Allied Telesis AT-9400 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Allied Telesis AT-9400, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Allied Telesis AT-9400 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Allied Telesis AT-9400. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Allied Telesis AT-9400 should contain:
- informations concerning technical data of Allied Telesis AT-9400
- name of the manufacturer and a year of construction of the Allied Telesis AT-9400 item
- rules of operation, control and maintenance of the Allied Telesis AT-9400 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Allied Telesis AT-9400 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Allied Telesis AT-9400, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Allied Telesis service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Allied Telesis AT-9400.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Allied Telesis AT-9400 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    613-001025 Rev. A Management Software AT-S63 ◆ Menus User’s Guide For Stand-alone AT-9400 Switches Version 2.2.0 for AT- 9400 Layer 2+ Switches Version 3.2.0 for AT-9400 Basic Layer 3 Switches[...]

  • Page 2

    Copyright © 2008 Allied Telesis, Inc. All rights reserved. No part o f this pub lication may be repro duced without prior wr itten permission from Al lied Telesis, Inc. Microsoft and Internet Explorer are register ed trademarks of Microsoft Corporation. Ne tscape Navigator is a registered trademar k of Netscape Communications Corpora tion. All oth[...]

  • Page 3

    3 Preface ........ ............. ................ ............. ............. ................ ............. ................ ............. ...... ....................... ...... 19 How This Guide is Organized .............. ................ ................ ............. ................ ................ ......... .... ............. ...... 20 Produ[...]

  • Page 4

    Contents 4 Displaying Port Statistics ....... ................. ................ ............. ................ ................ ................ ....... ................ ...... 80 Clearing Port Statistics ............... ................ ............. ................ ................ ............. .............. ............ ............. ...... [...]

  • Page 5

    AT-S63 Management So ftware Menus User’s Gui de 5 Listing All Files .............. ................ ............. ................ ............. ................ ............. ......... ............. .............. 159 Listing Files on the Compact Flash Card ... ................ ................ ................ ................ ................ [...]

  • Page 6

    Contents 6 Chapter 14: Class of Service .................... ............. ................ ............. ................ ............. ................ ........... 243 Configuring CoS ......................... ............. ................ ............. ................ ................ ............. ...... ............. ........... 244 Mapping [...]

  • Page 7

    AT-S63 Management So ftware Menus User’s Gui de 7 Configuring the SNMPv3 View Table ............... ... .......... ............. ............. ................ ............. ........... .............. . 331 Creating an SNMPv3 View Table Entry .............. ............. ................. ............ ............. ................ ....... ......[...]

  • Page 8

    Contents 8 Chapter 23: Multiple Sp anning Tree Protocol ......... ................ ............. ................ ............. ................ ........ 439 Selecting MSTP as the Active Spanning Tree Prot ocol ... ............. ............. ................ ............. ................ .. ...... 440 Configuring MSTP Bridge Set tings ......... .[...]

  • Page 9

    AT-S63 Management So ftware Menus User’s Gui de 9 Chapter 28: MAC Address-based VLANs .... ............. ................ ................ ............. ................ ............. ....... 533 Creating a MAC Address- based VLAN .................. ............. ................ ................ ............. ................ .. ............ 534[...]

  • Page 10

    Contents 10 Installing CA Certificates onto a Switch ........... ............. ................ ............. ................ ............. ..... .................. . 630 Viewing and Configuring the Maximum Number of C ertificates ................. ................ ................. ................ ... .6 3 1 Configuring SSL ..... ...............[...]

  • Page 11

    11 Figure 1: System Administration Menu .................. ........ .............. ........... ............ ........... ........... ...... .. ............ ........... ............. 32 Figure 2: System Configuration Menu ........................ .............. ............ .............. .............. .............. .............. ........... .....[...]

  • Page 12

    Figures 12 Figure 51: Display Flash Information Menu ............ ........... ............ ........... .............. ........... ........... .... ............. ........... ..........162 Figure 52: Displ ay Compact Flash Information Menu ...... ................ .............. ............ ........... ........... ........ ............ ........... ..[...]

  • Page 13

    AT-S63 Management So ftware Menus User’s Gui de 13 Figure 111: PoE Global Configuration Menu .................... ........... .............. .............. .............. ............. ........................ ........ 284 Figure 112: PoE Port Configuration Menu ................ .............. .............. .............. .............. ........[...]

  • Page 14

    Figures 14 Figure 172: Configure VLANs Menu ....................... .............. ........... .............. .............. .............. ..... ......... ............ .............. . 473 Figure 173: Create VLAN Menu.. ........... .............. ............ .............. ........... .............. .............. ....... ..................... ..[...]

  • Page 15

    AT-S63 Management So ftware Menus User’s Gui de 15 Figure 232: View Certificat e Details Menu (page 1) .................... .............. .............. .............. .............. . ............. ............ ..... 625 Figure 233: View Certificat e Details Menu (page 2) .................... .............. .............. .............. .......[...]

  • Page 16

    Figures 16[...]

  • Page 17

    17 Table 1: AT-S63 Modules ....................... ........... .............. .............. ........... .............. .............. .. ......... ............... ........... ........ 201 Table 2: Event Severity Levels ....................... ........... .............. .............. ............ .............. ........ ....................... ...[...]

  • Page 18

    Tables 18[...]

  • Page 19

    19 Pr eface This guide contains instructions on how to configure the AT-9400 Layer 2+ and Basic Layer 3 Gigabit Ethernet Switches from the menus of the AT-S63 Management Software. This preface contains the f ollowing sections:  “How This Guide is Organized” on p age 20  “Product Documenta tion” on p age 22  “Where to Go First” [...]

  • Page 20

    Preface 20 How This Guide is Organized This guide contains the following sections and chapters:  Section I: Basic Operations Chapter 1, “Basic Switch Parameters” on p age 31 Chapter 2, “Port Parameters” on p age 61 Chapter 3, “Enhanced S tacking” on page 8 5 Chapter 4, “SNMPv1 and SNMPv2c” on p age 93 Chapter 5, “MAC Address T [...]

  • Page 21

    AT-S63 Management So ftware Menus User’s Gui de 21  Section V : S panning T ree Protocols Chapter 22, “S panning T ree and Rapid S panning T ree Protocols” on page 419 Chapter 23, “Multiple S panning T ree Protocol” on page 439  Section VI: V irtual LANs Chapter 24, “Port-based and T agged VLANs” o n page 47 1 Chapter 25, “GAR[...]

  • Page 22

    Preface 22 Product Documentation For overview information on the feat ures of the AT-9400 Switch and the AT-S63 Management Sof tware, refer to:  A T-S63 Management Sof tware Features Guide (PN 613-001022) For instructions on starting a local or r emote management session on a stand-alone AT-9400 Switch or a stack, refe r to:  S tarting an A T[...]

  • Page 23

    AT-S63 Management So ftware Menus User’s Gui de 23 Where to Go First Allied Telesis recommends that you rea d Chapter 1, Overview, in the AT-S63 Management Software Features Guide before you b egin to manage the switch for the first time. There you will find a variety of basic information about the unit and the management software, like th e two [...]

  • Page 24

    Preface 24 Starting a Management Session For instructions on how to start a local or remote management session o n the AT-9400 Switch, refer to the Starting an AT-S63 Manag ement Session Guide .[...]

  • Page 25

    AT-S63 Management So ftware Menus User’s Gui de 25 Document Conventions This document uses the following convention s: Note Notes provide additional information. Caution Cautions inform you that perfo rmi ng or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performin g or omitting a spe[...]

  • Page 26

    Preface 26 Where to Find Web-based Guides The installation and user guides for all Allied Telesis products a re available in portable document format ( PDF) on our web site at www.alliedtelesis.com . You can view the documents online or download them onto a local workstation or server.[...]

  • Page 27

    AT-S63 Management So ftware Menus User’s Gui de 27 Contacting Allied Telesis This section provides Allied Telesis contact information for technica l support and for sales and corporate information. Online Support You can request technical support online from the Allied Telesis Knowledge Base at www.alliedtelesis.com/support/kb .aspx . You can sub[...]

  • Page 28

    Preface 28[...]

  • Page 29

    Section I: Basic Operations 29 Section I Basic Operations The chapters in this section p rovide information and pro cedures for basic switch setup using the AT-S63 Management So ftware. The chapters include:  Chapter 1, ”Basic Switch Parameters” on p age 31  Chapter 2, ”Port Parameters” o n page 61  Chapter 3, ”Enhanced S tacking[...]

  • Page 30

    30 Section I: Basic Op erations[...]

  • Page 31

    Section I: Basic Operations 31 Chapter 1 Basic Switch Parameters This chapter contains the following pro cedures:  “Configuring the Switch’ s Name, Location, and Cont act” on p age 32  “Changing the Manager and Operator Passwords” o n page 3 5  “Setting the System T ime” on page 38  “Rebooting the Switch” on p age 43 ?[...]

  • Page 32

    Chapter 1: Basic Switch Parameters 32 Section I: Basic Op erations Configuring the Switch’s Na me, Location, and Contact This procedure explains how to assi gn a name to the switch. Th e name appears at the top of the menu s. Names can help you identify your switches when you manage them and he lp you avoid performing a configuration procedure on[...]

  • Page 33

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 33 The System Configuration menu is shown in Figure 2. Figure 2. System Configuration Menu Note Selections 1 to 4 are described in “Disp laying the IP Address of the Local Interface” on page 555. Sele ction 8, ARP Cache Timeout, is described in “Setting the ARP Cac[...]

  • Page 34

    Chapter 1: Basic Switch Parameters 34 Section I: Basic Op erations dashes and asterisks. The default is no name. T his paramete r is optional. 4. After making cha nges, type R until you return to th e Main Menu. Then type S to select Save Configuration Ch anges.[...]

  • Page 35

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 35 Changing the Manager and Operator Passwords There are two levels of management access on the AT-9400 Switch: manager and operator. When you log in as mana ger, you can view and configure all of a switch’s operating parameters. When you log in as an operator, you can[...]

  • Page 36

    Chapter 1: Basic Switch Parameters 36 Section I: Basic Op erations 3. From the Authentication Configuratio n menu, type 5 to sel ect Passwords Configurat ion. The Passwords Configuration menu is shown in Figure 4. Figure 4. Passwords Configuration Menu 4. From the Passwords Configuration menu, type 1 to select Set Manager Password. The following pr[...]

  • Page 37

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 37 9. After making changes, type R until you r eturn to the Main Menu. Then type S to select Save Configuration Changes. Resetting the Manager Password This procedure can be used to bypass the login on the switch in the event you forget the manager password. This procedu[...]

  • Page 38

    Chapter 1: Basic Switch Parameters 38 Section I: Basic Op erations Setting the System Time This procedure explains how to set the switch’s date and time. Setting the system time is important if you confi gured the switch to send traps to your management stations. Traps from a switch where the time has not been set do not contain the correct da te[...]

  • Page 39

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 39 Setting the System Time Manually To set the system time manually, perfo rm the following procedure: 1. From the Main Menu, type 5 to sel ect System Admini stration. The System Administration menu is shown in Figure 1 o n page 32. 2. From the System Administration menu[...]

  • Page 40

    Chapter 1: Basic Switch Parameters 40 Section I: Basic Op erations Setting the System Time from an SNTP or NTP Server To configure the switch to obtain its date and time from an SNTP or NTP server on your network or the Internet, perform the following procedu re: 1. From the Main Menu, type 5 to select System Administration. The System Administrati[...]

  • Page 41

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 41 8. Type 5 to select Daylight Savings Time (DST) to enable or disable the switch’s ability to adjust its system time to daylight savings t ime. The following prompt is displayed: Adjust for Dayli ght Savings Time (E - En abled, D - Disabl ed) - > 9. Type E to enab[...]

  • Page 42

    Chapter 1: Basic Switch Parameters 42 Section I: Basic Op erations The Last Delta option in the menu displays the last adjustme nt that was applied to system time due to a drift in the system clock between two successive queries to the SNTP server . This is a read only field. Option U, Update System T ime, allows you to prompt the switch to poll th[...]

  • Page 43

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 43 Rebooting the Switch This procedure reboots the switch. Note Any configuration changes not sa ved are lost after the switch reboots. To save your configurat ion changes, retu rn to the Main Menu and type S to select Save Configuration Change s. Caution The switch does[...]

  • Page 44

    Chapter 1: Basic Switch Parameters 44 Section I: Basic Op erations Note Item 1 - File Operations, is described in Chapter 9, ”File System” on page 145. Item 2 - Do wnloads and Up load s is described in Chapter 10, ”File Downloads and Uploads” on page 167. Ping a Remote System, item 3, is described in “Pinging a Remote System” on page 49[...]

  • Page 45

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 45 Configuring the Console Startup Mode With this procedure you can con trol which management interface , menus or command line, is displayed at the start o f your local and remote management sessions. The def ault is the command line interface. To change the console sta[...]

  • Page 46

    Chapter 1: Basic Switch Parameters 46 Section I: Basic Op erations Configuring the Console Timer The AT-S63 Management Software uses the console timer, also referred to as the console disconnect interval, to automatically en d inactive local and remote management sessions. The manag ement software automatically ends a local or remote man agement se[...]

  • Page 47

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 47 Configuring the Telnet Server This procedure describes how to enable and disable the Telnet server on the switch. You might disable the se rver to prevent individuals from managing the switch with a Telnet applic ation or if you intend to use the Secure Shell (SSH) pr[...]

  • Page 48

    Chapter 1: Basic Switch Parameters 48 Section I: Basic Op erations Setting the Baud Rate of the Serial Terminal Port The default baud rate of the RJ-45 t ype se rial terminal port on the switch is 9600 bps. To change the baud rate, perform the f ollowing procedure: 1. From the Main Menu, type 5 to select System Administration . The System Administr[...]

  • Page 49

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 49 Pinging a Remote System This procedure instructs the switch to ping a remote device on your network. This can be use ful in determining whe ther a valid link exists between the switch and anoth er network device. The local subnet on the switch where the device is a me[...]

  • Page 50

    Chapter 1: Basic Switch Parameters 50 Section I: Basic Op erations Returning the AT-S63 Management Software to the Factory Default Values The procedure in this section returns all AT-S63 Manag ement Software parameters to the default values. Please n ote the following before you perform this procedure:  Returning all par ameter settings to t hei[...]

  • Page 51

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 51 If you respond with yes, the following prompt is displayed : Do you want to reset the serial port bau d rate to 9 600 bps? [Yes/N o] -> 5. To return the baud rate of the te rminal port on the swit ch to 9600 bps, type Y for yes. To retain its current speed setting,[...]

  • Page 52

    Chapter 1: Basic Switch Parameters 52 Section I: Basic Op erations Displaying Hardware and Software Information To display information about the switch hardware and software, p erform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 1 on page 32. 2. From the Sy[...]

  • Page 53

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 53 Subnet Mask Subnet mask of the local in terface. Gateway For A T-9400 Switches that support IPv4 routing, such as the A T-9424T s and A T-9448T s/XP switches, this field displays t he IP address of the next hop of the switch’ s default route. The switch uses the def[...]

  • Page 54

    Chapter 1: Basic Switch Parameters 54 Section I: Basic Op erations information about selection U , Uplink Information, refer to “Displaying Uplink Port Information” on p age 57.[...]

  • Page 55

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 55 Displaying System Hardware Information You can view information about the system hardware, including details about the fans and temperature settin gs. To display the system hardware information, perfo rm the following procedure: 1. From the Main Menu, type 5 to sel ec[...]

  • Page 56

    Chapter 1: Basic Switch Parameters 56 Section I: Basic Op erations The System Hardware Informati on menu provides the following information: System 1.25 V Power System 1.8V Power System 2.5 V Power System 3.3 V Power System 5 V Power System 12 V Power The current voltage of the six power supplies in the switch. System T emperature (Celsius) The ove[...]

  • Page 57

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 57 Displaying Uplink Port Information To display the information a bout the GBIC or SFP transceivers in stalled in the uplink ports, perform the follo wing procedure: 1. From the Main Menu, type 5 to sel ect System Admini stration. The System Administration menu is shown[...]

  • Page 58

    Chapter 1: Basic Switch Parameters 58 Section I: Basic Op erations 4. Type the number corresponding t o the slot where the transceiver is identified as “Present” to view detaile d information about that transceiver. The information disp layed depends upon the transce iver vendor and whether the slot contains an SFP or a GBIC transceiver. The GB[...]

  • Page 59

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 59 The GBIC/SFP Information menu (p age 2) is displayed. Figu re 12 shows some possible fields of information. Figure 12. GBIC/SFP Information Menu (Page 2) Note The information displayed in the me nus depends upon whethe r a GBIC or an SFP transceiver is installed and t[...]

  • Page 60

    Chapter 1: Basic Switch Parameters 60 Section I: Basic Op erations[...]

  • Page 61

    Section I: Basic Operations 61 Chapter 2 Port Parameters This chapter contains the proce dures for viewing and changing the parameter settings for the ind ividual ports on a switch, and contains the following procedures:  “Displaying Port S tatus” on p age 62  “Configuring Port Parameters” on pag e 65  “Configuring Head of Line B[...]

  • Page 62

    Chapter 2: Port Param eters 62 Section I: Basic Op erations Displaying Port Status To display the current status of the ports on the switch, pe rform the following procedure: 1. From the Main Menu, type 1 to select Port Configura tion. The Port Configuration menu is shown in Figure 13. Figure 13. Port Configu ration Menu 2. From the Port Configurat[...]

  • Page 63

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 63 Note The speed, duplex mode, and flow control settings are blank for a port that has not established a link to its end node. The Port S tatus menu disp lays a table tha t contains the followin g columns of information: Port The port number . Link The status of th e li[...]

  • Page 64

    Chapter 2: Port Param eters 64 Section I: Basic Op erations Port T ype The port type.[...]

  • Page 65

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 65 Configuring Port Parameters To configure the basic parameter setti ngs for a po rt, such as speed and duplex mode, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. The Port Configuration menu is shown in Figure 13 on p age 6[...]

  • Page 66

    Chapter 2: Port Param eters 66 Section I: Basic Op erations 4. Adjust the following paramet ers as necessary. Note A change to a parameter is immediately activate d on the port. 0 - Description Y ou use this option to assign a description to a port, from 1 to 1 5 alphanumeric characters. S paces are allowed, but you should not use special character[...]

  • Page 67

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 67 If you select Auto for Auto-Negotiation, which is the def ault setting, the switch sets speed , duplex mode, and MDI crossover for the port automatically . The switch determ ines the h ighest possible common speed between the port and it s end node and se ts the port [...]

  • Page 68

    Chapter 2: Port Param eters 68 Section I: Basic Op erations 1000 Mbps (Applie s only to 1000Base SFP and GBIC modules. This selection should not be used. An SFP or GBIC module should use Auto-Negotiation to set it s speed and duplex mode.) 8 - Duplex This item is only available when Negotiation is set to Manual. The possible settings are full -dupl[...]

  • Page 69

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 69 Configuring Head of Line Blocking Head of line (HOL) blocking is a proble m that occurs when a po rt on a switch becomes oversubscribed. An over subscribe d port is receiving more packets from other switch po rts than it can transmit in a timely manner. An oversubscri[...]

  • Page 70

    Chapter 2: Port Param eters 70 Section I: Basic Op erations other ports to discard packets destined for po rt D. Port A drops the D packets, enabling it to once again forward packets to port C. The number that you enter for this valu e represents cells. A cell is 128 bytes. The range is 0 to 81 91 cells. The default is 682. To set up head of line b[...]

  • Page 71

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 71 Configuring Flow Cont rol and Back Pressure A switch port uses flow control to co ntrol the flow of ingress packets from its end node when ope rating in full-duple x mode. A port using flow control issues a special frame, refe rred to as a PAUSE frame, as specified in[...]

  • Page 72

    Chapter 2: Port Param eters 72 Section I: Basic Op erations 4. From the Port Configuration menu, type 3 to select Flow Control. The Flow Control menu is shown in Figure 17. Figure 17. Flow Control Menu 5. Type 1 to select FLow Control (F ull-Duplex) Status to enable or disable flow control. The possible settings are: Disabled -No flow control on th[...]

  • Page 73

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 73 Configuring Port Filtering If the performance of your network is affected by heavy traffic, you can use these parameters to restrict ingres s and egress broadcast packets as well as unknown unicast and multicast pa ckets forwarded by a port. Activating this feature on[...]

  • Page 74

    Chapter 2: Port Param eters 74 Section I: Basic Op erations 5. From the Filtering menu, type 1 to togg le Unknown Unicast Ingress Filtering between Disabled and Enabled. 6. Type 2 to toggle Unknown Unicast Eg ress Filtering be tween Disabled and Enabled. 7. Type 3 to toggle Unknown Mult icast Ingress Filtering between Disabled and Enabled. 8. Type [...]

  • Page 75

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 75 Setting Up Rate Limiting The rate limiting feature allows you to set the maximum number of ingress packets the port accepts e ach second. Packets exceeding the threshold are discarded. You can enable rate limiting and set a rate independently for unknown unicast, mult[...]

  • Page 76

    Chapter 2: Port Param eters 76 Section I: Basic Op erations b. If you enabled the feature, type 2 to select Unknown Unicast Rate. The following prompt is displayed: Enter the Rate Limit (packe ts/second):[ 0 to 262143]- > c. Enter a number for the rate limit. 6. To control multicast packets, d o the following: a. Type 3 to toggle Multicast Rate [...]

  • Page 77

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 77 Resetting a Port Resetting a port is useful in situations where a port is having problems establishing a valid connection to its end node . Resetting a port does not change any of its parameter settings. To reset a port, perform the follo wing procedure: 1. From the M[...]

  • Page 78

    Chapter 2: Port Param eters 78 Section I: Basic Op erations Forcing Port Renegotiation Port renegotiation pr ompts a port operating in Auto-Negotiation to renegotiate its speed and duplex mode with its end node. T his option is useful if you believe that a port an d end node are not operating at t he same speed and duplex mode. To force port renego[...]

  • Page 79

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 79 Resetting the Port Configurat ion to the Default Settings You can return the parameters settings of a port to the default values. To reset a port’s settings to the de f ault settings, perform the following procedure: 1. From the Main Menu, type 1 to select Port Conf[...]

  • Page 80

    Chapter 2: Port Param eters 80 Section I: Basic Op erations Displaying Port Statistics To display Ethernet port statistics, perfo rm the following procedure: 1. From the Main Menu, type 1 to select Port Configura tion. The Port Configuration menu is shown in Figure 13 on p age 62. 2. From the Port Configuration menu, type 3 to select Port Statistic[...]

  • Page 81

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 81 The Display Port S tatisti cs menu is shown in Figure 2 1. Figure 21. Display Port Statistics Menu The Display Port S tatistics menu provides the following information: Bytes Rx Number of bytes received by the port. Bytes Tx Number of bytes transmitted from the port. [...]

  • Page 82

    Chapter 2: Port Param eters 82 Section I: Basic Op erations Frames 64 Frames 65-127 Frames 128-255 Frames 256-51 1 Frames 512-1023 Frames 1024-1518 Frames 1519-1522 Number of frames transmitted from the po rt, grouped by size. CRC Error Number of frames with a cyclic redundancy check (CRC) error but with the proper length (64-1518 byte s) received [...]

  • Page 83

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 83 Clearing Port Statistics To clear the Ethernet port sta tistics and reset them to “0”, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. The Port Configuration menu is shown in Figure 13 on p age 62. 2. From the Port Conf[...]

  • Page 84

    Chapter 2: Port Param eters 84 Section I: Basic Op erations[...]

  • Page 85

    Section I: Basic Operations 85 Chapter 3 Enhanced S tacking This chapter explains the enhanced stacking feature. The sections in this chapter include:  “Setting a Switch’ s Enhanced S tacking S tatus” on page 8 6  “Selecting a Switch in an Enhanced S tack” on p age 88  “Returning to the Master Switch” on p age 91  “Displ[...]

  • Page 86

    Chapter 3: En hanced Stacking 86 Section I: Basic Op erations Setting a Switch’s Enhanced Stacking Status The enhanced stacking status of the switch can b e master, slave, or unavailable. Each status is described below:  Master switch - The master switch is your entry point for managing th e switches of a stack. S tarting a local or remote man[...]

  • Page 87

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 87 Note Item 2, Stacking Services, is only displayed on master switche s. 2. To change a switch’s stacking sta tus, type 1 to select Switch State. The following prompt is displayed. Enter new s etup (M/S /U) -> 3. Type M to change the switch to a master switch, S to[...]

  • Page 88

    Chapter 3: En hanced Stacking 88 Section I: Basic Op erations Selecting a Switch in an Enhanced Stack In order to manage a switch other tha n the master switch in an enhanced stack, you must instruct the master switch to poll the common VLAN for the other switches and then select the switch. You can manage only one switch at a time To select a swit[...]

  • Page 89

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 89 The master switch polls the common sub net for the slave and master switches that are members of the e nhanced stack and displays a list o f the switches in the S tacking Servic es menu. An example is shown in Figure 24. Figure 24. Stacking Services Menu With List of [...]

