Ir para a página of
Manuais similares
-
Switch
Allied Telesis AT-9000/12POE
86 páginas 0.42 mb -
Switch
Allied Telesis x900-24 series
18 páginas 0.18 mb -
Switch
Allied Telesis at-8116
88 páginas 0.23 mb -
Switch
Allied Telesis XEM-2XP
23 páginas 1 mb -
Switch
Allied Telesis AT 9748TS/XP AT-9748TS/XP-20 AT-9748TS/XP-20
3 páginas 0.5 mb -
Switch
Allied Telesis AT-SBXFAN12
222 páginas 5.18 mb -
Switch
Allied Telesis AT X900-12XT/S
21 páginas 0.26 mb -
Switch
Allied Telesis 48W
7 páginas 0.51 mb
Bom manual de uso
As regras impõem ao revendedor a obrigação de fornecer ao comprador o manual com o produto Allied Telesis AT-9724TS. A falta de manual ou informações incorretas fornecidas ao consumidor são a base de uma queixa por não conformidade do produto com o contrato. De acordo com a lei, pode anexar o manual em uma outra forma de que em papel, o que é frequentemente utilizado, anexando uma forma gráfica ou manual electrónicoAllied Telesis AT-9724TS vídeos instrutivos para os usuários. A condição é uma forma legível e compreensível.
O que é a instrução?
A palavra vem do latim "Instructio" ou instruir. Portanto, no manual Allied Telesis AT-9724TS você pode encontrar uma descrição das fases do processo. O objetivo do manual é instruir, facilitar o arranque, a utilização do equipamento ou a execução de determinadas tarefas. O manual é uma coleção de informações sobre o objeto / serviço, um guia.
Infelizmente, pequenos usuários tomam o tempo para ler o manual Allied Telesis AT-9724TS, e um bom manual não só permite conhecer uma série de funcionalidades adicionais do dispositivo, mas evita a formação da maioria das falhas.
Então, o que deve conter o manual perfeito?
Primeiro, o manual Allied Telesis AT-9724TS deve conte:
- dados técnicos do dispositivo Allied Telesis AT-9724TS
- nome do fabricante e ano de fabricação do dispositivo Allied Telesis AT-9724TS
- instruções de utilização, regulação e manutenção do dispositivo Allied Telesis AT-9724TS
- sinais de segurança e certificados que comprovam a conformidade com as normas pertinentes
Por que você não ler manuais?
Normalmente, isso é devido à falta de tempo e à certeza quanto à funcionalidade específica do dispositivo adquirido. Infelizmente, a mesma ligação e o arranque Allied Telesis AT-9724TS não são suficientes. O manual contém uma série de orientações sobre funcionalidades específicas, a segurança, os métodos de manutenção (mesmo sobre produtos que devem ser usados), possíveis defeitos Allied Telesis AT-9724TS e formas de resolver problemas comuns durante o uso. No final, no manual podemos encontrar as coordenadas do serviço Allied Telesis na ausência da eficácia das soluções propostas. Atualmente, muito apreciados são manuais na forma de animações interessantes e vídeos de instrução que de uma forma melhor do que o o folheto falam ao usuário. Este tipo de manual é a chance que o usuário percorrer todo o vídeo instrutivo, sem ignorar especificações e descrições técnicas complicadas Allied Telesis AT-9724TS, como para a versão papel.
Por que ler manuais?
Primeiro de tudo, contem a resposta sobre a construção, as possibilidades do dispositivo Allied Telesis AT-9724TS, uso dos acessórios individuais e uma gama de informações para desfrutar plenamente todos os recursos e facilidades.
Após a compra bem sucedida de um equipamento / dispositivo, é bom ter um momento para se familiarizar com cada parte do manual Allied Telesis AT-9724TS. Atualmente, são cuidadosamente preparados e traduzidos para sejam não só compreensíveis para os usuários, mas para cumprir a sua função básica de informação
Índice do manual
-
Página 1
High-Density Layer 3 Stackable Gigabit Ethernet Switch A T -9724TS Installation a nd User’ s Guide PN D617/10032 Rev 1 Cop yright. 2004 Allied T elesyn, Inc. 19800 North Creek Parkwa y , Suite 200, Bothell W A 98011, USA All rights reserved. No part of this publication may be repr oduced without prior written permission from Allied T elesyn, Inc.[...]
