve[...]

  • Seite 102

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Server Enabled Magnum6K25 (syslog)## show syslog SysLog Status: Disabled Server ID: 2 SysLog Server Host : 192.168.5.98 Server Logging : Enabled Log Events : warn Local Log Events : Default Magnum6K25 (syslog)## syslog enable SysLog Enabled Magnum6K25 (syslog)## show syslog SysLog Status: Enabled Server ID: 2 S[...]

  • Seite 103

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE attempts. This provides a chronological en try of all intrusions attempted on a specific port. The event log records events as single-line entries listed in chronological order, and serves as a tool for isolating problems. Each event log entry is composed of four fields Severity – the level of severity (see b[...]

  • Seite 104

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE deny – deny specified services for specified IP addresses – IP addresses can be individua l stations, a group of stations or subnets. Th e range is determined by the IP address and netmask settings remove – eliminate specified entry fr om the authorized manager list removeall – remove all aut horized ma[...]

  • Seite 105

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax configure port-security – sets the port authorization based on MAC addresses Syntax port-security – configure port security settings Syntax allow mac=<address|list|range> port=<num|list |range> - specify a specific MAC address or MAC address list Syntax learn port=<number-list> <[...]

  • Seite 106

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 105 Syntax deny ip=<ipaddress> mask=< netmask> service=<name|li st> - deny specific IP address or range of IP addresses Syntax remove ip=<ipaddress> mask=<netmask> - delete a specific IP address from the access or trusted host list Syntax removeall – remove all IP addresses of tr[...]

  • Seite 107

    Chapter 8 8 – Access Using RADIUS Using a RADIUS ser ver to authenticate access…. his feature is available in MNS-6K-S ECURE only. The IEEE 802.1x standard, Port Based Network Access Control , defines a mechanism for port-based network access control that makes use of the physical access characteris tics of IEEE 802 LAN infrastructure. It provi[...]

  • Seite 108

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE received from the supplicant to a suitable authentication server. This allows the verification of user credentials to determine the consequent port authorization state. It is important to note that the authenticator’s functionality is independent of the actual authentication method. It effectively acts as a p[...]

  • Seite 109

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 108 F IGURE 69 – 802.1x authentication details 1. The supplicant (laptop/host) is initially blocked from accessing the network. The supplicant wanting to access these services starts with an EAPOL-Start frame 2. The authenticator (Magnum 6K switch), upon receiving an EAPOL-start frame, sends a response with a[...]

  • Seite 110

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE The Magnum MNS-6K software implements the 802. 1x authenticator. It fully conforms to the standards as described in IEEE 802.1x, implementing all the state machines needed for port- based authentication. The Magnum MNS-6K So ftware authenticator supports both EAPOL and EAP over RADIUS to communicate to a standa[...]

  • Seite 111

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE maxreq – [optional] The maximum number of time s the authenticator will retransmit an EAP Request packet to the Supplicant before it times out the authentication session. Its default value is 2. It can be set to any integer value from 1 to 10. Syntax portaccess port=<num|list|range> [q uiet=<0-65535&[...]

  • Seite 112

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25(auth)## auth disable 802.1X Authenticator is disabled. Magnum6K25(auth)## au thserver ip=192.168.1.239 secret=secret This command is not necess ary, however is shown for completeness in case there wa s a RADIUS server defined and a previously se t authentication scheme Successfully set RADIUS Aut hen[...]

  • Seite 113

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25(auth)## show-port bac kend Port Supp Timeout Server Timeout Max Request (sec) (sec) ========== ================ ================= ====== 1 30 30 2 2 45 60 5 3 30 30 2 4 30 30 2 5 30 30 2 6 30 30 2 7 30 30 2 8 30 30 2 9 30 30 2 10 30 30 2 11 30 30 2 12 30 30 2 13 30 30 2 14 30 30 2 15 30 30 2 16 30 30[...]

  • Seite 114

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25(auth)## show-port reauth Port Reauth Status Reauth Period (sec) ========== ================ ================= ====== 1 Enabled 300 2 Enabled 3600 3 Enabled 3600 4 Enabled 3600 5 Enabled 3600 6 Enabled 3600 7 Enabled 3600 8 Enabled 3600 9 Enabled 3600 10 Enabled 3600 11 Enabled 3600 12 Enabled 3600 13[...]

  • Seite 115

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE List of commands in this c ha pter Syntax auth - configuration mode to conf igure the 802.1x parameters Syntax show auth <config|ports> - show the 802.1x configuration or port status Syntax authserver [ip=<ip-addr>] [ udp=<num>] [secret=<string>] - define the RADIUS server – use UDP so[...]

  • Seite 116

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 115 Syntax reauth port=<num|list|range> [status=<e nable|disable>] [period=<10-86400>] - set values on how the authenticator (Magnum 6K switch) does the re-authen tication with the supplicant or PC port – [mandatory] – ports to be configured status – [optional] This enables/disables re-a[...]

  • Seite 117

    Chapter 9 9 – Access Using T A CA CS+ Using a TACACS+ ser ver to authenticate access…. his feature is available in MNS-6K-SECURE. TACACS+, short for Terminal Access Controller Access Control System, protocol prov ides access control for routers, network access servers and other networked computing de vices via one or more centralized servers. T[...]

  • Seite 118

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE T ACA CS+ F lo w TACACS works in conjunction with the local use r list on the MNS-6K software (operating system.) Please refer to User Management for adding users on the MNS-6K software. The process of authentication as well as authoriz ation is shown in the flow chart below. Login User in Local User Lis t? Yes[...]

  • Seite 119

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE is authentication where the user is verified against the network user database. The second stage is authorization, where it is determined whether th e user has operator access or manager privileges. T ACA CS+ Pac k et Packet encryption is a supported and is a configurable option for the Magnum MNS-6K software. [...]

  • Seite 120

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax tacplus <enable|disable> [ or der=<tac,local | local,tac>] - enable or disable TACACS authentication, specifying the order in which the serv er or local database is l ooked up where “tac,local” implies, first the TACAS+ server, then local logi ns on the device. Default order is Local then[...]

  • Seite 121

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE ========== ================ ================= ===== 1 10.21.1.170 49 Enabled secret 2 10.21.1.123 49 Enabled some 3 -- -- -- -- 4 -- -- -- -- 5 -- -- -- -- Magnum6K25(user)## tacserver delete id=2 TACACS+ server is d elete d. Magnum6K25(user)## show tacplus servers ID TACACS+ Server Port Enc rypt Key ==========[...]

  • Seite 122

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 121 [key=<string>] – [optional for add, mandatory with encrypt] when encryption is enabled, the secret shared key string must be supplied [mgrlevel=<level>] and [oprlevel=<level>] – [optional] specifies the manager and operator level as defined on the TACACS+ server for the respective leve[...]

  • Seite 123

    Chapter 10 10 – P or t Mir r oring and Setup Setup the ports for netw ork speeds , perfor mance as w ell as for monitoring…. his section explains how individual characteris tics of a port on the GarrettCom Magnum 6K family of switches are setup. For monitoring a specific port, the traffic on a port can be mirrored on another port and viewed by [...]

  • Seite 124

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE The set of commands show how port 11 is mirrored on port 13. Any traffic on port 11 is also sent on port 13. Magnum6K25# show port-mirror Sniffer Port : 0 Monitor Port : 0 Mirroring State : disabled Magnum6K25# port-mirror Magnum6K25(port-mirror)## setpor t monitor=11 sniffer=13 Port 11 set as Monitor Port Port[...]

  • Seite 125

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE speed – specifically sets the speed to be 10 or 100Mbps. Note – this works only with 10/100 ports – with 10Mbps ports, the option is ignored. No error is shown. See speed settings section below. flow – sets up flow control on the port. See Flow Control section below bp – back pressure – enables back[...]

  • Seite 126

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE with the 802.3u standard, then the port conf iguration on the switch must be manually set to match the port configuration on the other device. Possible port setting combinations for copper ports are: • 10HDx: 10 Mbps, Half-Duplex • 10FDx: 10 Mbps, Full-Duplex • 100HDx: 100 Mbps, Half-Duplex • 100FDx: 10[...]

  • Seite 127

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE where xonlimit can be from 3 to 30, default value is 4 xofflimit from 3 to 127, default value is 6 Syntax show flowcontrol Bac k Pr essur e Back Pressure is for half duplex operations and the controls provided indicates the number of buffers allowed for incoming traffic before a xon/xoff message is sent. Disabl[...]

  • Seite 128

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25# device Magnum6K25(device)## show flowcontrol XOnLimit : 4 XOffLimit : 6 Magnum6K25(device)## flowcontrol xonlimit=10 xofflimit=15 XOn Limit set successf ully XOff Limit set success fully Magnum6K25(device)## show flowcontrol XOnLimit : 10 XOffLimit : 15 Magnum6K25(device)## show backpressure Rx Buff[...]

  • Seite 129

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Port Back Pressure : Disable Port Events Notify : log,trap,alarm Magnum6K25(device)## setport port=11 flow=enable bp=enable Magnum6K25(device)## show port Keys: E = Enable D = Disable H = Half Duplex F = Full Duplex M = Multiple VLAN's NA = Not Applicable LI = Listening LE = Learning F = Forwarding B = Blo[...]

  • Seite 130

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 129 programs (including some network games) ar e used. Storms can reduce network performance and cause bridges, routers, workstations, serv ers and PC's to slow down or even crash. Pr e v enting br oadcast stor ms The Magnum 6K family of switches is capa ble of detecting and limiting storms on each port. A[...]

  • Seite 131

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 130 13 Enabled 19531 0 NO 14 Enabled 19531 0 NO 15 Enabled 19531 0 NO 16 Enabled 19531 0 NO Magnum 25(device ) # rate-threshold p rate 6K # ort=11 =3500 Broadcast Rate Threshold set Magnum6K25(de vice)## show broadcast-prote ct ======================= ========================== ===================== PORT | STAT[...]

  • Seite 132

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 131 Syntax flowcontrol xonlimit=<value> xofflimit =<value> - configure flow control buffers yntax show flowcontrol – display flow control buffers yntax backpressure rxthreshold=<value> - configure backpressure b uffers yntax show backpressure – display backpressure buffers yntax broadcast-[...]

  • Seite 133

    132 11 – VLAN Cr eate separate netw ork segments (collision domains) across Magnum 6K family of switches….. hort for virtual LAN (VLAN) , a VLAN creates separate collision do mains or network segments that can span multiple Magnum 6K fami ly of switches. A VLAN is a group of ports designated by the switch as belonging to the same broadcast doma[...]

  • Seite 134

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 133 A group of network users (ports) assigned to a VLAN form a broadcast domain. Packets are forwarded only between ports that are de signated for the same VLAN. Cross-domain broadcast traffic in the switch is elimina ted and bandwidth is saved by not allowing packets to flood out on all ports. For many reas on[...]

  • Seite 135

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 134 MNS-6K-SECURE supports up to 256 VLANs. F IGURE 80 – routing between different VLANs is perfor med usi ng a router such as a Magnum DX device or a Layer 3 switch (L3-switch) MNS-6K supports up to 32 VLANs per switch. MNS-6K-SECURE supports up to 256 VLANs per switch. Cr ea ting VLANs Creating VLAN and to [...]

