Allied Telesis AT-9724TS manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Allied Telesis AT-9724TS, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Allied Telesis AT-9724TS one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Allied Telesis AT-9724TS. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Allied Telesis AT-9724TS should contain:
- informations concerning technical data of Allied Telesis AT-9724TS
- name of the manufacturer and a year of construction of the Allied Telesis AT-9724TS item
- rules of operation, control and maintenance of the Allied Telesis AT-9724TS item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Allied Telesis AT-9724TS alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Allied Telesis AT-9724TS, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Allied Telesis service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Allied Telesis AT-9724TS.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Allied Telesis AT-9724TS item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    High-Density Layer 3 Stackable Gigabit Ethernet Switch A T -9724TS Installation a nd User’ s Guide PN D617/10032 Rev 1 Cop yright. 2004 Allied T elesyn, Inc. 19800 North Creek Parkwa y , Suite 200, Bothell W A 98011, USA All rights reserved. No part of this publication may be repr oduced without prior written permission from Allied T elesyn, Inc.[...]

  • Page 2

    Electr ical Sa fety and Emission Statement Standards:This pr oduct meets the following standards. CE Marking Warning: This is a Class A pr oduct. In a domestic environment this pr oduct may cause radio interf erence in which case the user ma y be requir ed to take adequate measures. Important: Appendix B contains translated safety statements for in[...]

  • Page 3

    T able of Contents Electrical Saf ety and Emission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Pr eface . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 4

    MSTI P ort Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 STP Instance Settings . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 5

    Security Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Security IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]

  • Page 6

    Pr ef ace Purpose of This Guide This guide is intended f or netw ork administrators who are r esponsible for installing and maintaining the A T -9724TS Gigabit Switch. How This Guide is Or ganized This guide contains the following cha pters and appendices: Chapter 1, Introduction, describes the features, functions, LEDs, and ports on the Gigabit Sw[...]

  • Page 7

    Document Conventions This guide uses sev eral conventions that y ou should become familiar with befor e you begin to install the pr oduct: Note A note pro vides additional information. c Warning A warning indicates that performing or omitting a specific action ma y r esult in bodily injury . m Ca ution A caution indicates that performing or omittin[...]

  • Page 8

    Wher e to Find Related Guides The Allied T elesyn web site at www .alliedtelesyn.com under the suppor t section contains the most recent documentation f or all of our products. All web- based documents relating to this pr oduct and other Allied T elesyn pr oducts can be downloaded fr om the web site. Contacting Allied T elesyn T echnical Support Y [...]

  • Page 9

    Returning Pr oducts Products f or return or r epair must first be assigned a Return Materials Authorization (RMA) n umber . RMA policy varies from country to countr y . Please check the applicable RMA policy at www .alliedtelesyn.com. For Eur ope, you can also contact our European Customer Service centre b y e-mail at rma_eur ope@alliedtelesyn.com.[...]

  • Page 10

    T ell Us What Y ou Think If you ha ve any comments or suggestions on how w e might impro ve this or other Allied T elesyn documents, please contact us at www.alliedtelesyn.com . 9 Allied T elesyn A T -9724TS High-Density La yer 3 Stackable Gigabit Ethernet Switch[...]

  • Page 11

    Chapter 1 - Intr oduction 1-1 Ethernet T echnology 1-2 Switch Description 1-3 Featur es 1-4 Ports 1-5 Front Panel Components 1-6 Rear -Panel Description 1-7 Side-Panel Description 1-8 Gigabit Combo Ports 1-9 Ethernet T echnology 1-10 Fast Ethernet T echnology 1-1 Ethernet T echnology Fast Ethernet The gro wing importance of LANs and the increasing [...]

  • Page 12

    1-2 Switch Descr iption The A T -9724TS has 24 1000T Gigabit ports that may be used in uplinking various netw ork devices to the Switch, including PCs, hubs and other switches to pro vide a gigabit Ethernet uplink in full-duplex mode. In addition, the A T -9724TS is equipped with 4 SFP (Small Form Factor P ortable) combo por ts, which are to be use[...]

  • Page 13

    • SNMP support • Secure Sock ets La yer (SSL) and Secur e Shell (SSH) support • Port Mirr oring support • MIB support for : RFC1213 MIB II RFC1493 Bridge RFC1757 RMON RFC1643 Ether -like MIB RFC2233 Interface MIB IF MIB Private MIB RFC2674 for 802.1p IEEE 802.1x MIB • RS-232 DCE console port for Switch management • Pro vides parallel LE[...]

  • Page 14

    LED Indicator s The Switch supports LED indicators for Pow er , Master , Console , RPS, SIO (stacking indicators), a seven-segment Stack ID LED and P ort LEDs. The following sho ws the LED indicators for the Switch along with an explanation of each indicator . Figure 1- 3. LED Indicators LED Descr iption Po wer This LED will light green after the S[...]

  • Page 15

    Chapter 2 - Installation 2-1 Package Contents 2-2 Before Y ou Connect to the Network 2-3 Installing the Switch Without the Rack 2-4 Rack Installation 2-5 Po wer On 2-6 Po wer Failur e 2-7 Redundant Po wer System 2-1 P ackage Contents Open the shipping carton of the Switch and carefully unpack its contents. The carton should contain the following it[...]

  • Page 16

    Figure 2- 1. Prepare Switch for installation on a desktop or shelf 2-4 Installing the Switch in a R ack The Switch can be mounted in a standard 19" rack. Use the following diagrams to guide you. Fasten the mounting brackets to the Switch using the scr ews pr ovided. With the brack ets attached securely , you can mount the Switch in a standar d[...]

  • Page 17

    16 Allied T elesyn A T -9724TS High-Density La yer 3 Stackable Gigabit Ethernet Switch 2-5 Mounting the Switch in a Standa r d 19" R ack Figure 2- 2. Installing Switch in a rack 2-5 P ow er On Plug one end of the A C power cord into the pow er connector of the Switch and the other end into the local pow er source outlet. After the Switch is po[...]

  • Page 18

    Chapter 3 - Connecting the Switch • 3-1 Switch to End Node • 3-2 Switch to Hub or Switch • 3-3 Connecting to Network Backbone or Server • 3-4 Stacking and the A T -9724TS 3-1 Switch T o End Node End nodes include PCs outfitted with a 10, 100 or 1000Mbps RJ45 Ethernet Network Interface Car d (NIC) and most routers. An end node can be connect[...]

  • Page 19

    Figure 3- 3. Switch connected to switch using fibre-optic cabling 3-3 Connecting T o Network Backbone or Server The 4 combo SFP ports and the 24 1000T por ts are ideal f or uplinking to a network backbone, ser ver or server farm. The copper ports operate at a speed of 1000, 100 or 10Mbps in full or half duplex mode. The fibre-optic ports can operat[...]

  • Page 20

    Figure 3- 8. Stacking in a Ring Architectur e Note: The Do not connect the stack ed Switch group to the netw ork until you ha ve pr operly configur ed all Switches for stacking. An improperly configured Switch stack can cause a br oadcast storm. Stacking Limitations Utilizing a Ring T opology There is a limit to the number of A T -9724TS Switches t[...]

  • Page 21

    Cha pter 4 - Intr oduction to Switch Mana gement 4-1 A T -9724TS Gigabit La yer 3 Switch Management Options 4-2 W eb-based Management Interface 4-3 SNMP-Based Management 4-4 Command Line Console Interface Through The Serial Port 4-5 Connecting the Console Port (RS-232 DCE) 4-6 First Time Connecting to The Switch 4-7 Passwor d Protection 4-8 SNMP Se[...]

  • Page 22

    9. After you ha ve correctly set up the terminal, plug the power cable into the pow er receptacle on the back of the Switch.The boot sequence appears in the terminal. 10. After the boot sequence completes, the console login screen displa ys. 11. If you ha ve not logged into the command line interface (CLI) program, press the Enter ke y at the User [...]

  • Page 23

    Figure 4- 2. Command Prompt Note: The first user automatically gets Administrator level privileges. It is recommended to cr eate at least one Admin-lev el user account for the Switch. 4-7 P asswor d Protection One of the first tasks when settings up the Switch is to create user accounts. If you log in using a predefined administrator -lev el user n[...]

  • Page 24

    The A T -9724TS supports SNMP versions 1, 2c, and 3. Y ou can specify which version of SNMP you want to use to monitor and contr ol the Switch. The three versions of SNMP vary in the level of security pr ovided betw een the management station and the network de vice. In SNMP v .1 and v .2, user authentication is accomplished using 'community s[...]

