Allied Telesis AT-8700XL Series manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Allied Telesis AT-8700XL Series, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Allied Telesis AT-8700XL Series one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Allied Telesis AT-8700XL Series. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Allied Telesis AT-8700XL Series should contain:
- informations concerning technical data of Allied Telesis AT-8700XL Series
- name of the manufacturer and a year of construction of the Allied Telesis AT-8700XL Series item
- rules of operation, control and maintenance of the Allied Telesis AT-8700XL Series item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Allied Telesis AT-8700XL Series alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Allied Telesis AT-8700XL Series, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Allied Telesis service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Allied Telesis AT-8700XL Series.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Allied Telesis AT-8700XL Series item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    C613-16086-00 REV B www .alliedtelesis.com AlliedW ar e TM OS How T o | Intr oduction It has increasingly become a legal r equirement fo r service providers to id entify which of their customers we re using a specific IP addr ess at a specific time . This means that ser vice pr oviders must be able to: z Know which customer was allocated an IP addr[...]

  • Page 2

    Page 2 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapier -style s witches Intr oduction This document contains the following contents: Intr oduction .......... .................................................................... .................................... ............................ 1 Which pr oducts and software v ersion does th[...]

  • Page 3

    Page 3 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapier -style s witches DHCP snooping Related Ho w T o Notes The follo wing How T o Note describes DHCP snooping on A T -9900, x900-48 and A T -8948 series switches: z How T o Use DHCP Snooping, Option 82, and Filt er ing on A T -9900 and x900-48 Series Switc hes The following Ho w T o Notes[...]

  • Page 4

    Page 4 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapi er -style switches DHCP snooping The database The switch watches the DHCP pack ets that it is passing back-and-for th. It also maintains a database that lists the DHCP leases it kno ws are being held by de vices downstream of its port s. Each lease in the database ho lds the following i[...]

  • Page 5

    Page 5 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapi er -style switches DHCP snooping List of terms: MA C Addr ess: The MAC addr ess of the snoope d DHCP client. IP Addr ess: The IP addr ess that has been allo cated to the snooped DHCP client. Expires: The time, in seconds, until the DHCP client entr y will expire. VLAN: The VLAN to which[...]

  • Page 6

    Page 6 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapi er -style switches DHCP snooping T rusted and non-trusted por ts The concept of trus ted and non-trusted por ts is fundamental to the operation of DHCP snooping: z T rusted por ts connect to a trusted entity in the netw ork, and are under the comple te contr ol of the network manager . [...]

  • Page 7

    Page 7 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapi er -style switches DHCP snooping Completely r e mo ving th e DHCP snooping database T o completely remo ve the database, it is necessar y to delete the file nvs:bindings.dsn . So the database is empty: Manager > delete fi=nvs:bindings. dsn nvs:bindings.dsn successfully del eted 1 fil[...]

  • Page 8

    Page 8 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapi er -style switches DHCP Option 82 DHCP Option 82 DHCP Rela y Agent Information Option 82 is an extension to the Dynamic Host Configuration Pr otocol (DHCP), and is defined in RFC 3046 and RFC 3993. DHCP Option 82 can be used to send inform ation about DHCP clients to the authenticating [...]

  • Page 9

    Page 9 | AlliedW are™ OS How T o Note: DHCP Snooping on Rapi er -style switches DHCP Option 82 Pr otocol details In the DHCP pack et, the Option 82 segment is organized as a single DHCP option containing one or more sub-options that con vey inf ormat ion known by the r ela y agent. The format of the option is shown below: Code Len A gent Informat[...]

  • Page 10

    Page 10 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches DHCP Option 82 Analysis The following table pr ovides an analysis of the strings in the above DHCP Request packet extract: The Agent circuit ID string 00 30 00 05 translates as: 30 = vlan48 05 = switch port 5 Configuring Option 82 Differ ent commands are used to turn[...]

  • Page 11

    Page 11 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches DHCP filtering DHCP filtering The purpose of DHCP filtering is to pre vent IP addr esses from being falsified or ‘spoofed’. This guarantees that customer s cannot a void detection by spoofing an IP ad dress that was not actually allocated to them. DHCP filtering [...]

  • Page 12

    Page 12 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches DHCP filtering ARP security It is also possible to enable DHCP snooping ARP security . If en abled this will ensur e that ARP pack ets receiv ed on non-trusted ports are onl y pe rmitted if they originate fr om an IP addr ess that has been allocated by DHCP . enable [...]