-
Página 2
Electr ical Sa fety and Emission Statement Standards:This pr oduct meets the following standards. CE Marking Warning: This is a Class A pr oduct. In a domestic environment this pr oduct may cause radio interf erence in which case the user ma y be requir ed to take adequate measures. Important: Appendix B contains translated safety statements for in[...]
-
Página 3
T able of Contents Electrical Saf ety and Emission Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Pr eface . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 4
MSTI P ort Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 STP Instance Settings . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 5
Security Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Security IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 6
Pr ef ace Purpose of This Guide This guide is intended f or netw ork administrators who are r esponsible for installing and maintaining the A T -9724TS Gigabit Switch. How This Guide is Or ganized This guide contains the following cha pters and appendices: Chapter 1, Introduction, describes the features, functions, LEDs, and ports on the Gigabit Sw[...]
-
Página 7
Document Conventions This guide uses sev eral conventions that y ou should become familiar with befor e you begin to install the pr oduct: Note A note pro vides additional information. c Warning A warning indicates that performing or omitting a specific action ma y r esult in bodily injury . m Ca ution A caution indicates that performing or omittin[...]
-
Página 8
Wher e to Find Related Guides The Allied T elesyn web site at www .alliedtelesyn.com under the suppor t section contains the most recent documentation f or all of our products. All web- based documents relating to this pr oduct and other Allied T elesyn pr oducts can be downloaded fr om the web site. Contacting Allied T elesyn T echnical Support Y [...]
-
Página 9
Returning Pr oducts Products f or return or r epair must first be assigned a Return Materials Authorization (RMA) n umber . RMA policy varies from country to countr y . Please check the applicable RMA policy at www .alliedtelesyn.com. For Eur ope, you can also contact our European Customer Service centre b y e-mail at rma_eur ope@alliedtelesyn.com.[...]
-
Página 10
T ell Us What Y ou Think If you ha ve any comments or suggestions on how w e might impro ve this or other Allied T elesyn documents, please contact us at www.alliedtelesyn.com . 9 Allied T elesyn A T -9724TS High-Density La yer 3 Stackable Gigabit Ethernet Switch[...]
-
Página 11
Chapter 1 - Intr oduction 1-1 Ethernet T echnology 1-2 Switch Description 1-3 Featur es 1-4 Ports 1-5 Front Panel Components 1-6 Rear -Panel Description 1-7 Side-Panel Description 1-8 Gigabit Combo Ports 1-9 Ethernet T echnology 1-10 Fast Ethernet T echnology 1-1 Ethernet T echnology Fast Ethernet The gro wing importance of LANs and the increasing [...]
-
Página 12
1-2 Switch Descr iption The A T -9724TS has 24 1000T Gigabit ports that may be used in uplinking various netw ork devices to the Switch, including PCs, hubs and other switches to pro vide a gigabit Ethernet uplink in full-duplex mode. In addition, the A T -9724TS is equipped with 4 SFP (Small Form Factor P ortable) combo por ts, which are to be use[...]
-
Página 13
• SNMP support • Secure Sock ets La yer (SSL) and Secur e Shell (SSH) support • Port Mirr oring support • MIB support for : RFC1213 MIB II RFC1493 Bridge RFC1757 RMON RFC1643 Ether -like MIB RFC2233 Interface MIB IF MIB Private MIB RFC2674 for 802.1p IEEE 802.1x MIB • RS-232 DCE console port for Switch management • Pro vides parallel LE[...]
-
Página 14
LED Indicator s The Switch supports LED indicators for Pow er , Master , Console , RPS, SIO (stacking indicators), a seven-segment Stack ID LED and P ort LEDs. The following sho ws the LED indicators for the Switch along with an explanation of each indicator . Figure 1- 3. LED Indicators LED Descr iption Po wer This LED will light green after the S[...]