  • Page 90

    Chapter 3: En hanced Stacking 90 Section I: Basic Op erations A prompt similar to the following is displayed: Enter the switch nu mber -> [1 to 24] 5. Type the number of the switch in the list you want to manage. 6. Enter the appropriate usern ame and password for the switch. The command line interface of the selected switch is displayed. Y ou n[...]

  • Page 91

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 91 Returning to the Master Switch When you are finished managing a slave switch, return to the Main Menu of the switch and type Q for Quit. This returns you to the Stacking Services menu on the master switch where you starte d the management session. You can either selec[...]

  • Page 92

    Chapter 3: En hanced Stacking 92 Section I: Basic Op erations Displaying the Enhanc ed Stacking St atus To view the stacking status of a switch in a stack, pe rform the following procedure: 1. From the Main Menu, type 8 to select Enhanced Stacking. The Enhanced S tacking me nu is shown in Figure 25. Figure 25. Enhanced Stacking Men u The menu shows[...]

  • Page 93

    Section I: Basic Operations 93 Chapter 4 SNMPv1 and SNMPv2c This chapter explains how t o activate SNMP management o n the switch and how to create, modify, and delete SNMPv1 and SNMPv2c community strings. Sections in the chapter include:  “Enabling or Disabling SNMP Management” on p age 94  “Setting the Authentication Failu re T rap”[...]

  • Page 94

    Chapter 4: SNMPv1 a nd SNMPv2c 94 Section I: Basic Op erations Enabling or Disabling SNMP Management To enable or disable SNMP management fo r the switch, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 1 on page 32. 2. From the System Administration m[...]

  • Page 95

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 95 Setting the Authentication Failure Trap As mentioned in the SNMP Overview se ction in this chapter, a trap is a message sent by the switch to a ma nagement workstation or server to signal an operating event, such as when the device is reset. An authentication failure [...]

  • Page 96

    Chapter 4: SNMPv1 a nd SNMPv2c 96 Section I: Basic Op erations Creating an SNMP Community String To create a new SNMP community string, pe rform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 1 on page 32. 2. From the System Administration menu, type 5 to sel[...]

  • Page 97

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 97 Stat us The operating sta tus of a community string. En abled means the st ring is available for use and Disabl ed means it is unavailab le. OpenAcc The access statu s of a community string. A string with a sta tus of Y es has an open status an d can be used by any ma[...]

  • Page 98

    Chapter 4: SNMPv1 a nd SNMPv2c 98 Section I: Basic Op erations management workstations. But you can assign only one to it initially with this procedure. To add add itional IP addresses, refe r to “Modifying a Community String” on page 99. If you assigned the community string an access st atus of open, leave this field blank by pressing Return. [...]

  • Page 99

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 99 Modifying a Community String To modify a community strin g, perform the following procedure: 1. From the Main Menu, type 5 to sel ect System Admini stration. The System Administration menu is shown in Figure 1 o n page 32. 2. From the System Administration menu, type [...]

  • Page 100

    Chapter 4: SNMPv1 a nd SNMPv2c 100 Section I: Basic Operati ons The menu options are described below: 1 - Add Attributes to Community If a community string has a closed access mod e, you can use this selection to add new IP addresses of managemen t workstations that can use the string. Y ou can also use this option to add IP addresses of new trap r[...]

  • Page 101

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 101 Enter SNMP Mana ger IP Addr: c. If you want to remove the IP ad dress of a management workstation from the community string, enter the IP address at t he prompt. Otherwise, just press Return. This prompt is displayed: Enter Trap Rece iver IP Addr: d. If you want to r[...]

  • Page 102

    Chapter 4: SNMPv1 a nd SNMPv2c 102 Section I: Basic Operati ons Enter Commun ity Status [E -Enable, D-Dis able]: c. Type E to enable the co mmunity string or D t o disable it. This confirmation prompt is displayed: Do you want t o change Com munity Status? ( Y/N): [Yes/N o] -> d. Type Y to change the st ring’s status or N to cancel the change.[...]

  • Page 103

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 103 Deleting a Community String To delete an SNMPv1 or SNMPv2c community string, perform the following procedure: 1. From the Main Menu, type 5 to sel ect System Admini stration. The System Administration menu is shown in Figure 1 o n page 32. 2. From the System Administ[...]

  • Page 104

    Chapter 4: SNMPv1 a nd SNMPv2c 104 Section I: Basic Operati ons Displaying the SNMP Community Strings To display the attributes of all the SN MP community string s on the switch, use the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 1 on page 32. 2. From the Sys[...]

  • Page 105

    Section I: Basic Operations 105 Chapter 5 MAC Addr ess T able This chapter contains the procedures for viewing the static and dynamic MAC address table. It also explains ho w to add static MAC addresses to the table. This chapter contains the following sections:  “Displaying the MAC Address T ables” on p age 106  “Adding S tatic Unica s[...]

  • Page 106

    Chapter 5: MAC Address Table 106 Section I: Basic Operati ons Displaying the MAC Address Tables The AT-S63 Management Software has t wo menu selections for displaying the MAC addresses of a switch. One selection d isplays the static and dynamic unicast MAC addres ses while the other displays the static and dynamic multicast addresses. To display th[...]

  • Page 107

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 107 Choose one of the following display types. 1 - Display All This selection displays all dyna mic addresses learned on the port s of the switch and all st atic addresses that have been assig ned to the ports. An example of a unicast MAC address table is shown in Figure[...]

  • Page 108

    Chapter 5: MAC Address Table 108 Section I: Basic Operati ons An example of a multicast MAC a ddr ess table is sho wn in Figure 33. Figure 33. Display All Menu - Multicast MAC Addresses The multicast MAC address table contains th e following columns of information: MAC Address The static or dyn amic multicast MAC address. VLAN ID The ID number of t[...]

  • Page 109

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 109 5 - Display S pecified MAC This selection displays the port number on which a MAC address was assigned or learned. If you want to know on which port a p articular MAC address was learned, you can display the MAC a ddress table and scroll through the list looking for [...]

  • Page 110

    Chapter 5: MAC Address Table 110 Section I: Basic Operati ons Adding Static Unicast a nd Multicast MAC Addresses This section contains the procedure fo r adding static unicast and mu lticast MAC addresses to the switch. You can assig n up to 255 static addresses per port on the AT-9400 Switch. To add a static MAC address, perform the following p ro[...]

  • Page 111

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 111 5. Enter the number of the port on t he switch where you want to assign the static address. If you are add ing a static unicast address, you can specify only one port. If you are entering a static multicast add ress, you must specify the port when the multicast appli[...]

  • Page 112

    Chapter 5: MAC Address Table 112 Section I: Basic Operati ons Deleting Unicast and Multicast MAC Addresses To delete a dynamic or static unicast or multicast address from the MAC address table, perform the following pro cedure: 1. From the Main Menu, type 4 to select MAC Address Tables. The MAC Address T ables menu is shown in Figure 30 on p age 10[...]

  • Page 113

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 113 Deleting All Dynamic MAC Addresses To delete all dynamic unica st and multicast MAC address from the MAC address table, perform the following procedure: 1. From the Main Menu, type 4 to select MAC Address Tables. The MAC Address T ables menu is shown in Figure 30 on [...]

  • Page 114

    Chapter 5: MAC Address Table 114 Section I: Basic Operati ons Changing the Aging Time The switch uses the aging time to del ete inactive dynamic MAC addresses from the MAC address table. The swit ch deletes a MAC address from the table when no packets are sent to or received from the end no de of the address for the period of time specif ied by t h[...]

  • Page 115

    Section I: Basic Operations 115 Chapter 6 S tatic Port T runks This chapter contains the procedur es for managing static port tru nks. Sections in the chapter include:  “Creating a S tatic Port T runk” on page 1 16  “Modifying a S tatic Por t T runk” on page 120  “Deleting a S tatic Port T runk” on p age 123[...]

  • Page 116

    Chapter 6: St atic Port Trunks 116 Section I: Basic Operati ons Creating a Static Port Trunk This section contains the procedure fo r creating a static p ort trunk on a switch. Caution Do not connect the cables to the t runk ports on the switches until after you have configured the trunk with the manage ment software. Connecting the cables before c[...]

  • Page 117

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 117 3. From the Port Trunking and LACP menu , type 1 to select Static Port Trunking. The S tatic Port T runking menu is shown in Figure 36. Figure 36. Static Port Trunking Menu This menu lists th e current trunks on the switch. The information includes the following: [...]

  • Page 118

    Chapter 6: St atic Port Trunks 118 Section I: Basic Operati ons The Create T runk menu is shown in Figure 37. Figure 37. Create Trunk Menu 5. Configure the follo wing parameters as necessary: 1 - T runk ID S pecifies the trunk ID, a value from 1 to 6. Y ou cannot specify a trunk ID. The management sof tware select s it for you. The default value is[...]

  • Page 119

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 119 6. Type C to select Create Trunk. The port trunk is now active on the switch. 7. To permanently save your change, return to th e Main Menu and type S to select Save Configuration Changes. 8. Configure the ports on the remote switch for port trunking. 9. Connect the c[...]

  • Page 120

    Chapter 6: St atic Port Trunks 120 Section I: Basic Operati ons Modifying a Static Port Trunk This section contains the procedure f or modifying a static port trunk on the switch. Caution If you will be adding or removing ports from the trunk, you should disconnect all data cables from the p orts of the trunk on the switch before performing the pro[...]

  • Page 121

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 121 5. Enter the ID number of the trunk you want to modify. The Modify T runk menu is display ed. The menu displays the operating specifications of the selected trunk. An example is shown in Figure 38. Figure 38. Modify Trunk Menu Note You cannot change a trunk’s ID n [...]

  • Page 122

    Chapter 6: St atic Port Trunks 122 Section I: Basic Operati ons 6. Type M to select Modify Trunk. The modifications to the port trunk are activa ted on the switch. 7. To permanently save your change, re turn to the Main Menu and type S to select Save Configur ation Changes. 8. Reconnect the cables to th e ports of the trunk on the switch. The modif[...]

  • Page 123

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 123 Deleting a Static Port Trunk To delete a static port trunk from th e switch, perform the following procedure: Caution Disconnect the cables from the port trunk on the switch before performing the following procedure. Deleting a po rt trunk without first disconnecting[...]

  • Page 124

    Chapter 6: St atic Port Trunks 124 Section I: Basic Operati ons[...]

  • Page 125

    Section I: Basic Operations 125 Chapter 7 LACP Port T runks This chapter contains the procedur es for managing LACP port t runks. Sections in the chapter include:  “Enabling or Disabling LACP” on p age 126  “Setting the LACP System Priority” on page 1 28  “Creating an Aggregator” on p age 129  “Modifying an Aggregator” o[...]

  • Page 126

    Chapter 7: LACP Port Trunks 126 Section I: Basic Operati ons Enabling or Disabling LACP This procedure explains how to enable or disable LACP on the switch. When you enable LACP, the switch begins to transmit LACPDU packets from ports assigned to aggregato rs. If ports in an aggregator receive LACPDU packets from a remote device, the switch creates[...]

  • Page 127

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 127 4. Type 1 to toggle LACP Status b etween Disabled and Enabled. The default is disabled. 5. To permanently save your change, return to the Main Menu and type S to select Save Configur ation Changes.[...]

  • Page 128

    Chapter 7: LACP Port Trunks 128 Section I: Basic Operati ons Setting the LACP System Priority This procedure explains how to set the LACP system priority value on a switch. The switch uses this param eter if a conflict occu rs when establishing an aggregate trunk with t he other device. The LACP settings on the device with the higher priority take [...]

  • Page 129

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 129 Creating an Aggregator To create an aggregator, perfo rm the following procedure: Caution Do not connect the cables to t he ports of the aggregator on the switch until after you have configured the aggregato r with the management software and enable d LACP. Connectin[...]

  • Page 130

    Chapter 7: LACP Port Trunks 130 Section I: Basic Operati ons The Create LACP (IEEE 8023ad) Aggregator menu is shown in Figure 40. Figure 40. Create LACP (IEEE 8023ad) Aggrega tor Menu 5. Configure the follo wing parameters as necessary: 1 - Aggregator S pecifies a name for the aggregator . The name can be up to 20 alphanumeric characters. S paces a[...]

  • Page 131

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 131 3 - Distribution Mode Sets the loa d distribution method. Possible settin gs are:  SRC MAC - Source MAC address  DST MAC - Destination MAC address  SRC/DST MAC - Source address /destination MAC address  SRC IP - Source IP address trunking  DST IP - Des[...]

  • Page 132

    Chapter 7: LACP Port Trunks 132 Section I: Basic Operati ons Modifying an Aggregator This procedure explains how to modi fy an aggr egator. You can use this procedure to change the loa d distribution method of a n aggregator or to add or remove ports. To mod ify an aggregator, you need t o know its name. To view the names of the existing aggregator[...]

  • Page 133

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 133 5. Type 1 to select Aggregat or and, when prompted, enter the name of the aggregator to be modified. The name is case-sensitive. (To display the names of the aggregators on a switch, refer to “Displaying LACP Port and Aggregator Status” on page 135) After you ent[...]

  • Page 134

    Chapter 7: LACP Port Trunks 134 Section I: Basic Operati ons Deleting an Aggregator This procedure deletes an aggregator fro m the switch. The ports that are members of the aggregator stop transmitting LACPDU packets a fter the aggregator is deleted. Caution Disconnect the cables from the ports of the aggr egator before performing the following pro[...]

  • Page 135

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 135 Displaying LACP Port and Aggregator Status To display LACP port and aggre gator status, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. 2. From the Port Configuration me nu, type 4 to select Port Trunking and LACP. The Por[...]

  • Page 136

    Chapter 7: LACP Port Trunks 136 Section I: Basic Operati ons Figure 43 is an example of the LACP (I EEE 802.3ad) Aggregat or S tatus menu. The information is for viewing purp oses only . Figure 43. LACP (IEEE 802.3ad) Aggregator Status Menu Allied Telesi s AT-9448T/ SP - AT-S63 Marketing User: Manag er 11:20:02 02 -Mar-2005 LACP (IEEE 80 2.3ad) Ag [...]

  • Page 137

    Section I: Basic Operations 137 Chapter 8 Port Mirr oring This chapter contains the procedur es for cr eating and deleting a port mirror. Sections in the chapter include:  “Creating a Port Mirror” on p age 138  “Disabling a Port Mirror” on p age 140  “Modifying a Port Mirror” on page 141  “Displaying the Port Mirror” on [...]

  • Page 138

    Chapter 8: Po rt Mirroring 138 Section I: Basic Operati ons Creating a Port Mirror To create a port mirror, perform the following procedure : 1. From the Main Menu, type 1 to select Port Configura tion. 2. From the Port Configuration menu, type 6 to select Port Mirroring . The Port Mirroring menu is shown in Figure 44. Figure 44. Port Mirroring Men[...]

  • Page 139

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 139 The following prompt is displayed: Mirror-To P ort (0-24 ): 6. Enter the number of the port to function as the destination port. This is the port where the traffic from the s ource ports will be copie d to and where the network analyzer will be located. You can spe c[...]

  • Page 140

    Chapter 8: Po rt Mirroring 140 Section I: Basic Operati ons Disabling a Port Mirror To delete a port mirror, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configura tion. 2. From the Port Configuration menu, type 6 to select Port Mirroring . The Port Mirroring menu is shown in Figure 45 on p age 138. 3. From the Port[...]

  • Page 141

    AT-S63 Management So ftware Menus User’s Gui de Section I: Basic Operat ions 141 Modifying a Port Mirror To modify the port mirror, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. 2. From the Port Configuration me nu, type 6 to select Port Mirroring . The Port Mirroring menu is shown in Figure 45 on p [...]

  • Page 142

    Chapter 8: Po rt Mirroring 142 Section I: Basic Operati ons Displaying the Port Mirror To display the port mirror, perform the following proced ure: 1. From the Main Menu, type 1 to select Port Configura tion. 2. From the Port Configuration menu, type 6 to select Port Mirroring . The Port Mirroring menu is shown in Figure 46. Figure 46. Port Mirror[...]

  • Page 143

    Section II: Advanced Operations 143 Section II Advanced Operations The chapters in this section contain overview information on some of the advanced features of the AT-9400 Switch. The ch apters also contain procedures for configuring the se features using the AT-S63 Management Software. The chapters include:  Chapter 9, ”File System” on pag[...]

  • Page 144

    144 Section II: Advanced Operations[...]

  • Page 145

    Section II: Advanced Operations 145 Chapter 9 File System The chapter describes the AT-S63 f ile system, and how you can copy, rename, and delete system file s from the file system or from a comp act flash card. This chapter also explains how you can use the file system to select which boot configuration file you want the switch to use the next tim[...]

  • Page 146

    Chapter 9: File System 146 Section II: Advanced Operations Working with Boot Configuration Files A boot configuration file contains the series of co mmands that recreate the current or a specific configuration of the switch when the unit is power cycled or reset. The commands in the file recreate all the VLANs, port settings, spanning tree settings[...]

  • Page 147

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 147  “Selecting the Active Boot Configuration File for the Switch” on page 149 Creating a Boot Configuration File To create a boot configura tion file that contains the switch’s current configuration, perform the following procedure: 1. From the Main Menu, t[...]

  • Page 148

    Chapter 9: File System 148 Section II: Advanced Operations 4. From the File Operations menu, type 3 to select Crea te Configuration File. The following prompt is displayed: Enter the file name : 5. Enter a file name for the new boot configuration file. When enterin g a file name, observe the following:  Be sure to inclu de the “.cfg” extensi[...]

  • Page 149

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 149 Note Only the active boot configuration file is changed when you select the Save Configuration Ch anges option in the Main Menu. No othe r boot configuration file s stored on the switch are altered. Selecting the Active Boot Conf iguration File for the Switch You[...]

  • Page 150

    Chapter 9: File System 150 Section II: Advanced Operations file system, but is instead used and upda ted directly from the car d. If you remove the card and reset th e switch, the management sof tware uses its default se ttings.  If the file is on a flash memory card, you must change to the directory where the file is stored befo re performing t[...]

  • Page 151

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 151 The name of the file sh ould now appear following selection 1 in the File Operations menu. The file name shou ld be followed by “Exist”, which means that the file exists in the switch’ s file system. If the management sof tware is unable to find the file, i[...]

  • Page 152

    Chapter 9: File System 152 Section II: Advanced Operations The contents of the boot configuration file are displayed in the V iew File menu. An example is shown in Figure 48. Figure 48. View File Menu with Sample Boot Configura tion File A boot configuration file cont ains those switch se ttings that dif fer from the A T-S63 default values. The p a[...]

  • Page 153

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 153 The following are several guidelines fo r editing a boot con figuration file:  The text editor must be able to store the file as ASCII text. Do no t use special formatting codes, such as boldface or it alics.  The boot configuration file must cont ain A T-S[...]

  • Page 154

    Chapter 9: File System 154 Section II: Advanced Operations Copying a System File This procedure is used to create copies of f iles stored in a switch’s file system or on a flash memory card. For instance , you might perform this procedure to create a copy of a conf iguration file so that you have a backup copy. You can also use this procedure is [...]

  • Page 155

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 155 6. Enter the new file name. The file name can be up to 16 alphanumeric characters, followed by a 3 letter extension. You must keep the sa me extension as the original file. To st ore the file on a compact flash card, precede the filename with “cflash :” The f[...]

  • Page 156

    Chapter 9: File System 156 Section II: Advanced Operations Renaming a System File This procedure is used to rename files in a system’s file system or a compact flash card. Before renaming a file, note the follo wing:  T o rename a file on a compact flash card, you must first chan ge to the directory where the file is stored. T his procedure do[...]

  • Page 157

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 157 Y ou can enter a file name of up to 16 alphanumeric characters, followed by a 3 letter extension. Y ou must keep the same extension. If the file is located on a compact flash card, precede the filename with “cflash:” The following message is displayed: Please[...]

  • Page 158

    Chapter 9: File System 158 Section II: Advanced Operations Deleting a System File This procedure is used to delete files fr om a system’s flash memory or a compact flash card. Before deleting a file, note the follo wing:  Deleting the active boot configura tion file and then resetting the switch returns the unit to it s default p arameter sett[...]

  • Page 159

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 159 Displaying System Files Use this procedure to display a list of the system files current ly stored either in the flash memory of the switch or on a compact flash card. Listing All Files To display a list of the system files stored in flash memory as well as o n a[...]

  • Page 160

    Chapter 9: File System 160 Section II: Advanced Operations An example of this disp lay is shown in Figure 49. Figure 49. List Files Menu for Flas h Memory a nd a Compact Flash Card Note If the switch does not support a compact flash card , only the files in flash memory are displayed. To d isplay only the files in flash memory, precede the file nam[...]

  • Page 161

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 161 Listing Files on the Compact Flash Card To view the files on the compact flash card, perform the following procedure: 1. From the Main Menu, type 5 to sel ect System Admini stration. 2. From the System Administration menu, type 9 to select System Utilities. 3. Fr[...]

  • Page 162

    Chapter 9: File System 162 Section II: Advanced Operations Working with Flash Memory The flash memory in the AT-9400 Switch stores the file system and the permanent event log. Displaying Information about the Flash Memory To display information about the fl ash memory, perform the following procedure: 1. From the Main Menu, type 5 to select System [...]

  • Page 163

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 163 Formatting the Flash Memory The procedure formats the flash memory in t he switch. Caution Formatting the flash memory delet es ALL files o n the switch, including the active configur ation file, encryption keys, and certificates. Only the AT-S63 image file in th[...]

  • Page 164

    Chapter 9: File System 164 Section II: Advanced Operations Working with the Compact Flash Card Some of the AT-9400 Switches have a slot for a co mpact flash card. Compact flash cards can be used for transferring files b etween switches, such as configuration files, and stor ing backup copies of files. Displaying Compact Flash Card Information To di[...]

  • Page 165

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 165 The Display Compact Flash In format ion menu provides the fo llowing information: Current Directory The currently selected directory. To chang e the directory, see “Ch anging the Current Flash Card Directory” on pag e 166. Number of files The number of files [...]

  • Page 166

    Chapter 9: File System 166 Section II: Advanced Operations Size The size in KB of the compact flash card. Used The amount of space that is currently used. Free The amount of space that is free. Changing the Current Flash Card Directory To change the current directory on a compa ct flash card, perform the following procedure: 1. From the Main Menu, [...]

  • Page 167

    Section II: Advanced Operations 167 Chapter 10 File Downloads and Uploads This chapter contains the proce dures for downloading a n ew AT-S63 image file onto the switch. This cha pte r also contains the procedures for uploading and downloading system files, such as a boot co nfiguration file, from the file system in the switch . The procedures in t[...]

  • Page 168

    Chapter 10: File Downloa ds and Uploa ds 168 Section II: Advanced Operations Downloading the AT-S63 Im age File onto a Switch This section contains the following two proce dures:  “Downloading the A T-S63 Image from a Local Mana gement Session” on page 170  “Downloading the A T-S63 Image from a Remote Management Session” on p age 174 [...]

  • Page 169

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 169 interface is assigned the same address. If the unit obtained its IP configuration from a DHCP or BOOTP server, the inte rface is created with the DHCP or BOOTP client acti vated. The interface is given the interface number 0 and assigned to the preexisting manage[...]

  • Page 170

    Chapter 10: File Downloa ds and Uploa ds 170 Section II: Advanced Operations Downloading the AT-S63 Image from a Local Management Session Review “Guidelines” on page 168 before performing the following download procedure. To download a new AT-S63 software image into the application block portion of the switch’s flash memory, making it the act[...]

  • Page 171

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 171 The following prompt is displayed: TFTP Server IP address: b. Enter the IP address of the TFTP server. The following prompt is displayed: Remote File Na me: c. Enter the file name of the AT-S63 image file stored o n the TFTP server. The following message is displ[...]

  • Page 172

    Chapter 10: File Downloa ds and Uploa ds 172 Section II: Advanced Operations Note The transfer protocol must be Xmodem or 1K Xmodem. 8. Type Y for Yes. The prompt “Downloading” is displayed. 9. Begin the file transfer. S teps 10 through 13 illustrate how you download a file using the Hilgraeve HyperT erminal program. 10. From the HyperTerminal [...]

  • Page 173

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 173 13. Click Send . The software immedia tely begins downloading onto the switch. Th e Xmodem File Send window in F igure 57 displays the current st atus of the software d ownload. The download process t akes several minutes to complete. Figure 57. XModem File Send [...]

  • Page 174

    Chapter 10: File Downloa ds and Uploa ds 174 Section II: Advanced Operations Downloading the AT-S63 Image from a Remote Management Session Review “Guidelines” on page 168 before performing the following download procedure. To download a new AT-S62 image file in to the application block portion of the switch’s flash memory, making it the activ[...]

  • Page 175

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 175 After the switch ha s downloaded the image file, the following message is displayed: File receiv ed succes sfully! After receivin g the file, the switch comp ares the version number of the new image file that you just downlo aded against the file already in the a[...]