  • Page 25

    Alternatively , you can enter config ipif System ipaddr ess xxx.xxx.xxx.xxx/z . Where the x's repr esent the IP addr ess to be assigned to the IP interface named System and the z repr esents the corresponding n umber of subnets in CIDR notation. The IP interface named System on the Switch can be assigned an IP addr ess and subnet mask which ca[...]

  • Page 26

    Chapter 5 - Intr oduction to W e b-based Switch Configuration 5-1 Introduction 5-2 Login to W eb manager 5-3 W eb-Based User Interface 5-4 Basic Setup 5-5 Reboot 5-6 Basic Switch Setup 5-7 Network Management 5-8 Switch Utilities 5-9 Network Monitoring 5-10 IGMP Snooping Status 5-1 Intr oduction All software functions of the A T -9724TS can be manag[...]

  • Page 27

    5-3 W eb-based User Interf ace The user interface pro vides access to various Switch configuration and management screens, allows you to view performance statistics, and permits you to graphically monitor the system status. Ar eas of the User Interf ace The figure below sho ws the user interface. The user interface is divided into 3 distinct areas [...]

  • Page 28

    W eb Pages Configurations – Contains scr eens concerning configurations for IP Addr ess, Switch Information, Advanced Settings, Port Configuration, IGMP , Spanning T ree, Forwarding Filtering,VLANs, Port Bandwidth, SNTP Settings, Port Security , QoS, MAC Notification, LACP , Access Profile T able , System Log Ser v ers, P AE Access Entity , and L[...]

  • Page 29

    Chapter 6 - Configur ing The Switch 6-1 Switch Information 6-2 IP Addr ess 6-3 Box Information 6-4 Advanced Settings 6-5 Port Configuration 6-6 Port Description 6-7 Port Mirr oring 6-8 Link Aggr egation 6-9 LA CP Port Setting 6-10MA C Notification 6-11GMP 6-12 Spanning T r ee 6-13 Forward & Filtering 6-14 VLANs 6-15 T raffic Contr ol 6-16 Port [...]

  • Page 30

    6-2 IP Addr ess The IP Addr ess ma y initially be set using the console interface prior to connecting to it thr ough the Ethernet. If the Switch IP address has not y et been changed, read the intr oduction of the A T -9724TS Command Line Interface Refer ence Manual or return to Cha pter 4 of this manual for mor e information. T o change IP settings[...]

  • Page 31

    VLAN Name This allows the entry of a VLAN Name from which a management station will be allow ed to manage the Switch using TCP/IP (in-band via web manager or T elnet). Management stations that are on VLANs other than the one entered her e will not be able to manage the Switch in-band unless their IP addr esses are entered in the Security IP Managem[...]

  • Page 32

    Parameter Descr iption Ser ial Por t Auto Logout Time Select the logout time used for the console interface. This automatically logs the user out after an idle period of time, as defined. Choose from the f ollowing options: 2 Minutes , 5 Minutes, 10 Minutes, 15 Minutes or Never . The default setting is 10 minutes . Ser ial Por t Baud R ate This fie[...]

  • Page 33

    Parameter Descr iption Curr ent Box ID The current Bo x ID of the Master switch in the stack. New Box ID The new box ID of the Master s witch in the stack. Box T ype The user ma y choose the model name of the Master switch in a stack to be the main configuring switch of that stack. Pr ior ity Displa ys the priority ID of the Switch. The lower the n[...]

  • Page 34

    Parameter Descr iption State T oggle the State < Enabled > field to either enable or disable a given port or gr oup of ports. Speed/Duplex T oggle the Speed/Duplex field to either select the speed and duplex/half-duplex state of the port. Auto denotes auto-negotiation betw een 10 and 100Mbps devices, in full- or half-duplex. The Auto setting [...]

  • Page 35

    6-6 P ort Mirr oring The Switch allows you to cop y frames transmitted and received on a port and redir ect the copies to another port. Y ou can attach a monitoring device to the mirr ored port, such as a sniffer or an RMON probe, to view details about the pack ets passing through the first port. This is useful for netw ork monitoring and troublesh[...]

  • Page 36

    The Switch treats all ports in a trunk group as a single port. Data transmitted to a specific host (destination addr ess) will alwa ys be transmitted ov er the same port in a trunk group . This allows packets in a data str eam to arriv e in the same order they w ere sent. Note: If any ports within the trunk group become disconnected, packets intend[...]

  • Page 37

    Figure 6- 11. Link Aggregation Gr oup Configuration window – Modify The user -changeable parameters are as follo ws: Parameter Descr iption Gr oup ID Select an ID number for the gr oup , between 1 and 32. State T runk groups can be toggled between Enabled and Disabled .This is used to turn a por t trunking group on or off. This is useful f or dia[...]

  • Page 38

    The user ma y set the following parameters: Parameter Descr iption Unit Choose the switch in the switch stack to be configur ed by using the pull-down men u. Fr om/T o A consecutiv e group of ports ma y be configured starting with the selected port. Mode Active – Activ e LA CP ports are capable of processing and sending LA CP control frames. This[...]

  • Page 39

    MAC Notification P ort Settings T o change MA C notification settings for a port or group of ports on the Switch, click Por t Settings in the MAC Notification folder , which will display the following scr een: Figur e 6- 14. MA C Notification P or t Settings and P or t State T able The f ollo wing parameters ma y be set: Parameter Descr iption Unit[...]

  • Page 40

    The format of an IGMP pack et is shown below: Figure 6- 15. IGMP Message Format The IGMP T ype codes ar e shown below: Type Meaning 0x11 Membership Query (if Group Addr ess is 0.0.0.0) 0x11 Specific Group Membership Query (if Group Address is Present) 0x16 Membership Report (version 2) 0x17 Lea ve a Gr oup (version 2) 0x12 Membership Report (versio[...]

  • Page 41

    IGMP Snooping Internet Gr oup Management Protocol (IGMP) snooping allows the Switch to recognize IGMP queries and r eports sent between network stations or devices and an IGMP host. When enabled for IGMP snooping, the Switch can open or close a por t to a specific device based on IGMP messages passing thr ough the Switch. In order to use IGMP Snoop[...]

  • Page 42

    Robustness Value Adjust this variable according to expected pack et loss. If packet loss on the VLAN is expected to be high, the Robustness Var ia ble should be increased to accommodate increased pack et loss. This entry field allows an entry of 1 to 255. Default = 2. Last Member Query Interval This field specifies the maximum amount of time betwee[...]

  • Page 43

    Figure 6- 20. Static Router Ports Settings window The following parameters can be set: Parameter Descr iption VID (VLAN ID) This is the VLAN ID that, along with the VLAN Name, identifies the VLAN where the multicast r outer is attached. VLAN Name This is the name of the VLAN where the m ulticast router is attached. Unit Choose the Switch ID number [...]

  • Page 44

    802.1w R apid Spanning Tr ee The Switch implements three v ersions of the Spanning T r ee Protocol, the Multiple Spanning T ree Pr otocol (MSTP) as defined by the IEEE 802.1s, the Rapid Spanning T r ee Protocol (RSTP) as defined b y the IEEE 802.1w specification and a version compatible with the IEEE 802.1d STP . RSTP can operate with legacy equipm[...]

  • Page 45

    Figure 6- 21. STP Bridge Global Settings – STP compatible Figure 6- 22. STP Bridge Global Settings – RSTP (default) Figure 6- 23. STP Bridge Global Settings The following parameters can be set: 44 Allied T elesyn A T -9724TS High-Density La yer 3 Stackable Gigabit Ethernet Switch[...]

  • Page 46

    Parameter Descr iption STP Status Use the pull-down menu to enable or disable STP globall y on the Switch. The default is Disabled . STP V ersion Use the pull-down menu to choose the desir ed version of STP to be implemented on the Switch. Ther e are three choices: STP – Select this parameter to set the Spanning T r ee Protocol (STP) globall y on[...]

  • Page 47

    The window abov e contains the following information: Parameter Descr iption Configuration Name A pr eviously configur ed name set on the Switch to uniquely identify the MSTI (Multiple Spanning T ree Instance). If a configuration name is not set, this field will show the MA C addr ess to the device running MSTP . Revision Level This value, along wi[...]

  • Page 48

    The user ma y configure the follo wing parameters to configure the CIST on the Switch. Parameter Descr iption MSTI ID The MSTI ID of the CIST is 0 and cannot be altered. Type The type of configuration about to be pr ocessed. This window is used to add or delete VIDs to the configured MSTI or internal CIST . All other parameters are permanentl y set[...]

  • Page 49

    MSTI P ort Information This window displa ys the curr ent MSTI configuration settings and can be used to update the port configuration for an MSTI ID . If a loop occurs, the MSTP function will use the por t priority to select an interface to put into the forwarding state. Set a higher priority value for interfaces to be selected for forwarding firs[...]