-
Página 15
Chapter 2 - Installation 2-1 Package Contents 2-2 Before Y ou Connect to the Network 2-3 Installing the Switch Without the Rack 2-4 Rack Installation 2-5 Po wer On 2-6 Po wer Failur e 2-7 Redundant Po wer System 2-1 P ackage Contents Open the shipping carton of the Switch and carefully unpack its contents. The carton should contain the following it[...]
-
Página 16
Figure 2- 1. Prepare Switch for installation on a desktop or shelf 2-4 Installing the Switch in a R ack The Switch can be mounted in a standard 19" rack. Use the following diagrams to guide you. Fasten the mounting brackets to the Switch using the scr ews pr ovided. With the brack ets attached securely , you can mount the Switch in a standar d[...]
-
Página 17
16 Allied T elesyn A T -9724TS High-Density La yer 3 Stackable Gigabit Ethernet Switch 2-5 Mounting the Switch in a Standa r d 19" R ack Figure 2- 2. Installing Switch in a rack 2-5 P ow er On Plug one end of the A C power cord into the pow er connector of the Switch and the other end into the local pow er source outlet. After the Switch is po[...]
-
Página 18
Chapter 3 - Connecting the Switch • 3-1 Switch to End Node • 3-2 Switch to Hub or Switch • 3-3 Connecting to Network Backbone or Server • 3-4 Stacking and the A T -9724TS 3-1 Switch T o End Node End nodes include PCs outfitted with a 10, 100 or 1000Mbps RJ45 Ethernet Network Interface Car d (NIC) and most routers. An end node can be connect[...]
-
Página 19
Figure 3- 3. Switch connected to switch using fibre-optic cabling 3-3 Connecting T o Network Backbone or Server The 4 combo SFP ports and the 24 1000T por ts are ideal f or uplinking to a network backbone, ser ver or server farm. The copper ports operate at a speed of 1000, 100 or 10Mbps in full or half duplex mode. The fibre-optic ports can operat[...]
-
Página 20
Figure 3- 8. Stacking in a Ring Architectur e Note: The Do not connect the stack ed Switch group to the netw ork until you ha ve pr operly configur ed all Switches for stacking. An improperly configured Switch stack can cause a br oadcast storm. Stacking Limitations Utilizing a Ring T opology There is a limit to the number of A T -9724TS Switches t[...]
-
Página 21
Cha pter 4 - Intr oduction to Switch Mana gement 4-1 A T -9724TS Gigabit La yer 3 Switch Management Options 4-2 W eb-based Management Interface 4-3 SNMP-Based Management 4-4 Command Line Console Interface Through The Serial Port 4-5 Connecting the Console Port (RS-232 DCE) 4-6 First Time Connecting to The Switch 4-7 Passwor d Protection 4-8 SNMP Se[...]
-
Página 22
9. After you ha ve correctly set up the terminal, plug the power cable into the pow er receptacle on the back of the Switch.The boot sequence appears in the terminal. 10. After the boot sequence completes, the console login screen displa ys. 11. If you ha ve not logged into the command line interface (CLI) program, press the Enter ke y at the User [...]
-
Página 23
Figure 4- 2. Command Prompt Note: The first user automatically gets Administrator level privileges. It is recommended to cr eate at least one Admin-lev el user account for the Switch. 4-7 P asswor d Protection One of the first tasks when settings up the Switch is to create user accounts. If you log in using a predefined administrator -lev el user n[...]
-
Página 24
The A T -9724TS supports SNMP versions 1, 2c, and 3. Y ou can specify which version of SNMP you want to use to monitor and contr ol the Switch. The three versions of SNMP vary in the level of security pr ovided betw een the management station and the network de vice. In SNMP v .1 and v .2, user authentication is accomplished using 'community s[...]
-
Página 25
Alternatively , you can enter config ipif System ipaddr ess xxx.xxx.xxx.xxx/z . Where the x's repr esent the IP addr ess to be assigned to the IP interface named System and the z repr esents the corresponding n umber of subnets in CIDR notation. The IP interface named System on the Switch can be assigned an IP addr ess and subnet mask which ca[...]