  • Page 176

    Chapter 10: File Downloa ds and Uploa ds 176 Section II: Advanced Operations Uploading the AT-S63 Image File Switch to Switch The procedure in this section uplo ads the AT-S63 software image from a master AT-9400 Switch to another AT-9400 Switch in an enhanced switch. This procedure is useful in networks tha t contain a large number of AT-9400 Swit[...]

  • Page 177

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 177 For example, if the switch ha s the st atic IP address 149.44.44.44 and the management VLAN has a VID of 12, the upgrade process automatically creates a routing inte rface with the same IP address and names it VLAN12-0. It assigns the in t erface to the VLAN with[...]

  • Page 178

    Chapter 10: File Downloa ds and Uploa ds 178 Section II: Advanced Operations The following prompt is displayed: Do you want con firmatio n before downlo ading each switch - > [Yes/No] 7. If you answer Yes to this prompt, the man agement software prompts you with a confirmation message be fore upgrading a switch. If you answer No, the management [...]

  • Page 179

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 179 Uploading an AT-S63 Configurat ion File Switch to Switch This procedure explains how to upl oad a boot configuration file on a master AT-9400 Switch to another AT-9400 Switch in an enhanced stack. This procedure provides you with an easy way of distributing a con[...]

  • Page 180

    Chapter 10: File Downloa ds and Uploa ds 180 Section II: Advanced Operations Caution This procedure causes the switch to rese t. Some network traffic may be lost. To upload a boot configuration file on t he master switch to another switch in an enhanced stack, perform the fo llowing procedure: 1. From the Main Menu, type 8 to select Enhanced Stacki[...]

  • Page 181

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 181 After you have ent ered a name, the following prompt is displaye d: Enter the l ist of sw itches -> 7. Enter the number (Num column in the menu) of the AT-9400 Switch to receive the configuration file. You can specify more than one switch at a time (for exampl[...]

  • Page 182

    Chapter 10: File Downloa ds and Uploa ds 182 Section II: Advanced Operations Downloading a System File This section contains the following two proce dures:  “Downloading a System File fro m a Local Management Session” on page 184  “Downloading a System File from a Remote Management Session” on page 187 Both procedures are used to do w[...]

  • Page 183

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 183  Y ou must use TFTP to download files from a remote manageme nt session.  If the switch supports a flash memory card, you can use the se procedures to download a file to the card rat her than the switch’ s file system. T o download a file to a flas h me m[...]

  • Page 184

    Chapter 10: File Downloa ds and Uploa ds 184 Section II: Advanced Operations Downloading a System File from a Local Management Session Review “Guidelines” on page 182 bef ore performing this procedure. To download a system file onto a switch from a local management session using Xmodem or TFTP, perform the followin g procedure: 1. From the Main[...]

  • Page 185

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 185 d. Enter a name for the system file. This is th e name that the switch will store the file as in its file syst em. To store the file on a flash memory card in the switch rather than th e file system, precede the name with “cflash:”. The following message is d[...]

  • Page 186

    Chapter 10: File Downloa ds and Uploa ds 186 Section II: Advanced Operations The prompt “Downloading” is displayed. 9. Begin the file transfer of the syst em file using the terminal emulator program. S teps 10 through 1 4 illustrate how to do wnload a syst em file using the Hilgraeve HyperT erminal program. 10. From the HyperTerminal main windo[...]

  • Page 187

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 187 The file immediately begins downloadin g onto the switch. The Xmodem File Send window in F igure 60 displays the current st atus of the download. Figure 60. XModem File Send Window The download is complete when t he Downlo ads and Uploads menu is redisplayed. 14.[...]

  • Page 188

    Chapter 10: File Downloa ds and Uploa ds 188 Section II: Advanced Operations The System Utilities menu is shown in Figure 6 on page 43. 4. From the System Utilities menu, type 2 to select Downloads and Uploads. The Downloads and Uploads menu is shown in Figure 54 on p age 170. 5. From the Downloads and Uploads menu, type 3 to select Download a File[...]

  • Page 189

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 189 This completes the procedure for downlo ading a file into the switch’ s file system or flash memory card from a remote manage ment session using TFTP .[...]

  • Page 190

    Chapter 10: File Downloa ds and Uploa ds 190 Section II: Advanced Operations Uploading a System File This section contains the following two proce dures:  “Uploading a System File fro m a Local Management Session” on page 191  “Uploading a System File fro m a Remote Management Session” on page 194 These procedures explain how to uploa[...]

  • Page 191

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 191  T o upload a public key , you must first export it from the key dat abase into the switch’ s file system. For instructions, refer to “Exp orting an Encryption Key” on page 602. Pub lic keys have the file na me extension “.key .”  Y ou cannot uplo[...]

  • Page 192

    Chapter 10: File Downloa ds and Uploa ds 192 Section II: Advanced Operations 5. From the Downloads and Uploads menu, type 4 to select Upload a File. The following prompt is displayed: Upload Metho d/Protoco l [X-Xmodem, T- TFTP]: 6. To upload a system file using Xmodem, go to Step 7. To upload a file using TFTP, do the following: a. Type T . The fo[...]

  • Page 193

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 193 8. Enter the name of the system file on the switch that you want to uploa d to your computer. You can specify only one file. You cannot use wildcards in the file name. If the file is stored on a flash memory card, precede the name with “cflash :”. The followi[...]

  • Page 194

    Chapter 10: File Downloa ds and Uploa ds 194 Section II: Advanced Operations The Receive File window is shown in Figure 62. Figure 62. Receive File Window 12. Click Browse and specify the location on your computer wh ere you want the system file stored. 13. Click in the Protocol field and sele ct as the transfer protocol eith er Xmodem or, for a fa[...]

  • Page 195

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 195 4. From the System Utilities menu, type 2 to select Downloa ds and Uploads. The Downloads and Uploads menu is shown in Figure 54 on p age 170. 5. From the Downloads and Up loads menu, type 4 to select Upload a File. The following prompt is displayed: Only TFTP u [...]

  • Page 196

    Chapter 10: File Downloa ds and Uploa ds 196 Section II: Advanced Operations[...]

  • Page 197

    Section II: Advanced Operations 197 Chapter 11 Event Logs and the Syslog Client This chapter describes how to mo nitor t he activity of a switch by viewing the event messages in the event logs an d sending the messages to a syslog server. Sections in the chapter include:  “Working with the Event Logs” on p age 198  “Configuring Log Outp[...]

  • Page 198

    Chapter 11: Event Lo gs and the Sysl og Client 198 Section II: Advanced Operations Working with the Event Logs This section contains the following proced ures:  “Enabling or Disabling the Event Logs,” n ext  “Displaying an Event Log” on p age 199  “Modifying the Event Log Full Action” on p age 205  “Clearing an Event Log?[...]

  • Page 199

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 199 3. To enable or disable event logging, type 1 to togg le Event Logging between the two options: Enabled The switch immediately begin s to add events to the logs and send events to any defin ed syslog servers. This is the default. Disabled The switch does not stor[...]

  • Page 200

    Chapter 11: Event Lo gs and the Sysl og Client 200 Section II: Advanced Operations 4. To select the order of the events in the event lo g, type 3 to select Display Order and toggle between these two options: Chronological Displays the events in th e order from the oldest even t to the most recent event. This is the default. Reverse Chronologica l D[...]

  • Page 201

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 201 7. To view the events of a particular AT-S63 software module, type 7 to select Event Module and enter the module. To specify more than one module, separate them by a comma—for example, “system, stp, ptrunk.” The default is ALL, which displa ys the events of[...]

  • Page 202

    Chapter 11: Event Lo gs and the Sysl og Client 202 Section II: Advanced Operations PSEC MAC address-bas ed port security PTRUNK S tatic port trunking QOS Quality of Service RADIUS RADIUS authentication protocol RPS Redundant power supply RRP RRP snooping RTC Real time clock SNMP SNMP SSH Secure Shell protocol SSL Secure Sockets Laye r protocol STP [...]

  • Page 203

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 203 8. To display the event message s of the log and settings you have chosen, type V to select View Log. Figure 64 shows an example of an event log in Norma l mode. Figure 64. Event Log Example in Normal Mode The events are displayed in a t a ble. The columns in the[...]

  • Page 204

    Chapter 11: Event Lo gs and the Sysl og Client 204 Section II: Advanced Operations within the A T-S63 Management Sof tware that generated the e vent. The second part is a de scription of the event. When you display the event s in full mode, more information is included. Figure 65 shows the same portio n of the event log in Figure 64 on page 203 but[...]

  • Page 205

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 205 Modifying the Event Log Full Action This procedure explains how to contro l the action of the logs when they reach the maximum capacity of 4,000 events for the temporary log and 2,000 events for the permanent log. A log can either delete the oldest entries as it [...]

  • Page 206

    Chapter 11: Event Lo gs and the Sysl og Client 206 Section II: Advanced Operations Clearing an Event Log To clear all events from an event l og, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. 2. From the System Administration menu, type 8 to select Event L og. The Event Log menu is shown in Figure 63[...]

  • Page 207

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 207 When the save process is complete, the wo rd “Complete” is displayed, followed by another prompt: Press any k ey to con tinue. 7. Press any key. The log file is saved in the switch ’s file system as an ASCII file. 8. To view the log file, type R to ret urn [...]

  • Page 208

    Chapter 11: Event Lo gs and the Sysl og Client 208 Section II: Advanced Operations 13. To upload the file to your management station, refer to “Uploading a System File” on page 190.[...]

  • Page 209

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 209 Configuring Log Outputs There are two methods for viewing t he events generated by the switch. One approach is to display one of the switch’s event logs. The dra wback to this method is that you must establish a manage ment session with the switch before you ca[...]

  • Page 210

    Chapter 11: Event Lo gs and the Sysl og Client 210 Section II: Advanced Operations Creating a Log Output Definition To create a log output definition, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. 2. From the System Administration menu, type 8 to select Event L og. The Event Log menu is shown in Fig[...]

  • Page 211

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 211 The Syslog Output Configuration menu is displayed, as shown in Figure 68. Figure 68. Syslog Output Configuration Me nu 6. From the Syslog Output Configur ation menu, type 1 to select Output ID. The following prompt is displayed: Enter new outpu t ID [2 to 20] -&g[...]

  • Page 212

    Chapter 11: Event Lo gs and the Sysl og Client 212 Section II: Advanced Operations 11. Type 4 to toggle Message Format between the f ollowing options: Normal Sends the severity , module, and description for each event. Extended Sends the same information as No rmal along with the date, time, an d switch’s IP ad dress. This is the default. 12. Typ[...]

  • Page 213

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 213 For example, the setting of DEF AUL T assigns all port mirroring event s a code of 22 and all encryption key even ts a co de of 4. Y our other option is to assign the same numerical co de to all event s from a switch using one of the foll owing facility level set[...]

  • Page 214

    Chapter 11: Event Lo gs and the Sysl og Client 214 Section II: Advanced Operations For example, selecting LOCAL2 as the facility leve l assigns the numerical code of 18 to all e vents sent by th e switch to the syslog server . 13. To include events of a selected severity, type 6 to select Event Severity. The following prompt is displayed: Enter Sev[...]

  • Page 215

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 215 15. Enter a list of modules separated by a comma—for example, “system, stp, ptrunk.” 16. Type C to create the log output. The switch adds the new syslog server defin ition to the Configure Lo g Outputs menu and begins to send event s to the sever , if you e[...]

  • Page 216

    Chapter 11: Event Lo gs and the Sysl og Client 216 Section II: Advanced Operations 5. Enter the number of the log output that you want to modify. The Syslog Output Configuration menu is displayed, as sho wn in Figure 68 on pa ge 21 1. 6. Refer to “Creating a Log Output Definition” on page 210 for information about the menu selections. 7. When y[...]

  • Page 217

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 217 Displaying the Log Output Definition Details To view the settings of a log output definitio n, perform the following procedure: 1. From the Main Menu, type 5 to sel ect System Admini stration. 2. From the System Administration menu, type 8 to select Event Log. Th[...]

  • Page 218

    Chapter 11: Event Lo gs and the Sysl og Client 218 Section II: Advanced Operations[...]

  • Page 219

    Section II: Advanced Operations 219 Chapter 12 Classifiers This chapter explains classifiers and ho w you can create classifiers to define traffic flows. The sections in this chapter in clude:  “Creating a Classifier” on page 220  “Modifying a Classifier” on p age 224  “Deleting a Classifier” on p age 226  “Deleting All Cl[...]

  • Page 220

    Chapter 12: Cl assifiers 220 Section II: Advanced Operations Creating a Classifier This section contains the procedure fo r creating a classifier. A classifier contains a series of variables that define a traffic flow. This same procedure is used whether the classifie r is intended for an ACL or a QoS policy. To create a classifier, perform the f o[...]

  • Page 221

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 221 The Classifier Configuration menu is shown in Figure 72. Figure 72. Classifier Configuration Menu 3. From the Classifier Configuration menu, type 1 to select Create Classifier. The Create Classifier menu (page 1) is shown in Fig ure 73. Figure 73. Create Classifi[...]

  • Page 222

    Chapter 12: Cl assifiers 222 Section II: Advanced Operations This is the first page of the classifi er variables. T o view the remaining variables, type N to select Next Page. The Create Classifier me nu (page 2) is shown in Figu re 74. Figure 74. Create Classifier Menu (Page 2) 4. To set a variable, type E to select Edit Parameters. The following [...]

  • Page 223

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 223 7. Repeat steps 5 and 6 to adjust any other variab les necessary to define the traffic flow for this classifier. 8. After configuring the necessary variab les, type C to select Create Classifier. The switch creates the classifi er . If any of the settings are inc[...]

  • Page 224

    Chapter 12: Cl assifiers 224 Section II: Advanced Operations Modifying a Classifier In order to modify a classifier, you need to know it s ID number. If you are unsure of the ID number of the classi fier you want to modify, refer to “Displaying Classifiers” on page 228. You cannot modify a classifier if it belong s to an ACL or QoS policy that [...]

  • Page 225

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 225 7. To modify other classifiers, repeat this process sta rting with step 3. 8. To permanently save your change, return to th e Main Menu and type S to select Save Configuration Changes. 9. To add the modified classifier to an ACL, refer to “Creating an ACL” on[...]

  • Page 226

    Chapter 12: Cl assifiers 226 Section II: Advanced Operations Deleting a Classifier This procedure deletes a classifier from the switch. To delete a classifier, you need to know its ID number. I f you are unsure of the ID number of the classifier you want to de lete, refer to “Displaying Classifiers” on p age 228. Note You cannot delete a classi[...]

  • Page 227

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 227 Deleting All Classifiers This procedure deletes all classifiers from the switch. To delete individual classifiers, refer to “Deleting a Classifier” on pa ge 226. Note You cannot delete all classi fiers if any of them b elong to an ACL or QoS policy.You must f[...]

  • Page 228

    Chapter 12: Cl assifiers 228 Section II: Advanced Operations Displaying Classifiers To display the classifiers on a switch, do the following: 1. From the Main Menu, type 7 to select Security and Services. The Security and Services menu is shown in Figure 71 on p age 220. 2. From the Security and Services menu, type 1 to sele ct Classifier Configura[...]

  • Page 229

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 229 Number of References The number of active and inactive ACL an d QoS policy assignment s for the classifier . An active ACL or QoS policy has been assigned to a switch port while an inactive ACL or policy has not been assigned to a port. If this number is 0 (zero [...]

  • Page 230

    Chapter 12: Cl assifiers 230 Section II: Advanced Operations The second page o f the Display Classifier Det ails menu is shown in Figure 77. Figure 77. Display Classifier Det ails Menu (Page 2) Allied Te lesis AT- 9424T/SP - A T-S63 Marketing User: Manag er 11:20:02 02-Mar-20 05 Display Clas sifier Deta ils 11 - Src IP Addr: .. . 12 - Src IP Mask: [...]

  • Page 231

    Section II: Advanced Operations 231 Chapter 13 Access Contr ol Lists This chapter explains how t o man age access control lists (ACL). This chapter contains the following sections:  “Creating an ACL” on p age 232  “Modifying an ACL” on pa ge 235  “Deleting an ACL” on p age 237  “Deleting All ACLs” on p age 239  “Dis[...]

  • Page 232

    Chapter 13: Access Control Lists 232 Section II: Advanced Operations Creating an ACL This procedure explains how to create an ACL. In order t o perform this procedure, you need to know the ID numbers of the classifiers to be assigned to the ACL. To view classifi er ID numbers, refer to “Displaying Classifiers” on page 228. To create an ACL, per[...]

  • Page 233

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 233 The Create ACL menu is shown in Figure 79. Figure 79. Create ACL Menu 4. Type 1 to select ACL ID and, when prompted, enter an ID number for the ACL. Every ACL on the switch must have a unique ID number. The range is 0 to 255. The default is the lowest unused numb[...]

  • Page 234

    Chapter 13: Access Control Lists 234 Section II: Advanced Operations 9. Type 5 to select Port List and, when prompted, e nter the ports where you want to assign the ACL . You can assign an ACL to just one port o r to more than one port. When ente ring multiple ports, you can list the ports individually (e.g., 2,5,7), as a range (e.g., 8-12) o r bot[...]

  • Page 235

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 235 Modifying an ACL This procedure explains how to modify an ACL. I n order to perform this procedure, you need to know the ID number of the ACL. To display ACL ID numbers, refer to “Displaying AC Ls” on page 2 40. If you plan to add classifiers to the ACL, you [...]

  • Page 236

    Chapter 13: Access Control Lists 236 Section II: Advanced Operations 5. To change the description of the ACL, type 2 to select Description and enter a new description for the ACL. The de scription can be up to 31 alphanumeric characters. Spaces ar e allowed. This parameter is optional, though recomme nded. Assigning each ACL a name will make it eas[...]

  • Page 237

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 237 Deleting an ACL This procedure deletes an ACL from the switch. To perform this procedure, you need to know the ID number of the ACL. To display ACL ID numbers, refer to “Displaying ACLs” on page 240. To delete an ACL, perform the followin g procedure: 1. From[...]

  • Page 238

    Chapter 13: Access Control Lists 238 Section II: Advanced Operations A deleted ACL is immediately removed from the switch. 6. To delete additional ACLs, repeat this proced ure starting with step 3. 7. To permanently save your change, re turn to the Main Menu and type S to select Save Configur ation Changes.[...]

  • Page 239

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 239 Deleting All ACLs This procedure deletes all ACLs from the switch. To delete all ACLs, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 4 to select Access Control Lists. T[...]

  • Page 240

    Chapter 13: Access Control Lists 240 Section II: Advanced Operations Displaying ACLs To display the ACLs on a switch, perform this procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 4 to select Access Control Lists. The Access Control Lists (ACL) menu is shown in Figure 78 on p age[...]

  • Page 241

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 241 2. To view the details of a ACL, type D to select Detail Classifier Display. The following prompt is displayed: Enter ACL I D : [0 t o 250] -> 0 3. Enter the ID number of the ACL you want to display. The deta ils of the selected ACL are displayed. An example o[...]

  • Page 242

    Chapter 13: Access Control Lists 242 Section II: Advanced Operations[...]

  • Page 243

    Section II: Advanced Operations 243 Chapter 14 Class of Service This chapter contains the procedures for configuring Class of Service (CoS). Sections in the chapter include:  “Configuring CoS” on pag e 244  “Mapping CoS Priorities to Egress Queues” on p age 247  “Configuring Egress Scheduling” on p age 248  “Displaying Por[...]

  • Page 244

    Chapter 14: Class of Service 244 Section II: Advanced Operations Configuring CoS A packet received on a port is placed it into one of eight p riority queues on the egress port according to the switch’s mapping of 802.1p priority levels to egress priority queues. You can override the mappings at the port level by assigning the packets a temporary [...]

  • Page 245

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 245 3. From the Class of Service menu, type 1 to select Configure Port CoS Priorities . The following prompt is displayed: Enter port numb er -> [1 to 24] -> 4. Enter the number of the port on the switch wh ere you want to configure CoS. You can specify only on[...]

  • Page 246

    Chapter 14: Class of Service 246 Section II: Advanced Operations Note CoS does not change the tagged informatio n in a frame. A tagged frame leaves a switch with the same priority level that it ha d when it entered. The default for this p arameter is No, meaning that the priority level of tagged frames is determined by the priority level specified [...]

  • Page 247

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 247 Mapping CoS Priorities to Egress Queues This procedure explains how to change the de fault mappings of CoS priorities to egress priority queues. This is set at the switch level. You cannot set this at the per-port leve l. To change the mappings, perfo rm the foll[...]

  • Page 248

    Chapter 14: Class of Service 248 Section II: Advanced Operations Configuring Egress Scheduling This procedure explains how to sele ct and configure a scheduling method for Class of Service. Scheduling determines the order in which the ports handle packets in their egress queues. Scheduling is se t at the switch level. You cannot set this on a per-p[...]

  • Page 249

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 249 The default value of 1 for each queue gives all egress que ues the same weight. 6. To permanently save your change, return to th e Main Menu and type S to select Save Configuration Changes.[...]

  • Page 250

    Chapter 14: Class of Service 250 Section II: Advanced Operations Displaying Port CoS Priorities The following procedure displays a menu that lists the current CoS priority level for each port. 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 5 to sele ct Class of Service (CoS). The Class of[...]

  • Page 251

    Section II: Advanced Operations 251 Chapter 15 Quality of Service This chapter describes Quality of Serv ice ( QoS). Sections in the chapter include:  “Managing Flow Groups” on p age 252  “Managing T raffic Classes” on p age 261  “Managing Policies” on page 2 71[...]

  • Page 252

    Chapter 15: Quali ty of Service 252 Section II: Advanced Operations Managing Flow Groups This section contains the following proced ures:  “Creating a Flow Group,” next  “Modifying a Flow Group” on pa ge 255  “Deleting a Flow Group” on p age 256  “Displaying Flow Groups” on p age 257 Creating a Flow Group To create a flo[...]

  • Page 253

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 253 The Flow Group Configuration menu is shown in Figure 90. Figure 90. Flow Group Configu ration Menu 4. From the Flow Group C onfiguration menu, type 1 to select Create Flo w Group. The Create Flow Group menu is shown in Figure 91. Figure 91. Create Flow Group Menu[...]

  • Page 254

    Chapter 15: Quali ty of Service 254 Section II: Advanced Operations 2 - Description S pecifies a description for the flow group. The description can be from 1 to 15 alphanumeric characters in cluding sp aces. This parameter is optional, but recommended. Names can help you id entify the group s on the switch. 3 - DSCP value S pecifies a replacement [...]

  • Page 255

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 255 7. To create another flow gr oup, repeat this procedure startin g with step 4. To assign the flow group to a traffic class, go to “Managing Traffic Classes” on page 261. 8. To permanently save your change, return to th e Main Menu and type S to select Save Co[...]

  • Page 256

    Chapter 15: Quali ty of Service 256 Section II: Advanced Operations Figure 92. Modify Flow Group Menu 6. Modify the settings as needed. When you modify a flow group, note the following:  You cannot change the flow group ID number.  To delete a value from a variable so as to leave it blan k, select the variable and then use the backspace key t[...]

  • Page 257

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 257 The Flow Group Configuration menu is shown in Figure 90 on p age 253. 4. From the Flow Group Configuration menu, type 3 to select Destroy Flow Group. The following prompt is displayed: Available Fl ow Group(s) : 0-10 Enter Flow Gr oup ID : [0 to 10 23] -> 0 5.[...]

  • Page 258

    Chapter 15: Quali ty of Service 258 Section II: Advanced Operations 2. From the Security and Services menu, type 6 to sele ct Quality of Service. The Quality of Service (QoS) menu is shown in Figure 89 on page 252. 3. From the Quality of Service (QoS) menu, type 1 to select Flow Group Configuration. The Flow Group Configuration menu is shown in Fig[...]

  • Page 259

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 259 5. To display the specifics of a flow group, type D to select Display Flow Group Details. The following prompt is displayed: Available Fl ow Group(s) : 0-10 Enter Flow Gr oup ID : [0 to 10 23] -> 0 6. Enter the ID number of the flow group you wa nt to view. Yo[...]

  • Page 260

    Chapter 15: Quali ty of Service 260 Section II: Advanced Operations To S S pecifies a replacement value to write into the T ype of Service (T oS) field of IPv4 packet s. The range is 1 to 7. Move T oS to Priority If set to Y es, replaces the value in the 802.1p priority field with the value in the T oS priority field on IPv4 p acket s. If set to No[...]

  • Page 261

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 261 Managing Traffic Classes This section contains t he following procedures:  “Creating a T raffic Class,” next  “Modifying a T raffic Class” on p age 265  “Deleting a T raffic Class” on p age 267  “Displaying T raffic Classes” on p age 2[...]

  • Page 262

    Chapter 15: Quali ty of Service 262 Section II: Advanced Operations The Create T raffic Class menu is shown in Figure 97. Figure 97. Create Traffic Class Menu 5. Configure the follo wing parameters as desired: 1 - T raffic Class ID S pecifies an ID number for the traf fic class. Each traf fic class on the switch must be assigned a unique number . T[...]