  • Page 50

    49 Allied T elesyn A T -9724TS High-Density La yer 3 Stackable Gigabit Ethernet Switch STP Instance Settings The following window displa ys MSTIs currently set on the Switch.T o view the following table, click Configuration > Spanning Tr ee > STP Insta nce Settings : Figure 6- 30. STP Instance Settings The following information is displa yed:[...]

  • Page 51

    Figure 6- 32. STP Instance Operational Status – Previously Configur ed MSTI The following parameters ma y be viewed in the STP Instance Operational Status windo ws: Parameter Descr iption Designated Root Br idge This field will sho w the priority and MA C address of the Root Bridge. External Root Cost This defines a metric that indicates the rela[...]

  • Page 52

    STP P ort Settings STP can be set up on a port per por t basis. T o view the f ollowing window click Configuration > Spanning T r ee > STP Por t Settings : Figure 6- 33. STP Port Settings and MSTP Port Information T able In addition to setting Spanning T ree parameters for use on the switch le vel, the Switch allows for the configuration of g[...]

  • Page 53

    0 (auto) – Setting 0 for the external cost will automatically set the speed f or forwarding pack ets to the specified port(s) in the list for optimal efficiency . Default por t cost: 100Mbps port = 200000. Gigabit por t = 20000. value 1-200000000 – Define a value between 1 and 200000000 to determine the external cost. The lower the number , the[...]

  • Page 54

    Static Multicast Forw arding The following figur e and table describe how to set up Multicast Forw arding on the Switch. Open the Forwar ding Filter ing folder and click on the Multicast Forwar ding link to see the entr y screen belo w: Figure 6- 35. Static Multicast Forwarding Settings and Curr ent Multicast Forwarding Entries The Static Multicast[...]

  • Page 55

    6-14 VLANs Under standing IEEE 802.1p Prior ity Priority tagging is a function defined by the IEEE 802.1p standard designed to pr ovide a means of managing traffic on a network where man y differ ent types of data ma y be transmitted simultaneously . It is intended to alleviate problems associated with the deliv er y of time critical data ov er con[...]

  • Page 56

    The main characteristics of IEEE 802.1Q are as f ollows: • Assigns packets to VLANs by filtering. • Assumes the presence of a single global spanning tr ee. • Uses an explicit tagging scheme with one-lev el tagging. • 802.1Q VLAN Pack et Forwarding • Packet f orwarding decisions ar e made based upon the following thr ee types of rules: •[...]

  • Page 57

    Figure 6- 38. IEEE 802.1Q T ag The EtherT ype and VLAN ID are inserted after the MA C source addr ess, but befor e the original EtherT ype/Length or Logical Link Control. Because the packet is no w a bit longer than it was originally , the Cyclic Redundancy Check (CRC) must be recalculated. Figure 6- 39. Adding an IEEE 802.1Q T ag 56 Allied T elesy[...]

  • Page 58

    P ort VLAN ID Packets that ar e tagged (are car rying the 802.1Q VID information) can be transmitted from one 802.1Q compliant netw ork device to another with the VLAN inf ormation intact. This allows 802.1Q VLANs to span netw ork devices (and indeed, the entire network, if all network de vices are 802.1Q compliant). Unfortunately , not all network[...]

  • Page 59

    An example is presented below: VLAN Name VID Switch Por ts System (default) 1 5, 6, 7, 8, 21, 22, 23, 24 Engineering 2 9, 10, 11, 12 Marketing 3 13, 14, 15, 16 Finance 4 17, 18, 19, 20 Sales 5 1, 2, 3, 4 T able 6- 3. VLAN Example – Assigned P orts P ort-based VLANs Port-based VLANs limit traffic that flows into and out of s witch ports. Thus, all[...]

  • Page 60

    Pr otocol Type Header in Hexadecimal F orm IP over Ethernet 0x0800 IPX 802.3 0xFFFF IPX 802.2 0xE0E0 IPX SNAP 0x8137 IPX over Ethernet2 0x8137 DecLA T 0x6000 DecOther 0x6009 SNA 802.2 0x0404 NetBios 0xF0F0 XNS 0x0600 VINES 0x0BAD IPv6 0x86DD AppleT alk 0x809B RARP 0x8035 T able 6- 4. Protocol VLAN and the corr esponding type header In configuring t[...]

  • Page 61

    The 802.1Q Static VLANs menu lists all previousl y configured VLANs b y VLAN ID and VL AN Name . T o delete an existing 802.1Q VLAN, click the corresponding button under the Delete heading. T o create a ne w 802.1Q VLAN, click the Add button in the 802.1Q Static VL ANs menu. A new menu will appear , as shown below , to configure the port settings a[...]

  • Page 62

    Parameter Descr iption Unit Choose the Switch ID number of the Switch in the switch stack to be modified. VID (VLAN ID) Allows the entry of a VLAN ID in the Add dialog bo x, or displays the VLAN ID of an existing VLAN in the Modify dialog box.VLANs can be identified by either the VID or the VLAN name. VLAN Name Allows the entry of a name for the ne[...]

  • Page 63

    User Defined Pid – Specifies that the VLAN will only accept packets with this hexadecimal 802.1Q Ethernet type value in the packet header . The user may define an entry , in the hexadecimal form (ffff) to define the packet identification. ( The user only need enter the final f our integers of the hexadecimal format to define the pack et ID –{he[...]

  • Page 64

    The following fields can be set: Parameter Descr iption Unit Choose the Switch ID number of the Switch in the switch stack to be modified. Fr om/T o These tw o fields allow you to specify the range of ports that will be included in the P ort-based VLAN that you are cr eating using the 802.1Q Static VLANs page. GVRP The Group VLAN Registration Proto[...]

  • Page 65

    T o configure T raf fic Control , first select the Switch’ s Unit ID number from the pull down men u and then a group of ports by using the Gr oup pull down menu. Finally , enable or disable the Br oadcast Storm , Multicast Storm and Destination Unkno wn using their corr esponding pull-down menus. The purpose of this window is to limit too man y [...]

  • Page 66

    65 Allied T elesyn A T -9724TS High-Density La yer 3 Stackable Gigabit Ethernet Switch 6-17 P ort Lock Entr ies The Por t Lock Entry Delete window is used to r emov e an entr y fr om the port security entries learned by the Switch and entered into the forwar ding database. T o view the following window , click Configuration > P ort Lock Entr ies[...]

  • Page 67

    6-18 QoS The A T -9724TS supports 802.1p priority queuing Quality of Ser vice. The following section discusses the implementation of QoS (Quality of Service) and benefits of using 802.1p priority queuing. The Advanta ges of QoS QoS is an implementation of the IEEE 802.1p standard that allows netw ork administrators a method of reserving bandwidth f[...]

  • Page 68

    A~H with their respectiv e weight value: 8~1, the packets ar e sent in the following sequence: A1, B1, C1, D1, E1, F1, G1, H1, A2, B2, C2, D2, E2, F2, G2, A3, B3, C3, D3, E3, F3, A4, B4, C4, D4, E4, A5, B5, C5, D5, A6, B6, C6, A7, B7, A8, A1, B1, C1, D1, E1, F1, G1, H1. For w eighted round-r obin queuing, if each CoS queue has the same weight value[...]

  • Page 69

    Click Apply to set the bandwidth control for the selected ports. Results of configured Bandwidth Settings will be displa yed in the Por t Bandwidth Ta b l e . QoS Scheduling Mechanism This drop-do wn menu allows y ou to select between a W eight Fair and a Str ict mechanism for emptying the classes of service . In the Configuration folder open the Q[...]

  • Page 70

    Y ou ma y assign the following values to the QoS classes to set the scheduling. Parameter Descr iption Max. Pack ets Specifies the maximum number of pack ets the abov e specified hardwar e priority queue will be allowed to transmit before allo wing the next lowest priority queue to transmit its pack ets. A value between 0 and 15 can be specified. C[...]

  • Page 71

    802.1p Def ault Pr ior ity The Switch allows the assignment of a default 802.1p priority to each port on the Switch. In the Configuration folder open the QoS folder and click 802.1p Defa ult Pr ior ity , to view the scr een shown below . Figure 6- 52. Port Default Priority Assignment and The Port Priority T able window This page allo ws y ou to ass[...]

  • Page 72

    Once you ha ve assigned a priority to the port groups on the Switch, you can then assign this Class to each of the7 lev els of 802.1p priorities. Click Apply to set your changes. T raf fic Segmentation T raffic segmentation is used to limit traffic flow from a single port to a group of ports on either a single Switch (in standalone mode) or a gr ou[...]

  • Page 73

    Clicking the Apply button will enter the combination of transmitting por t and allow ed receiving ports into the Switch's Tr af fic Segmentation T a ble . 6-19 System Log Server The Switch can send Syslog messages to up to four designated servers using the System Log Server . In the Configuration folder , click System Log Server , to view the [...]