-
Página 26
Chapter 5 - Intr oduction to W e b-based Switch Configuration 5-1 Introduction 5-2 Login to W eb manager 5-3 W eb-Based User Interface 5-4 Basic Setup 5-5 Reboot 5-6 Basic Switch Setup 5-7 Network Management 5-8 Switch Utilities 5-9 Network Monitoring 5-10 IGMP Snooping Status 5-1 Intr oduction All software functions of the A T -9724TS can be manag[...]
-
Página 27
5-3 W eb-based User Interf ace The user interface pro vides access to various Switch configuration and management screens, allows you to view performance statistics, and permits you to graphically monitor the system status. Ar eas of the User Interf ace The figure below sho ws the user interface. The user interface is divided into 3 distinct areas [...]
-
Página 28
W eb Pages Configurations – Contains scr eens concerning configurations for IP Addr ess, Switch Information, Advanced Settings, Port Configuration, IGMP , Spanning T ree, Forwarding Filtering,VLANs, Port Bandwidth, SNTP Settings, Port Security , QoS, MAC Notification, LACP , Access Profile T able , System Log Ser v ers, P AE Access Entity , and L[...]
-
Página 29
Chapter 6 - Configur ing The Switch 6-1 Switch Information 6-2 IP Addr ess 6-3 Box Information 6-4 Advanced Settings 6-5 Port Configuration 6-6 Port Description 6-7 Port Mirr oring 6-8 Link Aggr egation 6-9 LA CP Port Setting 6-10MA C Notification 6-11GMP 6-12 Spanning T r ee 6-13 Forward & Filtering 6-14 VLANs 6-15 T raffic Contr ol 6-16 Port [...]
-
Página 30
6-2 IP Addr ess The IP Addr ess ma y initially be set using the console interface prior to connecting to it thr ough the Ethernet. If the Switch IP address has not y et been changed, read the intr oduction of the A T -9724TS Command Line Interface Refer ence Manual or return to Cha pter 4 of this manual for mor e information. T o change IP settings[...]
-
Página 31
VLAN Name This allows the entry of a VLAN Name from which a management station will be allow ed to manage the Switch using TCP/IP (in-band via web manager or T elnet). Management stations that are on VLANs other than the one entered her e will not be able to manage the Switch in-band unless their IP addr esses are entered in the Security IP Managem[...]
-
Página 32
Parameter Descr iption Ser ial Por t Auto Logout Time Select the logout time used for the console interface. This automatically logs the user out after an idle period of time, as defined. Choose from the f ollowing options: 2 Minutes , 5 Minutes, 10 Minutes, 15 Minutes or Never . The default setting is 10 minutes . Ser ial Por t Baud R ate This fie[...]
-
Página 33
Parameter Descr iption Curr ent Box ID The current Bo x ID of the Master switch in the stack. New Box ID The new box ID of the Master s witch in the stack. Box T ype The user ma y choose the model name of the Master switch in a stack to be the main configuring switch of that stack. Pr ior ity Displa ys the priority ID of the Switch. The lower the n[...]
-
Página 34
Parameter Descr iption State T oggle the State < Enabled > field to either enable or disable a given port or gr oup of ports. Speed/Duplex T oggle the Speed/Duplex field to either select the speed and duplex/half-duplex state of the port. Auto denotes auto-negotiation betw een 10 and 100Mbps devices, in full- or half-duplex. The Auto setting [...]
-
Página 35
6-6 P ort Mirr oring The Switch allows you to cop y frames transmitted and received on a port and redir ect the copies to another port. Y ou can attach a monitoring device to the mirr ored port, such as a sniffer or an RMON probe, to view details about the pack ets passing through the first port. This is useful for netw ork monitoring and troublesh[...]