  • Page 263

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 263 5 - DSCP value S pecifies a replacement value to write into the DSCP (T OS) field of the packet s. The range is 0 to 6 3. A new DSCP value can be set at all three levels: flow group, traf fic class, and policy . A DSCP value s pecified in a flow group overrides a[...]

  • Page 264

    Chapter 15: Quali ty of Service 264 Section II: Advanced Operations matches the number being used by the tra ffic. Howeve r , no unused tokens will accumulate in the bucket. If the t raffic incre ases, the excess traffic will be discard ed since no to kens are available for handling the increase. If the traf fic is below the maximum bandwid th, unu[...]

  • Page 265

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 265 value in the T oS priority field for IPv4 p acket. If set to No, which is the default, the p ackets re tain their preexisting 802.1p priority level. D - Move Priority to T oS If set to yes, replaces the value in the T oS priority field with the value in the 802.1[...]

  • Page 266

    Chapter 15: Quali ty of Service 266 Section II: Advanced Operations The selected traf fic class is displayed in the Modif y T raffic Class menu. An example is shown in Figure 98. Figure 98. Modify Traffic Class Menu 6. Modify the settings as needed. For parameter definitions, refer to “Creating a Traffic Class” on page 261 . When you modify a t[...]

  • Page 267

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 267 Deleting a Traffic Class To delete a traffic class, perform the fo llowing procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 6 to select Quality of Service. The Quality of Service (QoS) me nu is[...]

  • Page 268

    Chapter 15: Quali ty of Service 268 Section II: Advanced Operations The traffic class is deleted from the switch. The class is remove d from any policies to which it is assigned. 7. To delete another traffic class, repeat this procedure starting with ste p 4. 8. To permanently save your change, re turn to the Main Menu and type S to select Save Con[...]

  • Page 269

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 269 The Show T raffic Classes menu provides the followin g information: ID The traffic class’ ID number . Description A description of the traf fic class. Parent Policy ID The ID number of the policy where the traffic class is assigned. A traf fic class can belong [...]

  • Page 270

    Chapter 15: Quali ty of Service 270 Section II: Advanced Operations The Display T raffic Class Det ails menu provides the following information: T raffic Class ID The traffic class ID number . Description The description of the traf fic class. Exceed Action The action taken if the t raffic of t he traffic cla ss exceeds the maximum bandwidth. Excee[...]

  • Page 271

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 271 Managing Policies This section contains t he following procedures:  “Creating a Policy ,” next  “Modifying a Policy” on page 274  “Deleting a Policy” on p age 275  “Displaying Policies” on pag e 276 Creating a Policy To create a policy[...]

  • Page 272

    Chapter 15: Quali ty of Service 272 Section II: Advanced Operations The Create Policy menu is shown in Figure 10 3. Figure 103. Create Policy Menu 5. Configure the follo wing parameters as needed: 1 - Policy ID S pecifies an ID number for the policy . Each policy on the switch must be assigned a unique number . The range is 0 to 255. The default is[...]

  • Page 273

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 273 5 - T oS S pecifies a replacement value to write into th e T ype of Service (T oS) field of IPv4 packet s. The range is 0 to 7. A T oS value specified at the policy level is used only if no value has b een specified at the flow group and traf fic class levels. 6 [...]

  • Page 274

    Chapter 15: Quali ty of Service 274 Section II: Advanced Operations 8. To permanently save your change, re turn to the Main Menu and type S to select Save Configur ation Changes. Modifying a Policy To modify a policy, perform the followin g procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services m[...]

  • Page 275

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 275 When you modify a policy , note the following :  You cannot change the traffic class ID number.  To delete a value from a varia ble so as to leave it blank, select the variable and then use the backspace key to delete its default value.  Specifying an in[...]

  • Page 276

    Chapter 15: Quali ty of Service 276 Section II: Advanced Operations Displaying Policies To display policies, perform the following proce dure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 6 to sele ct Quality of Service. The Quality of Service (QoS) menu is shown in Figure 89 on page 25[...]

  • Page 277

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 277 5. To display the specif ics of a policy, type D to s elect Display Policy Details. The following prompt is displayed: Available Po licy(ies) : 0-4 Enter Poli cy ID : [0 to 255] -> 0 6. Enter the ID number of the policy you want to view. You can d isplay only [...]

  • Page 278

    Chapter 15: Quali ty of Service 278 Section II: Advanced Operations To S S pecifies a replacement value to write into the T ype of Service (T oS) field of IPv4 packet s. The range is 1 to 7. A T oS value specified at the policy level is used only if no val ue has been specified at the flow group and traf fic class levels. Move T oS to Priority If s[...]

  • Page 279

    Section II: Advanced Operations 279 Chapter 16 Denial of Service Defenses This chapter contains the procedure fo r configuring the switch’s defense mechanisms against denial of service (DoS) a ttacks:  “Configuring Denial of Service Defense” on p age 280[...]

  • Page 280

    Chapter 16: Denia l of Service Defens es 280 Section II: Advanced Operations Configuring Denial of Service Defense To configure DoS defense, perform the f ollowing procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security Configuration menu, type 3 to select Denial of Service (DoS) . The Denial of Service (DoS) [...]

  • Page 281

    AT-S63 Management So ftware Menus User’s Gui de Section II: Advance d Operations 281 b. Type 1 to select IP Address. The following prompt is displayed: Enter the IP Add ress for the LAN : Enter the IP address of one of the devices connect ed to the switch, preferably the lowest IP address. c. Type 2 to select Subnet Mask. The following prompt is [...]

  • Page 282

    Chapter 16: Denia l of Service Defens es 282 Section II: Advanced Operations A menu is displayed cont aining ei ther one or two options, depending on the DoS defense you selected. An example of the menu is shown in Figure 109. Figure 109. SYN Flood Configuration Menu 6. Adjust the following paramet ers as necessary. 1 - Att ack Detection Enables an[...]

  • Page 283

    Section II: Advanced Operations 283 Chapter 17 Power Over Ethernet This chapter contains the procedures for co nfiguring Po wer over Ethernet (PoE) on the AT-924T/POE Switch. Sections in the chapter include:  “Setting the PoE Threshold” on p age 284  “Configuring PoE Port Settings” on page 286  “Displaying PoE S tatus and Setting[...]

  • Page 284

    Chapter 17: Power Over Etherne t 284 Section II: Advanced Operations Setting the PoE Threshold This procedure lets you sp ecify a power threshold fo r the powered devices that are connected to th e switch. If the total power requireme nts of the devices exceed the threshold, the swit ch enters an event in the event log and sends an SNMP trap to you[...]

  • Page 285

    AT-S62 Management So ftware Menus User’s Gui de Section II: Advance d Operations 285 Options 2, Maximum A vailable Power , displays the maximum amount of PoE supplied by the switch. For the A T-924T/POE switch, this value is 380W . This value cannot be changed. 4. From the PoE Glo bal Configuration menu , type 1 to select Power Threshold. The fol[...]

  • Page 286

    Chapter 17: Power Over Etherne t 286 Section II: Advanced Operations Configuring PoE Port Settings This procedure enables and disables Po E on a port. This pro cedure also sets a port’s priority level and its maximu m power usage. To configure PoE port settings, do the following: 1. From the Main Menu, type 6 to select Advanced Config uration. 2.[...]

  • Page 287

    AT-S62 Management So ftware Menus User’s Gui de Section II: Advance d Operations 287 6. To change the port’s priority, type 2 to select Power Priority and, when prompted, type C for Critical, H for High, or L f or Low. A port can belong to only one priority level at a time. The default is Low. 7. To change the maximum amount of power the port c[...]

  • Page 288

    Chapter 17: Power Over Etherne t 288 Section II: Advanced Operations Displaying PoE Status and Settings Use this procedure to display PoE status and settings at the switch or port level. To display PoE information, do the following: 1. From the Main Menu, type 6 to select Advanced Config uration. 2. From the Advanced Configuration menu, type 4 to s[...]

  • Page 289

    AT-S62 Management So ftware Menus User’s Gui de Section II: Advance d Operations 289 1 - PoE Global S t atus Menu This selection displays the following windo w: Figure 114. PoE Global Status Menu The selections in this window ar e for viewing purposes only . These parameters are not adjust able. The selections are described below . Max Available [...]

  • Page 290

    Chapter 17: Power Over Etherne t 290 Section II: Advanced Operations 2 - Summary All Port s St atus Menu This selection display an abb reviated status report of PoE on the individual switch ports. For mo re detailed info rmation, refer to selection 3. This selection displays the following window: Figure 115. PoE Summary Ports Status Menu The select[...]

  • Page 291

    AT-S62 Management So ftware Menus User’s Gui de Section II: Advance d Operations 291 3 - Det ailed Ports S tatus Menu When you select this option, you are prompted to enter the po rt(s) you want to view . Y ou can specify more than one port at a time. Once you have specified the port, the select ion displays the fo llowing window: Figure 116. PoE[...]

  • Page 292

    Chapter 17: Power Over Etherne t 292 Section II: Advanced Operations Power Priority The port priority . This can be Critical, High, or Low . T o adjust this value, refer to “Configuring PoE Port Settings” on p age 286. Power Clas s The IEEE 802.3af class of the de vice. This p arameter cannot be changed. V oltage The voltage being delivered to [...]

  • Page 293

    Section III: IGMP Snoop ing, MLD Snoop ing, and RRP Snooping 293 Section III IGMP Snooping, MLD Snooping, and RRP Snooping The chapters in this section cont ain overview information on IGMP snooping, MLD snooping, and RRP snooping. The cha pters also explain how to configure these features f rom the menus interface of the AT-S63 Management Software[...]

  • Page 294

    294 Section III: IGMP Snooping, MLD Snooping , and RRP Snooping[...]

  • Page 295

    Section III: IGMP Snoop ing, MLD Snoop ing, and RRP Snooping 295 Chapter 18 IGMP Snooping This chapter explains how t o activate and configure t he Internet Group Management Protocol (IGMP) sno oping feature on the switch. Sections in the chapt er includ e:  “Configuring IGMP Snooping” on p age 296  “Enabling or Disabling IGMP Snooping?[...]

  • Page 296

    Chapter 18: IGMP Snoopin g 296 Section III: IGMP Snooping, MLD Snooping , and RRP Snooping Configuring IGMP Snooping To configure IGMP snooping on the switch, perform the following procedure: 1. From the Main Menu, type 6 to select Advanced Config uration. The Advanced Configuration menu is shown in Figure 1 18. Figure 118. Advanced Co nfiguration [...]

  • Page 297

    AT-S63 Management So ftware Menus User’s Gui de Section III: IGMP Snoopin g, MLD Snooping, and RRP Snooping 297 The IGMP Snooping Configuration menu is shown in Figure 1 19. Figure 119. IGMP Snooping Configu ration Menu 3. Adjust the following parameters as necessa ry: 1 - IGMP Snooping St atus Enables or disables IGMP snoopi ng on the switch. Th[...]

  • Page 298

    Chapter 18: IGMP Snoopin g 298 Section III: IGMP Snooping, MLD Snooping , and RRP Snooping If a switch has a mixture of host nodes, t hat is, some connected directly to the switch and others through an Ethernet hub, you should select the Multi-Host Port (Intermediate ) selection. 3 - Host/Router Timeout Interval S pecifies the time period in second[...]

  • Page 299

    AT-S63 Management So ftware Menus User’s Gui de Section III: IGMP Snoopin g, MLD Snooping, and RRP Snooping 299 Note Selection 6, View IGMP Multic ast Hosts List, is describ ed in “Displaying a List of Host Node s” on page 301. Selection 7, View IGMP Multicast Routers List, is des cribed in “Displaying a List of Multicast Routers” on page[...]

  • Page 300

    Chapter 18: IGMP Snoopin g 300 Section III: IGMP Snooping, MLD Snooping , and RRP Snooping Enabling or Disabling IGMP Snooping To activate or deactivate IGMP snoopin g on the switch, perform the following procedure: 1. From the Main Menu, type 6 to select Advanced Config uration. The Advanced Configuration menu is shown in Figure 1 18 on p age 296.[...]

  • Page 301

    AT-S63 Management So ftware Menus User’s Gui de Section III: IGMP Snoopin g, MLD Snooping, and RRP Snooping 301 Displaying a List of Host Nodes You can use the AT-S63 Management Software to display a list of the multicast groups on a switch, as well as the host nodes. To display the list, perform the following procedure: 1. From the Main Menu, ty[...]

  • Page 302

    Chapter 18: IGMP Snoopin g 302 Section III: IGMP Snooping, MLD Snooping , and RRP Snooping VLAN The VID of the VLAN where the port is an unt agged member . Port/T runk The port on the switch where the ho st node is connected. If the host node is connected to the switch through a tru nk, the trunk ID number , not the port number , is displayed. Host[...]

  • Page 303

    AT-S63 Management So ftware Menus User’s Gui de Section III: IGMP Snoopin g, MLD Snooping, and RRP Snooping 303 Displaying a List of Multicast Routers A multicast router is a router that is receiving multica st packets from a multicast application and transmitting the packets to host nodes. You can use the AT-S63 Ma nagement Software to display a[...]

  • Page 304

    Chapter 18: IGMP Snoopin g 304 Section III: IGMP Snooping, MLD Snooping , and RRP Snooping switch learned the router on a port trun k, the trunk ID number , not the port number , is displayed. Router IP The IP address of the multicast router .[...]

  • Page 305

    Section III: IGMP Snoop ing, MLD Snoop ing, and RRP Snooping 305 Chapter 19 MLD Snooping This chapter explains how t o activate and configure Multicast Listen er Discovery (MLD) snooping on the switch. Sections in the chapter include:  “Configuring MLD Snoopin g” on pag e 306  “Enabling or Disabling MLD Snooping” on p age 309  “D[...]

  • Page 306

    Chapter 19: MLD Snoopi ng 306 Section III: IGMP Snooping, MLD Snooping , and RRP Snooping Configuring MLD Snooping To configure MLD snooping on the switch, perform th e following procedure: 1. From the Main Menu, type 6 to select Advanced Config uration. The Advanced Configuration menu is shown in Figure 1 18 on p age 296. 2. From the Advanced Conf[...]

  • Page 307

    AT-S63 Management So ftware Menus User’s Gui de Section III: IGMP Snoopin g, MLD Snooping, and RRP Snooping 307 additional multicast p ackets out the port where the host no de is connected. Multiple Host/Ports (Interme diate) The Multi-Host setting is appropriate if there is more th an one host node connected to a switch po rt, such as when a por[...]

  • Page 308

    Chapter 19: MLD Snoopi ng 308 Section III: IGMP Snooping, MLD Snooping , and RRP Snooping Note A change to any p arameter in this menu is imme diately activated on the switch. Note Selection 6, View MLD Multicast Hosts List, is described in “Displaying a List of Host Nodes” on page 310. Selection 7, View MLD Multicast Routers List, is des cribe[...]

  • Page 309

    AT-S63 Management So ftware Menus User’s Gui de Section III: IGMP Snoopin g, MLD Snooping, and RRP Snooping 309 Enabling or Disabling MLD Snooping To activate or deactivate MLD snooping on t he switch, perform the following procedure: 1. From the Main Menu, type 6 to select Advanced Configuration. The Advanced Configuration menu is shown in Figur[...]

  • Page 310

    Chapter 19: MLD Snoopi ng 310 Section III: IGMP Snooping, MLD Snooping , and RRP Snooping Displaying a List of Host Nodes You can use the AT-S63 Management Software to display a list of the multicast groups on a switch, as well as the host nodes. To display the list, perform the following procedure: 1. From the Main Menu, type 6 to select Advanced [...]

  • Page 311

    AT-S63 Management So ftware Menus User’s Gui de Section III: IGMP Snoopin g, MLD Snooping, and RRP Snooping 311 node is connected to the switch t hrough a trunk, the trunk ID number , not the port number , is displayed. HostIP The IP address of the host n ode connected to the port. Exp. Time The number of seconds remaining before the h ost is tim[...]

  • Page 312

    Chapter 19: MLD Snoopi ng 312 Section III: IGMP Snooping, MLD Snooping , and RRP Snooping Displaying a List of Multicast Routers A multicast router is a router tha t is receiving multicast packets from a multicast application and transmitti ng the packe ts to host nodes. You can use the AT-S63 Management Software to displa y a list of the multicast[...]

  • Page 313

    AT-S63 Management So ftware Menus User’s Gui de Section III: IGMP Snoopin g, MLD Snooping, and RRP Snooping 313 Port/T runk ID The port on the switch where the multicast r outer is connected. If the switch learned the router on a port trunk, the trunk ID number , not the port number , is displayed. Router IP The IP address of the multica st route[...]

  • Page 314

    Chapter 19: MLD Snoopi ng 314 Section III: IGMP Snooping, MLD Snooping , and RRP Snooping[...]

  • Page 315

    Section III: IGMP Snoop ing, MLD Snoop ing, and RRP Snooping 315 Chapter 20 RRP Snooping The section in this chapter explains h ow to configure RRP snooping:  “Enabling or Disabling RRP Snooping” on p age 316[...]

  • Page 316

    Chapter 20: RRP Snoopi ng 316 Section III: IGMP Snooping, MLD Snooping , and RRP Snooping Enabling or Disabling RRP Snooping To enable or disable RRP snooping on a switch, perform the following procedure: 1. From the Main Menu, type 6 to select Advanced Config uration. 2. From the Advanced Configuration menu, type 1 to select RRP Snooping Configura[...]

  • Page 317

    Section IV: SNMPv3 317 Section IV SNMPv3 The chapter in this section con tains overview information on SNMPv3. The chapter also explains how t o configure this feature from the menu s interface of the AT-S63 Management Software. Th e chapter is:  Chapter 21, ”SNMPv3” on pa ge 319[...]

  • Page 318

    318 Section IV: SNMPv3[...]

  • Page 319

    Section IV: SNMPv3 319 Chapter 21 SNMPv3 This chapter provides a description of the AT-S63 implemen tation of the SNMPv3 protocol. In addition, the chapter contains procedu res that allow you to create and modify SNMPv3 ent ities. The following sections are provi ded:  “Configuring SNMPv3 Entities” on p age 320  “Configuring the SNMPv3 [...]

  • Page 320

    Chapter 21: SNMP v3 320 Section IV: SNMPv3 Configuring SNMPv3 Entities This section describes how to configu re SNMPv3 entities using the SNMPv3 Tables. To successfully c onfigure this protocol, you must perform the procedures in the order given. The following SNMPv3 tables are described:  “Configuring the SNMPv3 User T able,” next  “Co[...]

  • Page 321

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 321 Configuring the SNMPv3 User Table This section contains a description of the SNMPv3 User Table and how to create, delete, and modify table entr ies. Configure th e SNMPv3 User Table first. Creating this tab le, allows you to creat e an entry in an SNMPv3 User Table for a User [...]

  • Page 322

    Chapter 21: SNMP v3 322 Section IV: SNMPv3 The Configure SNMPv3 T able menu is shown in Figure 126. Figure 126. Configu re SNMPv3 Table Menu Note The SNMP Engine field is a read-only field. You cannot cha nge the setting. The field displays the SNMP engine ide ntifier that is assigned automatically to the switch. 4. From the Configure SNMPv3 Table [...]

  • Page 323

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 323 5. To create a new user table, type 1 to select Create SNMPv3 Table Entry. The following prompt is displayed: Enter User (Sec urity) Name : 6. Enter a descriptive name of the user. Y ou can enter a name that consists of up to 32 alphanu meric characters. The following prompt i[...]

  • Page 324

    Chapter 21: SNMP v3 324 Section IV: SNMPv3 Y ou are prompte d to re-enter the p assword. The following prompt is displayed: Enter Privac y Protocol [D -DES, N-None]: Note You can only configure the Priva cy Pr otocol if you have configured the Authentication Protocol with the MD5 or SHA values. 9. Select one of the following op tions: D -DES Select[...]

  • Page 325

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 325 allowing you to save your chang es. Allied T elesis recommends this storage type. Note The Row St atus parameter is a read-only field. The Act ive value indicates the SNMPv3 User Table entry takes effe ct immediately. 12. After making changes, type R until you return to the Ma[...]

  • Page 326

    Chapter 21: SNMP v3 326 Section IV: SNMPv3 Modifying an SNMPv3 User Table Entry This section describes how to modify parameters in an SNMPv3 Notify Table entry. See the following procedures:  “Modifying the Authentication Protocol and Password” on p age 326  “Modifying the Privacy Protocol and Passwo rd” on pag e 328  “Modifying [...]

  • Page 327

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 327 4. To change the authentica tion protocol and password, type 1 to select Set Authentication Protocol & Password. The following prompt is displayed: Enter User Name : 5. Enter the User Name of the User Table yo u want to modify. The following prompt is displayed: Enter Auth[...]

  • Page 328

    Chapter 21: SNMP v3 328 Section IV: SNMPv3 The following prompt is displayed: Please enter privacy pass word to regenera te privacy ke y. 9. Enter the Privacy Password for this User Name. The following prompt is displayed: Re-enter Pr ivacy pas sword: 10. Re-enter the password. 11. After making changes, type R until you return to the Main Menu. Th [...]

  • Page 329

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 329 6. Choose one of the foll owing Privacy Protocols: D -DES Select this value to make the DES privacy (or encryptio n) protocol the privacy protocol for this User T able entry . With this selection, messages transmitted between the hos t and th e switch are encrypted with the DE[...]

  • Page 330

    Chapter 21: SNMP v3 330 Section IV: SNMPv3 The following prompt is displayed: Enter User (S ecurity ) Name: 5. Enter the User Name. The following prompt is displayed: Enter Storag e Type [V-Vol atile, N-NonVo latile]: 6. Select one of the following storage types for this table entry: V - V olatile Select this storage type if you do not want the abi[...]

  • Page 331

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 331 Configuring the SNMPv3 View Table This section contains a description of the SNMPv3 View Table and how to create, delete, and modify table entries. Creating this ta ble, allows you to specify a view using the following parameters:  Subtree OID  Subtree Mask  MIB OID T[...]

  • Page 332

    Chapter 21: SNMP v3 332 Section IV: SNMPv3 The Configure SNMPv3 V iew T able menu is shown in Figure 129. Figure 129. Configure SNMPv3 View Table Menu 3. From the Configure SNMPv3 View Table menu, type 1 to select Create SNMPv3 Table Entry. The following prompt is displayed: Enter View Na me: 4. Enter a descriptive name of this View. Enter a unique[...]

  • Page 333

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 333 tcp The following prompt is displayed: Enter Subtr ee Mask ( Hex format) : 6. Enter a subtree mask in hexadecimal format. This is an optional p arameter that is used to furthe r refine the value in the View Subt ree parameter . This parameter is in binary format. The relations[...]

  • Page 334

    Chapter 21: SNMP v3 334 Section IV: SNMPv3 N-NonV olatile Select this storage type if you want th e ability to save an entry in the SNMPv3 View T able to the configur ation file. After making changes to an SNMPv3 View T able entry with a NonV olatile storage type, the S - Save Configuration Ch anges option appears on the Main Menu, allowing you to [...]

  • Page 335

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 335 6. Enter Y to delete the view or N to save the view. 7. After making changes, type R until you r eturn to the Main Menu. Then type S to select Save Configuration Changes. Modifying an SNMPv3 View Table Entry This section describes how to modify parame ters in an SNMPv3 Notify [...]

  • Page 336

    Chapter 21: SNMP v3 336 Section IV: SNMPv3 The Modify SNMPv3 View T able menu is shown in Figure 130. Figure 130. Modify SNMPv3 View Table Menu 4. To modify the Subtree Mask for this view, type 1 to select Set Subtree Mask. The following prompt is displayed: Enter View Na me: 5. Enter an existing View Name. The following prompt is displayed: Enter [...]

  • Page 337

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 337 This is an optional p arameter that is used to furthe r refine the value in the View Subt ree parameter . This parameter is in binary format. A subtree mask and a subtree have a similar relationship as an IP address and a subnet mask. The subn et mask further refines the IP ad[...]

  • Page 338

    Chapter 21: SNMP v3 338 Section IV: SNMPv3 The following prompt is displayed: Enter View Subtree (OID format /Text Nam e): 6. Enter the View Subtree value for this View Name. Y ou can enter eithe r a numeric val ue in hex format or the equivalent text name. For example, the OI D hex format for TCP/IP is: 1.3.6.1.2 .1.6 The text format is for TCP/IP[...]

  • Page 339

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 339 The Modify SNMPv3 T able menu is shown in Figure 130 on pag e 336. 4. To modify the storage type, type 3 to select Set Storage Type. The following prompt is displayed: Enter View Name : 5. Enter the View Name you want to modify. The following prompt is displayed: Enter View Su[...]

  • Page 340

    Chapter 21: SNMP v3 340 Section IV: SNMPv3 Configuring the SNMP v3 Access Table This section contains a description of the SNMPv3 Access Table and how to create, delete, and modify table en tries. The SNMPv3 Access Table allows you to configure a security group. Each user must belong to a security group. After you have conf igured a security group,[...]