  • Page 74

    Parameter Descr iption Index Syslog server settings index (1-4). Server IP The IP addr ess of the Syslog ser ver . Sever ity This drop-down menu allows y ou to select the lev el of messages that will be sent. The options are W arning, Informational , and All. Facility Some of the operating system daemons and processes ha ve been assigned Facility v[...]

  • Page 75

    6-20 SNTP Settings Curr ent Time Settings T o configure the time settings f or the Switch, open the Configuration folder , then the SNTP folder and click on the Curr ent Time Setting link, rev ealing the following scr een for the user to configure. Figure 6- 58. Time Settings Page The following parameters can be set or ar e displa yed: Parameter De[...]

  • Page 76

    Time Zone and DST The following ar e screens used to configur e time zones and Da ylight Sa vings time settings for SNTP . Open the Configuration folder , then the SNTP folder and click on the Time Zone and DST link, revealing the f ollowing screen. Figure 6- 59. Time Zone and DST Settings Page The following parameters can be set: Parameter Descr i[...]

  • Page 77

    6-21 Access Pr ofile T able Configur ing the Access Pr ofile T able Access profiles allo w you to establish criteria to determine whether or not the Switch will forwar d packets based on the inf ormation contained in each packet's header . These criteria can be specified on a basis of VLAN, MAC addr ess or IP addr ess. Creating an access pr of[...]

  • Page 78

    The following parameters can be set, for the Ethernet type: Parameter Descr iption Pr ofile ID (1-8) T ype in a unique identifier number for this profile set.This value can be set from 1 - 8. Type Select pr ofile based on Ethernet (MA C Address), IP address or pack et content mask. This will change the menu according to the r equirements for the ty[...]

  • Page 79

    Sour ce IP Mask Enter an IP addr ess mask for the source IP ad dress. Destination IP Mask Enter an IP addr ess mask for the destination IP addr ess. DSCP Selecting this option instructs the Switch to examine the DiffServ Code par t of each packet header and use this as the, or par t of the criterion for forwar ding. Pr otocol Selecting this option [...]

  • Page 80

    79 Allied T elesyn A T -9724TS High-Density La yer 3 Stackable Gigabit Ethernet Switch This screen will aid the user in configuring the Switch to mask pack et headers beginning with the offset value specified. The following fields ar e used to configure the Pack et Content Mask : Parameter Descr iption Pr ofile ID (1-8) T ype in a unique identifier[...]

  • Page 81

    Figure 6- 65. Access Rule Configuration window (IP) Configure the follo wing Access Rule Configuration settings for IP: Parameter Descr iption Pr ofile ID This is the identifier number f or this pr ofile set. Mode Select P ermit to specify that the pack ets that match the access pr ofile ar e f orwar ded by the Switch, according to any ad ditional [...]

  • Page 82

    Figure 6- 66. Access Rule Display windo w (IP) T o configure the Access Rule for Ethernet , open the Access Profile T a ble and click Modify for an Ethernet entry . This will open the following scr een: Figur e 6- 67. Access Rule T able T o remo ve a pr eviously cr eated rule, select it and click the 8 button. T o add a ne w Access Rule, click the [...]

  • Page 83

    Parameter Descr iption Pr ofile ID This is the identifier number for this pr ofile set. Mode Select Permit to specify that the pack ets that match the access profile are f orwarded by the Switch, according to any ad ditional rule added (see below). Select Deny to specify that packets that do not match the access pr ofile are not forwarded by the Sw[...]

  • Page 84

    Figure 6- 70. Access Rule T able (Pack et Content Mask) T o remo ve a pr eviously cr eated rule, select it and click the 8 button. T o add a ne w Access Rule, click the Add button: Figure 6- 71. Access Rule Configuration – Packet Content Mask T o set the Access Rule f or the Pack et Content Mask , adjust the following parameters and click Apply .[...]

  • Page 85

    Pr ior ity This parameter is specified if you want to r e-write the 802.1p default priority pre viously set in the Switch, which is used to determine the CoS queue to which pack ets are forwar ded to. Once this field is specified, packets accepted b y the Switch that match this priority are forwar ded to the CoS queue specified pre viously by the u[...]

  • Page 86

    P ort-Based Networ k Access Contr ol Figur e 6- 73. Example of T ypical Port-Based Configuration Once the connected device has successfully been authenticated, the Port then becomes Authorized, and all subsequent traffic on the Port is not subject to access control r estriction until an ev ent occurs that causes the Port to become Unauthorized. Hen[...]

  • Page 87

    Configur e Authenticator T o configure the 802.1X Authenticator Settings, click P AE Access Entity > Configure Authenticator : Figure 6- 75. 802.1X Authenticator Settings window T o vie w the 802.1X Authenticator settings on a different switch in the s witch stack, use the Unit pull-down menu to select that switch by its ID n umber in the switch[...]

  • Page 88

    This screen allows y ou to set the following f eatures: Parameter Descr iption Unit Choose the Switch ID number of the Switch in the switch stack to be modified. Fr om [ ] T o [ ] Enter the port or por ts to be set. AdmCtrlDir Sets the administrativ e-controlled dir ection to either in or both . If in is selected, control is only ex er ted over inc[...]

  • Page 89

    P AE System Contr ol Existing 802.1x port settings are displa yed and can be configur ed using the windows below . Por t Capability Settings Click Por t Access Entity > P AE System Contr ol > 802.1X Capability Settings to view the following windo w: Figur e 6- 78. 802.1x Capability Settings and T able window T o set up the Switch's 802.1[...]

  • Page 90

    Initializing P orts for P ort Based 802.1x Existing 802.1x port settings are displa yed and can be configur ed using the window below . Note: Ensure P ort Based 802.1x is enabled under Configuration > Advanced Settings . Click Por t Access Entity > P AE System Contr ol > Initialize P ort(s) to open the following window: Figur e 6- 79. Init[...]

  • Page 91

    Initializing P orts for MAC Based 802.1x T o initialize ports for the MA C side of 802.1x, the user must first enable 802.1x by MA C addr ess in the Advanced Settings window . Click Port Access Entity > P AE System Contr ol > Initialize P ort(s) to open the following windo w: Figure 6- 80. Initialize Ports window (MAC based 802.1x) T o initia[...]

  • Page 92

    This window displa ys the following inf ormation: Parameter Descr iption Unit Choose the Switch ID number of the Switch in the switch stack to be modified. Por t The port number of the reauthenticated port. Auth State The Authenticator State will display one of the f ollowing: Initialize , Disconnected , Connecting , Authenticating , Authenticated [...]

  • Page 93

    RADIUS Server The RADIUS feature of the Switch allo ws you to facilitate centralized user administration as w ell as pro viding protection against a sniffing, active hacker . The W eb Manager off ers three windo ws. Click Por t Access Entity > RADIUS Server > Authentic R adius Server to open the RADIUS Server Authentication Setting window sho[...]

  • Page 94

    6-23 Layer 3 IP Netw orking Lay er 3 Gl obal Advanced Settings The L3 Global Advanced Settings window allo ws the user to enable and disable La yer 3 settings and functions fr om a single window . The full settings and descriptions for these functions will appear later in this section.T o view this window , open the Configuration f older and then t[...]

  • Page 95

    VLAN Name VID Network Number IP Address System (default) 1 10.32.0.0 10.32.0.1 Engineer 2 10.64.0.0 10.64.0.1 Marketing 3 10.96.0.0 10.96.0.1 Finance 4 10.128.0.0 10.128.0.1 Sales 5 10.160.0.0 10.160.0.1 Backbone 6 10.192.0.0 10.192.0.1 T able 6- 6. VLAN Example – Assigned IP Interfaces The 6 IP interfaces, each with an IP address (listed in the [...]

  • Page 96

    Figure 6- 87. IP Interface Configuration – Edit window Choose a name for the interface to be added and enter it in the Interface Name field (if you ar e editing an IP Interface, the Interface Name will already be in the top field as seen in the window abov e). Enter the interface’ s IP address and subnet mask in the cor responding fields. Pull [...]

  • Page 97

    The following fields can be set: Parameter Descr iption K ey ID A number fr om 1 to 255 used to identify the MD5 K ey . Ke y A alphanumeric string of betw een 1 and 16 case-sensitive characters used to generate the Message Digest which is in turn, used to authenticate OSPF packets within the OSPF r outing domain. Click Apply to enter the new K ey I[...]