-
Página 36
The Switch treats all ports in a trunk group as a single port. Data transmitted to a specific host (destination addr ess) will alwa ys be transmitted ov er the same port in a trunk group . This allows packets in a data str eam to arriv e in the same order they w ere sent. Note: If any ports within the trunk group become disconnected, packets intend[...]
-
Página 37
Figure 6- 11. Link Aggregation Gr oup Configuration window – Modify The user -changeable parameters are as follo ws: Parameter Descr iption Gr oup ID Select an ID number for the gr oup , between 1 and 32. State T runk groups can be toggled between Enabled and Disabled .This is used to turn a por t trunking group on or off. This is useful f or dia[...]
-
Página 38
The user ma y set the following parameters: Parameter Descr iption Unit Choose the switch in the switch stack to be configur ed by using the pull-down men u. Fr om/T o A consecutiv e group of ports ma y be configured starting with the selected port. Mode Active – Activ e LA CP ports are capable of processing and sending LA CP control frames. This[...]
-
Página 39
MAC Notification P ort Settings T o change MA C notification settings for a port or group of ports on the Switch, click Por t Settings in the MAC Notification folder , which will display the following scr een: Figur e 6- 14. MA C Notification P or t Settings and P or t State T able The f ollo wing parameters ma y be set: Parameter Descr iption Unit[...]
-
Página 40
The format of an IGMP pack et is shown below: Figure 6- 15. IGMP Message Format The IGMP T ype codes ar e shown below: Type Meaning 0x11 Membership Query (if Group Addr ess is 0.0.0.0) 0x11 Specific Group Membership Query (if Group Address is Present) 0x16 Membership Report (version 2) 0x17 Lea ve a Gr oup (version 2) 0x12 Membership Report (versio[...]
-
Página 41
IGMP Snooping Internet Gr oup Management Protocol (IGMP) snooping allows the Switch to recognize IGMP queries and r eports sent between network stations or devices and an IGMP host. When enabled for IGMP snooping, the Switch can open or close a por t to a specific device based on IGMP messages passing thr ough the Switch. In order to use IGMP Snoop[...]
-
Página 42
Robustness Value Adjust this variable according to expected pack et loss. If packet loss on the VLAN is expected to be high, the Robustness Var ia ble should be increased to accommodate increased pack et loss. This entry field allows an entry of 1 to 255. Default = 2. Last Member Query Interval This field specifies the maximum amount of time betwee[...]
-
Página 43
Figure 6- 20. Static Router Ports Settings window The following parameters can be set: Parameter Descr iption VID (VLAN ID) This is the VLAN ID that, along with the VLAN Name, identifies the VLAN where the multicast r outer is attached. VLAN Name This is the name of the VLAN where the m ulticast router is attached. Unit Choose the Switch ID number [...]
-
Página 44
802.1w R apid Spanning Tr ee The Switch implements three v ersions of the Spanning T r ee Protocol, the Multiple Spanning T ree Pr otocol (MSTP) as defined by the IEEE 802.1s, the Rapid Spanning T r ee Protocol (RSTP) as defined b y the IEEE 802.1w specification and a version compatible with the IEEE 802.1d STP . RSTP can operate with legacy equipm[...]
-
Página 45
Figure 6- 21. STP Bridge Global Settings – STP compatible Figure 6- 22. STP Bridge Global Settings – RSTP (default) Figure 6- 23. STP Bridge Global Settings The following parameters can be set: 44 Allied T elesyn A T -9724TS High-Density La yer 3 Stackable Gigabit Ethernet Switch[...]
-
Página 46
Parameter Descr iption STP Status Use the pull-down menu to enable or disable STP globall y on the Switch. The default is Disabled . STP V ersion Use the pull-down menu to choose the desir ed version of STP to be implemented on the Switch. Ther e are three choices: STP – Select this parameter to set the Spanning T r ee Protocol (STP) globall y on[...]
-
Página 47
The window abov e contains the following information: Parameter Descr iption Configuration Name A pr eviously configur ed name set on the Switch to uniquely identify the MSTI (Multiple Spanning T ree Instance). If a configuration name is not set, this field will show the MA C addr ess to the device running MSTP . Revision Level This value, along wi[...]