  • Page 341

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 341 The Configure SNMPv3 Access T able menu is shown in Figure 131. Figure 131. Configure SNMPv3 Access Ta ble Menu 3. To create a group in the SNMPv3 Access Table, type 1 to select Create SNMPv3 Table Entry. The following prompt is displayed: Enter Group Nam e: 4. Enter a descrip[...]

  • Page 342

    Chapter 21: SNMP v3 342 Section IV: SNMPv3 Note The Context Prefix and the Context Match fields are a read only fields. The Context Prefix field is always set to null. The Context Match field is always set to exact. The following prompt is displayed: Enter Secu rity Mode l [1-v1, 2- v2c, 3-v3 ]: 5. Select one of the follo wing SNMP protocols as the[...]

  • Page 343

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 343 P-AuthPriv This option represent s authentication and the priva cy protocol. Select this security level to encrypt me ssages using a privacy protocol and authenticate SNMP entities. This level provides the gre atest level of security . Y ou can select this value if you configu[...]

  • Page 344

    Chapter 21: SNMP v3 344 Section IV: SNMPv3 N-NonV olatile Select this storage type if you want th e ability to save an entry in the SNMPv3 Access T able to the configura tion file. Af ter making changes to an SNMPv3 Access T able entry with a Non V olatile storage type, the S - Save Configuration Ch anges option appears on the Main Menu, allowing y[...]

  • Page 345

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 345 The following prompt is displayed: Enter Securit y Model [1-v1 , 2-v2c, 3-v3]: 5. Enter the Security Model of this Group Name. Select one of the following security levels: 1-v1 Select this value to associa te the Group Name with the SNMPv1 protocol. 2-v2c Select this value to [...]

  • Page 346

    Chapter 21: SNMP v3 346 Section IV: SNMPv3 Do you want to dele te this table entry?(Y/N): [Yes/No]- > 7. Enter Y to delete the view or N to save the view. The following prompt is displayed: 8. After making cha nges, type R until you return to th e Main Menu. Then type S to select Save Configuration Ch anges. Modifying an SNMPv3 Access Table Entr[...]

  • Page 347

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 347 3. From the Configure SNMPv3 Access Table, type 3 to select Modify SNMPv3 Table Entry. The Modify SNMPv3 Access T able is shown in Figure 132. Figure 132. Modify SNMPv3 Access Table Men u 4. To modify the Read View Name parame ter, type 1 to select Se t Read View Name. The fol[...]

  • Page 348

    Chapter 21: SNMP v3 348 Section IV: SNMPv3 3-v3 Select this value to associate the Group Name with the SNMPv3 protocol. The following prompt is displayed: Enter Secu rity Leve l [N-NoAuth NoPriv, A -AuthNoPriv , P-AuthPri v]: 7. Select one of the follo wing security levels: N-NoAuthNoPriv This option represents no authentication and no priva cy pro[...]

  • Page 349

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 349 Modifying the Write View Name To modify the Write View Name parameter in an SNMPv3 Access Ta ble entry, perform the following procedure. 1. Display the Configure SNMPv3 T able menu by performing steps 1 through 3 in “Configuring the SNMP v3 User Table” on page 321. Or, fro[...]

  • Page 350

    Chapter 21: SNMP v3 350 Section IV: SNMPv3 The following prompt is displayed: Enter Secu rity Leve l [N-NoAuth NoPriv, A -AuthNoPriv , P-AuthPri v]: 7. Enter the Security Level configure d for this Group Name. Yo u cannot change the value of the Security Level paramet er. Select one of the follo wing security levels: N-NoAuthNoPriv This option repr[...]

  • Page 351

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 351 Modifying the Notify View Name To modify the Notify View Name parameter in an SNMPv3 Access Table entry, perform the following procedure. 1. Display the Configure SNMPv3 T able menu by performing steps 1 through 3 in “Configuring the SNMP v3 User Table” on page 321. Or, fr[...]

  • Page 352

    Chapter 21: SNMP v3 352 Section IV: SNMPv3 The following prompt is displayed: Enter Secu rity Leve l [N-NoAuth NoPriv, A -AuthNoPriv , P-AuthPri v]: 7. Enter the Security Level configure d for this Group Name. Yo u cannot change the value of the Security Level paramet er. Select one of the follo wing security levels: N-NoAuthNoPriv This option repr[...]

  • Page 353

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 353 Modifying the Storage Type To modify the Storage Typ e parameter in an SNMPv3 Access Table entry, perform the following procedure. 1. Display the Configure SNMPv3 T able menu by performing steps 1 through 3 in “Configuring the SNMP v3 User Table” on page 321. Or, from the [...]

  • Page 354

    Chapter 21: SNMP v3 354 Section IV: SNMPv3 The following prompt is displayed: Enter Secu rity Leve l [N-NoAuth NoPriv, A -AuthNoPriv , P-AuthPri v]: 7. Enter the Security Level configure d for this Group Name. Yo u cannot change the value of the Security Level paramet er. Select one of the follo wing security levels: N-NoAuthNoPriv This option repr[...]

  • Page 355

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 355 allowing you to save your chang es. Allied T elesis recommends this storage type. 9. After making changes, type R until you r eturn to the Main Menu. Then type S to select Save Configuration Changes.[...]

  • Page 356

    Chapter 21: SNMP v3 356 Section IV: SNMPv3 Configuring the SNMPv3 SecurityToGroup Table This section contains a description of the SNMPv3 SecurityToGroup Table and how to create, delete, and modify table entries. The SNMPv3 SecurityToGroup Table allows you to associate a User Name with a Group Name. The User Name is configured in the Configure SNMP[...]

  • Page 357

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 357 The Configure SNMPv3 SecurityT oGroup T able menu is shown in Figure 133. Figure 133. Configure SNMPv3 SecurityToGroup T able Menu 3. To configure a group in the SNMPv3 SecurityToGroup Table, type 1 to select Create SNMPv3 Table Entry. The following prompt is displayed: Enter [...]

  • Page 358

    Chapter 21: SNMP v3 358 Section IV: SNMPv3 3-v3 Select this value to associate the Group Name with the SNMPv3 protocol. The following prompt is displayed: Enter Grou p Name: 6. Enter a Group Name that you configured in the SNMPv3 Access Table. See “Creating an SNMPv3 Access Table Entry” on page 3 40. There are four default values for this field[...]

  • Page 359

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 359 Deleting an SNMPv3 SecurityToGroup Table Entry You may want to delete an entry from the SNMPv3 SecurityToGroup Table. When you delete an SNMPv3 Se curityToGroup Table entry, there is no way to undelete, or recover, the entry. To delete an entry in the SNMPv3 SecurityToGroup Ta[...]

  • Page 360

    Chapter 21: SNMP v3 360 Section IV: SNMPv3 3-v3 Select this value to associate the Group Name with the SNMPv3 protocol. The following prompt is displayed: Do you want to dele te this table entry? (Y/N):[Y es/No]-> 6. Enter Y to delete this Secu rityToGroup entry or N to save the entry. 7. After making cha nges, type R until you return to th e Ma[...]

  • Page 361

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 361 The Modify SecurityT oGroup T able is displayed as shown Figure 133. Figure 134. Modify SNMPv3 Se curityToGroup Table Menu 4. To modify the Group Name, type 1 to select Set Group Name . The following prompt is displayed: Enter User (Sec urity) Name : 5. Enter a User Name. The [...]

  • Page 362

    Chapter 21: SNMP v3 362 Section IV: SNMPv3 3-v3 Select this value to associate the User Name with the SNMPv3 protocol. The following prompt is displayed: Enter Grou p Name: 7. Enter the new Group Name. This value must match a value configured in the Group Name parameter in t he Configure SNMPv3 Access T able. See “Creating an SNMPv3 Access T able[...]

  • Page 363

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 363 6. Enter the Security Model configured for this User Na me. You cannot change the value of the Security Model parameter. Select one of the following SNMP protocols: 1-v1 Select this value if this User Name is configure d with the SNMPv1 protocol. 2-v2c Select this value if thi[...]

  • Page 364

    Chapter 21: SNMP v3 364 Section IV: SNMPv3 Configuring the SNMPv3 Notify Table This section contains a description of the SNMPv3 Notify Table menu and how to create, delete, and modify table entries. The Configure SNMPv3 Notify Table menu allows you to define a name for sending traps. For each Notify Name, you define if a trap or inform message ia [...]

  • Page 365

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 365 The Configure SNMPv3 Notify T able menu is shown in Figure 135. Figure 135. Configure SNMPv3 Notify T able Menu 3. To create an entry in the table, type 1 to select Create SNMPv3 Table Entry. The following prompt is displayed: Enter Notify Na me: 4. Enter the name associated w[...]

  • Page 366

    Chapter 21: SNMP v3 366 Section IV: SNMPv3 I-Inform Indicates this notify tab le is used to send inform messages. With this message type, the switch expect s a response from the host. The following prompt is displayed: Enter Storag e Type [V-Vol atile, N-NonVo latile]: 7. Select one of the following storage types for this table entry: V - V olatile[...]

  • Page 367

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 367 The Configure SNMPv3 Notify T able menu is shown in Figure 135 on page 365. Note To display a Group Name and its associated parameters from the Configure SNMPv3 SecurityToGroup Table menu, type N to displ ay the Next Page and P t o display the previous page. 3. To delete an SN[...]

  • Page 368

    Chapter 21: SNMP v3 368 Section IV: SNMPv3 3. From the Configure SNMP v3 Notify Table menu, type 3 to select Modify SNMPv3 Table Entry. The Modify SNMPv3 Notify T able menu is shown in Figure 136. Figure 136. Modify SNMPv3 Notify Table Menu Note To display a Group Name and its associated para meters from the Configure SNMPv3 SecurityToGrou p Table [...]

  • Page 369

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 369 Modifying a Notify Type To modify the Notify Type parameter in an SNMPv3 Notify Table entry, perform the following procedure. 1. Display the Configure SNMPv3 T able menu by performing steps 1 through 3 in “Configuring the SNMP v3 User Table” on page 321. Or, from the Main [...]

  • Page 370

    Chapter 21: SNMP v3 370 Section IV: SNMPv3 Modifying a Storage Type To modify the Storage Type parameter in an SNMPv3 Notify Table entry, perform the following procedure. 1. Display the Configure SNMPv3 T able menu by performing steps 1 through 3 in “Configuring the SNMPv3 User Ta ble” on page 321. Or, from the Main Menu type 5 -> 5 -> 5 [...]

  • Page 371

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 371 7. After making changes, type R until you r eturn to the Main Menu. Then type S to select Save Configuration Changes.[...]

  • Page 372

    Chapter 21: SNMP v3 372 Section IV: SNMPv3 Configuring the SNMPv3 Target Address Table This section contains a description of the SNMPv3 Target Address Table menu and how to create, delete, and modify ta ble entries. You use the SNMPv3 Target Address Table menu to assign the IP address of a host that is used for generating notifications. The Config[...]

  • Page 373

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 373 The Configure SNMPv3 T arget Addr ess T able menu is shown in Figure 137. Figure 137. Configure SNMPv3 Target Address Table Menu 3. To create an entry in the SNMPv3 Target Addre ss Table, type 1 to select Create SNMPv3 Table Entry. The following prompt is displayed: Enter Targ[...]

  • Page 374

    Chapter 21: SNMP v3 374 Section IV: SNMPv3 The following prompt is displayed: Enter Time out (10mS ): [0 to 21 47483647] -> 1500 7. Enter a timeout value in millisecond s. When an Inform message is generated , a response from the switch is required. The timeout value determines how long the switch considers the Inform message an active message. [...]

  • Page 375

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 375 V - V olatile Select this storage type if you do not want the ability to save an entry in the SNMPv3 T arget Address T able to the configuration file. After making changes to an SNMPv3 T arg et Address T able entry with a V olatile storage type, the S - Save Configuration Chan[...]

  • Page 376

    Chapter 21: SNMP v3 376 Section IV: SNMPv3 3. To delete an SNMPv3 Target Address Table entry, type 2 to select Delete SNMPv3 Table Ent ry. The following prompt is displayed: Enter Targ et Addres s Name: 4. Enter a Target Address Na me. The following prompt is displayed: Do you want to dele te this table entry?(Y/N): [Yes/No]- > 5. Enter Y to del[...]

  • Page 377

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 377 The Configure SNMPv3 T arget Addr ess T able menu is shown in Figure 137 on page 373. 3. From the Configure SNMPv3 Target Ad dress Table menu, type 3 to select Modify SNMPv3 Table Entry. The Modify SNMPv3 T arget Address T able menu is shown in Figure 138. Figure 138. Modify S[...]

  • Page 378

    Chapter 21: SNMP v3 378 Section IV: SNMPv3 Use the following format for an IP address: XXX.XXX.XXX.XXX 7. After making cha nges, type R until you return to th e Main Menu. Then type S to select Save Configuration Ch anges. Modifying the Target Address UDP Port To modify the Target Address UDP Port parameter in an SNMPv3 Targ et Address Table entry,[...]

  • Page 379

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 379 7. After making changes, type R until you r eturn to the Main Menu. Then type S to select Save Configuration Changes. Modifying the Target Address Timeout The Target Address Timeout paramet er only applies when the messag e type is an Inform message. To m odify the Target Addr[...]

  • Page 380

    Chapter 21: SNMP v3 380 Section IV: SNMPv3 Inform messages only . The range is from 0 to 2,1 47,483,647 milliseconds. The default va lue is 1500 milliseconds. 7. After making cha nges, type R until you return to th e Main Menu. Then type S to select Save Configuration Ch anges. Modifying the Target Address Retries The Target Address Retries paramet[...]

  • Page 381

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 381 The range is 0 to 255 retrie s. The default is 3 retries. 7. After making changes, type R until you r eturn to the Main Menu. Then type S to select Save Configuration Changes. Modifying the Target Address Tag List To modify the Target Address Tag List para meter in an SNMPv3 T[...]

  • Page 382

    Chapter 21: SNMP v3 382 Section IV: SNMPv3 6. After making cha nges, type R until you return to th e Main Menu. Then type S to select Save Configuration Ch anges. Modifying the Target Parameters Field To modify the Target Parameters field in an SNMPv3 Tar get Address Table entry, perform the following proce dure. 1. Display the Configure SNMPv3 T a[...]

  • Page 383

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 383 7. After making changes, type R until you r eturn to the Main Menu. Then type S to select Save Configuration Changes. Modifying the Storage Type To modify the Storage Type parameter in an SNMPv3 Target Address Table entry, perform the following procedure. 1. Display the Config[...]

  • Page 384

    Chapter 21: SNMP v3 384 Section IV: SNMPv3 N-NonV olatile Select this storage type if you want th e ability to save an entry in the SNMPv3 T arget Address T able to t he configuration file. Af ter making changes to an SNMPv3 T arget Address entry with a NonV olatile storage type, the S - Save Configu ration Changes option appears on the Main Menu, [...]

  • Page 385

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 385 Configuring the SNMPv3 Ta rget Parameters Table This section contains a description of the SNMPv3 Tar get Parameters Table and how to create, delete, an d modify table entries. The SNMPv3 Target Parameters Table links the user security information with the message notification[...]

  • Page 386

    Chapter 21: SNMP v3 386 Section IV: SNMPv3  “Deleting an SNMPv3 T arget Parameters T able Entry” on page 389  “Modifying an SNMPv3 T arget Parame ters T able Entry” on p age 390 Creating an SNMPv3 Target Parameters Table Entry To create an entry in the Configure SNMPv3 Target Parameters Table , perform the following procedure. 1. Disp[...]

  • Page 387

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 387 Note You are prompted to enter a value f or the Message Processing Model parameter only if you select SNMPv1 o r SNMPv2c as the Security Model. If you select the SNMPv3 protocol as the Security Model, then the Message Processing Mode l is automatically assigned to SNMPv3. The [...]

  • Page 388

    Chapter 21: SNMP v3 388 Section IV: SNMPv3 N-NoAuthNoPriv This option represents no authentication and no priva cy protocol. Select this security level if you do not want to au thenticate SNMP entities and you do not want to encrypt messag es using a privacy protocol. This security level provides the least security . Note If you have selected SNMPv[...]

  • Page 389

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 389 9. After making changes, type R until you r eturn to the Main Menu. Then type S to select Save Configuration Changes. Deleting an SNMPv3 Target Parameters Table Entry You may want to delete an entry from the SNMPv3 Target Parameters Table. When you delete an SNMPv3 Targe t Par[...]

  • Page 390

    Chapter 21: SNMP v3 390 Section IV: SNMPv3 Modifying an SNMPv3 Target Parameters Table Entry This section provides procedures for modifying paramet ers in an SNMPv3 Target Parameters Table e ntry. The parameter values con figured in the Target Parameters Table must match those configured in the othe r tables. For a more detailed explanation, see ?[...]

  • Page 391

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 391 When you modify the Security Name parameter, you must use a value that you configured with the User Name parameter in the Configure SNMPv3 User Table menu. If you do not use a value configured with the User Name parameter, messa ges are not sent on behalf o f this User Name. S[...]

  • Page 392

    Chapter 21: SNMP v3 392 Section IV: SNMPv3 4. To change the Security Name parameter, type 1 to select Set Security Name. The following prompt is displayed: Enter Targ et Parame ters Name: 5. Enter a previously configured Target Paramete rs Name. Enter a value of up to 32 alpha numeric characters. The following prompt is displayed: Enter User (S ecu[...]

  • Page 393

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 393 The Configure SNMPv3 T arget Parameters T able menu is shown in Figure 139. 3. From the Configure SNMPv3 Target Parameters Table menu, type 3 to select Modify SNMPv3 Table Entry. The Modify SNMPv3 T arget Parameters T able menu is shown in Figure 140 on pag e 391. 4. To change[...]

  • Page 394

    Chapter 21: SNMP v3 394 Section IV: SNMPv3 from the Main Menu type 5 -> 5 -> 5 . The Configure SNMPv3 T able menu is shown in Figure 126 on pag e 322. 2. From the Configure SNMPv3 Table menu, type 8 to select Configure SNMPv3 Target Address Table. The Configure SNMPv3 T arget Parameters T able menu is shown in Figure 139. 3. From the Configur[...]

  • Page 395

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 395 A-AuthNoPriv This option represent s authentication, but no priva cy protocol. Select this security level if you want to a uthenticate SNMP users, but you do not want to encrypt messages using a priva cy protocol.Y ou can select this value if you configured the Security Model [...]

  • Page 396

    Chapter 21: SNMP v3 396 Section IV: SNMPv3 5. Enter a previously configured Target Paramete rs Name. Enter a value of up to 32 alpha numeric characters. The following prompt is displayed: Enter Messag e Processin g Model[1-v1, 2-v2c,3-v 3]: 6. Select one of the following SNMP prot ocols that is used to process, or send messages: 1-v1 Select this va[...]

  • Page 397

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 397 5. Enter a previously configured Target Parameters Name. Enter a value of up to 32 alphanumeric characters. The following prompt is displayed: Enter Stora ge Type [ V-Volatile, N-NonVol atile]: 6. Select one of the following storage types for this table entry: V - V olatile Se[...]

  • Page 398

    Chapter 21: SNMP v3 398 Section IV: SNMPv3 Configuring the SNMPv3 Community Table This section contains a description of the SNMPv3 Community Table and how to create, delete, and modify table entries. The SNMPv3 Co mmunity Table allows you to create SNMPv1 and SNMPv2c Communitie s using the SNMPv3 Tables. Allied T elesis does not recommend t hat yo[...]

  • Page 399

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 399  Security Name  T ransport T ag  S torage T ype In addition, you can display the entries conf igured with the Configure SNMPv1 & SNMPv2c Community menu in the Configure SNMPv3 Community Table menu. However, you canno t modify an SNMPv1 & SNMPv2c Community Tabl[...]

  • Page 400

    Chapter 21: SNMP v3 400 Section IV: SNMPv3 The Configure SNMPv3 Community T able menu is shown in Figure 141. Figure 141. Configure SNMP v3 Community Table Menu 3. To create an entry in the SNMPv3 Co mmunity Table, type 1 to select Create SNMPv3 Table Entry. The following prompt is displayed: Enter Comm unity Ind ex: 4. Enter the name of this Commu[...]

  • Page 401

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 401 The following prompt is displayed: Enter Securit y Name: 6. Enter the name of an SNMPv1 and SNMPv2c user. This name must be unique. Enter a value of up to 32 alphanumeric characters. Note Do not use a value configured with the User Name parameter in the SNMPv3 User Table. The [...]

  • Page 402

    Chapter 21: SNMP v3 402 Section IV: SNMPv3 Note The Row Status parameter is a read-only field. The Active value indicates the SNMPv3 Community Table entry takes effect immediately. 9. After making cha nges, type R until you return to th e Main Menu. Then type S to select Save Configuration Ch anges. Deleting an SNMPv3 Community Table Entry You may [...]

  • Page 403

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 403 Modifying an SNMPv3 Community Table Entry For each entry in the SNMPv3 Co mm unity Table, you can mo dify the following parameters:  Community Name  Security Name  T ransport T ag  S torage T ype However, you cannot modify the Co mmunity Index parameter. Although y[...]

  • Page 404

    Chapter 21: SNMP v3 404 Section IV: SNMPv3 The Modify SNMPv3 Community T able menu is shown in Figure 142. Figure 142. Modify SNMPv3 Commun ity Table Menu 4. To change the Community Name, type 1 to select Set Community Name. The following prompt is displayed: Enter Comm unity Ind ex: 5. Enter the Community Inde x that you want to modify. The follow[...]

  • Page 405

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 405 Modifying the Security Name To modify the Security Name parameter in an SNMPv3 Community Table entry, perform the following procedure: 1. Display the Configure SNMPv3 T able menu by performing steps 1 through 3 in “Configuring the SNMP v3 User Table” on page 321. Or, from [...]

  • Page 406

    Chapter 21: SNMP v3 406 Section IV: SNMPv3 The Configure SNMPv3 T able menu is displayed as sh own in Figure 126 on page 32 2. 2. From the Configure SNMPv3 Table menu, type 9 to select Configure SNMPv3 Community Table. The Configure SNMPv3 Community T able menu is shown in Figure 141 on page 40 0. 3. From the Configure SNMPv3 Communit y Table, type[...]

  • Page 407

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 407 3. From the Configure SNMPv3 Community Tab le, type 3 to select Modify SNMPv3 Table Entry. The Modify SNMPv3 Community T able Menu is shown in Figure 142 on page 404. 4. To change the Storage Type, type 4 to select Set Storage Type. The following prompt is displayed: Enter Com[...]

  • Page 408

    Chapter 21: SNMP v3 408 Section IV: SNMPv3 Displaying SNMPv3 Table Menus The procedures in this section describe how to display the SNMPv3 Tables. The following procedures are provided:  “Displaying the Display SNMP v3 User T able Menu,” next  “Displaying the Display SNMPv3 V iew T able Menu” on p age 410  “Displaying the Display[...]

  • Page 409

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 409 The Display SNMPv3 T able menu is shown in Figure 143. Figure 143. Display SNMPv3 Table Menu 4. From the Display SNMPv3 Table menu, type 1 to select Display SNMPv3 User Table. The Display SNMPv3 User T able is shown in Figure 144. Figure 144. Display SNMPv3 User Table Menu All[...]

  • Page 410

    Chapter 21: SNMP v3 410 Section IV: SNMPv3 Displaying the Display SNMPv3 View Table Menu This section describes how to display the Disp lay SNMPv3 View Table menu. For information about the SNMPv3 View Table p arameters, see “Creating an SNMPv3 View Table Entry” on page 331. To display the Display SNMPv3 View Table menu, perform th e following [...]

  • Page 411

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 411 Displaying the Display SNMPv3 Access Table Menu This section describes how to displa y the Displa y SNMPv3 Access Table menu. For information about the SNMPv3 Access Ta ble parameters, see “Creating an SNMPv3 Access Table Entry” on page 340. To display the Display SNMPv3 A[...]

  • Page 412

    Chapter 21: SNMP v3 412 Section IV: SNMPv3 The Display SNMPv3 SecurityT oGroup T able menu is shown in Figure 147. Figure 147. Display SNMPv3 SecurityToGro up Table Menu Displaying the Display SNMPv3 Notify Table Menu This section describes how to display the Disp lay SNMPv3 Notify Table menu. For information about the SNMPv3 Notify Table paramete [...]

  • Page 413

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 413 Displaying the Display SNMPv3 Target Address Table Menu This section describes how to display the Display SNMPv3 Targe t Address Table menu. For information about the SNMPv3 Target Address Table parameters, see “Creating an SNMPv3 Target Address Table Entry” on page 372. T[...]

  • Page 414

    Chapter 21: SNMP v3 414 Section IV: SNMPv3 The Display SNMPv3 T arget Parameters T able menu is shown in Figure 147. Figure 150. Display SNMPv3 Target Parameters Table Menu Displaying the Display SNMPv3 Community Table Menu This section describes how to display the Disp lay SNMPv3 Community Table menu. For information about the SNMPv3 Community Ta [...]