  • Page 98

    97 Allied T elesyn A T -9724TS High-Density La yer 3 Stackable Gigabit Ethernet Switch The following parameters ma y be set or viewed: Parameter Descr iption Dest Pr otocol Allows for the selection of the pr otocol for the destination device. Choose between RIP and OSPF . Sr c Pr otocol Allo ws for the selection of the protocol f or the source de v[...]

  • Page 99

    Figure 6- 91. Static/Default Route Settings – Add window The following fields can be set: Parameter Descr iption IP Addr ess Allows the entry of an IP address that will be a static entry into the Switch’ s Routing T able. Subnet Mask Allows the entry of a subnet mask corresponding to the IP addr ess abov e. Gateway IP Allows the entr y of an IP[...]

  • Page 100

    3. After changing the route pr efer ence value for a specific routing pr otocol, that pr otocol needs to be restarted because the previousl y learned routes ha ve been dr opped from the Switch.The Switch must learn the routes again befor e the new settings can tak e effect. T o view the Route Pr eference Settings window , click Configuration > L[...]

  • Page 101

    Static ARP T a ble The Address Resolution Protocol ( ARP ) is a TCP/IP pr otocol that conv erts IP addresses into ph ysical addresses.This table allows network managers to view , define, modify and delete ARP information f or specific devices. Static entries can be defined in the ARP T a ble . When static entries ar e defined, a permanent entr y is[...]

  • Page 102

    T o maximize stability , the hop count RIP uses to measure distance must ha ve a low maximum value. Infinity (that is, the network is unreachable) is defined as 16 hops. In other words, if a network is more than 16 r outers fr om the source, the local router will consider the netw ork unreachable. RIP can also be slow to conv erge (to remo ve incon[...]

  • Page 103

    T o setup RIP for the IP interfaces configur ed on the Switch, the user must enable RIP and then configure RIP settings f or the individual IP interfaces. T o globally enable RIP on the Switch, open the Configuration folder to Layer 3 Netw orking and then open the RIP folder and click on the RIP Configuration link to access the following scr een: F[...]

  • Page 104

    Parameter Descr iption Interface Na me The name of the IP interface on which RIP is to be setup . This interface must be previousl y configured on the Switch. IP Addr ess The IP addr ess corresponding to the Interface Name sho wing in the field above. TX Mode < Disabled > T oggle among Disabled , v1 Only , v1 Compatible , and v2 Only . This e[...]

  • Page 105

    Shortest P ath T r ee T o build Router A’ s shortest path tree for the netw ork diagrammed below , Router A is put at the root of the tr ee and the smallest cost link to each destination netw ork is calculated. Figur e 6- 98. Constructing a Shor test Path T r ee The diagram abov e shows the network fr om the viewpoint of Router A. Router A can re[...]

  • Page 106

    Figure 6- 99. Constructing a Shor test Path T r ee – Completed Note that this shortest path tree is only fr om the viewpoint of Router A. The cost of the link from Router B to Router A, for instance is not important to constructing Router A’ s shortest path tree, but is very impor tant when Router B is constructing its shortest path tree. Note [...]

  • Page 107

    OSPF Authentication OSPF packets can be authenticated as coming fr om trusted routers by the use of predefined pass wor ds. The default for routers is to use not authentication. There ar e two other authentication methods – simple pass word authentication (k ey) and Message Digest authentication (MD-5). Message Digest A uthentication (MD-5) MD-5 [...]

  • Page 108

    Adjacencies Adjacent routers g o beyond the simple Hello exchange and participate in the link-state database exchange pr ocess. OSPF elects one router as the Designated Router (DR) and a second r outer as the Backup Designated Router (BDR) on each m ulti-access segment (the BDR is a backup in case of a DR failure). All other routers on the segment [...]

  • Page 109

    Figure 6- 100. OSPF Packet Header Format Field Descr iption V ersion No. The OSPF v ersion number . Type The OSPF pack et type . The OSPF packet types ar e as follows: T ype Description Hello Database Description Link-State Request Link-State Update Link-State Acknowledgment. Pack et Length The length of the packet in b ytes. This length includes t[...]

  • Page 110

    Figure 6- 101. Hello Packet Field Descr iption Netw or k Mask The netw ork mask associated with this interface . Options The optional capabilities supported by the router . Hello Interval The number of seconds between this r outer’ s Hello pack ets. Router Pr ior ity This router’ s Router Priority . The Router Priority is used in the election o[...]

  • Page 111

    Figur e 6- 102. Database Description Packet Field Descr iption Options The optional capabilities supported by the router . I – bit The Initial bit. When set to 1, this packet is the first in the sequence of Database Description pack ets. M – bit The Mor e bit. When set to 1, this indicates that more Database Description pack ets will follow . M[...]

  • Page 112

    Figure 6- 103. Link-State Request Packet Each advertisement requested is specified b y its Link-State T ype, Link-State ID , and Adv ertising Router . This uniquely identifies the advertisement, but not its instance. Link-State Request packets are understood to be r equests for the most r ecent instance. Link-State Update P ack et Link-State Update[...]

  • Page 113

    Link-State Acknowledgment P ack et Link-State Acknowledgment pack ets are OSPF packet type 5. T o mak e the folding of link-state adv ertisements reliable, flooded advertisements are explicitly ackno wledged. This acknowledgment is accomplished thr ough the sending and receiving of Link-State Acknowledgment packets. Multiple link-state advertisemen[...]

  • Page 114

    Link State Adver tisement Header All link state advertisements begin with a common 20-byte header . This header contains enough information to uniquely identify the adv ertisements (Link State T ype , Link State ID , and Advertising Router). Multiple instances of the link state advertisement ma y exist in the routing domain at the same time. It is [...]

  • Page 115

    Figure 6- 107. Routers Links Advertisements In r outer links adv ertisements, the Link State ID field is set to the router’ s OSPF Router ID . The T -bit is set in the advertisement’ s Option field if and only if the r outer is able to calculate a separate set of r outes for each IP T ype of Ser vice (T OS). Router links advertisements are floo[...]

  • Page 116

    For each link, separate metrics may be specified for each T ype of Ser vice (T OS). The metric for T OS 0 must alwa ys be included, and was discussed above. Metrics for non-zer o T OS are described below . Note that the cost for non-zer o T OS values that are not specified defaults to the T OS 0 cost. Metrics must be listed in order of incr easing [...]

  • Page 117

    Figure 6- 109. Summar y Link Advertisements For stub ar ea, T ype 3 summar y link advertisements can also be used to describe a default route on a per -area basis. Default summar y routes ar e used in stub area instead of flooding a complete set of external routes.When describing a default summar y route, the advertisement’ s Link State ID is alw[...]

  • Page 118

    Field Descr iption Network Mask The IP addr ess mask for the advertised destination. E – bit The type of external metric. If the E - bit is set, the metric specified is a T ype 2 external metric. This means the metric is considered larger than an y link state path. If the E - bit is zero , the specified metric is a T ype 1 external metric. This m[...]

  • Page 119

    T o add an OSPF Area to the table, type a unique Area ID (see belo w) select the Type fr om the dr op-down menu. For a Stub type , choose Enabled or Disabled from the Stub Impor t Summary L SA dr op-down menu and determine the Stub Default Cost . Click the Add/Modify button to add the Area ID set to the table. T o remo ve an Area ID configuration s[...]

  • Page 120

    Figure 6- 115. OSPF Interface Settings – Edit window Configure each IP interface individually using the O SPF Interface Settings – Edit menu. Click the Apply button when you hav e entered the settings.The new configuration appears listed in the OSPF Interface Settings table. T o return to the OSPF Interface Settings table, click the Show All OS[...]

  • Page 121

    OSPF Vir tual Interf ace Settings Click the OSPF Virtual Interface Settings link to vie w the current OSPF V irtual Interface Settings . There are not virtual interface settings configured by default, so the first time this table is viewed ther e will be not interfaces listed. T o add a new OSPF virtual interface configuration set to the table, cli[...]

  • Page 122

    OSPF Ar ea Agg r eg ation Settings Area Aggregation allows all of the r outing information that ma y be contained within an area to be aggr egated into a summary LSDB advertisement of just the netw ork addr ess and subnet mask. This allows for a r eduction in the volume of LSDB adv ertisement traffic as well as a reduction in the memory overhead in[...]

  • Page 123

    T o configure OSPF host r outes, click the OSPF Host Route Settings link. T o add a ne w OSPF Route, click the Add button. Configure the setting in the menu that appears. The Add and Modify menus f or OSPF host route setting ar e nearly identical. The difference being that if y ou are changing an existing configuration you will be unable to change [...]

  • Page 124

    Figure 6- 122. DHCP/BootP Global Settings window The following fields can be set: Parameter Descr iption BOO TP Relay Status This field can be toggled between Enabled and Disabled using the pull-down men u. It is used to enable or disable the BOO TP/DHCP Relay service on the Switch. The default is Disabled . BOO TP HOPS Count Limit (1-16) This fiel[...]