-
Página 48
The user ma y configure the follo wing parameters to configure the CIST on the Switch. Parameter Descr iption MSTI ID The MSTI ID of the CIST is 0 and cannot be altered. Type The type of configuration about to be pr ocessed. This window is used to add or delete VIDs to the configured MSTI or internal CIST . All other parameters are permanentl y set[...]
-
Página 49
MSTI P ort Information This window displa ys the curr ent MSTI configuration settings and can be used to update the port configuration for an MSTI ID . If a loop occurs, the MSTP function will use the por t priority to select an interface to put into the forwarding state. Set a higher priority value for interfaces to be selected for forwarding firs[...]
-
Página 50
49 Allied T elesyn A T -9724TS High-Density La yer 3 Stackable Gigabit Ethernet Switch STP Instance Settings The following window displa ys MSTIs currently set on the Switch.T o view the following table, click Configuration > Spanning Tr ee > STP Insta nce Settings : Figure 6- 30. STP Instance Settings The following information is displa yed:[...]
-
Página 51
Figure 6- 32. STP Instance Operational Status – Previously Configur ed MSTI The following parameters ma y be viewed in the STP Instance Operational Status windo ws: Parameter Descr iption Designated Root Br idge This field will sho w the priority and MA C address of the Root Bridge. External Root Cost This defines a metric that indicates the rela[...]
-
Página 52
STP P ort Settings STP can be set up on a port per por t basis. T o view the f ollowing window click Configuration > Spanning T r ee > STP Por t Settings : Figure 6- 33. STP Port Settings and MSTP Port Information T able In addition to setting Spanning T ree parameters for use on the switch le vel, the Switch allows for the configuration of g[...]
-
Página 53
0 (auto) – Setting 0 for the external cost will automatically set the speed f or forwarding pack ets to the specified port(s) in the list for optimal efficiency . Default por t cost: 100Mbps port = 200000. Gigabit por t = 20000. value 1-200000000 – Define a value between 1 and 200000000 to determine the external cost. The lower the number , the[...]
-
Página 54
Static Multicast Forw arding The following figur e and table describe how to set up Multicast Forw arding on the Switch. Open the Forwar ding Filter ing folder and click on the Multicast Forwar ding link to see the entr y screen belo w: Figure 6- 35. Static Multicast Forwarding Settings and Curr ent Multicast Forwarding Entries The Static Multicast[...]
-
Página 55
6-14 VLANs Under standing IEEE 802.1p Prior ity Priority tagging is a function defined by the IEEE 802.1p standard designed to pr ovide a means of managing traffic on a network where man y differ ent types of data ma y be transmitted simultaneously . It is intended to alleviate problems associated with the deliv er y of time critical data ov er con[...]
-
Página 56
The main characteristics of IEEE 802.1Q are as f ollows: • Assigns packets to VLANs by filtering. • Assumes the presence of a single global spanning tr ee. • Uses an explicit tagging scheme with one-lev el tagging. • 802.1Q VLAN Pack et Forwarding • Packet f orwarding decisions ar e made based upon the following thr ee types of rules: •[...]
-
Página 57
Figure 6- 38. IEEE 802.1Q T ag The EtherT ype and VLAN ID are inserted after the MA C source addr ess, but befor e the original EtherT ype/Length or Logical Link Control. Because the packet is no w a bit longer than it was originally , the Cyclic Redundancy Check (CRC) must be recalculated. Figure 6- 39. Adding an IEEE 802.1Q T ag 56 Allied T elesy[...]
-
Página 58
P ort VLAN ID Packets that ar e tagged (are car rying the 802.1Q VID information) can be transmitted from one 802.1Q compliant netw ork device to another with the VLAN inf ormation intact. This allows 802.1Q VLANs to span netw ork devices (and indeed, the entire network, if all network de vices are 802.1Q compliant). Unfortunately , not all network[...]