  • Seite 136

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax add id=<vlan Id> [name=<v lan na me>] port=<number|list|range> [forbid=<number|list|range>] [<mgt|nomgt>] Disabling Management on VLAN Use the <nomgt> option when creating a VLAN as shown in the add id command abov e. Starting VLANs Syntax start vlan=<name|number|li[...]

  • Seite 137

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE have access to that information. No one else can access that VLAN. Similarly, if another switch had video surveillance equipment on VL AN 20 then only ports with access to VLAN 20 can have access to the video surveillance information. Finally, one port can belong to multiple VLANs – so depending on the functi[...]

  • Seite 138

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 1. A word of caution – when TAG VLAN filtering is enabled, there can be serious connectivity repercussions – the only way to recove r from that it is to reload the switch without saving the configuration or by modifying the configuration from the console (serial) port 2. There can be either TAG VLAN on MSN-[...]

  • Seite 139

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE VLAN ID: 30 Name : marketing Status : Active ========== ============== PORT | STATUS ========== ============== 14 | DOWN Magnum6K25(port-v lan)## stop vlan=all All active VLAN's stopped. Magnum6K25(port-v lan)## exit Magnum6K25# show active-vlan Tag VLAN is currently active. Magnum6K25# show vlan VLAN ID: [...]

  • Seite 140

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Tag based vlan Added Successfully. Vlan id :20 Vlan name : sales Ports :14-16 Magnum6K25(tag-vlan)## add id=20 name=marketing port=14-16 ERROR: Duplicate Vlan Id Magnum6K25(tag-vlan)## add id=30 name=marketing port=14-16 Tag based vlan Added Successfully. Vlan id :30 Vlan name : marketing Ports :14-16 Magnum6K2[...]

  • Seite 141

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 14 | UNTAGGE D | DOWN 15 | UNTAGGE D | DOWN 16 | UNTAGGED | DOWN VLAN ID: 30 Name : marketing Status : Pending ---------- -------------- ---------------- ------------ PORT | MODE | STATUS ---------- -------------- ---------------- ------------ 14 | UNTAGGE D | DOWN 15 | UNTAGGE D | DOWN 16 | UNTAGGED | DOWN Mag[...]

  • Seite 142

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE ---------- -------------- ---------------- ------- PORT | MODE | STATUS ---------- -------------- ---------------- ------- 14 | UNTAGGED | DOWN 15 | UNTAGGED | DOWN 16 | UNTAGGED | DOWN VLAN ID: 20 Name : sales Status : Active ---------- -------------- ---------------- ------- PORT | MODE | STATUS ---------- --[...]

  • Seite 143

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 2 | UNTAGGED | DOWN 3 | UNTAGGED | DOWN 4 | UNTAGGED | DOWN 5 | UNTAGGED | DOWN 6 | UNTAGGED | DOWN 7 | UNTAGGED | DOWN 8 | UNTAGGED | DOWN 9 | UNTAGGED | DOWN 10 | UNTAGGED | DOWN 11 | UNTAGGED | DOWN 12 | UNTAGGED | DOWN 13 | UNTAGGED | DOWN 14 | UNTAGGED | DOWN 15 | UNTAGGED | DOWN 16 | UNTAGGED | DOWN VLAN [...]

  • Seite 144

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Port 1 Default ID : 1 Filter Status : DISABLED. VLAN Memberships: Vlan: 1 Status : Active UNTAGGED Port 2 Default ID : 1 Filter Status : DISABLED. VLAN Memberships: Vlan: 1 Status : Active UNTAGGED <Deleting repeated information for port s 3 through 12> Port 13 Default ID : 1 Filter Status : DISABLED. VLA[...]

  • Seite 145

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25(tag-vlan)## show-port VLAN Port Status. Port 1 Default ID : 1 Filter Status : DISABLED. VLAN Memberships: Vlan: 1 Status : Active UNTAGGED Port 2 Default ID : 1 Filter Status : DISABLED. VLAN Memberships: Vlan: 1 Status : Active UNTAGGED <Deleting repeated information for port s 3 through 12> P[...]

  • Seite 146

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE VLAN Port Status. Port 14 Default ID : 1 Filter Status : ENABLED. VLAN Memberships: Vlan: 1 Status : Active UNTAGGED Vlan: 10 Status : Active TAGGED Vlan: 20 Status : Active TAGGED Vlan: 30 Status : Active TAGGED In the above example, "s how-port" command provides a perspe ctive on which VLANs are ass[...]

  • Seite 147

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax set-port port=<number|list|range> ta gging id=<number> status=<tagged| untagged> defines whether the outgoing packets from a port will be tagged or untagged. Syntax set-port port=<number|list |range> join id=<number> adds the specified port(s) to the specified VLAN id Syntax[...]

  • Seite 148

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Chapter 12 12 – Spanning T r ee Pr otocol (STP) Cr eate and manage alter nate paths to the netw ork panning Tree Protocol was designed to avoi d loops in an Ethernet network. An Ethernet network using switches can have redundant pa ths – this may however cause loops and to prevent the loops MNS-6K software [...]

  • Seite 149

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 148 V ariable or Attribute Default Value STP capabilities Disabled reconfiguring general operation priorit y 32768 Bridge maximum age 20 seconds Hello t ime 2 seconds Forward dela y 15 seconds R econfiguring per-port STP path cos t 0 Priorit y 32768 Mode Normal Monitoring of STP Not Available Root Por t Not se [...]

  • Seite 150

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 149 Bridge ID : 80:00:00:20:06:25:ed:80 Bridge Priority : 32768 Bridge Forward Delay : 15 Bridge Hello Time : 2 Bridge Max Age : 20 Root Port : 0 Root Path Cost : 0 Designated Root : 80:00:00:20:06:25:ed:80 Designated Root Priority : 32768 Root Bridge Forward Delay : 15 Root Bridge Hello Time : 2 Root Bridge Ma[...]

  • Seite 151

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 150 Designated Root : shows the MAC address of the bridge in the network elected or esignated as the root bridge. Normally when STP is not enabled the switch designates rity : shows the designated root brid ge’s priority. Default value is 2768 ridge Forward Delay : indicates the designated root bridge’s for[...]

  • Seite 152

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 151 Priority: STP uses this to determine which por ts are used for forwarding. Lower the umber means higher priority. Value ranges from 0 to 255. Default is 128 mine the rwarding points. Values range from 1 to 65535 alues can be Listening, Learning, orwarding, Blocking and Disabled. ated root bridge nfiguration[...]

  • Seite 153

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 152 STP CONFIGURATION ------------ -- --- Spanning Tree Enabled(Global) : YES Spanning Tree Enabled(Ports) : YES, 9,10,11,12,13,14,15,16 Protocol : Normal STP Bridge ID : 80:00:00:20:06:25:ed:80 Bridge Priority : 32768 Bridge Forward Delay : 15 Bridge Hello Time : 2 Bridge Max Age : 20 Root Port : 0 Root Path C[...]

  • Seite 154

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 153 : specifies the switch (bridge) priority va lue. Priority This value is used along with the witch MAC address to determine which switch in the network is the root device. Lower h ports re the forwarding points. A higher cost me ans the link is “more expensive” to use and port from participat ing in STP [...]

  • Seite 155

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 154 STP Port Configuration ---------- -------------- ---------------- -------------- ---------------- ---------------- -------------- ---------------- ---- Port# Type Priority Path Cost State Des. Bri dge Des. Port ---------- -------------- ---------------- -------------- ---------------- ---------------- -----[...]

  • Seite 156

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 155 14 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0e 15 TP(10/100) 128 100 Disabled 80:00:00:20:06:25:ed:80 80:0f 16 TP(10/100) 128 100 Disabled 8 0:00:00:20:06:25:ed:80 80:10 Magnum6K25(stp)## priority value= 15535 Successfully set the bridge priority Magnum6K25(stp)## show stp config STP CONFIGURA[...]

  • Seite 157

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 156 Setting cost for STP...Successfully set the path cost for port 13 Magnum6K25(stp)## show stp ports STP Port Configuration ---------- -------------- ---------------- -------------- ---------------- ---------------- -------------- ---------------- ---- Port# Type Priority Path Cost State Des. Bri dge Des. Por[...]

  • Seite 158

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 157 Magnum6K25(stp)## show stp config STP CONFIGURATION ------------ -- --- Spanning Tree Enabled(Global) : YES Spanning Tree Enabled(Ports) : YES, 9,10,11,12,13,14,15,16 Protocol : Normal STP Bridge ID : 80:00:00:20:06:25:ed:80 Bridge Priority : 15535 Bridge Forward Delay : 15 Bridge Hello Time : 2 Bridge Max [...]

  • Seite 159

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 158 RSTP CONFIGURATION ------------ -- --- Rapid STP/STP Enabled(Global) : NO Magnum6K25(stp)## F IGURE 86 – Configuring STP parameters List of commands in this c ha pter his command lists the switch’s full STP configuration, including ge s rt (Enable) or stop (Disable) STP -65535> - specifies the port o[...]

  • Seite 160

    Chapter 13 13 – Rapid Spanning T r ee Pr otocol (RSTP) Cr eate and manage alter nate paths to the netw ork apid Spanning Tree Protocol (RTSP), like STP, was designed to avoid loops in an Ethernet network. Rapid Spanning Tree Protocol (RSTP) (IEEE 802.1w) is an evolution of the Spanning Tree Protocol (STP) (802.1d standard ) and provides for faste[...]

  • Seite 161

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE • STP relays configuration messages receive d on the root port going out of its designated ports. If an STP switch (bridge) fails to receive a message from its neighbor it cannot be sure where along the path to the root a failure occurred. RSTP switches (bridges) generate their ow n configuration messages, ev[...]

  • Seite 162

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Even though RSTP interoperates with STP, RSTP is so much more efficient at establ ishing the network path and the network convergence in case of a failure is very fast. For this reason, GarrettCom recommends that all your network devices be updated to support RSTP. RSTP offers convergence times typically of les[...]

  • Seite 163

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax rstp <enable|disable> - enable RSTP – by default, this is disabled and has to be manually activated Syntax port port=<number|list|range> [status=<enable|disable>] [migration=<enable>] [edge=<enable|disable>] [p2p=<on|off|auto>] Example port port=<number|list|range[...]

  • Seite 164

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE RSTP CONFIGURATION ------------ -- --- Rapid STP/STP Enabled(Global) : YES RSTP/STP Enabled Ports : 9,10,11,12,13,14,15,16 Protocol : Normal RSTP Bridge ID : 00:00:00:20:06:25:ed:89 Bridge Priority : 0 Bridge Forward Delay : 15 Bridge Hello Time : 02 Bridge Max Age : 20 Root Port : 0 Root Path Cost : 0 Designat[...]

  • Seite 165

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Root Path Cost : a path cost is assigned to indivi dual ports for the switch to determine which ports are the forwarding points. A higher cost means more loops; a lower cost means fewer loops. More loops equal more traffic an d a tree which takes a long time to converge – resulting in a slower system Designat[...]