  • Page 415

    AT-S63 Management So ftware Menus User’s Gui de Section IV: SNMPv3 415 The Display SNMPv3 Community T able menu is shown in Figure 147. Figure 151. Display SNMPv3 Community Table Menu Allied Tele sis AT-94 24T/SP - AT -S63 Marketing User: Manager 11:20:02 02- Mar-2005 Display SN MPv3 Com munity Table Community I ndex ... ..... atiind ex14 Communi[...]

  • Page 416

    Chapter 21: SNMP v3 416 Section IV: SNMPv3[...]

  • Page 417

    Section V: Spanning Tree Protocols 417 Section V Spanning T r ee Pr otocols The chapters in this section contain overview information on the different spanning tree protocols supported on the AT-9400 Switch. The chapters also explain how to configure the spanning tree protocols fro m the menu interface of the AT-S63 Management Software. Th e chapte[...]

  • Page 418

    418 Section V: Spanning Tree Pro tocols[...]

  • Page 419

    Section V: Spanning Tree Protocols 419 Chapter 22 Spanning T r ee and Rapid Spanning T r ee Pr otocols This chapter provides background information on the Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol ( RSTP). The chapter also contains procedures on how t o adjust the STP and RSTP bridge and port parameters. The sections in this cha[...]

  • Page 420

    Chapter 22: Spannin g Tree and Rapid Span ning Tree Protocols 420 Section V: Spanning Tree Pro tocols Enabling or Disabling a Spanning Tree Protocol The AT-S63 Management Software supp orts STP, RSTP, and MSTP. However, only one spanning tree protoc ol can be active on the switch at a time. Before you can enable a spanning tree proto col, you must [...]

  • Page 421

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 421 4. If you selected STP as the active spanning tree protocol, go to “Configuring STP” on page 422 for further instru ctions. If you selecte d RSTP, go to “Configuring RSTP” on page 430. Multiple Spanning Tree Protocol (MSTP) is described in C hapter 23, [...]

  • Page 422

    Chapter 22: Spannin g Tree and Rapid Span ning Tree Protocols 422 Section V: Spanning Tree Pro tocols Configuring STP This section contains the following proced ures:  ”Configuring STP Bridge Settings”, next  “Configuring STP Port Settings” on page 425  “Displaying STP Port Settings” on pag e 428  “Resetting STP to the Def[...]

  • Page 423

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 423 2. From the Spanning Tree Configu ration menu, type 3 to select Configure Active Protocol. The STP menu is shown in Figure 153. Figure 153. STP Menu The bridge hello time, bridge forwarding, an d bridge max age parameters will have two values if STP is en abled[...]

  • Page 424

    Chapter 22: Spannin g Tree and Rapid Span ning Tree Protocols 424 Section V: Spanning Tree Pro tocols 2 - Bridge Hello Time The time interval between generating and sending configuration messages by the bridge. This p arameter can be from 1 to 10 seconds. The default is 2 seconds. 3 - Bridge Forwarding The waiting period in seconds before a bridge [...]

  • Page 425

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 425 5 - Bridge Identifier The bridge identifier of the switch. The identifier consist s of the switch’ s bridge priority value and MAC address, sep arated by a slash (/). T o change the switch’ s priority value, use option 1, Bridge Priority . The MAC address o[...]

  • Page 426

    Chapter 22: Spannin g Tree and Rapid Span ning Tree Protocols 426 Section V: Spanning Tree Pro tocols The STP Port Parameters menu is shown in Figure 154. Figure 154. STP Port Parameters Menu 4. Type 1 to select Configure STP Port Settings. The following prompt is displayed: Start Port to Co nfigure [1 to 26 ] -> 5. Enter the number of the port [...]

  • Page 427

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 427 1 - Port Priority This parameter is u sed as a tie breaker when two or more port s have equal costs to the root bridge. The range is 0 to 2 40 in increment s of 16. The default value is 8 (pr iority value 128). T able 6 lists the increments. 2 - Port Cost The s[...]

  • Page 428

    Chapter 22: Spannin g Tree and Rapid Span ning Tree Protocols 428 Section V: Spanning Tree Pro tocols 8. After making cha nges, type R until you return to th e Main Menu. Then type S to select Save Configuration Ch anges. Displaying STP Port Settings To display STP port settings, perform the following procedure: 1. From the Main Menu, type 3 to sel[...]

  • Page 429

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 429 The Display STP Port Config uration menu displays a t able that contains the follo wing columns of information: Port The port number . Stat e Current state o f a port. The possible st ates are Listening, Learning, Forwarding, or Blocking when sp anning tree is [...]

  • Page 430

    Chapter 22: Spannin g Tree and Rapid Span ning Tree Protocols 430 Section V: Spanning Tree Pro tocols Configuring RSTP This section contains the following proced ures:  ”Configuring RSTP Bridge Settings”, next  “Configuring RSTP Port Settings” on p age 433  “Displaying the RSTP Port Config uration” on pag e 435  “Displayin[...]

  • Page 431

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 431 2. From the Spanning Tree Configu ration menu, type 3 to select Configure Active Protocol. The RS TP menu is shown in Figure 157. Figure 157. RSTP Menu The bridge hello time, bridge forwarding, an d bridge max age parameters will have two values if RSTP is enab[...]

  • Page 432

    Chapter 22: Spannin g Tree and Rapid Span ning Tree Protocols 432 Section V: Spanning Tree Pro tocols 4096, with 0 being the highest priority . For a list of the increments, refer to T able 5 on page 42 4. 3 - Bridge Hello Time The time interval between generating and sending configuration messages by the bridge. This p arameter can be from 1 to 10[...]

  • Page 433

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 433 9 - Root Path Cost The cost of the p ath from the current swit ch to the root switch of the spanning tree doma in. If the current switch is the root switch, root path cost will be “0”. This value cannot be changed and is only displayed when RSTP is activate[...]

  • Page 434

    Chapter 22: Spannin g Tree and Rapid Span ning Tree Protocols 434 Section V: Spanning Tree Pro tocols The following prompt is displayed: Ending Por t to Conf igure [1 to 24] -> 7. To configure just one port, e nter the same port number here as you entered in the previous step. To conf igure a range of ports, enter the last port of the range. The[...]

  • Page 435

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 435 T able 10 lists the RSTP port cost s with Auto-Detect when a port is p art of a port trunk. 3 - Point-to-Point This parameter defin es whether the port is functio ning as a point-to- point port. The possible settings are Y es, No, and Auto Detect. 4 - Edge Port[...]

  • Page 436

    Chapter 22: Spannin g Tree and Rapid Span ning Tree Protocols 436 Section V: Spanning Tree Pro tocols The Display RSTP Port Configuration menu is shown in Figure 160. Figure 160. Display RSTP Port Co nfiguration Menu The Display RSTP Port Configurat ion menu displays a t able that contains the following columns of information: Port The port number [...]

  • Page 437

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 437 Displaying the RSTP Port State To display the RSTP port state, perfo rm the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configu ration. The S panning T ree Configuration menu is shown in Figure 152 on page 420. 2. From the Spannin[...]

  • Page 438

    Chapter 22: Spannin g Tree and Rapid Span ning Tree Protocols 438 Section V: Spanning Tree Pro tocols The possible st ates for a port co nnected to a device running STP are Listening, Learning, Forwarding, and Blockin g. The possible states for a port not bein g used or where spanning tree is not activated is Disabled. Role The RSTP role of the por[...]

  • Page 439

    Section V: Spanning Tree Protocols 439 Chapter 23 Multiple Spanning T r ee Pr otocol This chapter contains the procedure s for configuring the Multiple Spanning Tree Protocol (MSTP). The sections in this chap ter include:  “Selecting MSTP as the Active S panning T ree Protocol” on p age 440  “Configuring MSTP Bridge Settings” on p age[...]

  • Page 440

    Chapter 23: Multipl e Spanning Tree Protocol 440 Section V: Spanning Tree Pro tocols Selecting MSTP as the Acti ve Spanning Tree Protocol To select and activate MSTP as the ac tive spanning tree protocol on the switch, or to disable spanning tree, perform the fo llowing procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configuration.[...]

  • Page 441

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 441 Configuring MSTP Bridge Settings To configure a bridge’s MSTP settings, p erform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configu ration. The S panning T ree Configuration menu is shown in Figure 152 on page 420. 2. From [...]

  • Page 442

    Chapter 23: Multipl e Spanning Tree Protocol 442 Section V: Spanning Tree Pro tocols 3. Configure the follo wing parameters as necessary. 1 - Force V ersion This selection determines whether the bridge operates with MSTP or in an STP-compatible mo de. If you select MSTP , the bridge operates all ports in MSTP , except for those ports that re ceive [...]

  • Page 443

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 443 bridge within a MSTP region. Af ter the counter reache s zero, the BPDU is deleted. The coun ter is reset to its original value if a BPDU crosses a MSTP regional boundary . 6 - Configuration Name The name of the MSTP region. The rang e is 0 (zero) to 32 alphanu[...]

  • Page 444

    Chapter 23: Multipl e Spanning Tree Protocol 444 Section V: Spanning Tree Pro tocols 4. After making cha nges, type R until you return to th e Main Menu. Then type S to select Save Configuration Ch anges.[...]

  • Page 445

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 445 Configuring the CIST Priority This procedure explains how to adj ust the bridge’s CIST priority. To change the CIST priority, p erform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configu ration. The S panning T ree Configura[...]

  • Page 446

    Chapter 23: Multipl e Spanning Tree Protocol 446 Section V: Spanning Tree Pro tocols The following prompt is displayed: Enter new priority [the value will be m ultiplied b y 4096]: [0 to 15] -> 5. Enter the increment that represents the ne w CIST priority value. The range is 0 (zero) to 61,440 in increments o f 4,096, with 0 being the highest pr[...]

  • Page 447

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 447 Displaying the CIST Priority To change the CIST priority, p erform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configu ration. The S panning T ree Configuration menu is shown in Figure 152 on page 420. 2. From the Spanning Tre[...]

  • Page 448

    Chapter 23: Multipl e Spanning Tree Protocol 448 Section V: Spanning Tree Pro tocols Path Cost S pecifies the path cost from the bridge to the region al root. If the bridge is the regional root, the value is 0. Associated VLANs S pecifies the VIDs of the VLANs that have been associated with the MSTI ID. The table does not include the CIST . The t a[...]

  • Page 449

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 449 Creating, Deleting, and Modifying MSTI IDs The following sections contain proc edures for working with MSTI IDs:  ”Creating an MSTI ID” next  “Deleting an MSTI ID” on p age 450  “Modifying an MSTI ID” on p age 450 Creating an MSTI I D To cr[...]

  • Page 450

    Chapter 23: Multipl e Spanning Tree Protocol 450 Section V: Spanning Tree Pro tocols 8. After making cha nges, type R until you return to th e Main Menu. Then type S to select Save Configuration Ch anges. Deleting an MSTI ID To delete an MSTI ID, perform the following pro cedure: 1. From the Main Menu, type 3 to select Spanning Tree Configuration. [...]

  • Page 451

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 451 The following prompt is displayed: Enter the MSTI ID to be modified: [1 to 15] -> 5. Enter the MSTP IDs that you want to modify. The range is 1 to 15. You can specify only one MSTI ID at a time . The following prompt is displayed: Enter new pri ority [the v [...]

  • Page 452

    Chapter 23: Multipl e Spanning Tree Protocol 452 Section V: Spanning Tree Pro tocols Adding, Removing, and Modifying VLAN Associations to MSTI IDs When you create a new MSTI ID, you are given the op portunity of associating VLANs to it. But after an MS TI ID is created, you may want to add more VLANs to it, or perhaps remove VLANs. Th is procedure [...]

  • Page 453

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 453 The VLAN-MSTI Association menu is shown in F igure 165. Figure 165. VLAN-MSTI Association Menu The VLAN-MSTI Association menu displays a t able that cont ains the following columns of information: MSTI / CIST Lists the CIST and curren t MSTI IDs on the switch. [...]

  • Page 454

    Chapter 23: Multipl e Spanning Tree Protocol 454 Section V: Spanning Tree Pro tocols 4. From the MSTP menu, type V to select VLAN-MSTI Association menu. The VLAN-MSTI Association menu is shown in Fig ure 165 on p age 453. 5. From the VLAN-MSTI Association menu, type 1 to select Add VLANs to MSTI. The following prompt is displayed: Enter the MST I I[...]

  • Page 455

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 455 The following prompt is displayed: Enter the M STI ID <e nter 0 for CIST> [0 to 15] -> 6. Enter the MSTI ID to which you want to associate a VLAN. A prompt similar to the following is displayed: Enter the list of VLANs: 7. Enter the VLAN ID of the virt[...]

  • Page 456

    Chapter 23: Multipl e Spanning Tree Protocol 456 Section V: Spanning Tree Pro tocols 8. Enter the VLAN ID of the virtua l LAN that you want to a ssociate with the MSTI ID. You can enter more than one VLAN at a time (for example, 2,4,7) (To view VIDs, refer to “Displaying VLANs” on page 485.) The VLANs already associated with the MSTI ID are rem[...]

  • Page 457

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 457 Configuring MSTP Port Settings The MSTP port settings are divid ed into two groups. The para meters in the first group are set just once on a p ort, regardless of the numbe r of MSTIs in which a port is a member. These settings are:  External path cost  P[...]

  • Page 458

    Chapter 23: Multipl e Spanning Tree Protocol 458 Section V: Spanning Tree Pro tocols The MSTP Port Parameters menu is shown in Figure 166. Figure 166. MSTP Port Parameters Menu 4. From the MSTP Port Parameters menu, type 1 to select Configure Generic Port Settings. The following prompt is displayed: Start port to confi gure: [1 to 26] -> 5. Ente[...]

  • Page 459

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 459 7. Adjust the following parameters as necessa ry: 1- Port External Path Cost The port cost of the port if the po rt is connected to a bridge which is a member of another MSTP region or is running STP o r RSTP . The range is 0 to 200,000,000. The de fault settin[...]

  • Page 460

    Chapter 23: Multipl e Spanning Tree Protocol 460 Section V: Spanning Tree Pro tocols Configuring MSTI-specific Port Parameters This procedure explains how to set a por t’s priority and intern al path cost. These parameters can be set independently on a port for each MSTI in which a port is a member. T o configure the parame ters, perform the foll[...]

  • Page 461

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 461 Configure Per S panning T ree Port Settings Menu is shown in Figure 168. Figure 168. Configure Per Spanning Tre e Port Settings Menu The S panning T ree List displays the ID numbers of the MSTI s you specified. 8. Adjust the following parameters as necessa ry: [...]

  • Page 462

    Chapter 23: Multipl e Spanning Tree Protocol 462 Section V: Spanning Tree Pro tocols T able 14 lists the RSTP port cost s with Auto-Detect when the port is part of a port trun k. 9. After making cha nges, type R until you return to th e Main Menu. Then type S to select Save Configuration Ch anges. T able 14. RSTP Auto-Detect Port T runk Cost s Port[...]

  • Page 463

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 463 Displaying the MSTP Port Configuration To display the MSTP port configurati on, perform the followin g procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configu ration. The S panning T ree Configuration menu is shown in Figure 152 on page 420. 2.[...]

  • Page 464

    Chapter 23: Multipl e Spanning Tree Protocol 464 Section V: Spanning Tree Pro tocols The Display MSTP Port Configuration me nu displays a table that contains the following columns of information: Port The port number . Edge-Port Whether or not the port is func tioning as an e dge port. The possible settings are Y es and No. Point-to-Point Whether o[...]

  • Page 465

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 465 Displaying the MSTP Port State To display the MSTP port state, perform the follo wing procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configu ration. The S panning T ree Configuration menu is shown in Figure 152 on page 420. 2. From the Spannin[...]

  • Page 466

    Chapter 23: Multipl e Spanning Tree Protocol 466 Section V: Spanning Tree Pro tocols The Display MSTP Port S tate menu is shown in Figure 170. Figure 170. Display MSTP Port State Menu The MSTP Port S tate menu displays a ta ble that contains the following columns of information: Port The port number . Stat e The MSTP state of the po rt. The possibl[...]

  • Page 467

    AT-S63 Management So ftware Menus User’s Gui de Section V: Spanning Tree Protocols 467 Backup - The port on a designated swit ch that provides a backup for the path provide d by the designated p ort. Designated - The port on the designated switch for a LAN that has the least cost path to t he root switch. This port connect s the LAN to the root s[...]

  • Page 468

    Chapter 23: Multipl e Spanning Tree Protocol 468 Section V: Spanning Tree Pro tocols Resetting MSTP to the Defaults To reset MSTP to the defaults, perform the following procedure : 1. From the Main Menu, type 3 to select Spanning Tree Configuration. The S panning T ree Configuration menu is shown in Figure 15 2 on page 420. 2. From the Spanning Tre[...]

  • Page 469

    Section VI: Virtual LANs 469 Section VI V irtual LANs The chapters in this section contain overview information on the different types of virtual LANs supported by the AT-9400 Switch . The chapters also explain how to configure these features f rom the menu interface of the AT-S63 Management Software. The chapters includ e:  Chapter 24, “Port-[...]

  • Page 470

    470 Section VI: Virtual LANs[...]

  • Page 471

    Section VI: Virtual LANs 471 Chapter 24 Port-based and T agged VLANs This chapter contains basic information about vi rtual LANs (VLANs) and procedures for creating, modifying, and deleting VLANs from a local or Telnet management session. This chapter contains the following sections:  “Creating a Port-based or T agged VLAN” on page 472  ?[...]

  • Page 472

    Chapter 24: Port-based and Tagged VLANs 472 Section VI: Virtual LANs Creating a Port-bas ed or Tagged VLAN To create a port-based or tagged VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 171. Figure 171. VLAN Configu ration Menu 2. From the VLAN Confi[...]

  • Page 473

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 473 The Configure VLANs menu is shown in Figure 172 . Figure 172. Configure VLANs Menu 3. From the Configure VLANs menu, type 1 to select Create VLAN. The Create VLAN menu is shown in Figure 173. Figure 173. Create VLAN Menu 4. Type 1 to select VL AN Name. The following prom[...]

  • Page 474

    Chapter 24: Port-based and Tagged VLANs 474 Section VI: Virtual LANs contain sp aces or special charac ters, such as asterisks (*) or exclamation points (!). If the VLAN will be unique in you r network, then the name should be unique as well. If the VLAN will be p art of a larger VL AN that sp ans multiple switches, then the name for the VLAN shoul[...]

  • Page 475

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 475 Note The MAC Based setting for option 3 is u sed to create MAC address- based VLANs. For instructions, refer to Chapter 28, “MAC Address- based VLANs” on page 533. 9. If the VLAN will contain tagged ports, type 4 to select Tagged Ports and specify the ports. If this [...]

  • Page 476

    Chapter 24: Port-based and Tagged VLANs 476 Section VI: Virtual LANs Note Untagged ports of a new VLAN a re automatically removed from their current untagged VLAN assignment. For example , if you are creating a new VLAN on a switch that contains only the Default_VLAN, the untagged ports of the new VLAN are automatically removed from the Default_VLA[...]

  • Page 477

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 477 Example of Creating a Port-based VLAN This procedure is an example of how to create an untagged VLAN. The specifications of the VLAN are: Name: Sales VID: 2 Untagged port s, 1, 3 to 5 To create this VLAN, perform the following p rocedure: 1. From the Main Menu, type 2 to[...]

  • Page 478

    Chapter 24: Port-based and Tagged VLANs 478 Section VI: Virtual LANs The new Sales VLAN h as now been created.[...]

  • Page 479

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 479 Example of Creating a Tagged VLAN This procedure is an example of how to create a tagged VLAN. The specifications of the example VLAN are: Name: Engineering VID: 3 T agged port s: 2, 10 Untagged port s, 9, 1 1 to 13 To create the Engineering VLAN, perform t he following [...]

  • Page 480

    Chapter 24: Port-based and Tagged VLANs 480 Section VI: Virtual LANs The new Engineering VLAN ha s now been created.[...]

  • Page 481

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 481 Modifying a Port-based or Tagged VLAN Note To modify a VLAN, you need to know its VID. To view VLAN VIDs, refer to “Displaying VLANs” on page 485. To modify a VLAN, perform the fo llowing procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN[...]

  • Page 482

    Chapter 24: Port-based and Tagged VLANs 482 Section VI: Virtual LANs 5. Enter the VID of the port-based or tagged VLAN you want to modify. The Modify VLAN menu expands t o conta in all relevant information about the VLAN, as shown in Figure 175. Figure 175. Expanded Modify VLAN Menu 6. Adjust the following paramet ers as necessary. 1 - VLAN Name Th[...]

  • Page 483

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 483 4 - T agged Port s Use this selection to add or remo ve tagge d ports from the VLAN. Y ou can specify the port s individually (e.g., 2,3,5), as a range (e.g., 7-9 ), or both (e.g., 2,5,7-9). When you add or remove t agged ports, observe the following guidelines:  The [...]

  • Page 484

    Chapter 24: Port-based and Tagged VLANs 484 Section VI: Virtual LANs If you added or removed from the VLAN a port with one or more st atic MAC addresses assigned to it, you must update the st atic addresses by deleting their entries from the MAC a ddress table and re entering them again using the VID of the VLAN to which the port has bee n moved to[...]

  • Page 485

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 485 Displaying VLANs To view the name, VID number, and member ports of all the VLANs on a switch, perform the following procedu re: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 171 on p age 472. 2. From the VLAN C[...]

  • Page 486

    Chapter 24: Port-based and Tagged VLANs 486 Section VI: Virtual LANs VLAN Name Name of the VLAN. VLAN T ype The VLAN type. The possible settings are: Port Based - The VLAN is a port-based or ta gged VLAN. MAC Based - The VLAN is a MAC address-based VLAN. Protected - The VLAN is a protected ports VLAN. GARP - The VLAN was automatically created by GA[...]

  • Page 487

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 487 Deleting a Port-based or Tagged VLAN This procedure deletes port-based and ta gged VLANs from the switch. Note the following before performin g this procedure:  Y ou cannot delete the Default_VLAN.  Y ou cannot delete a VLAN if it has a routing interface. The inter[...]

  • Page 488

    Chapter 24: Port-based and Tagged VLANs 488 Section VI: Virtual LANs 4. From the Delete VLAN menu, type 1 to select VL AN ID (VID). The following prompt is displayed: Enter new valu e -> [2 to 4094] -> 5. Enter the VID of the VLAN you want to delete. You can specify only one VID at a time. Note You cannot delete the Defau lt_VLAN, which has a[...]

  • Page 489

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 489 8. Press any key. 9. Repeat this procedure starting wi th Step 4 to delete ot her VLANs. 10. To permanently save your changes, return to th e Main Menu and type S to select Save Configuration Changes.[...]

  • Page 490

    Chapter 24: Port-based and Tagged VLANs 490 Section VI: Virtual LANs Deleting All VLANs The following procedure deletes all p ort-based, tagged, protected ports, and MAC address-based VLANs on a switch. To delete selected VLANs, perform the procedure in “Deleting a Port-based or Ta gged VLAN” on page 487. Note the following before performing th[...]

  • Page 491

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 491 Any static addresses a ssigned to the port s of the VLANs are now obsolete, except for the Default_VLAN, b ecause the VLANs have been deleted. Those addresses should be deleted from the MAC address table. For instru ctions on how to delet e addresses, refer to “Deletin[...]

  • Page 492

    Chapter 24: Port-based and Tagged VLANs 492 Section VI: Virtual LANs Displaying PVIDs The following procedure displays a menu that lists th e PVIDs for all the ports on the switch. To display the PVID settings on the switch, perform t he following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is [...]

  • Page 493

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 493 Enabling or Disabling Ingress Filtering There are rules a switch follows when it receives and forwards an Ethernet frame. There are rules for frames as they enter a port (called ingress rules ) and rules for when a frame is transmitted out a port (called egress rules ). [...]

  • Page 494

    Chapter 24: Port-based and Tagged VLANs 494 Section VI: Virtual LANs In most cases, you will probably want to leave ingress filtering activated on the switch, which is the default. You c an enable or disable ingress filtering on a per switch basis. You cannot set this per port. To enable or disable ingress filt ering, perform the following proced u[...]

  • Page 495

    Section VI: Virtual LANs 495 Chapter 25 GARP VLAN Registration Pr otocol This chapter describes the GARP VLAN Registratio n Protocol (GVRP) and contains the following sections:  “Configuring GVRP” on pa ge 496  “Enabling or Disabling GVRP on a Port” on p age 498  “Converting a Dynamic GVRP VLAN” on p age 500  “Displaying t[...]

  • Page 496

    Chapter 25: GARP VLAN Registrat ion Protocol 496 Section VI: Virtual LANs Configuring GVRP To configure GVRP, perform the followin g procedure: Note The timers in the following menus ar e in increments of cen ti seconds which is one hundredth of a second. To configure GVRP, perform the followin g procedure: 1. From the Main Menu, type 2 to select V[...]