-
Página 59
An example is presented below: VLAN Name VID Switch Por ts System (default) 1 5, 6, 7, 8, 21, 22, 23, 24 Engineering 2 9, 10, 11, 12 Marketing 3 13, 14, 15, 16 Finance 4 17, 18, 19, 20 Sales 5 1, 2, 3, 4 T able 6- 3. VLAN Example – Assigned P orts P ort-based VLANs Port-based VLANs limit traffic that flows into and out of s witch ports. Thus, all[...]
-
Página 60
Pr otocol Type Header in Hexadecimal F orm IP over Ethernet 0x0800 IPX 802.3 0xFFFF IPX 802.2 0xE0E0 IPX SNAP 0x8137 IPX over Ethernet2 0x8137 DecLA T 0x6000 DecOther 0x6009 SNA 802.2 0x0404 NetBios 0xF0F0 XNS 0x0600 VINES 0x0BAD IPv6 0x86DD AppleT alk 0x809B RARP 0x8035 T able 6- 4. Protocol VLAN and the corr esponding type header In configuring t[...]
-
Página 61
The 802.1Q Static VLANs menu lists all previousl y configured VLANs b y VLAN ID and VL AN Name . T o delete an existing 802.1Q VLAN, click the corresponding button under the Delete heading. T o create a ne w 802.1Q VLAN, click the Add button in the 802.1Q Static VL ANs menu. A new menu will appear , as shown below , to configure the port settings a[...]
-
Página 62
Parameter Descr iption Unit Choose the Switch ID number of the Switch in the switch stack to be modified. VID (VLAN ID) Allows the entry of a VLAN ID in the Add dialog bo x, or displays the VLAN ID of an existing VLAN in the Modify dialog box.VLANs can be identified by either the VID or the VLAN name. VLAN Name Allows the entry of a name for the ne[...]
-
Página 63
User Defined Pid – Specifies that the VLAN will only accept packets with this hexadecimal 802.1Q Ethernet type value in the packet header . The user may define an entry , in the hexadecimal form (ffff) to define the packet identification. ( The user only need enter the final f our integers of the hexadecimal format to define the pack et ID –{he[...]
-
Página 64
The following fields can be set: Parameter Descr iption Unit Choose the Switch ID number of the Switch in the switch stack to be modified. Fr om/T o These tw o fields allow you to specify the range of ports that will be included in the P ort-based VLAN that you are cr eating using the 802.1Q Static VLANs page. GVRP The Group VLAN Registration Proto[...]
-
Página 65
T o configure T raf fic Control , first select the Switch’ s Unit ID number from the pull down men u and then a group of ports by using the Gr oup pull down menu. Finally , enable or disable the Br oadcast Storm , Multicast Storm and Destination Unkno wn using their corr esponding pull-down menus. The purpose of this window is to limit too man y [...]
-
Página 66
65 Allied T elesyn A T -9724TS High-Density La yer 3 Stackable Gigabit Ethernet Switch 6-17 P ort Lock Entr ies The Por t Lock Entry Delete window is used to r emov e an entr y fr om the port security entries learned by the Switch and entered into the forwar ding database. T o view the following window , click Configuration > P ort Lock Entr ies[...]
-
Página 67
6-18 QoS The A T -9724TS supports 802.1p priority queuing Quality of Ser vice. The following section discusses the implementation of QoS (Quality of Service) and benefits of using 802.1p priority queuing. The Advanta ges of QoS QoS is an implementation of the IEEE 802.1p standard that allows netw ork administrators a method of reserving bandwidth f[...]
-
Página 68
A~H with their respectiv e weight value: 8~1, the packets ar e sent in the following sequence: A1, B1, C1, D1, E1, F1, G1, H1, A2, B2, C2, D2, E2, F2, G2, A3, B3, C3, D3, E3, F3, A4, B4, C4, D4, E4, A5, B5, C5, D5, A6, B6, C6, A7, B7, A8, A1, B1, C1, D1, E1, F1, G1, H1. For w eighted round-r obin queuing, if each CoS queue has the same weight value[...]