  • Seite 166

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Port#: indicates the port number. Value ranges from 01 to max number of ports in the switch Type: indicates the type of port – TP indicates Twisted Pair Priority: STP uses this to determine which ports are used for forwarding. Lower the number means higher priority. Value ranges from 0 to 255. Default is 128 [...]

  • Seite 167

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 06 TP(10/100) 128 200000 Forwar ding 80:00:00:2 0:06:30:00:01 00:06 07 TP(10/100) 128 200000 Discardi ng 80:00:00:20:06:2b:0f:e1 00:07 08 TP(10/100) 128 2000000 Disabled 00:08 09 Gigabit 128 20000 Forwarding 80:00:00:20:06:2b:0f:e1 00:09 10 Gigabit 128 20000 Forwarding 80:00:00:20:06:30:00:01 00:0a Magnum6K25# [...]

  • Seite 168

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Status: Enables or disables a port from participat ing in STP discovery. It’s best to only allow trunk ports to participate in STP. End st ations need not participate in STP process. Forward-Delay : indicates the time duration the switch will wait from listening to learning states and from learning to forward[...]

  • Seite 169

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Root Port : 0 Root Path Cost : 0 Designated Root : 00:00:00:20:06:25:ed:89 Designated Root Priority : 0 Root Bridge Forward Delay : 15 Root Bridge Hello Time : 02 Root Bridge Max Age : 20 Topology Change count : 0 Time Since topology Chg : 33 Magnum6K25(rstp)## show rstp ports RSTP Port Configuration ----------[...]

  • Seite 170

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Root Bridge Max Age : 20 Topology Change count : 0 Time Since topology Chg : 100 Magnum6K25(rstp)## forceversion rstp Magnum6K25(rstp)## show-forceversion Force Version : Normal RSTP Magnum6K25(rstp)## show rstp config RSTP CONFIGURATION ------------ -- --- Rapid STP/STP Enabled(Global) : YES RSTP/STP Enabled P[...]

  • Seite 171

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25(rstp)## priority port=13 value=100 Magnum6K25(rstp)## show rstp ports RSTP Port Configuration ---------- -------------- ---------------- -------------- ---------------- ---------------- -------------- ------------- Port# Type Priority Path Cost State Des. Bridge Des . Port ---------- -------------- -[...]

  • Seite 172

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 16 TP(10/100) 128 2000000 Disabled 00:10 Magnum6K25(rstp)## port port=9 status=enable Magnum6K25(rstp)## show rstp ports RSTP Port Configuration ---------- -------------- ---------------- -------------- ---------------- ---------------- -------------- -------------- Port# Type Priority Path Cost State Des. Brid[...]

  • Seite 173

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE List of commands in this c ha pter Syntax set stp type=<stp|rstp> - Set the switch to support RSTP or chan ge it back to STP. Need to save and reboot the switch after this command Syntax rstp – enter the RSTP configuration mode Syntax rstp <enable|disable> - enable RSTP – by default, this is dis[...]

  • Seite 174

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 173 Syntax timers forward-delay=<4-30> hello=<1-10> age=<6-160> - change the STP Forward delay, Hello timer and Aging timer values[...]

  • Seite 175

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Chapter 14 14 – S-Ring™ and Link-Loss-Lear n™ (LLL) Speed up r ecover y fr om faults in Ether net networks S -Ring uses ring topology to provide fast recovery from faults. These are based on industry standard STP technologies. These technologies have been adapted to ring recovery applications by GarrettCo[...]

  • Seite 176

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE S-Ring and LLL concepts S-Ring is built upon networking software standards such as IEEE 02.1d Spanning Tree Protocol (STP) or Rapid Spanning Tree Protocol STP) based on IEEE 802.1w. The pur pose of S-Ring is to define two orts which participate in the RSTP/STP tree structure in a ring topology as opposed to a m[...]

  • Seite 177

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 3. There can be multiple S-Rings on a given Magnum 6K switch. There can be multiple ring topologies in a network. Each ring has to be a separate ring. Ring of rings or overlapping rings are not supported at this time 4. S-Ring topologies support one failure in the network. A second failure may create isolated n[...]

  • Seite 178

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE S-Ring with LLL RSTP STP Resiliency Fast recovery from a single point of failure. Ring Master is responsible for decision making Multiple points of failure – each connected node can be in stand-by Multiple points of failure – each connected node can be in stand-by Software Cost Licensed per ring Included in[...]

  • Seite 179

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE F IGURE 92 – Normal RSTP/STP operations in a series of sw itches. Note – this normal status is designated RING_CLOSED BP D U T r a ff i c Forward ing Port Bl ockin g Port BP D U T r a ff i c Forward ing Port Bl ockin g Port This normal status is designated as RING_CLOSED. Operations will continue this way i[...]

  • Seite 180

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 179 F IGURE 93 – A fault in the ring interrupts traffic. The bl ocking port now becomes forwarding s o that traffic can reach all switches in the network Note – the mP62 as well as the ESD42 switches support LLL and can participate in S-Ring as an access switch When this change is made by RSTP/STP and bot h[...]

  • Seite 181

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE F IGURE 94 – More than one S-Ring pair can be selected an d more than one S-Ring can be defined per switch. Note – the mP62 as well as the ES42 swit ches support LLL and can participate in S-Ring as an access switch Ring 1 Ring 2 Ring 1 Ring 2 More than one S-Ring port-pair may be selec ted per ring control[...]

  • Seite 182

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE When the fault is cured, the re-emergence of th e ring structure enables the BPDU packets to flow again between the ring’s por t-pair. This is recognized by S-Ring (and RSTP/STP), and one of the ports in the ring’s port pair is changed to the bloc king state. S-Ring takes the recovery action immediately, no[...]

  • Seite 183

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE please contact GarrettCom Inc. Sales (for purchasing the S-Ring feature) or Technical Support (to obtain the 12 character key.) If th e S-Ring capability was purchased along with the switch, the software license code will be included with the switch. Syntax authorize <module> key=<security key> - ac[...]

  • Seite 184

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE • Same Duplex and • LLL - enable The necessary commands are Syntax stp – STP Configuration mode Syntax stp <enable|disable> - Start (Enable) or stop (Disable) ST P Syntax set stp type=<stp|rstp> - set the spanning tree protocol to be IEEE 802.1d or 802.1w (Spanning Tree Protocol or Rapid Spann[...]

  • Seite 185

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Ports 1 and 7 Configured f or sRing O peration Magnum6K25# show s-ring Magnum Ring Status: sRing Status: ENABLED Port 1 Port 2 Status 1 7 CLOSED F IGURE 96 – S-Ring configuration commands for root switch If the BPDU stream is broken, or it finds the Link-Loss-Learn signal, the system will immediately force ST[...]

  • Seite 186

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Link-Loss-Learn Enabled. Magnum6K25(stp)## lll a dd port=1,2,3 Added Ports: 1,2,3 Magnum6K25(stp)## show lll Link-Loss-Learn Status: LLL Status: ENABLED LLL Enabled on Ports: 1,2,3 Magnum6K25(stp)## lll d el port=2,3 Deleted Ports: 2,3 Magnum6K25(stp)## lll d isable Link-Loss-Learn Disa bled. F IGURE 97 – Lin[...]

  • Seite 187

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 186 Syntax lll add port=<port|list|range> - enable LLL on the list of specified ports Syntax lll del port=<port|list|range> - disable LLL on the list of specified ports Syntax show lll – display the status of LLL Syntax rstp – STP Configuration mode Syntax rstp <enable|disable> - Start (En[...]

  • Seite 188

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Chapter 15 15 – Dual-Homing F a ult tolerance options for edge devices esigning and implementing high-availa bility Ethernet LAN topologies in networks can be challenging. Traditi onally, the choices for redundancy for edge of the network devices were too limited, too expensive, and too complicated to be cons[...]

  • Seite 189

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE F IGURE 98 – Dual-homing using ESD42 switch and Magnum 6K family of switches. In case of a connectivity break – the connection switch es to the standby path or standby link = Active li nk = Standby Link In those situations where the end device is a PoE device (for example, a video surveillance camera, as sh[...]

  • Seite 190

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 189 switches upstream. With MNS-6K, the user has to define the set of ports which m ake up the dual-home ports. F IGURE 100 – Using S-Ring and dual-homing, it is possible to build networks resilient not only to a single link failure but also for one device failing on the network The following points should be[...]

  • Seite 191

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Dual-Homing Modes There are two modes in which the dual-homing works. The first one is where the ports are “equivalent” i.e. if one port fa ils, the other one take over, however, if the first (failed) port recovers, the active port does not switch back. The second mode of operation is primary-sec ondary mod[...]

  • Seite 192

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25# dualhome ? dualhome : Configures Dual homing Usage dualhome <enter> Magnum6K25# show dualhome Dual Homing Status : DISABLED Magnum6K25# dualhome Magnum6K25(dualhome)## dualhome add port1=10 port2=11 Dual Homing Ports configured Magnum6K25(dualhome)## dualhome enable Dual Homing Enabled. Magnum[...]

  • Seite 193

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 192 List of commands in this c ha pter Syntax dualhome – enter the dual-homing configuration sub-system Syntax dualhome <enable|disable> – enable or disable dual- homing Syntax dualhome add port1=<p ort#> port2=<port#> – dual-homing setup similar to that of unmanaged switches such as ESD[...]

  • Seite 194

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Chapter 16 16 – Link Agg re ga tion Contr ol Pr otocol (LA CP) Incr ease Network thr oughput and r eliability ink aggregation Link Aggregation Control Pr otocol (LACP) is part of an IEEE specification (IEEE 802.3ad) that allows several physical ports to be grouped or bundled together to form a single logical [...]

  • Seite 195

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE The performance is improved because the capacity of an aggregated link is higher than each individual link alone. 10Mbps or 10/100Mbps or 100Mbps ports can be grouped together to form one logical link. Instead of adding new hardware to increase speed on a trunk – one can now use LACP to incrementally increase[...]

  • Seite 196

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE F IGURE 102 – Some valid LACP configurations. Should trunks be created so as to span mu ltiple ports, a “tru nk mismatch” error message is printed on the console. An example of an incorrect configuration is shown below. Switch 1 Switch 2 F IGURE 103 – an incorrect LACP connection scheme for Magnum 6K fa[...]

  • Seite 197

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE between the switches and hence the LACPDU cannot be transmitted. This configuration will not work in the LACP m ode. VLAN 20 VLAN 10 Switch 2 Switch 1 F IGURE 105 - In the figure above, there is no common VLAN between the two sets of ports, so packets from one VLAN to another cannot be forwarded. Th ere should [...]

  • Seite 198

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE F IGURE 106 – This configuration is similar to the prev ious configuration, except there is a common VLAN (VLAN 1) between the two sets of LAC P ports. This is a valid configuration. Switch 1 Switch 2 Switch 3 F IGURE 107 – In the architecture above, using RSTP and LAC P allows multiple switches to be co nf[...]

  • Seite 199

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 198 F IGURE 108 – LACP, along with RSTP/STP brings redund ancy to the network core or backbone. Using this reliable core with a dual -homed edge switch brings reliabilit y and redundancy to the edge of the network It is recommended not to use LA CP with S-Ring at this time. Since S-Ring and LACP use the same [...]