  • Page 125

    Mapping Doma in Names to Addr esses Name-to-address translation is perf ormed by a pr ogram called a Name ser v er . The client program is called a Name r esolver . A Name resolver ma y need to contact sev eral Name ser vers to translate a name to an ad dress. The Domain Name System (DNS) servers are organized in a somewhat hierar chical fashion. A[...]

  • Page 126

    Figure 6- 125. DNS Relay Static Settings and T able window T o add an entry into the DNS Relay Static T a bl e, simply enter a Domain Name with its corresponding IP ad dress and click Add . A successful entr y will be presented in the table below , as shown in the example abov e. T o erase an entr y from the table, click the corresponding 8 of the [...]

  • Page 127

    VRRP Interf ace Settings The following window will allo w the user to view the parameters for the VRRP function on the Switch. T o vie w this window , click Configuration > Layer 3 IP Networking > VRRP > VRRP Configur ation : Figure 6- 127.VRRP Configuration window The following fields ar e displa yed in the window abo ve: Parameter Descr [...]

  • Page 128

    Parameter Descr iption Interface Na me Enter the name of a pre viously configured IP interface to cr eate a VRRP entry for . This IP interface must be assigned to a VLAN on the Switch. VRID (1-255) Enter a value between 1 and 255 to uniquely identify this VRRP gr oup on the Switch. All routers participating in this group m ust be assigned the same [...]

  • Page 129

    Figur e 6- 129.VRRP Interface Entr y Displa y window This window displa ys the following inf ormation: Parameter Descr iption Interface Na me An IP interface name that has been enabled for VRRP . This entry must hav e been pre viously set in the IP Interface Settings table. A uthentication type Displa ys the type of authentication used to compar e [...]

  • Page 130

    IP Multicast Routing Pr otocol The functions supporting IP multicasting are added under the IP Multicast Routing Pr otocol folder , from the Layer 3 IP Networ king folder . IGMP Snooping , DVMRP , and PIM-DM can be enabled or disabled on the Switch without changing the individual protocol’ s configuration. IGMP Interf ace Configuration The Intern[...]

  • Page 131

    DVMRP Interface Configuration The Distance V ector Multicast Routing Pr otocol ( DVMRP ) is a hop-based method of building m ulticast delivery trees from m ulticast sources to all nodes of a network. Because the deliver y trees ar e ‘pruned’ and ‘shor test path’, D VMRP is relativ ely efficient. Because multicast group membership informatio[...]

  • Page 132

    The following fields can be set: Parameter Descr iption Interface Na me Displa ys the name of the IP interface for which D VMRP is to be configured. This must be a pre viously defined IP interface. IP Addr ess Displa ys the IP address cor responding to the IP Interface name enter ed above. Neighbor Timeout Interval (1-65535) This field allows an en[...]

  • Page 133

    T o view the PIM-DM T able , open the IP Multicasting folder under Configuration and click PIM-DM Interface Configuration . This window allows the PIM-DM to be configured f or each IP interface defined on the Switch. Each IP interface configured on the Switch is displa yed in the below PIM-DM Interface Table dialog box. T o configur e PIM-DM for a [...]

  • Page 134

    Chapter 7 - Secur ity Mana gement 7-1 Security IP 7-2 User Accounts 7-3 Access Authentication Control (T A CACS) 7-4 Secure Sock ets La yer (SSL) 7-5 Secure Shell (SSH) The following section will aid the user in configuring security functions f or the Switch. The Switch includes various functions for security , including TAC AC S , Security IPs , S[...]

  • Page 135

    Figure 7- 3. User Accounts Modify T able – Add Ad d a new user b y typing in a User Na me , and N e w Passwor d and r etype the same passw ord in the Confirm Ne w P asswor d . Choose the lev el of privilege ( Admin or User ) from the Access Right drop-down men u. Figur e 7- 4. User Account Modify T able – Modify Modify or delete an existing use[...]

  • Page 136

    7-3 Access Authentication Contr ol The T A CACS / XT ACACS / T A C A CS+ / RADIUS commands let you secur e access to the Switch using the T A C A CS / XT ACACS / T A C A CS+ / RADIUS protocols.When a user logs in to the Switch or tries to access the administrator level privilege, he or she is prompted for a pass word. If T ACA CS / XT A CACS / T A [...]

  • Page 137

    The following parameters can be set: Parameter Descr iption Authentication Policy Use the pull down menu to enable or disable the Authentication P olicy on the Switch. Response Timeout (0-255) This field will set the time the Switch will wait for a response of authentication fr om the user . The user may set a time between 0 and 255 seconds.The def[...]

  • Page 138

    Figure 7- 7. Authentication Ser ver Gr oup Settings window This screen displa ys the Authentication Ser ver Gr oups on the Switch. The Switch has four built-in Authentication Ser ver Groups that cannot be r emov ed but can be modified. T o modify a particular group , click its hyperlink ed Gr oup Name , which will then display the f ollowing window[...]

  • Page 139

    Authentication Server Hosts This window will set user -defined Authentication Server Hosts for the T A CACS / XT ACA CS / T A C A CS+ / RADIUS security pr otocols on the Switch. When a user attempts to access the Switch with Authentication P olicy enabled, the Switch will send authentication packets to a r emote T A CACS / XT ACACS / T A CACS+ / RA[...]

  • Page 140

    Note: More than one authentication pr otocol can be run on the same ph ysical server host but, remember that T A CACS/XT ACACS/T ACA CS+ are separate entities and ar e not compatible with each other . Login Method Lists This command will configure a user -defined or default Login Method List of authentication techniques for users logging on to the [...]

  • Page 141

    T o define a Login Method List, set the following parameters and click Apply : Parameter Descr iption Method List Name Enter a method list name defined by the user of up to 15 characters. Method 1, 2, 3, 4 The user may add one, or a combination of up to four (4) of the following authentication methods to this method list: tacacs – Adding this par[...]

  • Page 142

    Figure 7- 16. Enable Method List – Edit window Figure 7- 17. Enable Method List – Add window T o define an Enable Login Method List, set the following parameters and click A pply : Parameter Descr iption Method List Na me Enter a method list name defined b y the user of up to 15 characters. Method 1, 2, 3, 4 The user may add one, or a combinati[...]

  • Page 143

    Figure 7- 18. Configure Local Enable Passwor d window T o set the Local Enable Passw ord, set the following parameters and click Apply . Parameter Descr iption Old Local Enable Passw or d If a pass wor d was previousl y configured for this entry , enter it here in order to change it to a ne w passwor d. New Local Enable Passwor d Enter the ne w pas[...]

  • Page 144

    7-4 Secur e Sock et Layer (SSL) Secure Sock ets Layer or SSL is a security featur e that will pr ovide a secure comm unication path between a host and client thr ough the use of authentication, digital signatures and encryption. These security functions are implemented through the use of a ciphersuite, which is a security string that determines the[...]

  • Page 145

    Configuration This screen will allow the user to enable SSL on the Switch and implement an y one or combination of listed ciphersuites on the Switch. A cipher suite is a security string that determines the exact cryptographic parameters, specific encr yption algorithms and k ey sizes to be used for an authentication session. The Switch possesses fo[...]

  • Page 146

    7-5 Secur e Shell (SSH) SSH is an abbre viation of Secure Shell , which is a program allo wing secure r emote login and secure netw ork ser vices ov er an insecure netw ork. It allows a secure login to r emote host computers, a safe method of ex ecuting commands on a remote end node, and will provide secur e encrypted and authenticated communicatio[...]

  • Page 147

    Figure 7- 24. SSH Algorithms window The f ollowing alg orithms ma y be set: Para meter Descr iption Authentication Mode Configuration Passw or d This field ma y be enabled or disabled to choose if the administrator wishes to use a locally configur ed pass wor d for authentication on the Switch. This field is Enabled by default. Pub lic K ey This fi[...]

  • Page 148

    Data Integ r ity Algor ithm HMAC-SHA1 Use the pull-down to enable or disable the HMA C (Hash for Message Authentication Code) mechanism utilizing the Secure Hash algorithm.The default is Enabled . HMAC-MD5 Use the pull-down to enable or disable the HMA C (Hash for Message Authentication Code) mechanism utilizing the MD5 Message Digest encryption al[...]

  • Page 149

    Parameter Descr iption User Name Enter a User Name of no mor e than 15 characters to identify the SSH user . This User Name must be a pre viously configured user account on the Switch. Auth. Mode The administrator may choose one of the f ollowing to set the authorization for users attempting to access the Switch. Host Based – This parameter shoul[...]