  • Page 497

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 497 4. Type E to enable GVRP or D to disable GVRP. The d efault setting is disabled. 5. Type 2 to select GVRP GIP Status. The following prompt is displayed: Enter your new va lue (E-Enabl ed, D-Disable d): 6. Type E to enable GIP or D to disable GIP. Note Do not disable GIP [...]

  • Page 498

    Chapter 25: GARP VLAN Registrat ion Protocol 498 Section VI: Virtual LANs Enabling or Disabling GVRP on a Port This procedure enables and disables GVRP on a switch port. The default setting for GVRP on a port is enabled. Only th ose ports where GVRP is enabled transmit PDUs. Note Allied Telesis recommends disabl ing GVRP on unused ports and those p[...]

  • Page 499

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 499 The following prompt is displayed: Enter port-li st: 5. Enter a port or a list of ports. The Configure GVRP Port Settings me nu is shown in Figure 182. Figure 182. Configure GVRP Port Settings Menu 6. Type 1 to select Po rt Mode. The following prompt is displayed: Enter [...]

  • Page 500

    Chapter 25: GARP VLAN Registrat ion Protocol 500 Section VI: Virtual LANs Converting a Dynamic GVRP VLAN This procedure converts a dynamic GVRP VLAN into a static VLAN. You can perform this procedure to permanently retain the VLANs the switch learned through GVRP. Note This procedure cannot convert a dyn amic GVRP port in a static VLAN into a stati[...]

  • Page 501

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 501 Displaying the GVRP Port Configuration To display the GVRP port configuratio n, perform the following proce dure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 171 on p age 472. 2. From the VLAN Configuration m[...]

  • Page 502

    Chapter 25: GARP VLAN Registrat ion Protocol 502 Section VI: Virtual LANs Displaying GVRP Counters To display GVRP counters, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is s hown in Figure 171 on p age 472. 2. From the VLAN Configuration men u, type 6 to select Conf igure [...]

  • Page 503

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 503 The GVRP Counters menu (p age 1) is shown in Figure 185. Figure 185. GVRP Counters Menu (page 1) The statistics span two menus. To display th e second menu, typ e N to select Next Page. The second menu is shown in Figure 186. The information in both me nus is for display[...]

  • Page 504

    Chapter 25: GARP VLAN Registrat ion Protocol 504 Section VI: Virtual LANs Figure 186. GVRP Counters Menu (page 2) The GVRP counters in the menus are described in T able 15. Allied Teles is AT-9424T /SP - AT-S63 Marketing User: Manage r 11:20 :02 02-Mar-20 05 GVRP Counter s Receive: Tr ansmit: -------- -- ------- GARP Messag es: ---------- ----- Lea[...]

  • Page 505

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 505 Receive Discarded: Port Not Listening Number of GARP PDUs discar ded because the port that received the PDUs was not listening, that is, MODE=NONE was set on the port. T ransmit Discarded: Port Not Sending Number of GARP PDUs discar ded because the port that the PDUs wer[...]

  • Page 506

    Chapter 25: GARP VLAN Registrat ion Protocol 506 Section VI: Virtual LANs Tr a ns m i t G A R P Messages: LeaveEmpty T otal number o f GARP LeaveEmpty messages transmitted for all attributes in the GARP application. Receive GARP Messages: LeaveIn T otal nu mber of GARP LeaveIn message s received for all attributes in the GARP application. Tr a ns m[...]

  • Page 507

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 507 Displaying the GVRP Database To display GVRP database, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 171 on p age 472. 2. From the VLAN Configuration menu, type 6 to select Co n[...]

  • Page 508

    Chapter 25: GARP VLAN Registrat ion Protocol 508 Section VI: Virtual LANs begin at 0. If the GARP applicati on has no attributes presently registered, “No attributes have been registered” is displayed. VLAN ID The VLAN ID. Used Indicates whether the GID index is currently being used by a ny port in the GARP application. The definition of “use[...]

  • Page 509

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 509 Displaying the GIP Connected Ports Ring To display the GIP connected ports ring, per form the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 171 on p age 472. 2. From the VLAN Configuration [...]

  • Page 510

    Chapter 25: GARP VLAN Registrat ion Protocol 510 Section VI: Virtual LANs STP ID Present if the GARP application is GVRP; identifies the sp anning tree instance asso ciated with the GIP context. Connected Ring The ring of connected port s. Only ports prese ntly in the sp anning tree Forwarding state are eligible for membership in the GIP conne cted[...]

  • Page 511

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 511 Displaying the GVRP State Machine To display the GVRP state machine, perfor m the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is shown in Figure 171 on p age 472. 2. From the VLAN Configuration menu, type 6[...]

  • Page 512

    Chapter 25: GARP VLAN Registrat ion Protocol 512 Section VI: Virtual LANs The GVRP S tate Machine menu (p age 2) is displayed, as shown in Figure 190. Figure 190. Display GVRP State Machine Menu (page 2) The information in the menu is defin ed in T able 16. This information is for viewing purposes only . Allied Tele sis AT-94 24T/SP - AT -S63 Marke[...]

  • Page 513

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 513 App Applica nt state machine for the GID index on that particular port. One o f: Normal Participan t Management state: “V o” V e ry Anxious Observer “Ao” Anxious Observer “Qo” Quiet Observer “Lo” Leaving Observer “Vp” V ery Anxious Passive Member “A[...]

  • Page 514

    Chapter 25: GARP VLAN Registrat ion Protocol 514 Section VI: Virtual LANs Reg Regist rar state mach ine for the GID index on that particu lar port. One of: “Mt” Empty “Lv3” Leaving subst ate 3 (final Leaving substate) “Lv2” Leaving substa te 2 “Lv1” Leaving substa te 1 “Lv” Leaving substate (in itial Leaving substate) “In” I[...]

  • Page 515

    Section VI: Virtual LANs 515 Chapter 26 Multiple VLAN Modes This chapter contains the following sections:  “Selecting a VLAN Mode” on page 51 6  “Displaying VLAN Information” on p age 518[...]

  • Page 516

    Chapter 26: Multipl e VLAN Modes 516 Section VI: Virtual LANs Selecting a VLAN Mode The following procedure explains ho w to select a VLAN mode. Available modes are:  User-configured VLAN mode (port-based, t agged, MAC address- based, and protected port s VLANs)  IEEE 802.1Q Compliant Multiple VLAN mode  Non-IEEE 802.1Q Compliant Multip le[...]

  • Page 517

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 517 The new VLAN mode is now active on the switch. 5. To permanently save your changes, return to the Main Menu and type S to select Save Configuration Changes.[...]

  • Page 518

    Chapter 26: Multipl e VLAN Modes 518 Section VI: Virtual LANs Displaying VLAN Information To view the VLANs on the switch while the unit is o perating in a multiple VLAN mode, perform the following pro cedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu (multi ple VLAN mode) is shown in Figure 191. Figure[...]

  • Page 519

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 519 The Show Multiple VLANs menu is shown in Figure 192. Figure 192. Show VLANs Menu, Multiple VLANS The Show Multiple VLANs menu displays a t able that cont ains the following columns of information: Name Name of the VLAN. Unt agged Port The untagged ports th at are part of[...]

  • Page 520

    Chapter 26: Multipl e VLAN Modes 520 Section VI: Virtual LANs[...]

  • Page 521

    Section VI: Virtual LANs 521 Chapter 27 Pr otected Ports VLANs This chapter explains protecte d ports VLANs. It contains the following sections:  “Creating a Protected Port s VLAN” on p age 522  “Modifying a Protected Ports VL AN” on p age 525  “Displaying a Protected Ports VL AN” on p age 528  “Deleting a Protected Port s[...]

  • Page 522

    Chapter 27: Protected Ports VLANs 522 Section VI: Virtual LANs Creating a Prot ected Ports VLAN To create a new protected ports VL AN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. 2. From the VLAN Configuration menu, type 3 to select Configure VLANs . 3. From the Configure VLANs menu, type 1 to select[...]

  • Page 523

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 523 Note A VLAN must be assigned a name. 6. Type 2 to select VLAN I D (VID. The following prompt is displayed: Enter new v alue -> [ 2 to 4094] -> 7. Type a VID value for the new VLAN. The range for the VID value is 1 to 4094. The A T-S63 Management Sof tware uses the [...]

  • Page 524

    Chapter 27: Protected Ports VLANs 524 Section VI: Virtual LANs The prompt displays the port s of the VLAN. 13. En ter the port in the VLAN to function as the uplink port for the groups in the VLAN. You can specify more than one uplink port. The following prompt is displayed: Enter Group Po rts (4 - 11) -> The prompt includes the port s in the VL[...]

  • Page 525

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 525 Modifying a Protected Ports VLAN Note the following before performin g this procedure:  T o modify a protected port s VLAN, you have to recreate it. Y ou must reselect the uplink port(s) and reassign th e ports to the g roups. T o make the process easier , Allied T el[...]

  • Page 526

    Chapter 27: Protected Ports VLANs 526 Section VI: Virtual LANs The Modify VLAN menu expands t o conta in all relevant information about the VLAN, as shown in Figure 194. Figure 194. Expanded Modify VLAN Menu 6. Adjust the following paramet ers as necessary. 1 - VLAN Name Use this selection to change the name of a VLAN. The name can be from one to f[...]

  • Page 527

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 527 6 - Protected Port s This identifies the VLAN as a prot ected port s VLAN. This optio n can not be changed. T o convert a protected port s VLAN into a t agged or port-based VLAN, you must delete it and recrea te it as a t agged or port-based VLAN. 7. After making the des[...]

  • Page 528

    Chapter 27: Protected Ports VLANs 528 Section VI: Virtual LANs Displaying a Protected Ports VLAN To view the name, VID number, and member ports of all the VLANs on a switch, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is s hown in Figure 171 on p age 472. 2. From the VLAN [...]

  • Page 529

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 529 An example of the Show VLANs window is shown in Figure 196. Figure 196. Show VLANs Menu Section 1 lists all the tag ged and untagged ports in the protected port s VLAN. Section 2 lists the groups in the VLAN, st arting with the uplink port(s). The group s are listed by g[...]

  • Page 530

    Chapter 27: Protected Ports VLANs 530 Section VI: Virtual LANs Deleting a Protected Ports VLAN To delete a protected ports VLAN, perform the followin g procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. 2. From the VLAN Configuration menu, type 3 to select Configure VLANs . The Configure VLANs menu is shown in Figure 1 72 on pa [...]

  • Page 531

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 531 The Delete VLAN menu expands to cont ain the relevant information about the VLAN. Y ou can use the informa tion to confirm that you are deleting the correct VLAN. An example is shown in Figure 198. Figure 198. Expanded Delete VLAN Menu 6. Type D to delete the VLAN or R t[...]

  • Page 532

    Chapter 27: Protected Ports VLANs 532 Section VI: Virtual LANs[...]

  • Page 533

    Section VI: Virtual LANs 533 Chapter 28 MAC Addr ess-based VLANs This chapter contains the procedur es for cr eating MAC address-based VLANs. Sections in the chapter includ e:  “Creating a MAC Address-based VLAN” on pa ge 534  “Adding and Deleting MAC Addresses” on p age 536  “Adding and Deleting Egress Port s” on p age 538 [...]

  • Page 534

    Chapter 28: MAC Address-b ased VLANs 534 Section VI: Virtual LANs Creating a MAC A ddress-based VLAN This is the first stage to creating a MAC address-based VLAN. This procedure assigns the VLAN a name and a VID an d sets the VLAN type. After completing this procedure you can add the source MAC a ddresses to the VLAN, as explained in “Adding and [...]

  • Page 535

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 535 The following prompt is displayed: Enter new v alue -> [ 2 to 4094] -> 7. Type a VID value for the new VLAN. The range for the VID value is 1 to 4094. The A T-S63 Management Sof tware uses the next available VID number on the switch as the default value. If this VL[...]

  • Page 536

    Chapter 28: MAC Address-b ased VLANs 536 Section VI: Virtual LANs Adding and Deleting MAC Addresses This procedure explains how to add and delete MAC addresses from a MAC address-based VLAN. If you are creating a new VLAN, you perform this procedure after you initially create the VLAN by giving it a name and a VID and setting the VLAN type, as expl[...]

  • Page 537

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 537 5. To add a MAC address to a MAC address-based VLAN, type 1 to select Add MAC Address. To delete an address, type 2 to select Delete MAC Address. The following prompt is displayed: Please enter VLAN ID -> [1 to 4094 ] -> 2 6. Enter the VID of the MAC address- based[...]

  • Page 538

    Chapter 28: MAC Address-b ased VLANs 538 Section VI: Virtual LANs Adding and Deleti ng Egress Ports This procedure explains how to add and delete egress ports from the MAC addresses in a MAC address-based VLAN. Before adding egress ports to a MAC address, review the following:  The egress ports o f a MAC address-based VLAN are considered as a co[...]

  • Page 539

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 539 The following prompt is displayed: Please ent er MAC ad dress -> 7. Enter the MAC address where you wan t to add or delete an egre ss port. You can specify only one ad dress and the address must already exist in the VLAN. For instructions on how to a dd an address to [...]

  • Page 540

    Chapter 28: MAC Address-b ased VLANs 540 Section VI: Virtual LANs Deleting a MAC Address-based VLAN Note To delete a VLAN, you need to know its VID. To view VLAN VIDs, refer to “Displaying MAC Address-based VLANs” on page 542. To delete a VLAN, perform the follo wing procedure: 1. From the Main Menu, type 2 to select VLAN Config uration. The VL[...]

  • Page 541

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 541 The Delete VLAN menu expands to cont ain all relevant information about the VLAN, as shown in Figure 201. Y ou can use this menu to confirm that you are deleting the correct VLAN. Figure 201. Expanded Delete VLAN Menu 6. Type D to delete the VLAN or R to cancel the proce[...]

  • Page 542

    Chapter 28: MAC Address-b ased VLANs 542 Section VI: Virtual LANs Displaying MAC Address-based VLANs To view the details of a MAC address-based VLAN, perform th e following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. The VLAN Configuration menu is s hown in Figure 171 on p age 472. 2. From the VLAN Configuration menu, typ[...]

  • Page 543

    AT-S63 Management So ftware Menus User’s Gui de Section VI: Virtual LANs 543 MAC Based - The VLAN is a MAC address-based VLAN. GARP - The VLAN was automatically cre ated by GARP . Protocol The protocol associated with this VLAN. The possible settings are: Blank - The VLAN is a port-based, t agged, or MAC address-based VLAN. GARP - The VLAN is a d[...]

  • Page 544

    Chapter 28: MAC Address-b ased VLANs 544 Section VI: Virtual LANs The lower portion of the display lists the MAC addresses of the VLAN and the egress ports.[...]

  • Page 545

    Section VII: Internet Proto col Routing 545 Section VII Internet Pr otocol Routing The chapter in this sectio n contai ns the procedures for managing routing interfaces of the Internet Pro tocol version 4 (IPv4) packet routing feature. The chapter is:  Chapter 29, “Internet Protoco l V ersion 4 Routing Interfaces” on p age 547[...]

  • Page 546

    546 Section VII: Internet Pro tocol Routing[...]

  • Page 547

    Section VII: Internet Proto col Routing 547 Chapter 29 Internet Pr otocol V ersion 4 Routing Interfaces This chapter contains the following pro cedures for managin g Internet Protocol Version 4 (IPv4) routing interfaces:  “Creating a New Routing Interface” on p age 548  “Modifying a Routing Interface” on p age 551  “Deleting a Ro[...]

  • Page 548

    Chapter 29: Internet Protocol Version 4 Routing Interfaces 548 Section VII: Internet Pro tocol Routing Creating a New Routing Interface A routing interface is a log ical connection to a local network or subnet for routing IPv4 packets. Interface s route packets between the local networks and subnets directly connected to the switch and also functio[...]

  • Page 549

    AT-S63 Management So ftware Menus User’s Gui de Section VII: Internet Pro tocol Routing 549 If a routing interface has been designated as the local inte rface of a switch, its na me is followed by “eth0”. The local interfa ce is used for enhanced st acking and remote T elnet, SSH, and web browser management. IP Address The IP address of the i[...]

  • Page 550

    Chapter 29: Internet Protocol Version 4 Routing Interfaces 550 Section VII: Internet Pro tocol Routing The following prompt is displayed: Enter IP A ddress [S TATIC IP|DH CP|BOOTP] : 8. Enter a static IP address for the new interface or en ter “DHCP” or “BOOTP” to activate the DHCP or BOOTP client. Note Skip steps 9 and 10 if you select ed [...]

  • Page 551

    AT-S63 Management So ftware Menus User’s Gui de Section VII: Internet Pro tocol Routing 551 Modifying a Routing Interface This procedure modifies the IP add ress and subnet mask of a routing interface. Note the following before performing this procedure:  Modifying the IP address of a routing in terface deletes all static routes assigned to th[...]

  • Page 552

    Chapter 29: Internet Protocol Version 4 Routing Interfaces 552 Section VII: Internet Pro tocol Routing The specifications of th e interface are displayed in the Modify Interfa ce menu. An example is shown in Figure 205. Figure 206. Modify Interface Menu 6. To change the IP address of the inte rface, type 2 to select IP a ddress. The following promp[...]

  • Page 553

    AT-S63 Management So ftware Menus User’s Gui de Section VII: Internet Pro tocol Routing 553 10. Type M to select Modify Interface. The following prompt is displayed: Interface M odified S uccessfully ? Press any k ey to con tinue... 11. Press any key. The modifications are immediately implemen ted on the routing interface. 12. To modify another r[...]

  • Page 554

    Chapter 29: Internet Protocol Version 4 Routing Interfaces 554 Section VII: Internet Pro tocol Routing Deleting a Routing Interface This procedure deletes a routing int erface from the switch. Note the following before performing this command :  All IPv4 packet routing t o and from the local network or subnet of a deleted interface ceases.  A[...]

  • Page 555

    AT-S63 Management So ftware Menus User’s Gui de Section VII: Internet Pro tocol Routing 555 Displaying the IP Address of the Local Interface This procedure displays the IP addr ess and subnet mask of the local interface on the switch. The local interface is used for remote Telnet, SSH, and web browser management of the switch. On the maste r swit[...]

  • Page 556

    Chapter 29: Internet Protocol Version 4 Routing Interfaces 556 Section VII: Internet Pro tocol Routing Setting the Default Rout e or Default Gateway If you are configuring an AT-9400 Switch that supp orts IPv4 packet routing, such as the AT-9424T s and AT-9448Ts/XP switches, you can configure the default route fro m the menus interface. The default[...]

  • Page 557

    AT-S63 Management So ftware Menus User’s Gui de Section VII: Internet Pro tocol Routing 557 Setting the Local Interface This procedure designates the local inte rface of a switch. The local interface is used for remote Telne t, SSH, and web browser mana gement of the switch. On the master switch of an enhanced stack, the local interface also desi[...]

  • Page 558

    Chapter 29: Internet Protocol Version 4 Routing Interfaces 558 Section VII: Internet Pro tocol Routing Setting the ARP Cache Timeout The ARP cache contains mappings of IP addresses to physical ad dresses for hosts where the switch has recent ly routed packets. To h ave an entry in the ARP cache, a host must have attempted to access another host, an[...]

  • Page 559

    Section VIII: Port Secu rity 559 Section VIII Port Security The chapters in this section contai n overview information on the port security features of the AT-9400 Sw itch . The chapters also explain how to configure these features from the menu interface of the AT-S63 Management Software. The cha pters include:  Chapter 30, “MAC Address-based[...]

  • Page 560

    560 Section VIII: Port Security[...]

  • Page 561

    Section VIII: Port Secu rity 561 Chapter 30 MAC Addr ess-based Port Security This chapter explains how you can use the dynamic and static MAC addresses learned or manually added to the switch’s MAC address table to control which end nodes can forwar d packets through the device. The sections in this chapter include:  “Configuring MAC Address[...]

  • Page 562

    Chapter 30: MAC Address-b ased Port Security 562 Section VIII: Port Security Configuring MAC Addr ess Port Security To set the port security level on a port, p erform the following procedure: 1. From the Main Menu, type 1 to select Port Configura tion. 2. From the Port Configuration menu, type 5 to select Port Security. The Port Security menu is sh[...]

  • Page 563

    AT-S63 Management So ftware Menus User’s Gui de Section VIII: Port Security 563 The menu displays the current secu rity level on the selected port. If you are configuring a range of port s and the port s have different security levels, the menu displays the security level of the lowest number port. Note Option D, Select Default Po rt Security, se[...]

  • Page 564

    Chapter 30: MAC Address-b ased Port Security 564 Section VIII: Port Security  If you selected Limited, several new menu options are a dded to the Configure Port Security menu, as shown in Figure 209. Continue with Step 8 for instructions on con figuring a port operating unde r the Limited security level. Figure 209. Configure Po rt Security Menu[...]

  • Page 565

    AT-S63 Management So ftware Menus User’s Gui de Section VIII: Port Security 565 10. If you selected the trap or disable intrusion action, type 4 to to ggle the Port Participating option to Yes. Option 3, Port Participa ting, only applies when the intrusion action is set to trap or disab le. This option does not apply when intrusion action is set [...]

  • Page 566

    Chapter 30: MAC Address-b ased Port Security 566 Section VIII: Port Security Displaying Port Security Levels To view the current security levels and intrusio n actions for the ports on the switch, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configura tion. 2. From the Port Configuration menu, type 5 to select Port [...]

  • Page 567

    AT-S63 Management So ftware Menus User’s Gui de Section VIII: Port Security 567 Intruder Action The action taken by a port if it receives an invalid frame while operating in the Limited security mode. The possible sett ings are:  Discard - The port discards invalid frames. This is the default.  Trap - The port discards invalid frames and se[...]

  • Page 568

    Chapter 30: MAC Address-b ased Port Security 568 Section VIII: Port Security[...]

  • Page 569

    Section VIII: Port Secu rity 569 Chapter 31 802.1x Port-based Network Access Contr ol This chapter explains 802.1x Port- based Network Access Control and how this feature can increase network security by re stricting access to the network ports on the switch . Sections are as follows:  “Setting Port Roles” on page 5 70  “Enabling or Dis[...]

  • Page 570

    Chapter 31: 802.1x Port-based Network Access Con trol 570 Section VIII: Port Security Setting Port Roles This procedure sets the role of a port to auth enticator or supplicant. You must set the role of a port before you can config ure its settings. To set port roles, perform the following p rocedure: 1. From the Main Menu, type 7 to select Security[...]

  • Page 571

    AT-S63 Management So ftware Menus User’s Gui de Section VIII: Port Security 571 The Configure Port Access Role menu is sho wn in Figure 212. Figure 212. Configure Port Access Role Menu 5. Type 1 to select Port Role. The following prompt is displayed: Enter new Port Ro le [N-None, A- Authenticat or, S-Supplican t] -> 6. If you type N for None, [...]

  • Page 572

    Chapter 31: 802.1x Port-based Network Access Con trol 572 Section VIII: Port Security Enabling or Disabling 802.1x Por t-based Network Access Control This procedure explains how to enabl e and disable port-ba sed access control on the switch. If you have not assigned port roles and configured the parameter settings, you sh ould skip this procedure [...]

  • Page 573

    AT-S63 Management So ftware Menus User’s Gui de Section VIII: Port Security 573 Configuring Authenticator Port Parameters Note A port must already be set to the authenticator ro le before you can configure its settings. For instructions on h ow to change the role of a port, refer to “Setting Port Roles” on page 570. To configure the parameter[...]

  • Page 574

    Chapter 31: 802.1x Port-based Network Access Con trol 574 Section VIII: Port Security The Configure Authenticator Port Access Parameters menu is shown in Figure 214. Figure 214. Configure Authenticator Port Access Parameters Menu 6. Adjust the following paramet ers as necessary. 0 - Authentication Mode This parameter ca n take the following values [...]

  • Page 575

    AT-S63 Management So ftware Menus User’s Gui de Section VIII: Port Security 575 1 - Supplicant Mode This parameter can t ake the following values on an authenticator port:  Single : Configures the authenticator port to accept only one authentication. This supplicant mode should be used toge ther with the piggy-back mode. When an auth enticator[...]

  • Page 576

    Chapter 31: 802.1x Port-based Network Access Con trol 576 Section VIII: Port Security disabled, the supplicant is not require to reauthentica te after the initial authentication. 6 - Reauth Period S pecifies the time period in seconds between re authentications of the client when the Reauth. Enabled option is set to Enabled. The default value is 36[...]

  • Page 577

    AT-S63 Management So ftware Menus User’s Gui de Section VIII: Port Security 577 specified in the initial authentication, rega rdless of the VLAN assignments of subsequent authentications. C - Control Direction This parameter specifies ho w the port handles ingress and egress broadcast and multicast p ackets when in the unauthorized st ate. When a[...]