  • Seite 200

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE S-Ring 2 S-Ring 1 F IGURE 109 – This architecture is not recommende d LACP can be used for creating a reliable ne twork between two fac ilities connected via a wireless bridge. As shown in the figure belo w, four trunk ports are connected to four wireless bridge pairs. This increases the e ffective throughput[...]

  • Seite 201

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 200 F IGURE 110 – Creating a reliable infrastruc ture using wireless bridges (bet ween two facilities) and LACP. “A” indicates a Wi-Fi wireless Bridge or other wireless Bridges. The list of commands to c onfigure, edit and manage LACP on the Magnum 6K family of switches is the following: Syntax lacp - ena[...]

  • Seite 202

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE the lowest priority value has the highest priority and is designated a s the primary port. If traffic analysis is required, it is recommende d to mirror the primary port (and physically disconnect the other ports if all traffic needs to be captured). If multiple ports have the sam e priority, the first port phy[...]

  • Seite 203

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 15 32768 Link Down Magnum6K25(lacp)## ad d port=12 Port(s) added succ es sfully. Magnum6K25(lacp)## sh ow lacp Orphan Ports: Port Priority Trunk ========== =========== 12 32768 Link Down 13 32768 Link Down 14 32768 Link Down 15 32768 Link Down Magnum6K25(lacp)## exit Magnum6K25# show lacp Orphan Ports: Port Pri[...]

  • Seite 204

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 203 The output of the LACP command in the network shown below F IGURE 112 – The network for the ‘show lacp’ command listed below In the figure shown above, Switch 1 has ports 11 and 15 forming the fi rst trunk, connecting to Switch 3. Switch 1 also has por ts 17 and 23 forming the second trunk on Switch 2[...]

  • Seite 205

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 204 ========== =========== 17 32768 Primary Port 23 32768 Member Port F IGURE 113 – LACP information over a network List of commands in this c ha pter Syntax lacp - enable the LACP configur ation module within CLI Syntax lacp <enable | disable> - enable or disable LACP Syntax add port=<number|list|ra[...]

  • Seite 206

    Chapter 17 17 – Quality of Ser vice Prioritize traf fic in a network uality of Service (QoS) refers to the capa bility of a network to provide different priorities to different types of traffic. Not all traffic in the network has the same priority. Being able to differentiate different types of traffic and allowing this traffic to accelerate thro[...]

  • Seite 207

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE the packet into one of the two qu eues, and depending on the precedence levels the queue could be rearranged to meet the QoS requirements. QoS refers to the level of preferential tr eatment a packet recei ves when it is being sent through a network. QoS allows time sensitive packets such as voice and video, to [...]

  • Seite 208

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE IP Pr ecedence IP Precedence utilizes the three pr ecedence bits in the IPv4 head er's Type of Service (ToS) field to specify class of service for each packet. You can partition traffic in up to eight classes of service using IP precedence. The queuing technologies throughout the network can then use this [...]

  • Seite 209

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Not all packets received on a port have high priority. IGMP and BPDU packets have high priority by default. The Magnum 6K family of switches has the capability to set the priorities based on three different functions. They are Port QoS : assigns a high priority to all packets received on a port, regardless of t[...]

  • Seite 210

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax set-weight weight=<0-7> - sets the port priority weight for All the ports. Once the weight is set, all the ports will be the same weight across the switch. The valid value for weight is 0-7. A weight is a number calculated from the IP precedence setting for a packet. This weight is used in an algor[...]

  • Seite 211

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 210 Syntax show qos [type=<port|tag|tos>] [port=<port|list|range>] – displays the QoS settings Sometimes it is necessary to change the prio rity of the packets going out of a switch. For example, when a packet is received untagged and has to be transmitted with an addition of the 802.1p priority t[...]

  • Seite 212

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 211 10 | Port | DOWN 11 | None | DOWN 13 | None | DOWN 14 | None | DOWN 15 | None | DOWN Magnum6K25(qos)## show qos type=port ========== ================ ====== PORT | PRIORITY | STATUS =========== ================ ===== 1 | None | UP 2 | None | DOWN 3 | None | DOWN 5 | None | DOWN 6 | HIGH | DOWN 7 | None | DO[...]

  • Seite 213

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 212 Magnum6K25(qos)## show qos type=tag ============== ================= ========= PORT | Pri for VPT | STATUS | 76543210 | ==== ============ ==== = =================== 1 | -------- | UP 2 | -------- | DOWN 3 | -------- | DOWN 5 | -------- | DOWN 6 | -------- | DOWN 7 | -------- | DOWN 9 | -------- | DOWN 10 | [...]

  • Seite 214

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 213 Magnum6K25(qos)## show qos ============== ================= ========= PORT | QOS | STATUS ======= ==================== = ============ 1 | None | UP 2 | None | DOWN 3 | None | DOWN 5 | None | DOWN 6 | Port | DOWN 7 | None | DOWN 9 | None | DOWN 10 | Port | DOWN 11 | Tag | DOWN 13 | Tag | DOWN 14 | None | DOW[...]

  • Seite 215

    214 18 – IGMP Multicast traf fic on a network nternet G roup M anagement P rotocol (IGMP) is defined in RF C 1112 as the standard for IP multicasting in the Internet. It is used to establish host memberships in particular multicast groups on a single network. The mechanisms of the protocol allows a host to inform its local router, using Host Memb[...]

  • Seite 216

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE The creation of transient groups and the maintenance of group membership information is the responsibility of "multicast agents", entities th at reside in internet gateways or other special- purpose hosts. There is at least one multicast agen t directly attached to every IP network or sub- network tha[...]

  • Seite 217

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE F IGURE 118 – IGMP concepts – advantages of using IGMP • PCs 1 and 4, switch 2, and all of the routers are members of an IP multicast group. (The routers operate as queriers.) • Switch 1 ignores IGMP traffic and does not distinguish between IP multicast group members and non-members. Thus, it is sending[...]

  • Seite 218

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE The next figure (below) shows a network running IP multicasting using IGMP without a multicast router. In this case, the IGMP-configured switch runs as a querier. PCs 2, 5, and 6 are members of the same IP multicast group. IGMP is configured on switches 3 and 4. Either of these switches can operate as querier b[...]

  • Seite 219

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE groups in the IP address range of 224.0.0.0 to 224.0.0.255 will always be flooded because addresses in this range are “well known” or “reser ved” addresses. Thus, if IP Multicast is enabled and there is an IP multicast group within the rese rved address range, traffic to that group will be flooded inste[...]

  • Seite 220

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE traffic only goes to the ports requesting the traf fic. The Magnum 6K family of switches, using IGMP-L2, can perform the similar tasks a Layer 3 device performs for IGMP. For a Layer 2 IGMP environment, all Magnum 6K fa mily of switches have to be enabled in the IGMP-L2. This is done using the CLI command &apos[...]

  • Seite 221

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE With IGMP-L2 enabled on all Magnum 6K family of switches, this situation as shown above is prevented. This is explained in the figure below. R1 R2 R3 R4 R5 R6 T1 T1 T2 T2 L2 Mode L2 Mode L2 Mode L2 Mode   F IGURE 121 - Using IGMP-L2 on Magnum 6K family of switches, a Layer 2 network can minimize multicast[...]

  • Seite 222

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Since the query and the join information is exchanged between the neighboring switches, the topology does not matter. The design issue to consider is the timing difference between a topology recovery and IGMP refresh (recovery). GarrettCom Magnum 6K family of switches, connected in an S-Ring topology recovers v[...]

  • Seite 223

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE group del ip=<group ip> - delete ports from a specific IGMP broadcast group Magnum6K25# igmp Magnum6K25(igmp)## igmp enable IGMP is enabled Magnum6K25(igmp)## show igmp IGMP State : Enabled ImmediateLeave : Disabled Querier : Enabled Querier Interval : 125 Querier Resp onse Interval : 10 Multicasting unkn[...]

  • Seite 224

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE The output of “show igmp” provide useful inform ation. The following information is provided: IGMP State shows if IGMP is turned on (Enable) or off (Disable). Immediate Leave provides a mechanism for a particular host that wants to leave a multicast group. It disables the port (wher e the leave message is r[...]

  • Seite 225

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE • Auto – lets IGMP control whether the port should or should not participate sending multicast traffic • Block – manually configures the port to always block multicast traffic • Forward – manually configures the port to always forward multicast traffic To set the port characteristics, use the set-po[...]

  • Seite 226

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 10 Forwarding 11 Forwarding 12 Forwarding 13 Auto 14 Blocking 15 Blocking 16 Blocking Magnum6K25(igmp)## igmp enable IGMP is enabled Magnum6K25(igmp)## show-router RouterIp PortNo Timer ------------ -------------- -- ---------- 10.21.1.250 9 25 Magnum6K25(igmp)## set-leave enable IGMP immediate leave status is [...]

  • Seite 227

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 226 Querier Response Interval : 10 Magnum6K25(igmp)## set-querier disable IGMP querier status is disabled Magnum6K25(igmp)## show igmp IGMP State : Enabled ImmediateLeave : Disabled Querier : Disabled Querier Interval : 125 Querier Resp onse Interval : 10 Magnum6K25(igmp)## set-qi interval=127 Query interva l s[...]

  • Seite 228

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 227 GroupIp PortNo Timer Vlanid LeavePending ------------ -------------- -- -------------- -- -------------- -- -------------- -- -- 0.0.0.0 1 155 1 0 239.0.1.10 10 STATIC 0 0 239.0.1.10 11 STATIC 0 0 239.0.1.10 12 STATIC 0 0 239.0.10.10 10 STATIC 0 0 239.0.10.10 11 STATIC 0 0 239.0.10.10 12 STATIC 0 0 239.0.10[...]

  • Seite 229

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 228 Magnum6K25(igm p)## mode normal IGMP set to Normal Mode. Magnum6K25(igm p)## exit Magnum6K25# F IGURE 126 - Setting IGMP-L2 List of commands in this c ha pter Syntax igmp – IGMP configuration mode Syntax igmp <enable|disable> - enable or disabl e IGMP on the switch yntax show igmp – IGMP operation[...]

  • Seite 230

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 229 group address, 224.0.0.1. The defa ult value is 125 seconds. The vali d range can be from 60 to 127 seconds. set-qri interval=<value> - Syntax The query response interval i s the maximum amount of ti me that can elapse between when the quer ier router sends a host-query message and when it rec eives a[...]

  • Seite 231

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Chapter 19 19 – GVRP Generic Attribute Registration Protocol ( GARP) VLAN Registration Protocol (GVRP) eneric A ttribute R egistration P rotocol (GARP) and VLAN registration over GARP is called GVRP. GVRP is defined in the IE EE 802.1q and GARP in the IEEE 802.1p standards. In order to utilize the capab iliti[...]

  • Seite 232

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE the default VLAN set to untagged and configure other static VLANs on the ports as either “Tagged or Forbid ” . (“Forbid” is discussed later in this chapter.) GVRP Oper a tions A GVRP-enabled port with a Tagged or Untagged st atic VLAN sends advertisements (BP DUs, or Bridge Protocol Data Units) advertis[...]