  • Page 150

    Chapter 8 - SNMP Ma nager SNMP Settings Simple Network Management Pr otocol (SNMP) is an OSI La yer 7 (Application La yer) designed specifically for managing and monitoring netw ork devices. SNMP enables network management stations to r ead and modify the settings of gatewa ys, routers, switches, and other network devices. Use SNMP to configure sys[...]

  • Page 151

    T o displa y the detailed entry for a given user , click on the hyperlink ed User Name. This will open the SNMP User Table Display page, as shown below . Figure 8- 2. SNMP User T able Displa y window The following parameters ar e displa yed: Parameter Descr iption User Name An alphan umeric string of up to 32 characters. This is used to identify th[...]

  • Page 152

    Parameter Descr iption User Name Enter an alphan umeric string of up to 32 characters. This is used to identify the SNMP user . Gr oup Name This name is used to specify the SNMP group cr eated can request SNMP messages. SNMP V ersion V1 – Specifies that SNMP version 1 will be used. V2 – Specifies that SNMP version 2 will be used. V3 – Specifi[...]

  • Page 153

    Figure 8- 5. SNMP View T able Configuration windo w The SNMP Group cr eated with this table maps SNMP users (identified in the SNMP User T able ) to the views created in the pr evious menu. The f ollowing parameters can be set: Parameter Descr iption View Name T ype an alphanumeric string of up to 32 characters. This is used to identify the new SNM[...]

  • Page 154

    Figure 8- 7. SNMP Group T able Configuration windo w The following parameters can be set: Parameter Descr iption Gr oup Name T ype an alphan umeric string of up to 32 characters. This is used to identify the new SNMP group of SNMP users. Read View Name This name is used to specify the SNMP group cr eated can request SNMP messages. Wr ite View Na me[...]

  • Page 155

    Figure 8- 8. SNMP Community T able Configuration and T able window The following parameters can be set: P arameter Descr iption Community Name T ype an alphanumeric string of up to 33 characters that is used to identify members of an SNMP community . This string is used like a pass wor d to give r emote SNMP managers access to MIB objects in the Sw[...]

  • Page 156

    Figure 8-10. SNMP Host T able Configuration window The following parameters can be set: Parameter Descr iption Host IP Addr ess T ype the IP ad dress of the r emote management station that will ser ve as the SNMP host f or the Switch. SNMP V ersion V1 – T o specifies that SNMP version 1 will be used. V2 – T o specify that SNMP version 2 will be[...]

  • Page 157

    Chapter 9 - Monitor ing 9-1 P ort Utilization The Por t Utilization page displa ys the percentage of the total a vailable bandwidth being used on the port. T o view the port utilization, open the Monitor ing folder and then the P ort Utilization link: Figure 9- 1. Port Utilization window T o select a port to view these statistics f or , first selec[...]

  • Page 158

    Figur e 9- 2. CPU Utilization graph Click Apply to implement the configured settings. The window will automatically r efresh with ne w updated statistics. The information is described as follo ws: Parameter Descr iption Time Interval Select the desired setting betw een 1s and 60s, where "s" stands for seconds.The default value is one seco[...]

  • Page 159

    Figure 9- 3. Rx Packets Analysis windo w (line graph for Bytes and Pack ets) T o view the R eceived P ack ets T able , click the link View T a ble , which will show the following table: Figure 9- 4. Rx Packets Analysis windo w (table for Bytes and Pack ets) The following fields ma y be set or viewed: 158 Allied T elesyn A T -9724TS High-Density La [...]

  • Page 160

    Parameter Descr iption Time Interval Select the desired setting betw een 1s and 60s, where "s" stands for seconds.The default value is one second. Recor d Number Select number of times the Switch will be polled between 20 and 200.The default value is 200. Bytes Counts the number of bytes r eceived on the port. Pack ets Counts the number o[...]

  • Page 161

    Figure 9- 6. Rx Packets Analysis windo w (table for Unicast, Multicast, and Broadcast Pack ets) The following fields ma y be set or viewed: Parameter Descr iption Time Interval Select the desired setting betw een 1s and 60s, where "s" stands for seconds.The default value is one second. Recor d Number Select number of times the Switch will[...]

  • Page 162

    Figur e 9- 7. Tx Pack ets Analysis windo w (line graph for Bytes and Pack ets) T o view the T ransmitted (TX) T a ble , click the link View T able, which will show the following table: Figure 9- 8. Tx Pack ets Analysis windo w (table for Bytes and Pack ets) 161 Allied T elesyn A T -9724TS High-Density La yer 3 Stackable Gigabit Ethernet Switch[...]

  • Page 163

    The following fields ma y be set or viewed: Parameter Descr iption Time Interval Select the desired setting betw een 1s and 60s, where "s" stands for seconds.The default value is one second. Recor d Number Select number of times the Switch will be polled between 20 and 200.The default value is 200. Bytes Counts the number of bytes success[...]

  • Page 164

    Figure 9- 10. Rx Error Analysis window (table) The following fields can be set: Parameter Descr iption Time Interval Select the desired setting betw een 1s and 60s, where "s" stands for seconds.The default value is one second. Recor d Number Select number of times the Switch will be polled between 20 and 200.The default value is 200. Cr c[...]

  • Page 165

    Figur e 9- 11. Tx Err or Analysis windo w (line graph) T o view the T ransmitted Err or P ack ets T able , click the link View T able, which will show the following table: Figure 9- 12. Tx Err or Analysis windo w (table) The f ollo wing fields ma y be set or viewed: 164 Allied T elesyn A T -9724TS High-Density La yer 3 Stackable Gigabit Ethernet Sw[...]

  • Page 166

    Parameter Descr iption Time Interval Select the desired setting betw een 1s and 60s, where "s" stands for seconds.The default value is one second. Recor d Number Select number of times the Switch will be polled between 20 and 200.The default value is 200. ExDefer Counts the number of pack ets for which the first transmission attempt on a [...]

  • Page 167

    Figure 9- 14. Rx Size Analysis window (table) The following fields can be set or vie wed: Parameter Descr iption Time Interval Select the desired setting betw een 1s and 60s, where "s" stands for seconds.The default value is one second. Recor d Number Select number of times the Switch will be polled between 20 and 200.The default value is[...]

  • Page 168

    Figure 9- 15. Stacking Information window The Stacking Information window holds the f ollowing information: Parameter Descr iption Box ID Displa ys the Switch’ s order in the stack. User Set Box ID can be assigned automatically (Auto), or can be assigned statically . Default is Auto . Type Displa ys the model name of the corresponding switch in a[...]

  • Page 169

    Figure 9- 16. Device Status window The following fields ma y be viewed in this window: Parameter Descr iption ID The Box ID of the Switch in the switch stack. Internal Po wer A read only field denoting the curr ent status of the internal power suppl y . Active will suggest the mechanism is functioning correctl y while Fail will show the mechanism i[...]

  • Page 170

    The following fields can be vie wed or set: Parameter Descr iption VLAN Name Enter a VLAN Name for the forwar ding table to be bro wsed by . MAC Addr ess Enter a MA C addr ess for the forwar ding table to be bro wsed by . Unit – Por t Select the switch Unit ID of the s witch in the Switch stack and then the port by using the corresponding pull- d[...]

  • Page 171

    Parameter Descr iption Sequence A counter incremented whene ver an entry to the Switch's histor y log is made. The table displays the last entry (highest sequence number) first. Time Displa ys the time in da ys, hours, and minutes since the Switch was last restarted. Log T ext Displa ys text describing the ev ent that triggered the history log[...]

  • Page 172

    The user ma y search the IGMP Snooping F orwar ding T able b y VLAN Name using the top left hand corner Sear ch . The following fields can be vie wed: Parameter Descr iption VLAN Name The VLAN Name of the multicast gr oup . Sour ce IP The Source IP address of the m ulticast group . Multicast Gr oup The IP addr ess of the multicast gr oup. Por t Map[...]

  • Page 173

    Figure 9- 23. Authenticator State – MAC Based 802.1X This window displa ys the A uthenticator State f or individual ports on a selected device. T o select unit within the switch stack, use the pull-down menu at the top of the window and click Apply . A polling interval between 1 and 60 seconds can be set using the drop-do wn menu at the top of th[...]

  • Page 174

    Figure 9- 24. Authenticator Statistics window The user can specify a switch in a switch stack using that s witch’ s Unit ID by using the pull down menu in the top left hand corner . The user ma y also select the desired time interval to update the statistics, between 1s and 60s , where “s” stands for seconds. The default value is one second. [...]

  • Page 175

    Authenticator Session Statistics This table contains the session statistics objects for the Authenticator P AE associated with each port. An entry appears in this table for each port that suppor ts the Authenticator function. T o view the A uthenticator Session Statistics , click Monitor ing > Port Access Contr ol > A uthenticator Session Sta[...]