  • Page 13

    Page 13 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches DHCP filtering a maximum of 1 3 leases and por ts 3 to 8 giv en 1 lease each. After that, no por t could hav e its leases increased because the filter r esour ce is completely used up. Note: On Allied T elesis switches, IGMP snooping and MLD snooping are enabled by d[...]

  • Page 14

    Page 14 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Configuration exampl es Configuration examples This section contains the following examples: z "Configuring the switch for DHCP snooping, filtering and Option 82, when i t is acting as a la yer 2 s witch" on page 14 z "Configuring the switch for DHCP s[...]

  • Page 15

    Page 15 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Configuration exampl es add vlan="48" port=24 fram e=tagged uplink add vlan="48" port=1-23 This is a la yer 2 so lution. The IP pr ot ocol does not need to be configur ed. enable dhcpsnooping enable dhcpsnooping option 82 It is also possible to en[...]

  • Page 16

    Page 16 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Configuration exampl es create classifier=50 tcpdp ort=20 create classifier=51 tcpdp ort=21 create classifier=52 tcpdp ort=23 create classifier=53 ethfo rmat=ethii prot=0800 Classifiers will be applied in QoS to allow priori tisation or traffic shaping. The above exa[...]

  • Page 17

    Page 17 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Configuration exampl es Configuring the switch f or DHCP snooping, filtering, and Option 82, when it is acting as a la y er 3 BOO TP Rela y Agent In a la yer 3 r outing envir onment, the switch tak es on a r o le of BOO TP Rela y Agent, with support for DHCP Option 8[...]

  • Page 18

    Page 18 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Configuration exampl es enable ip add ip int=vlan48 ip=10.11 .67.254 mask=255.255.255.0 add ip int=vlan50 ip=10.50 .1.254 mask=255.255.255.0 add ip rou=0.0.0.0 mask=0. 0.0.0 int=vlan50 next=10.50.1.1 enable bootp relay add bootp relay=10.50.1.10 0 Here the DHCP ser v[...]

  • Page 19

    Page 19 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Configuration exampl es create classifier=50 tcpdp ort=20 create classifier=51 tcpdp ort=21 create classifier=52 tcpdp ort=23 create classifier=53 ethfo rmat=ethii prot=0800 Classifiers will be applied in QoS to allow priori tisation or traffic shaping. The above exa[...]

  • Page 20

    Page 20 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches T roub leshooting T r oubleshooting Use the command enable dhcpsnooping debug=all to get the most v erbose lev el of debugging a vailable . In the following sections, all debugging comes fr om that command. Let’ s look at how y ou can use debugging to investigate s[...]

  • Page 21

    Page 21 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches T roub leshooting The DHCP client continuall y sends r equests instead of a disco ver This happens when the client is r enewing it s lease or , for whatev er reason, believ es that should be issued a spec ific address. If the client does not r e ceiv e either an A CK[...]

  • Page 22

    Page 22 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches T roub leshooting Incr easing the por t’ s maxim um leases w ill permit multiple clients per port. Switch is dr opping ARPs If yo u have DH C P s no o p in g in AR P se c ur i ty m o de, then unknown clients on untrusted ports will not be able to ARP . Known client[...]

  • Page 23

    Page 23 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches T roub leshooting Y ou cannot work ar ound dropped ARPs fr om th e DHCP ser ver b y statically binding the DHCP ser v er’ s IP and MA C address to a port, in stead of setting it as trusted. The switch will not send the DHCP ser ver the DHCP r equest. The switch wil[...]

  • Page 24

    Page 24 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches T roub leshooting Displa ying log entries The sho w log command is also v er y useful: Manager > sh log Date/Time S Mod Type S Type Message -------------------------- ---------------------------------------------- 02 21:42:55 3 DHCP DHCPS A DD Adding new entry [ch[...]

  • Page 25

    Page 25 | AlliedW are™ OS How T o Note: DHCP Snooping on Rap ier -style switches Appendix 1 : ISC DHCP ser ver Appendix 1 : ISC DHCP ser ver One DHCP server that has been tested agai nst DHCP snooping is ISC DHCP . This is fr ee software with an option of a suppor t contract . At the time of writing this document, ISC DHCP did not support the log[...]

  • Page 26

    USA Headq u ar ters | 19800 Nor th Cr eek Parkwa y | S u ite 200 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895 E u r opea n Headq u ar ters | Via Motta 24 | 6830 Chiasso | Switzerla n d | T : +41 91 69769.00 | F: +41 91 69769.11 Asia-Paci f ic Headq u ar ters | 11 T ai Se ng Li n k | Si ng apor e | 534182 | T: +65 6383 3832 |[...]