  • Seite 233

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE If a static VLAN is configured on at leas t one port of a switch, and that port has established a link with another device, then all other ports of that switch will send advertisements for that VLAN. In the figure below, tagged VLAN ports on switch “A” and switch “C” advertise VLANs 22 and 33 to ports o[...]

  • Seite 234

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE • If there is no static VLAN with the adve rtised VID on the receiving port, then dynamically create a VLAN with the same VID as in the advertisement, and allow th at VLAN’s traffic • If the switch already has a static VLAN with the same VID as in the advertisement, an d the port is configured to learn fo[...]

  • Seite 235

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE ========== ================ ================= = VLAN ID | NAME | VLAN STATUS ========== ================ ================= = 1 | Default VLAN | Static Active 2 | Blue | Static Active 10 | dyn10 | Dynamic Active Magnum6K25(gvrp)## F IGURE 130 – Command to check for dynamically assigned VLANs Note that port 10 [...]

  • Seite 236

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE configuration Learn Generate ad vertisements. Forward advertisements for other VLANs Receive advertisements and dynamically join any advertised VLAN Receive advertisements and dynamically join any advertised VLAN that has the same VID as the static VLAN Do not allow the port to become a member of this VLAN Bloc[...]

  • Seite 237

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 236 Syntax show gvrp - shows whether GVRP is disabled, along with the current settings for the maximum number of VLANs and the current Primary VLAN Syntax gvrp <enable|disable > - enable or disable GVRP Syntax show-vlan – list all the VLANs (including dynamic VLANs) on the swi tch Syntax set-ports port=[...]

  • Seite 238

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 237 Magnum6K25(gvrp)## set-forb id vlan=2 forbid=11-15 Magnum6K25(gvrp)## show-forb id ========== ================ ================= = VLAN ID | FORBIDDEN PORTS ========= ================== == === =========== = 1 | None 2 | 11, 12, 13, 14, 15 F IGURE VRP configuration ex 133 – G ample GVRP Oper a tions Notes [...]

  • Seite 239

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 238 List of commands in this c ha pter Syntax show gvrp - shows whether GVRP is disabled, along with the current settings for the maximum number of VLANs and the current Primary VLAN Syntax gvrp <enable|disable > - enable or disable GVRP Syntax show-vlan – list all the VLANs (including dynamic VLANs) on[...]

  • Seite 240

    Chapter 20 20 – SNMP Managing y our netw ork using SNMP imple Network Management Protocol (SNMP) enables management of the network. There are many software packages which prov ide a graphical interface and a graphical view of the network and its devices. The graphi cal interface and view would not be possible without SNMP. SNMP is thus the buildi[...]

  • Seite 241

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Simple Network Management Protocol Version 3 (SNMPv3) – The third version of SNMP, the enhancements made to secure access, different levels of access and security. SNMP engine – A copy of SNMP that can either reside on the local or remote device SNMP group – A collection of SNMP users that belong to a com[...]

  • Seite 242

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Notification host – An SNMP entity to which notifications (traps and informs) are to be sent Notify view – A view name (not to exceed 64 characters) for each group that defines the list of notifications that can be sent to each user in the group Privacy – An encrypted state of the contents of an SNMP pack[...]

  • Seite 243

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE • RMON MIB (RFC 1757) • RMON: groups 1, 2, 3, and 9 (Statistics, Events, Alarms, and History) • Version 1 traps (Warm Start, Cold Start, Li nk Up, Link Down, Authentication Failure, Rising Alarm, Falling Alarm) RFC 1901-1908 – SNMPv2 • RFC 1901, Introduction to Community-Ba sed SNMPv2. SNMPv2 Working [...]

  • Seite 244

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax community [write=<write community>] [read=<read community>] [trap=<trap community>] – set the necessary community strings Syntax authtraps <enable|disable> - enables or disables authentication trap s generation Syntax traps <add|delete> type=<Snmp| Rmon|Snmp,Rmon|Enterp[...]

  • Seite 245

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax com2sec <add|delete> id=<id> [secname=<name> ] [source=<source>] [community=<community>] - a part of the View based Acc ess control model (VACM) as defined in RFC 2275. This specifies the mapping from a source/community pair to a security name. On MNS- 6K, up to 10 entries c[...]

  • Seite 246

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE SNMP MANAGERS INFO ------------ ------ SNMP TRAP STATIONS INFO ------------ ----------- Magnum6K25# snmp Magnum6K25(snmp)## comm unity write=private read=public SNMP Read community name successf ully set SNMP Write community name successfully set Magnum6K25(snmp)## show snmp SNMP CONFIGURATION INFORMATION -----[...]

  • Seite 247

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE SNMP TRAP STATIONS INFO ------------ ----------- Magnum6K25(snmp)## traps add ty pe=Snmp,Rmon ip=192.168.1.2 Successfully Added. Magnum6K25(snmp)## show snmp SNMP CONFIGURATION INFORMATION ------------ -------------- -- -- SNMP Get Community Name : public SNMP Set Community Name : private SNMP Trap Community Na[...]

  • Seite 248

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 6K SNMP Agent supports all (v1/v2c/v3) versions. Magnum6K25# show snmp SNMP v3 Configuration Information ========== ================ === System Name : Magnum6K25 System Location : Fremont, CA System Contact : support@garrettcom.com Authentication Trap : Disabled Default Trap Comm. : public V3 Engine ID : 6K_v3E[...]

  • Seite 249

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25(snmpv3)## show-trap ID Trap Type Hos t IP Community Port ========== ================ ================= ==================== = 1 v1 10.21.1.100 -- -- 2 -- -- -- -- 3 -- -- -- -- 4 -- -- -- -- 5 -- -- -- -- Magnum6K25(snmpv3)## show-trap id=1 Trap ID : 1 Trap Type : v1 Host IP : 10.21.1.100 Community :[...]

  • Seite 250

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25(snmpv3)## group add id=1 groupname=v1 model=v1 com2secid=1 Entry is added successfully Magnum6K25(snmpv3)## show-group ID Group Name Sec. Model Com2Sec ID ========== ================ ================= ======= 1 v1 v1 1 2 public v2c 1 3 public usm 1 4 -- -- -- 5 -- -- -- 6 -- -- -- 7 -- -- -- 8 -- -- [...]

  • Seite 251

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25(snmpv3)## access add id=1 accessname=v1 model=v1 level=noauth read=1 writ e=none notify=none Entry is added successfully Magnum6K25(snmpv3)## show-access ID View Name Model Level R/View W/View N/View Context Prefix ========== ================ ================= =================== 1 v1 v1 noauth 1 non[...]

  • Seite 252

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25(snmpv3)## show-user id=1 User ID : 1 User Name : jsmith User Type : read-write Auth. Pass s omething Priv. Pass : Auth. Type : MD5 Auth. Level : auth Subtree : Magnum6K25(snmpv3)## exit Magnum6K25# show snmp SNMPv3 Configuration Information ============== ================= === System Name : Magnum6K2[...]

  • Seite 253

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE The following RMON communities, when defined, enable the specific RMON group as show above. Syntax rmon – enter the RMON configuration mode to setup RMON groups and communities Syntax history def-owner=<stri ng> def-comm=<string> - define the RMON history group and the community string associated [...]

  • Seite 254

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax snmpv3 – enter the SNMP V3 configuration mode – note enable SNMP V3 by using the “set snmp” command which follows Syntax show active-snmp – shows the version of SNMP currently in use Syntax community [write=<write community>] [read=<read community>] [trap=<trap community>] –[...]

  • Seite 255

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax trap <add|delete> id=<id> [type=<v 1|v2|inform>] [host=<host-ip>] [community=<string>] [port=<1-65534>] - define the trap and inform manager stations. The station can receive v1, v2 traps and/or inform notifications. An inform notification is an acknowledgments that a [...]

  • Seite 256

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 255 Syntax statistics def-owner=<string> def-comm=<string> - define the RMON statistics group and the community string asso ciated with the group Syntax alarm def-owner=<string> def-comm=<string> - define the RMON alarm group and the community string associated with the group Syntax even[...]

  • Seite 257

    Chapter 21 21 – Miscellaneous Commands Impr oving pr oductivity and manageability here are several features built into the Magn um 6K family of switches which help with the overall productivity and manageability of the switch. These items are examined individually in this chapter. T Alar m R elays In a wiring closet, it would be helpful if there [...]

  • Seite 258

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 257 Event ID Event Description Signal Type 1 S-RING OPEN SUSTAINED 2 Cold Start MOMENTARY 3 Warm Start MOMENTARY 4 Link Up MOMENTARY 5 Link Down MOMENTARY 6 Authentication Failure MOMENTARY 7 RMON Rising Alarm 9 MOMENTARY 8 RMON Falling Alarm MOMENTARY 9 Intruder Alarm MOMENTARY 10 Link Loss Learn Triggered MOM[...]

  • Seite 259

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax period time=<1..10> - sets the duration of relay action for the momentary type signal. This may be needed to adjust to the behavior of the circuit or relay. Default is 3 secon ds. Time is in seconds Syntax del event=<event-id|list|range|all> - disables alarm action in response to the specifie[...]

  • Seite 260

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 6 Authentication Failure MOMENTARY 7 RMON Raising Alarm MOMENTA RY 8 RMON Falling Alarm MOMENTARY 9 Intruder Alarm MOMENTARY 10 Link Loss Learn Triggered MOMENTARY 11 Broadcast Storm Detected MOMENTARY 12 STP/RSTP Reconfigured MOMENTA RY Magnum6K25(alarm)## add event=2 Alarm Event(s) Added: 2 Magnum6K25(alarm)#[...]

  • Seite 261

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 9 Intruder Alarm MOMENTARY 10 Link Loss Learn Triggered MOMENTARY 11 Broadcast Storm Detected MOMENTARY 12 STP/RSTP Reconfigured MOMENTA RY Magnum6K25(alarm)## alarm disable Alarm system Disabled Magnum6K25(alarm)## d el event=1,3,5,7 Alarm Event(s) Deleted: 1, 3, 5, 7 Magnum6K25(alarm)## s how alarm Alarm Even[...]

  • Seite 262

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE sending and receiving emails, it is extremely beneficial for a network administrator to receive emails in case of faults and alerts. The Magnum 6K family of switches can be setup to send a n email alert when a trap is generated. If this capability is used, please ensure th at SPAM filters and other filters are [...]

  • Seite 263

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE traps – [optional] this is the trap filter. If valu e is “all”, all traps of any type will be sent to this recipient. If value is none, no traps are sent to this recipient. Value can also be a combination of ‘S’ (SNMP), ‘R’ (RMON) and ‘E’ (ENTERPRISE). For example, trap=SR means that SNMP and [...]

  • Seite 264

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax smtp <enable|disable> - enables or disables SMTP to send SNMP alerts by email Magnum6K25# smtp Magnum6K25(smtp)## show smtp config SMTP Global Configuration ========== ================ ============== Status : Disabled SMTP Server IP : 67.109.247.195 SMTP Server Port : 25 Retry Count : 3 Magnum6K25([...]