  • Page 176

    Authenticator Dia gnostics This table contains the diagnostic information r egarding the operation of the Authenticator associated with each port. An entr y appears in this table for each por t that suppor ts the Authenticator function. T o vie w the A uthenticator Diagnostics , click Monitor ing > P ort Access Contr ol > A uthenticator Diagn[...]

  • Page 177

    Authed Start Counts the number of times that the state machine transitions from AUTHENTICA TED to CONNECTING, as a result of an EAPOL-Start message being receiv ed from the Supplicant. Authed LogOf f Counts the number of times that the state machine transitions fr om AUTHENTIC A TED to DISCONNECTED , as a result of an EAPOL-Log off message being re[...]

  • Page 178

    BadAuthenticators The number of RADIUS Access-Response packets containing invalid authenticators or Signatur e attributes receiv ed from this server . PendingR equests The number of RADIUS Access-Request packets destined for this server that ha ve not y et timed out or receiv ed a response. This variable is incremented when an Access-Request is sen[...]

  • Page 179

    Note: T o configure 802.1x f eatures for the A T -9724TS, go to the Configuration folder and select P ort Access Entity . Configuration and other information concerning 802.1x ma y be found in Section 6 of this man ual under Port Access Entity . 9-12 Lay er 3 F eatur e This folder in the Monitor ing section will displa y information concerning sett[...]

  • Page 180

    Br owse Routing T able The Br owse Routing T able window ma y be found in the Monitoring men u in the Layer 3 Featur e folder . This screen sho ws the current IP r outing table of the Switch. T o find a specific IP route, enter an IP addr ess into the Destination Address field along with a proper subnet mask into the Mask field and click Find . Fig[...]

  • Page 181

    Figure 9- 32. Browse IP Multicast Forwar ding T able Br owse IGMP Gr oup T a ble The Br owse IGMP Gr oup Table window ma y be found in the Monitor ing menu in the Layer 3 Featur e f older . This window will show cur rent IGMP gr oup entries on the Switch.T o search a specific IGMP gr oup entr y , enter an interface name into the Interf ace Name fie[...]

  • Page 182

    The following fields ar e displa yed in the OSPF L SDB T able : Parameter Descr iption Ar ea ID Allows the entry of an OSPF Area ID . This Ar ea ID will then be used to search the table, and displa y an entr y – if there is one. L SDB Type Displa ys which one of eight types of link advertisements by which the curr ent link was discover ed by the [...]

  • Page 183

    Figure 9- 36 .OSPF Vir tual Neighbor T able DVMRP Monitor ing This menu allows the D VMRP (Distance-V ector Multicast Routing Pr otocol) to be monitored for each IP interface defined on the Switch.This folder , found in the Monitor ing folder , offers 3 screens for monitoring; Bro wse DVMRP Routing T a ble , Br owse DVMRP Neighbor Addr ess T a ble [...]

  • Page 184

    Br owse D VMRP Routing Next Hop T able The DVMRP Routing Next Hop T able contains information r egarding the next-hop for f orwarding multicast pack ets on outgoing interfaces. Each entr y in the DVMRP Routing Next Hop T able ref ers to the next-hop of a specific source to a specific m ulticast group addr ess. This table is found in the Monitor ing[...]

  • Page 185

    Chapter 10 - Switch Ma intenance 10-1 TFTP Services 10-2 Multiple Image Services 10-3 CF Services 10-4 Ping T est 10-5 Sa ve Changes 10-6 Reset 10-7 Reboot Services 10-8 Logout 10-1 TFTP Service Tr ivial File Transfer Pr otocol (TFTP) ser vices allow the Switch’ s firmwar e to be upgraded by transferring a ne w firmware file fr om a TFTP ser ver [...]

  • Page 186

    Enter the IP addr ess of the TFTP ser ver and specify the location of the switch configuration file on the TFTP server . Click Start to initiate the file transfer . Upl oad Configur ation T o upload the Switch’ s settings to a TFTP ser ver , click on the TFTP Service folder in the Maintenance folder and then click the Save Settings link: Figure 1[...]

  • Page 187

    Figure 10- 5. Firmware Information window This window holds the following inf ormation: Parameter Descr iption BO X States the stacking ID number of the switch in the s witch stack. ID States the image ID number of the firmwar e in the Switch’ s memor y . The Switch can store 2 firmware images for use. Image ID 1 will be the default boot up firmw[...]

  • Page 188

    This window offers the follo wing information: Parameter Descr iption Image Select the firmware image to be configured using the pull-do wn menu. The Switch allows two firmwar e images to be stored in the Switch’ s memory . Active This field has tw o options for configuration. Delete – Select this option to delete the firmware image specified i[...]

  • Page 189

    10-5 Save Changes The A T -9724TS has two le vels of memory; normal RAM and non-volatile or NV -RAM. Configuration changes are made effective clicking the Apply button. When this is done, the settings will be immediately applied to the switching software in RAM, and will immediately take eff ect. Some settings, though, require y ou to restart the S[...]

  • Page 190

    10-7 Reboot Device The following menu is used to r estart the Switch. Figure 10- 10. Restar t System window Clicking the Ye s click-box will instruct the Switch to sa ve the curr ent configuration to non-volatile RAM bef ore r estarting the Switch. Clicking the No click-bo x instructs the Switch not to sa v e the cur rent configuration befor e rest[...]

  • Page 191

    Appendix A - T echnical Specifications General Sta ndard IEEE 802.3u 100TX Fast Ethernet IEEE 802.3ab 1000T Gigabit Ethernet IEEE 802.1 P/Q VLAN IEEE 802.3x Full-duplex Flow Contr ol IEEE 802.3 Nwa y auto-negotiation Pr otocols CSMA/CD Data Tr ansfer R ates: Half-duplex Full-duplex Ethernet 10Mbps 20Mbps Fast Ethernet 100Mbps 200Mbps Gigabit Ethern[...]

  • Page 192

    P erformance Tr ansmission Method: Store-and-forwar d RAM Buffer: 2 MB per device Filter ing Addr ess T a ble: 16 K MA C addr ess per device Pack et Filtering/ Full-wire speed for all connections. Forwar ding R ate: 148,810 pps per por t (for 100Mbps) 1,488,100 pps per port (for 1000Mbps) MAC Addr ess Lea rning: Automatic update. Forwar ding Table [...]

  • Page 193

    Appendix B - Tr anslated Electr ical Safety a nd Emission Information Important : This appendix contains multiple-language translations for the saf ety statements in this guide. Wichtig : Dieser Anhang enthält Übersetzungen der in diesem Handbuch enthaltenen Sicherheitshinweise in mehrer en Sprachen. Vigtigt : Dette tillæg indeholder oversættel[...]

  • Page 194

    Die Entlüftungsöffnungen dürfen nicht v ersperrt sein und müssen zum Kühlen freien Zugang zur Raumluft haben. 6 m BETRIEBSTEMPERA TUR: Dieses Produkt wur de für den Betrieb in einer Umgebungstemperatur von nicht mehr als 40° C entworfen. 7 m ALLE LÄNDER: Installation muß örtlichen und nationalen elektrischen V orschriften entspr echen. St[...]

  • Page 195

    3 c ÉQUIPEMENT DE CLASSE 1 ÉLECTRIQUE CE MA TÉRIEL DOIT ÊTRE MIS A LA TERRE. La prise de courant doit être branchée dans une prise f emelle correctement mise à la terr e car des tensions danger euses risqueraient d’atteindre les pièces métalliques accessibles à l’utilisateur . 4 m EQUIPEMENT POUR BRANCHEMENT ELECTRIQUE, la prise de so[...]

  • Page 196

    Sikk erhetsnormer: Dette produktet tilfr edsstiller følgende sikk erhetsnormer . 1 c F ARE FOR L YNNEDSLAG F ARE: ARBEID IKKE på utstyr eller KABLER i T ORDENVÆR. 2 c FORSIKTIG: STRØMLEDNINGEN BRUKES TIL Å FRAK OBLE UTSTYRET . FOR Å DEAKTIVISERE UTSTYRET , må strømforsyningen k obles fra. 3 c ELEKTRISK – TYPE 1- KLASSE UTSTYR DETTE UTSTYR[...]

  • Page 197

    4 m EQUIPO CONECT ABLE, el tomacor riente se debe instalar cerca del equipo , en un lugar con acceso fácil". 5 m A TENCION: Las aberturas para ventilación no deberán bloquearse y deberán tener acceso libr e al aire ambiental de la sala para su enfriamiento. 6 m TEMPERA TURA REQUERID A P ARA LA OPERACIÓN: Este producto está diseñado para[...]