  • Page 578

    Chapter 31: 802.1x Port-based Network Access Con trol 578 Section VIII: Port Security 8. After making cha nges, type R until you return to th e Main Menu. Then type S to select Save Configuration Ch anges.[...]

  • Page 579

    AT-S63 Management So ftware Menus User’s Gui de Section VIII: Port Security 579 Configuring Supplicant Port Parameters Note A port must already be set to the supplicant role before you can configure its settings. For instructions on h ow to change the role of a port, refer to “Setting Port Roles” on page 570. To configure supplicant port para[...]

  • Page 580

    Chapter 31: 802.1x Port-based Network Access Con trol 580 Section VIII: Port Security The Configure Supplicant Port Access Parameters menu is shown in Figure 214. Figure 216. Configure Supplicant Port Acce ss Parameters Menu 6. Adjust the following paramet ers as necessary. 1 - Auth Period This parameter sp ecifies the period of time in seconds tha[...]

  • Page 581

    AT-S63 Management So ftware Menus User’s Gui de Section VIII: Port Security 581 characters, such as asterisks or ex clamation point s. The username is case sensitive. 6 - User Password This parameter specifies th e passwo rd for the switch port. The port sends the password to the au thentication server for verification when the port logs on to th[...]

  • Page 582

    Chapter 31: 802.1x Port-based Network Access Con trol 582 Section VIII: Port Security Displaying the Port Access Parameters To display the port access parameters for the ports on the switch, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. The Security and Services menu is shown in Figure 71 on p age 2[...]

  • Page 583

    AT-S63 Management So ftware Menus User’s Gui de Section VIII: Port Security 583 Port Role Port access role configured for the port. Th e possible settings are None, Authenticator , or Supplicant. AuthMode The port’ s authentication mode: 802.1x or MAC Based. Stat e S tate of the port. The st ate field is dep endent on whether a port is configur[...]

  • Page 584

    Chapter 31: 802.1x Port-based Network Access Con trol 584 Section VIII: Port Security Configuring RADIUS Accounting The AT-S63 Management Software supp orts RADIUS accounting for ports operating in the Authenticator role . The accounting information sent by the switch to a RADIUS server includes the date and time whe n clients log on and log off, a[...]

  • Page 585

    AT-S63 Management So ftware Menus User’s Gui de Section VIII: Port Security 585 4. Adjust the following parameters as necessa ry. 1 - St atus This parameter activate s or deac tivates RADIUS accounting on the switch. Select Enabled to activate the feature or Disabled to deactivate it. The default is Disabled. 2 - Port This parameter specifies th [...]

  • Page 586

    Chapter 31: 802.1x Port-based Network Access Con trol 586 Section VIII: Port Security[...]

  • Page 587

    Section IX: Manageme nt Security 587 Section IX Management Security The chapters in this section cont ain overview information on the management security features of the AT-94 00 Switch. The chapters also explain how to configure these features f rom the menu interface of the AT-S63 Management Software. The chapters includ e:  Chapter 32, “W e[...]

  • Page 588

    588 Section IX: Management Security[...]

  • Page 589

    Section IX: Manageme nt Security 589 Chapter 32 W eb Server The chapter provides an overview of the web server fea ture and procedures for configuring the server. It contains the following sections:  “Configuring the W eb Server” on p age 590  “General S teps for Configu ring the W eb Server for Encryption” on page 593[...]

  • Page 590

    Chapter 32: Web Server 590 Section IX: Management Security Configuring the Web Server This procedure explains how to enabl e and disable the web server and how to configure the HTTP and HTTPS settings from a local or Telnet management session. The default setti ng for the web server is enabled, with the non-secure HTTP mode as the active web server[...]

  • Page 591

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 591 3. Type 1 to select Status to enable or disable the web server. To configure the web server, you must first disable it. Possible settings are: Enabled - Enables the web server . This is the default setting. Disabled - Disables the web serve r . (T o change any of[...]

  • Page 592

    Chapter 32: Web Server 592 Section IX: Management Security The default port number for HTTP is 80. Th e default port number for HTTPS is 443. 1. After making cha nges, type R until you return to th e Main Menu. Then type S to select Save Configuration Ch anges.[...]

  • Page 593

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 593 General Steps for Configuring the Web Server for Encryption There are several procedures you need to perform in order to implement HTTPS and web browser encryption on the switch. This se ction is here to provide you with the gene ral steps you need to do and the [...]

  • Page 594

    Chapter 32: Web Server 594 Section IX: Management Security 6. After you have received the appropriate certificates from the CA, download them into the switch’s f ile system from you r management station or a TFTP server, as explained in “Downloading a Syste m File” on page 182. 7. Add the certificates to the certif icate database, as exp lain[...]

  • Page 595

    Section IX: Manageme nt Security 595 Chapter 33 Encryption Keys This chapter describes encryption keys and how you can use keys to improve the security of your switches . Because of the complexity of the feature, this chapter contains two ov erview sections. The Basic Ove rview section offers a general review of the purpose o f this feature along w[...]

  • Page 596

    Chapter 33: Encrypti on Keys 596 Section IX: Management Security Creating an Encryption Key This section contains the procedure fo r creating an encryption key pair. Caution Key generation is a CPU-intensive pro cess. Because this process may affect switch behavior, Allied Telesis recommends creating keys when the switch is not connected to a netwo[...]

  • Page 597

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 597 The Key Management menu is sho wn in Figure 222. Figure 222. Key Management Menu 4. Type 1 to select Create Key. The Create Key menu is sh own in Figure 223. Figure 223. Create Key Menu 5. From the Create Key menu, type 1 to select Key ID. The following prompt is[...]

  • Page 598

    Chapter 33: Encrypti on Keys 598 Section IX: Management Security 6. Enter an identification number fo r the key. This number can be from 0 to 65,535. This number is used on ly for identification purposes and not in generating the actual encryption key. The ID for each key on the switch must be unique. Note You cannot change the value for op tion 2,[...]

  • Page 599

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 599 The new key is added to the list of keys in the Key Management menu. Returning to the Main Menu to save your changes is not necessary with this procedure. This type of change is automatically saved by the management software. T o create a self-signed certificate [...]

  • Page 600

    Chapter 33: Encrypti on Keys 600 Section IX: Management Security Deleting an Encryption Key This section contains the procedure fo r deleting an encryption key pair from the switch. Note the follo wing before performing this p rocedure.  Deleting a key pair from the key management dat abase also delet es the key’s correspond ing “.ukf” fil[...]

  • Page 601

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 601 Modifying an Encryption Key The Key Management menu has a selection for modifying the descriptio n of an encryption key. This is the only item of a key that you can modify. You cannot change a key’s ID, type, or length. To change the description of a ke y, perf[...]

  • Page 602

    Chapter 33: Encrypti on Keys 602 Section IX: Management Security Exporting an Encryption Key The following procedure exports the pub lic key of a key pair into the AT-S63 file system. (The ma nagement software does not allow you to export a private key.) Before performing this procedure, please note the following:  The only circumstance in which[...]

  • Page 603

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 603 The Export Key to File menu is shown in Figure 2 24. Figure 224. Export Key to File Menu 5. From the Export Key to File menu , type 1 to select Key ID. The following prompt is displayed: Enter Key ID -> [0 to 65 535] -> 6. Enter the key ID of the public key[...]

  • Page 604

    Chapter 33: Encrypti on Keys 604 Section IX: Management Security The following message is displayed: Key Export in Progr ess. Please wait...D one 11. Press any key to return to the Key Manageme nt menu. T o view the public key in the switch’ s file system, refer to “Disp laying System Files” on page 159. Returning to the Main Menu to save you[...]

  • Page 605

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 605 Importing an Encryption Key Use the following procedure to import a public key from the AT-S63 file system into the key management database. If a file contains both public and private keys, only the public ke y is imported. The privat e key is ignored. Note It is[...]

  • Page 606

    Chapter 33: Encrypti on Keys 606 Section IX: Management Security The Import Key from File menu is shown in Figure 225. Figure 225. Import Key from F ile Menu 5. From the Import Key from File menu, type 1 to select Key ID. The following prompt is displayed: Enter Key ID -> [0 to 65535] -> 6. Enter a key ID for the public key. This must be an u[...]

  • Page 607

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 607 The key file name must include the “.key” extension. If yo u are unsure of the file name, display the files in the switch’ s file system by referring to “Displaying System Files” on pa ge 159. 10. Type 5 to select Import Key From File to import a key to[...]

  • Page 608

    Chapter 33: Encrypti on Keys 608 Section IX: Management Security Displaying the Encryption Keys To display the encryption keys, per form the following procedure: 1. From the Main Menu, type 7 to select Security and Services. The Security and Services menu is shown in Figure 71 on p age 220. 2. From the Security and Services menu, type 7 to select K[...]

  • Page 609

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 609 Length The length of the key in bits. Digest The CRC32 value of the MD5 digest of t he public key . Description The key’s description .[...]

  • Page 610

    Chapter 33: Encrypti on Keys 610 Section IX: Management Security[...]

  • Page 611

    Section IX: Manageme nt Security 611 Chapter 34 PKI Certificates and SSL This chapter contains the procedures fo r creating public key infrastructure (PKI) certificates for web serve r security. Because of t he complexity of this feature, two overview sections are provided. The Ba sic Overview section offers a general review of the purpose o f cert[...]

  • Page 612

    Chapter 34: PKI Certificat es and SSL 612 Section IX: Management Security Creating a Self-signed Certificate This section contains the procedure fo r creating a self-signed certificate. Please review the following befo re you perform the pro cedure:  For a general review of all the steps to configuring the switch for a self- signed certificate, [...]

  • Page 613

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 613 The Public Key Infrastructure (PKI ) Configuration menu is shown in Figure 227. Figure 227. Public Key Infrastructure (PKI) Configuration Men u 4. From the Public Key Infrastructure (PKI) Configuration menu, type 2 to select X509 Certificate Management. The X509 [...]

  • Page 614

    Chapter 34: PKI Certificat es and SSL 614 Section IX: Management Security Note In the X509 Certificate Manage ment menu, MTrust means manually trusted. This field indicates that you verified the certificate . The Source field indicates th e certificate was gen erated on the switch. Both MTrust and Source are read-only fields. 5. Type 1 to select Cr[...]

  • Page 615

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 615 9. Enter the ID number of the encryption key that you want to use to create this certificate. The encryption key must alrea dy exist on the switch. (If you have forgotten the key ID number, re turn to the Key Management menu to view the keys on the switch. ) The [...]

  • Page 616

    Chapter 34: PKI Certificat es and SSL 616 Section IX: Management Security Adding a Certificate to the Database After creating a certificate or receiving a certificate from a public o r private CA, you need to add it to the certificate d atabase. This makes it available to the switch’s web server. A certificate in the certificate database appears [...]

  • Page 617

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 617 The following prompt is displayed: Enter file name (*.key) -> 7. Enter a name for the certificate. This is the name for the certificate as it will appear in the certificate database list. Y ou can enter up to 24 alphanumeric characters. S paces are allowed. No[...]

  • Page 618

    Chapter 34: PKI Certificat es and SSL 618 Section IX: Management Security 10. Type 4 to select File Name. The following prompt is displayed: Enter file na me (*.key ) -> 11. Specify the filename of the certificate. This is the filename of the certificate in the A T-S63 file system. The filename has a “.cer” extension. Fo r example, if you cr[...]

  • Page 619

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 619 Modifying a Certificate The procedure in this section modifies a certificate in the certificate database. Here are the certificate ite ms you can modify:  S tate - trusted or untrusted  T ype - EE, CA, or Self Note These parameters have no affect on the ope[...]

  • Page 620

    Chapter 34: PKI Certificat es and SSL 620 Section IX: Management Security The Modify Certificate menu is shown in F igure 231. Figure 231. Modify Certificate Menu Note You cannot change select ion 1, Certificate Name. 7. Type 2 to select State. The possible sett ings are: T rusted This value indicates you have verified that the certificate is from [...]

  • Page 621

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 621 10. To permanently save your change, return to the Main Menu an d type S to select Save Configuration Changes.[...]

  • Page 622

    Chapter 34: PKI Certificat es and SSL 622 Section IX: Management Security Deleting a Certificate The procedure in this section dele tes a certificate from the cert ificate database. Please note the following before perfo rming this procedure:  Deleting a certificate from the dat abase does not d elete it from the switch. It continues to reside i[...]

  • Page 623

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 623 7. To permanently save your change, return to th e Main Menu and type S to select Save Configuration Changes.[...]

  • Page 624

    Chapter 34: PKI Certificat es and SSL 624 Section IX: Management Security Viewing a Certificate This procedure displays information about a certificate, such as its distinguished name and serial number. To view the details of a certificat e, perform the following proced ure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the[...]

  • Page 625

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 625 The View Certificate Det ails menu (page 1) is shown in Figure 232. Figure 232. View Certificate Details Menu (page 1) The following information is displayed in p age 1: Name The name of the certificate. Stat e Whether the certificate is T rusted or Untrusted. Ma[...]

  • Page 626

    Chapter 34: PKI Certificat es and SSL 626 Section IX: Management Security Public Key Alg The public key algorithm. Not V alid Before The date the certificate became active. Not V alid After The date the certificate expires. Self-signed certificates are valid for two years. 7. Type N to see the second pa ge of certificate details. The View Certifica[...]

  • Page 627

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 627 Generating an Enrollment Request To request a certificate from a CA, you must generate a n enrollment request. The request cont ains the public key for the certificat e, a distinguished name, and other informatio n. The re quest is stored as a file with a “.csr[...]

  • Page 628

    Chapter 34: PKI Certificat es and SSL 628 Section IX: Management Security The Generate Enrollment Request menu is shown in Figure 234. Figure 234. Generate Enrollment Req uest Menu 7. Type 1 to select Request Name. The following prompt is displayed: Enter enroll ment reques t name (24 chars max ) -> 8. Enter a name of up to 24 alphanu meric char[...]

  • Page 629

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 629 12. Type 5 to select Generate Enrollment Request. After the switch has fin ished generating the request, a message similar to the following is displayed: Enrollment request i s being gen erated. P lease wait ...Done. Enrollment Re quest avail able in file [Swit c[...]

  • Page 630

    Chapter 34: PKI Certificat es and SSL 630 Section IX: Management Security Installing CA Certificates onto a Switch This section lists the procedures to perform for a certificate from a public or private CA. It should be noted that a CA generated ce rtificate will consist of several certificates, with a minimum of two. All the certificates from the [...]

  • Page 631

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 631 Viewing and Configuring the M aximum Number of Certificates You can specify the maximum number of certificates the certificate database can store. The range is a maximum of 12 to 256. Th e default value is 256. You should ne ver need to adjust this value. To view[...]

  • Page 632

    Chapter 34: PKI Certificat es and SSL 632 Section IX: Management Security Configuring SSL To configure the SSL protocol, p erform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 9 to sele ct Secure Socket Layer (SSL). The Secure Socket Layer (SSL) menu is sho wn in[...]

  • Page 633

    Section IX: Manageme nt Security 633 Chapter 35 Secur e Shell (SSH) The chapter contains overview inform ation about th e Secure Shell (SSH) protocol as well a procedure for configur ing this protocol on a switch using a local or Telnet manageme nt session. It contains the f ollowing sections:  “Configuring SSH” on p age 634  “Displayin[...]

  • Page 634

    Chapter 35: Secure She ll (SSH) 634 Section IX: Management Security Configuring SSH This section describes how to configu re the switch as an SSH server. Before you begin this proce dure, y ou need to configure a host and server keys for SSH. See Chapter 33, “Encryption Keys” on page 595. The minimum bit size of the server ke y is 512 bits. The[...]

  • Page 635

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 635 3. Type 2 to select Ho st Key ID. The following prompt is displayed: Enter Host Key ID [0 to 65535] -> 0 Enter the ID number of the encrypti on key that will function as the host key. The default is Not Defined. For instructions on creating encryption keys, se[...]

  • Page 636

    Chapter 35: Secure She ll (SSH) 636 Section IX: Management Security Ty p e E to enable the SSH server . Select this value after you have finished configuring SSH and want to log on to the server . Or , type D to disable SSH while you are configuring the protocol. SSH must be disabled while you are configuring the protocol. This is the default. Note[...]

  • Page 637

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 637 Displaying SSH Information To display SSH server information, pe rform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. The Security and Services menu is shown in Figur e 71 on page 22 0. 2. From the Security and Services me[...]

  • Page 638

    Chapter 35: Secure She ll (SSH) 638 Section IX: Management Security Host Key ID The host key ID defined for SSH. Host Key Bit s Number of bit s in the host key . Server Key ID Server key ID defined for SSH. Server Key Expiry Length of time, in hours, until the server key is regenerated. The default is 0 hours which means t he server key is not rege[...]

  • Page 639

    Section IX: Manageme nt Security 639 Chapter 36 T ACACS+ and RADIUS Pr otocols This chapter describes how to configure the parameter settings for the two authentication protocols TACACS+ and RA DIUS. Sections in the chapter include:  “Enabling or Disabling Server-based Management Authenticat ion” on page 640  “Configuring the T ACACS+ C[...]

  • Page 640

    Chapter 36: TACACS+ and RADIUS Prot ocols 640 Section IX: Management Security Enabling or Disabling Server-bas ed Management Authentication This procedure explains how to enable or disable server-base d management authentication on the switch. When t he feature is enabled, the switch seek its valid manager accounts from an authentication server. Wh[...]

  • Page 641

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 641 Note Selection 5, Passwords Configu ration, is described in “Changing the Manager and Operator Passwords” on page 35. 3. To select the active authe ntication protocol, type 2 to select Authentication Method. The following prompt is displayed: Enter T-TACAC S+[...]

  • Page 642

    Chapter 36: TACACS+ and RADIUS Prot ocols 642 Section IX: Management Security Configuring the TACACS+ Client To configure the TACACS+ client on the switch, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 1 on page 32. 2. From the System Administration [...]

  • Page 643

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 643 If you will be specifying more than one T ACACS+ server and if all of the servers use the same encryption secret, you can answer No to this prompt and enter the encryption secret using the T AC Global Secret par a me te r . However , if you are specifying only on[...]

  • Page 644

    Chapter 36: TACACS+ and RADIUS Prot ocols 644 Section IX: Management Security Displaying the TACACS+ Settings To display the TACACS+ settings, perform the following pro cedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 1 on page 32. 2. From the System Administration menu, type 6[...]

  • Page 645

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 645 Configuring the RADIUS Client To configure the RADIUS client, pe rform the following procedure: 1. From the Main Menu, type 5 to sel ect System Admini stration. The System Administration menu is shown in Figure 1 o n page 32. 2. From the System Ad ministration me[...]

  • Page 646

    Chapter 36: TACACS+ and RADIUS Prot ocols 646 Section IX: Management Security Manager and Operator acco unts. Th e default is 10 seconds. The range is 1 to 60 seconds. 3 - RADIUS Server 1 Configuration 4 - RADIUS Server 1 Configuration 5 - RADIUS Server 1 Configuration Use these parameters to specify the IP addresses of up t o three network servers[...]

  • Page 647

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 647 6. To activate the feature, perform the procedure “Enabling or Disa bling Server-based Management Authentication” on page 640.[...]

  • Page 648

    Chapter 36: TACACS+ and RADIUS Prot ocols 648 Section IX: Management Security Displaying RADIUS Status and Settings To display the RADIUS status and settings, perform the follo wing procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 1 on page 32. 2. From the System Administrat[...]

  • Page 649

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 649 The Show S tatus menu displays a t able that cont ains the following columns of information: Server IP Address IP address of the RADIUS server . Auth Port UDP port of the RADIUS protocol. Encryption Key Encryption key for the RADIUS server . Auth Req Number of au[...]

  • Page 650

    Chapter 36: TACACS+ and RADIUS Prot ocols 650 Section IX: Management Security[...]

  • Page 651

    Section IX: Manageme nt Security 651 Chapter 37 Management Access Contr ol List Sections in this chapter include:  “Enabling or Disabling the Management ACL” on page 652  “Creating an ACE” on p age 654  “Deleting an ACE” on p age 658  “Displaying the ACEs” on p age 659[...]

  • Page 652

    Chapter 37: Manage ment Access Control Li st 652 Section IX: Management Security Enabling or Disabling the Management ACL This procedure enables and disabl es the management ACL. When enabled, only those management statio ns specified in the ACL are allowed to manage the switch remotely using the Telnet applicatio n protocol or a web browser. When [...]

  • Page 653

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 653 A change to the status of the management ACL is immediately activated on the switch. Note If you activate the feature while managing the switch from a Telnet management session, your ma nagement session will end and you will not be able to reestablish it if the m[...]

  • Page 654

    Chapter 37: Manage ment Access Control Li st 654 Section IX: Management Security Creating an ACE To create a new ACE in the manageme nt ACL, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. The System Administration menu is shown in Figure 1 on page 32. 2. From the System Administration menu, type 7 to[...]

  • Page 655

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 655 7. Specify the applications that the management station ca n use to manage the switch. The options are:  Telnet - Permits Telnet management.  Web - Permits web browser manageme nt.  Ping - Permits the management workstation to ping the switch.  All - [...]

  • Page 656

    Chapter 37: Manage ment Access Control Li st 656 Section IX: Management Security Modifying an ACE To modify an ACE, you need to know its identifica tion number. To view the identification numbers of the ACEs, refer to “Displaying t he ACEs” on page 659. To modify an ACE, perform the following procedure: 1. From the Main Menu, type 5 to select S[...]

  • Page 657

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 657 5. Make the desired changes to the entry by sele cting the corresponding option and entering a new value. You cannot change an entry’s ID number. For information on an e ntry’s IP address, network mask, and applications, refer to steps 5, 6, and 7 in the proc[...]

  • Page 658

    Chapter 37: Manage ment Access Control Li st 658 Section IX: Management Security Deleting an ACE To delete an ACE, you need to know its identification number. To view the identification numbers of the ACEs, refer to “Displaying t he ACEs” on page 659. Note If you are managing the switch from a T elnet management session and the management ACL i[...]

  • Page 659

    AT-S63 Management So ftware Menus User’s Gui de Section IX: Management Securi ty 659 Displaying the ACEs To display the ACEs in the manageme nt ACL, perform the following procedure: 1. From the Main Menu, type 5 to sel ect System Admini stration. The System Administration menu is shown in Figure 1 o n page 32. 2. From the System Administration me[...]

  • Page 660

    Chapter 37: Manage ment Access Control Li st 660 Section IX: Management Security[...]

  • Page 661

    661 Index Numerics 802.1Q-compliant VLAN mode displaying 518 selecting 516 802.1x Port-based Network Access Control access role, configuring 570 authenticator port 573 configuring 570 disabling 572 enabling 572 port parameters, displaying 582 port role, configuring 570 supplicant port 579 A access control entry (ACE) adding 654, 656 deleting 658 di[...]

  • Page 662

    Index 662 maximum number in databa se, configuring 631 modifying 619 type, configuring 617 ciphers available parameter 638 CIST priority parameter 445 Class of Service (CoS) configuring 244 displaying port priori ties 250 mapping priorities to egress queues 247 scheduling configuring 248 classifier creating 220 deleting 226, 227 displaying 22 8 mod[...]

  • Page 663

    AT-S63 Management So ftware Menus User’s Gui de 663 G GARP VLAN Registrati on Protocol (GVRP) configuring 496 disabling 496 disabling on a port 498 displaying counters 502 database 507 GIP connected ports ring 509 GVRP state machine 511 port configuration 501 dynamic VLAN, converting 5 00 enabling 496 enabling on a port 498 port mode, configuring[...]

  • Page 664

    Index 664 displaying 54 2 MACs available parameter 638 management access control li st adding an access control entry 654, 656 deleting an access control entry 658 disabling 652 displaying access control entrie s 659 enabling 652 management access levels 3 5 manager access 35 manager password 35 master switch assigning 86 defined 86 returning to 91[...]

  • Page 665

    AT-S63 Management So ftware Menus User’s Gui de 665 displaying settings 62 duplex mode 68 enabling 66 flow control 71 forcing Auto-Negotiation 78 MDI/MDI-X 68 resetting 77 resetting to default settings 79 speed 66, 67 port cost Rapid Spanning Tree Protocol (RSTP) 434 Spanning Tree Protocol (STP) 427 port external path cost parameter, Multiple Spa[...]

  • Page 666

    Index 666 slave sw itch assigning 86 defined 86 SMURF attack 280 SNMP community string creating 96 disabling 94 displaying 10 4 enabling 94 modifying 99 SNMP management disabling 94 enabling 94 SNMPv3 Access Table entry creating 340 deleting 344 displaying 41 1 modifying notify view 351 read view 346 storage type 353 write view na me 349 SNMPv3 com[...]

  • Page 667

    AT-S63 Management So ftware Menus User’s Gui de 667 system files copying 154 deleting 158 display on compact flash card 161 displaying 159 downloading to switch 182 renaming 156 uploading from switch 190 system hardware information, displayin g 55 system information 52 system name 33 system temperature 56 system time 38 T TACACS+ configuring 642 [...]

  • Page 668

    Index 668[...]