  • Seite 265

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25(smtp)## add id=2 email=jsmith@g arrettcom.com traps=S events=CF ip=192.168.10.13 Recipien t successfully a dded Magnum6K25(smtp)## show smtp recipients ID E-mail Address SMTP Server Port Traps Events ============== ================= ================ ============ 1 rk@gci,sys@gci.com 67.109.247.195 25[...]

  • Seite 266

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 265 Magnum6K25# F IGURE 138 – setting SMTP to receive SNMP trap information via email Email alerts can be forwarded to be receiv ed by other devices such as Cell phones, pagers etc. Most interfaces to SMTP are already provided by the cell phone service provider or the paging service provider. Serial Connectiv[...]

  • Seite 267

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 266 Banner Messa ge essage is available in MNS-6K-SECURE. t one as to deter unauthorized access. Some users may inadvertently connect to the MOTD stands for Message of the Day, a term used by system administrators to show the status f the system or inform the users of uses or abuses on the system. e Banner mess[...]

  • Seite 268

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 267 Please disconnect if you are an unauthorized user. Thanks. MOTD Updated. It will be displayed at next login. Magnum6K25# show motd Motd : This is a secure device. Unaut hori zed access is prohibited. Please disconnect if you are an un auth orized user. Thanks. Magnum6K25# logout Logging out from the current[...]

  • Seite 269

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 268 Syntax !! – repeat the last command Syntax !<n> - repeat the “n”th command (a s indicated by a show history) Syntax show history – show the last 25 commands executed – if less than 25 commands are executed, only hown If the user logs out or if the switch time s out – the history is erased.[...]

  • Seite 270

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 269 Magnum 6K 5# se 2 t history ? set history : Set Histo ry Size Usage set history size=<1-100> Groups: All. Magnum 6K25# set history size=100 History Size is Set Magnum6K25# show history 1 : show version 2 : show setup 3 : show serial 4 : show history Magnum6K25# !1 show vers ion MNS-6K-Secure Ver: 14.1[...]

  • Seite 271

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 270 $$ : $ Character $r : New Line $b : Space A f ow the system prompt can be setup is shown below. 6K25# snmp ew examples on h Magnum Magnum6K25(snmp)## setvar sysname=Core System variable(s) set successfully Magnum6K25(snmp)## exit Magnum6K25# set prompt $n Core# set prompt $n$b$i Core 192.168.5.5# set prompt[...]

  • Seite 272

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 271 F IGURE 143 – Using the ping command Many devices do not respond to ping or block ping commands. Make sure that the target device does respond or the ne twork does allow the ping packets to ropagate through. p FTP m is supported on MNS. MNS supports normal ftp as well as y many companies today to work wit[...]

  • Seite 273

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 272 System Ev ents All events occurring on the Magnum 6K family of switches are logged. The events can be escription as shown below Code D 0 Emergency (or Fatal) system is unusa ble – called “fatal” in show log command 1 Alert : action must be tak en immediately 2 Critical : critical conditions 3 nditions[...]

  • Seite 274

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 273 arrettCom recommends that this capability should be used centralize the logs. Magnum6K2 # The system events can be sent to a Syslog server using the Sysl og capabilities in MNS-6K-SECURE. G to show log 5 S DATE TIME Log Description -- ------ -- -------- ------ ---------------- -------------- -- ------------[...]

  • Seite 275

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 274 Do you wish to export the event logs? [ 'Y' or 'N'] Y Successfully uploaded the event log file. Magnum6K25# F IGURE 146 – Using exportlog to export the event log information In the table below, the following acronyms are used for Severity: E= Alert; C=Critical; F=Fail or Error conditio[...]

  • Seite 276

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Subsystem Description Severity BRIDGE Unable to delete MAC address from FDB D BRIDGE Unable to insert MAC address to FDB D BRIDGE Bridge init failed for ethx F BRIDGE Bridge enable for ethx failed F BRIDGE Bridge MIB init is done I CLI Manager login at console I CLI Operator login at console I CLI Manager passw[...]

  • Seite 277

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Subsystem Description Severity RMON Alarm : internal error , unable to get m emory F RMON Alarm : internal error, unable to get m emory for alarm entry F RMON History : internal error, unable to get memory for history contr ol entry F RMON History : internal error, unable to get memory for history data entry F [...]

  • Seite 278

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Subsystem Description Severity TCP/IP Duplicate IP a.b.c.d se nt from MAC address XXXXXX C TCP/IP Unable to allocate memory for an ICMP packet C TCP/IP IP packet from a.b.c.d , with checksum error dropped D TCP/IP Bad IP fragments from a.b.c.d dropped D TCP/IP UDP checksum error in the received packet a.b.c.d D[...]

  • Seite 279

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Magnum6K25# show address-table Sl# MAC Address Port ------------ -------------- -- -------------- -- --------- 1 01:00:5e:00:00:fb 0 2 00:0c:f1:b9:d1:dc 3 3 33:33:00:00:00:02 0 4 01:00:0c:cc:cc:cc 0 5 01:00:5e:00:00:16 0 6 00:07:50:ef:31:40 3 7 00:e0:81:52:85:96 3 8 01:40:96:ff:ff:ff 0 9 01:40:96:ff:ff:00 0 10 [...]

  • Seite 280

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax show smtp <config|recipients> - config – displays the current SMTP global settings and recipients displays the currently config ured recipients of email alerts Syntax add id=<1-5> email=<email-addr> [t raps=<all|none|S|R|E >] [events=<all|none|I|A |C|F|D>] [ip=<ip-addr&[...]

  • Seite 281

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 280 body – [mandatory] email body Syntax server ip=<ip-addr> [port =<1-65535>] [retry=<0-3>] – configure the global SMTP server settings ip – [mandatory] SMTP server IP address port – [mandatory] TCP port to be used for SMTP communications – default is 25 retry – [optional] specifi[...]

  • Seite 282

    APPENDIX 1 APPENDIX 1 - Command listing by Chapter A rich envir onment – this A ppendix provides a r ef er ence to the commands by chapter Chapter 2 – Getting Star ted Syntax ipconfig [ip=<ip-address> ] [mas k=<subnet-mask>] [dgw=<gateway>] – to set IP address on the switch Syntax save – save changes made to the configurat[...]

  • Seite 283

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax useraccess groups – displays the current groups Syntax help <command string> - help for a specific command Syntax command <Enter> - options for a command Syntax <TAB> - listing all commands available at the privilege level Syntax <command string> <TAB> - options for a comm[...]

  • Seite 284

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE bootcfg=<enable|disable> - valid with type=bootp only. This option allows the switch to load the configuration file from the BootP server. This is useful when a new switch is put on a network and the specific config urations are loaded from a centralized BootP server Syntax telnet <enable|disable> -[...]

  • Seite 285

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax saveconf mode=<serial|tftp|ftp> [<ipaddress>] [file=<name>] – saves the configuration on the network usin g tftp, ftp or serial protocols Syntax loadconf mode=<serial|tftp|ftp> [<ipaddress>] [file=<name>] – loads the previously saved configuration from the network [...]

  • Seite 286

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax tftp <get|put> [type=<app|confi g|oldconf| script|hosts|log>] [host=<hostname>] [ip=<ipa ddress>] [file=<filename>] – upload and download information using tftp command Where <get|put> - different tftp operations – get a file from the server or put the information [...]

  • Seite 287

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax show sysconfig – reviews settabl e system parameters Syntax show time – shows the system time Syntax show timezone – shows the system timezone Syntax show date – shows the system date Syntax show uptime – shows the amount of time the switch has been o perational Syntax show config [module=<m[...]

  • Seite 288

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax – addlease ip=<ip> mac=<mac> [leasetime=<lease time (1..10)>] – add a specific host with a specific IP address Syntax - reserve-ip ip=<ip> [mac=<mac>] - reserve a specific IP address for a device Syntax - clear-reserveip ip=<ip> - clear the reverse IP assigned Synt[...]

  • Seite 289

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax signal port=<num|list|range> <none|log|trap|logandtrap> - port to monitor and signal to send in case of breach of port security Syntax ps <enable|disable> - enable or disable port security Syntax remove mac=<all|address|list|range> port=<num|list|range > - remove a MAC addre[...]

  • Seite 290

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax clear <history|log [1..5 |informational |activity |critical |fatal |debug] |terminal |arp|portstats|addr] – clear command to clear various aspe cts of the MNS-6K information – most notably “clear addr” – clears the addr esses learnt or “clear log” to clea r the logs (and the type of logs[...]

  • Seite 291

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE transmit – [optional] This is the transmit pe riod, this is the time in seconds the authenticator waits to transmit another reque st for identification from the supplicant. Default value is 30. Values can be from 1 to 65535 seconds Syntax reauth port=<num|list|range> [status=<e nable|disable>] [pe[...]

  • Seite 292

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Chapter 10 – P or t mir r oring and setup Syntax show port-mirror – display port mirror settings Syntax port-mirror <enter> - configure port mirror settings Syntax setport monitor=<monitor port numbe r> sniffer=<sniffer port number> - set port mirror settings Syntax prtmr <enable|disabl[...]

  • Seite 293

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax start vlan=<name|number|list|range> activate the VLAN configuration Syntax save save the configuration (inclu ding the VLAN configuration) Syntax edit id=<vlan id> [name=<vlan name>] port=<number|list|range> [<mgt|nomgt>] - edit existing VLAN name Syntax show vlan [<id=vl[...]

  • Seite 294

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax port port=<number|list|range > status=<enable|disable> - specific ports may not need to participate in STP process. These ports typical ly would be end-stations. If you are not sure – let MNS-6K software make the decisions Syntax timers forward-delay=<4-30> hello=<1-10> age=<[...]

  • Seite 295

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax priority [port=<number|list|ran ge>] value=<0-255 | 0-65535> - specifies the port or switch level priority. When a port(s) are specified the priority is associated with ports and their value is 0 - 255. If no ports are specified, then the switch (bridge) priority is specified and its value is[...]

  • Seite 296

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax lll del port=<port|list|range> - disable LLL on the list of specified ports Syntax show lll – display the status of LLL Syntax rstp – STP Configuration mode Syntax rstp <enable|disable> - Start (Enable) or stop (Disable) STP Syntax set stp type=<stp|rstp> - set the spanning tree pro[...]

  • Seite 297

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE priority, the higher the priority. The port with the hi ghest p riority is the primary port (over which certain types of traffic like IGMP is transmitted) Syntax del port=<number|list|range> - delete specified ports from the LACP membership Syntax edit port=<number|list|ran ge> [priority=<priorit[...]

  • Seite 298

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax group add ip=<group ip> port=<num ber|list|range> vlan=<vlanid> - add ports to a specific IGMP broadcast group del ip=<group ip> - delete ports from a specific IGMP broadcast group Syntax show-group – shows the multicast groups Syntax set-port port=< port|list|rang e> mode[...]

  • Seite 299

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax set-forbid vlan=<tag vlanid> fo rbid=<port-number|list|range> - sets the forbid GVRP capability on the ports specified Syntax show-forbid – display the ports with GVRP forbid capabilities Chapter 20 – SNMP Syntax snmp – enter the SNMP Configuration mode Syntax snmpv3 – enter the SNMP [...]

  • Seite 300

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax authtrap <enable|disable> - enables or disables authen tication traps generation Syntax show-authtrap - displays the current value of authentication t rap status. Syntax deftrap community =<string> - defines the default community string to be used when sending traps. When user does not specif[...]

  • Seite 301

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE to 5 users to be added. Right now, the MNS-6K agent only support noauth and auth-md5 for v3 authentication and auth-d es for priv authentication Syntax show-user [id=<id>] - display all or specific view entri es - id is optional and is the number corresponding to the view entry number in th e table Syntax[...]

  • Seite 302

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Syntax smtp – configure the SNMP alerts to be sent via email Syntax show smtp <config|recipients> - config – displays the current SMTP global settings and recipients displays the currently config ured recipients of email alerts Syntax add id=<1-5> email=<email-addr> [t raps=<all|none|S|[...]

  • Seite 303

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 302 subject – [mandatory] email subject or title body – [mandatory] email body Syntax server ip=<ip-addr> [port =<1-65535>] [retry=<0-3>] – configure the global SMTP server settings ip – [mandatory] SMTP server IP address port – [mandatory] TCP port to be used for SMTP communications[...]

  • Seite 304

    APPENDIX 2 APPENDIX 2 - Commands sor ted alpha beticall y Command Description !! repeat the last command !<n> repeat the “n”th command (as indicated by a show history) <command string> <TAB> options for a command <Down-arrow> opposite of Up-arrow key <first character of the command> <TAB> listing commands sta[...]

  • Seite 305

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description add port=<number|list|range> [priority=<0-65535>] add the specified list of ports to form the logical LACP trunk. Default value for priority is 32768. The lower the value assigned to priority, the higher the priority. T he port with the highest priority is the primary port (over [...]

  • Seite 306

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description clear <history|log [1..5 |informational |activity |critical |fatal |debug] |terminal |arp|portstats|addr] clear command to clear various aspects of the MNS-6K information – most notably “clear addr” – clears the addresses learnt or “clear log” to clear the logs (and the type o[...]

  • Seite 307

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description del event=<event-id|list|range|all> disables ala rm action in response to the specified event ID del port=<number|list|range> delete specified ports from the LACP membership. Requires the lacp module. delete id=<1-5> delete the specific id specified. The deleted id no longe[...]

  • Seite 308

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description enable <user-name> changing the privilege level engineid string = <string> Every agent has to have an engineID (name) to be able to respond to SNMPv3 messages. The default engine ID value is “6K_v3Engine”. This command allows the user to change the engine ID event def-owner=&[...]

  • Seite 309

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description group <add|delete> id=<id> [groupname=<name>] [model=<v1|v2c|usm>] [com2secid=<com2sec-id>] a part of the View based Access control model (VACM) as defined in RFC 2275. This command defines the mappi ng from sec model or a sec name to a group. A sec model is one[...]

  • Seite 310

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description lll <enable|disable> enable or disable LLL on the switch lll add port=<port|list|range> enable LLL on the list of specified ports lll del port=<port|list|range> disable LLL on the list of specified ports loadconf mode=<serial|tftp|ftp> [<ipaddress>] [file=<na[...]

  • Seite 311

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description port-mirror <enter> configure port mirror settings port-security configure port security settings priority [port=<number|list|range>] value=<0-255 | 0-65535> specifies the port or switch level priority. When a port(s) are specified the priority is associated with ports and [...]

  • Seite 312

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description rmon enter the RMON configuration mode to setup RMON groups and communities rstp enter the RSTP configuration mode rstp <enable|disable> enable RSTP – by defaul t, this is disabled and has to be manually activated save save changes made to the configuration saveconf mode=<serial|t[...]

  • Seite 313

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description set date year=<2001-2035> month=<1- 12> day=<1-31> [format=<mmddyyyy|ddmmyyyy|yyyy mmdd>] sets the date and the format in which the dat e is displayed set daylight country=< country name> set the daylight saving time set dns [server=<ip>] [domain=<domai[...]

  • Seite 314

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description set stp type=<stp|rstp> Set the switch to support RSTP or change it back to STP. Need to save and reboot the switch after this command set time hour=<0-23> min=<0-59> sec=<0-59> sets the time set timeformat format=<12|24> set the di splay time in the 12/24 hour [...]

  • Seite 315

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description setport port=<num|list|range> [status=<enable|disable>] [control=<auto|for ceauth|forceunauth> ] [initialize=<assert|deassert>] setting the port characteristic for an 802.1x network setport port=<port#|list|range> [name=<name>] [speed=<10|100>] [dupl[...]

  • Seite 316

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description set-qi interval=<value> The IGMP querier router periodically sends general host-query messages. These messages are sent to ask for group membership information. This is sent to the all-system multicast group address, 224.0.0.1 . The default value is 125 seconds. The valid range can be [...]

  • Seite 317

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description set-untag port=<port|list|range> priority=<high|low> tag=<0-7> The 802.1p user priority assigned to unt agged received packets to be transmitted as tagged from the priority queue setvar [sysname|syscontact|syslocation]=<stri ng> set the system name, contact and locati[...]

  • Seite 318

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description show address-table displays which mac address is associated with which port for packet switching show active-stp status whether STP or RSTP is running Show active-snmp display the version of SNMP currently in use show alarm displays the current status of Alarm system show auth <config|por[...]

  • Seite 319

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description show host display the hosts table entries show igmp IGMP operation status show ip-access display all trusted hosts show ipconfig shows the IP parameters set i n the switch show lacp displays the status and other relevant LACP information show lll display the status of LLL show log [fatal|ale[...]

  • Seite 320

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description show snmp displays the SNMP configuration information show sntpsrv display the status of SNTP server show ssh display ssh setting. For displaying the telnet setting use show console show s-ring show the status of S-Ring show stp <config|ports > regardless of whether STP is enabled or d[...]

  • Seite 321

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description show-router displays detected IGMP-enabled rout er ports show-stats port=<num> displays 802.1x related statistics show-timers show the values of the timers set for RSTP show-trap [id=<id#>] shows the configured trap statio ns in tabular format - id is optional and is the number c[...]

  • Seite 322

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description snmp enter the SNMP Configuration mode snmpv3 enter the SNMP V3 configuration mode – note enable SNMP V3 by using the “set snmp” command which follows sntp [enable|disable] enable or disable the SNTP services sntpserver enter the SNTP Server configuration mode sntpsrv <start|stop>[...]

  • Seite 323

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description start vlan=<name|numb er|list|range> activate the VLAN configuration static vlan=<VID> convert a dynamic VLAN to a static VLAN statistics def-owner=<string> def- comm=<string> define the RMON statistics group and the community string associated with the group stp STP [...]

  • Seite 324

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description telnet <ipaddress> [port=<port number>] telnet from the switch. The IP address can be an IPv4 address or an IPv6 address timers forward-delay=<4-30> hello=<1- 10> age=<6-160> change the STP Forward Delay, Hello timer and Aging timer values tftp <get|put> [[...]

  • Seite 325

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE Command Description user <add|delete> id=<id> [username=<name>] [usertype=<readonly|readwrite>] [authpass=<pass-phrase>] [privpass=<pass-phrase>] [level=<noauth|auth|priv>] [subtree=<oid>] for quickly adding or deleting v3 USM based security, this command adds use[...]

  • Seite 326

    MAGNUM 6K SWITCHES, MNS-6K USER GUIDE 325 Intentionally left blank[...]

  • Seite 327

    APPENDIX 3 APPENDIX 3 - Daylight Sa vings No time lik e the pr esent... Daylight Sa vings Time Magnum6K Switches provide a way to automatically adjust the system clock for Daylight Savings Time (DST) changes. In addition to the value " none" (no time changes), there are fifteen pre- defined settings, a few examples are: • Alaska • Can[...]

  • Seite 328

    DAYLIGHT SAVINGS TIME 327 Australia, Belgium, Canada, Chile, Cuba, Egypt, France, Finland, Germany, Greece, Iraq, Italy, London, Namibia, Portugal, Russia, Spai n, Sweden, Switzerland, Syria, USA Note – as of Release 3.7, the new daylight saving times dates enforced as of 2007, for the time zones and states in US, have been implemented in MNS-6K[...]

  • Seite 329

    APPENDIX 4 APPENDIX 4 – Br o wser Cer tificates You shouldn't overestimate the I.Q. of crooks — NYT: Stuart A. Baker, General Counsel for the NSA There is no security on this earth. Only opportunity. – Douglas MacArthur Cer tificates Certificates are means for authenticating the validity of sites, servers or other devices user can connec[...]

  • Seite 330

    BROWSER CERTIFICATES Using Mo zilla Fir efo x (v er . 3.x) Mozilla Firefox version 3.x ensures that the user validate the certificate before it allows the user to proceed to the site when the address (URL) does not match the information in the self signed certificate. F IGURE 149 – On finding a mismatch between the certificate and the acc esses s[...]

  • Seite 331

    BROWSER CERTIFICATES F IGURE 150 – Mozilla Firefox tries to warn the user agai n about the dangers of sites with improper certificates Once the “Add Exception” button is displayed, make sure you click on it. 330[...]

  • Seite 332

    BROWSER CERTIFICATES F IGURE 151 – Firefox forces you to get the certificat e before it lets you access the site Notice that the browser points out that valid sites such as banks, online web stores, government sites, secure sites etc. will not ask you to do that. Since the GarrettCom MNS- 6K is a self signed authenticated “site”, it is a good[...]

  • Seite 333

    BROWSER CERTIFICATES F IGURE 152 – Here, you can view the certificate, perm anently make an ex ception and confirm the exception. The locations to do tho se are identified in this figure The self signed certificate from GarrettCom is shown in the next figure. 332[...]

  • Seite 334

    BROWSER CERTIFICATES F IGURE 153 – Self signed certificate from GarrettCom Inc for MNS-6K Once accepted, the user does not need to go through these steps again. Using Inter net Explor er (v er 7.x) Internet Explorer version 7.x provides a warning when the certificates do not match. Ther e is no mechanism to create a permanent exception using IE 7[...]

  • Seite 335

    BROWSER CERTIFICATES 334 F IGURE 154 – Using IE 7 Using Other Br o wser s There are many other browsers such as Opera, Safari which are also widely used. There are similar mechanisms built into these browsers to inspect the certificate and create an exception. Please refer to their respective documentation for help.[...]

  • Seite 336

    APPENDIX 5 APPENDIX 5 – Upda ting MNS-6K Softw ar e Keep up to date.... The steps required to update the MNS-6K so ftware on your Magnum switch are listed. Intentionally left blank 335[...]

  • Seite 337

    UPDATING MNS-6K – STEP 1 Ste p 1 1. Getting Star ted Decide w hich version to use….. his document describes how to upgrade the MNS -6K software on a Magnum 6K switch. The methods described for updating the MNS-6K software are either locally at the console port on the Magnum 6K switch or remotely over the network using FTP or TFTP. This step inv[...]

  • Seite 338

    UPDATING MNS-6K – STEP 1 2) Enough disk space to store and retrieve the configuration files as well as copy software files from GarrettCom. We recomme nd at least 15MB of disk space for this purpose 3) Connection to the Internet. Make sure the connection does n ot block FTP file transfers 4) IP address of the switch that is being upgraded. Along [...]

  • Seite 339

    UPDATING MNS-6K – STEP 1 b) If the site uses another socket number for ftp connections, use the socket number at the end of the URL. For example, if the network administrator has setup a firewall to use socket number 1684, the URL would be as follows: ftp://ftp.garrettcom.com:1684 c) NOTE - You can use any other FTP progra m available on the Inte[...]

  • Seite 340

    UPDATING MNS-6K – STEP 1 F IGURE 155 – Accessing the GarrettCom site for download. Note – if the browser does not support th e login prompt, you ca n type in the user name and password on the URL as follows: ftp://m6kuser:m6kuser@ftp.garrettcom.com 3) After successful login, select the proper fo lder for downloading the proper MNS-6K software[...]

  • Seite 341

    UPDATING MNS-6K – STEP 1 F IGURE 156 – Select the proper version to use after successful login 4) Navigate to the folder MNS-6K. See Figure 3. (There are other folders with additional software, MIBs as well as additional useful information for the Magnum-6K switches which you may want to use later.) From the MNS-6K folder download the latest ?[...]

  • Seite 342

    UPDATING MNS-6K – STEP 1 341 F IGURE 158 – Use the copy command to copy t he files to the proper location 6) Make sure you remember where the files are stored as these files will be needed for the next step. Ne xt steps 1) Access the GarrettCom Magnum 6K switch. The access can be over the console port using the null modem cable or through the n[...]

  • Seite 343

    UPDATING SOFTWARE – STEP 2 Ste p 2 2. Pr eparing to load the software Backup y our existing configuration….. nce the MNS-6K software is downloaded fr om the GarrettCom site, it is strongly recommended that the existing configuration of the switch is preserved before the MNS-6K software upgrade is performed. Th is section will show you how to sa[...]

  • Seite 344

    UPDATING SOFTWARE – STEP 2 343 F IGURE 159 - HyperTerminal screen showing the serial settings Netw or k Access Prerequisites - a PC (or workst ation/computer) with telnet sof tware and the IP address of the Magnum 6K switch (or DNS name associated with the switch) to be upgraded. Access the Magnum 6K switch by using the telnet command. For exampl[...]

  • Seite 345

    UPDATING SOFTWARE – STEP 2 1) Serial file transfer capability such as X-m odem or equivalent 2) TFTP server 3) FTP server As a good practice, GarrettCom recommends that y ou should have all these capabilities ava ilable on your local computer if you plan to upgrade additional sw itches as well as switches in the future. The command used for savin[...]

  • Seite 346

    UPDATING SOFTWARE – STEP 2 F IGURE 162 – Invoke the “Receive File” to start the Xmodem transfer pr ogram. In the figure above the Windows XP based HyperTerminal screen is shown Once the “Receive File” is invoked (as shown in Figure above) follow the dialog to save the file in the proper directory with the proper name as shown in Figure [...]

  • Seite 347

    UPDATING SOFTWARE – STEP 2 F IGURE 164 – Status window for Xmodem (using HyperTerminal under Windows XP) When the file transfer is completed, the window shown in Figure 10 exits and the completion message is displayed as shown in Figure 11. Successfully uploaded the configuration Magnum6K25 # F IGURE 165 – Message which shows the completion o[...]

  • Seite 348

    UPDATING SOFTWARE – STEP 2 347 This will save the file 6kconfig-10.11 to the specified IP address (192.168.10.99) in the default TFTP fo lder. Using FTP would be the sa me as Figure 12, except replace 'mode=tftp' with 'mode=ftp' In some situations (e.g. routed netwo rks), TFTP or FTP services may be blocked. Check for network [...]

  • Seite 349

    UPDATING SOFTWARE – STEP 3 Ste p 3 3. Loading the MNS-6K softw are Load the new version of the MNS-6K image….. T this stage, the Magnum MNS-6K sof tware has been downloaded from the GarrettCom site, and the config uration saved. The Magnum-6K switch is now ready to upload the new MNS-6K software image. Bef or e loading the MNS-6K software A It [...]

  • Seite 350

    UPDATING SOFTWARE – STEP 3 Serial Connection Prerequisites - make sure the di rectory and the file name of the MNS-6K software image downloaded in steps 1 and 2 is known. To use the serial c onnection to update the MNS-6K image, the command dialog is shown below: Magnum6K25# show ve rsion MNS-6K-Secure Ve r: 14.1 Date:Jul 2 8 2008 Time:07:5 1:45 [...]

  • Seite 351

    UPDATING SOFTWARE – STEP 3 Upgrade is Succes sful. Please rebo ot Magnum 6Kxx to start the ap plication Magnum6K25# reboot Proceed on rebooting the swit ch? [ 'Y' or 'N' ] Y Do you wish to save current configuration? [ 'Y' or 'N' ] Y (The switch will now reboot. After the reboot, the Magnum 6K switch may pr[...]

  • Seite 352

    UPDATING SOFTWARE – STEP 3 351 Magnum6K25# show ve rsion MNS-6K-Secure Ve r: 14.1 Date:Jul 2 8 2008 Time:07:5 1:45 Build ID 1217 245902 Magnum6K25# upgrade mode=tftp 192.168.10.99 file=Rel4.2.bin Do you wish to upgrade th e image? [ 'Y' or 'N'] Y Upgrade is Successful. Please reb oot Magnum 6Kxx to sta rt the application Magnu[...]

  • Seite 353

    UPDATING SOFTWARE – STEP 4 Ste p 4 4. (Optional Step) R estoring the configur a tion Optionally , r estore back the original conf iguration and update the boot code….. t this optional step, the original configuration has been saved, MNS-6K image copied from the www.garrettcom.com site and then onto the Magnum 6K sw itch and finally, if required[...]

  • Seite 354

    UPDATING SOFTWARE – STEP 4 353 Upda ting boot code o v er the networ k As discussed in step 1 – selecting the proper version , with either upgrade path (to Version 2.7.1B or to Version 3.0), the boot code will be updated. At boot up time, the Ma gnum 6K sw itch identifies that there is a new version of the boot code and asks if the new boot cod[...]

  • Seite 355

    UPDATING SOFTWARE – STEP 4 354 Intentionally left blank[...]

  • Seite 356

    INDEX Inde x !!, 302 !<n>, 302 802.1d, 147, 151, 159, 160, 162, 165, 172, 293 802.1q, 230 802.1Q, 132, 147 802.1w, 159, 160, 165, 175 802.1x, 106, 107, 108, 109, 114 , 289 access, 46, 61, 102, 103, 104, 250, 288 action, 91, 92, 95, 104, 287 action port, 91 add, 30, 37, 94, 135, 138, 145, 200, 202, 204, 257, 258, 259, 261, 263, 264, 278, 279, [...]

  • Seite 357

    INDEX com2sec, 244, 248, 254, 299 community, 243, 253, 298, 305 community string, 239 config, 56, 57, 81, 82, 83, 284, 285, 286, 307, 324 config startip, 81, 83, 286 configure, 70, 104, 134, 285, 287 configure access, 42, 70, 285 CoS, 207 cost, 150, 152, 156, 158, 166, 170, 172, 292, 294 default user name, 26 DEFAULT-VLAN, 133 deftrap, 243, 247, 25[...]

  • Seite 358

    INDEX 223, 224, 227, 228, 240, 241, 244, 249, 252, 254, 255, 267, 281, 297, 299, 300, 304, 307, 308, 315, 318, 319, 322, 324 group add, 249 GSSAPI, 46 gvrp, 236, 297 GVRP, 230, 232 GVRP BPDUs, 230 help, 34, 37, 282 Helsinki University of Technology, 45 history, 252, 254, 300 History Group, 251 host, 61, 70 hosts, 56, 57, 284, 285, 307, 324 IEEE, 10[...]

  • Seite 359

    INDEX MIB, 109, 215, 239, 244, 251, 254, 299 mode, 221, 227, 229 mode L2, 227 mode normal, 228 modes of operation, 25 MOMENTARY, 256, 257, 258, 25 9, 260 more, 62, 70 MOTD, 266 NAS, 116 NTLM, 46 oldconf, 56, 57, 284, 285, 307, 324 OPEN, 184 OpenSSH, 46 Operator, 29 PAM, 46 passwd, 31, 37, 281 passwd user, 31 period, 258, 278, 300 PHB, 206 ping, 270[...]

  • Seite 360

    INDEX RFC 2273, 242 RFC 2274, 242 RFC 2275, 242 RFC 3164, 96, 97, 272 RFC 3315, 77 RFC 3396, 77 RFC 4251, 45 RFC 4252, 46 RFC 4253, 45 RFC 4254, 46 RFC 4256, 46 RFC 4391, 77 RFC 4541, 221 RFC 821, 260 RING_CLOSED, 178, 180 RING_OPEN, 179 rlogin, 44 rmon, 252, 254, 300 RMON, 251, 252, 254, 25 5, 257, 262, 300 RSA, 44, 46 rsh, 44, 45 RS-Ring, 174, 17[...]

  • Seite 361

    INDEX set serial, 50, 68, 283 set snmp, 242, 244, 253, 298 set stp, 151, 161, 172, 183, 185, 186, 293, 294, 295 set time, 52, 68, 283 set timeformat, 53, 68, 283 set timezone, 52, 68, 283 set vlan, 134, 145, 291 set-forbid, 236, 237, 298 set-leave, 225, 228, 297 setport, 109, 110, 114, 122, 123, 124, 128, 130, 289, 291 set-port, 136 set-port, 136 s[...]

  • Seite 362

    INDEX show active-snmp, 242, 244, 246, 253, 298 show active-stp, 151, 162, 167 , 172, 183, 185, 186, 293, 294, 295 show active-vlan, 138 show address-table, 277, 278 show alarm, 258, 259, 260, 300 show auth config, 110 show auth ports, 111 show backpressure, 126, 127, 131, 291 show broadcast-protect, 129, 130 show config, 37, 62, 63, 64, 70 , 281, [...]

  • Seite 363

    INDEX show-com2sec, 248 show-deftrap, 243, 247, 253, 299 show-forbid, 236, 237, 298 show-forceversion, 166, 168, 169, 172, 293 show-group, 223, 228, 244, 249, 254, 297, 299 show-port, 112, 113, 136, 142, 144, 146, 224, 228, 292, 297 show-portweight, 209, 212, 213, 296 show-router, 224, 225, 228, 297 show-stats, 113, 115, 290 show-timers, 166, 169, [...]

  • Seite 364

    INDEX 363 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 198, 210, 257, 259, 260, 292, 293, 294, 295, 307, 309, 313, 317, 319, 322, 323 stp enable, 151, 154 STP Path cost, 165 Stratum, 85, 86 supplicant, 106, 108, 109, 110, 114, 115, 289, 290 Supplicant, 106 SUSTAINED, 256, 257, 258, 259 sync, 53, 54, 68 syslog, 98, 99, [...]