-
Página 69
Click Apply to set the bandwidth control for the selected ports. Results of configured Bandwidth Settings will be displa yed in the Por t Bandwidth Ta b l e . QoS Scheduling Mechanism This drop-do wn menu allows y ou to select between a W eight Fair and a Str ict mechanism for emptying the classes of service . In the Configuration folder open the Q[...]
-
Página 70
Y ou ma y assign the following values to the QoS classes to set the scheduling. Parameter Descr iption Max. Pack ets Specifies the maximum number of pack ets the abov e specified hardwar e priority queue will be allowed to transmit before allo wing the next lowest priority queue to transmit its pack ets. A value between 0 and 15 can be specified. C[...]
-
Página 71
802.1p Def ault Pr ior ity The Switch allows the assignment of a default 802.1p priority to each port on the Switch. In the Configuration folder open the QoS folder and click 802.1p Defa ult Pr ior ity , to view the scr een shown below . Figure 6- 52. Port Default Priority Assignment and The Port Priority T able window This page allo ws y ou to ass[...]
-
Página 72
Once you ha ve assigned a priority to the port groups on the Switch, you can then assign this Class to each of the7 lev els of 802.1p priorities. Click Apply to set your changes. T raf fic Segmentation T raffic segmentation is used to limit traffic flow from a single port to a group of ports on either a single Switch (in standalone mode) or a gr ou[...]
-
Página 73
Clicking the Apply button will enter the combination of transmitting por t and allow ed receiving ports into the Switch's Tr af fic Segmentation T a ble . 6-19 System Log Server The Switch can send Syslog messages to up to four designated servers using the System Log Server . In the Configuration folder , click System Log Server , to view the [...]
-
Página 74
Parameter Descr iption Index Syslog server settings index (1-4). Server IP The IP addr ess of the Syslog ser ver . Sever ity This drop-down menu allows y ou to select the lev el of messages that will be sent. The options are W arning, Informational , and All. Facility Some of the operating system daemons and processes ha ve been assigned Facility v[...]
-
Página 75
6-20 SNTP Settings Curr ent Time Settings T o configure the time settings f or the Switch, open the Configuration folder , then the SNTP folder and click on the Curr ent Time Setting link, rev ealing the following scr een for the user to configure. Figure 6- 58. Time Settings Page The following parameters can be set or ar e displa yed: Parameter De[...]
-
Página 76
Time Zone and DST The following ar e screens used to configur e time zones and Da ylight Sa vings time settings for SNTP . Open the Configuration folder , then the SNTP folder and click on the Time Zone and DST link, revealing the f ollowing screen. Figure 6- 59. Time Zone and DST Settings Page The following parameters can be set: Parameter Descr i[...]
-
Página 77
6-21 Access Pr ofile T able Configur ing the Access Pr ofile T able Access profiles allo w you to establish criteria to determine whether or not the Switch will forwar d packets based on the inf ormation contained in each packet's header . These criteria can be specified on a basis of VLAN, MAC addr ess or IP addr ess. Creating an access pr of[...]
-
Página 78
The following parameters can be set, for the Ethernet type: Parameter Descr iption Pr ofile ID (1-8) T ype in a unique identifier number for this profile set.This value can be set from 1 - 8. Type Select pr ofile based on Ethernet (MA C Address), IP address or pack et content mask. This will change the menu according to the r equirements for the ty[...]
-
Página 79
Sour ce IP Mask Enter an IP addr ess mask for the source IP ad dress. Destination IP Mask Enter an IP addr ess mask for the destination IP addr ess. DSCP Selecting this option instructs the Switch to examine the DiffServ Code par t of each packet header and use this as the, or par t of the criterion for forwar ding. Pr otocol Selecting this option [...]
-
Página 80
79 Allied T elesyn A T -9724TS High-Density La yer 3 Stackable Gigabit Ethernet Switch This screen will aid the user in configuring the Switch to mask pack et headers beginning with the offset value specified. The following fields ar e used to configure the Pack et Content Mask : Parameter Descr iption Pr ofile ID (1-8) T ype in a unique identifier[...]
-
Página 81
Figure 6- 65. Access Rule Configuration window (IP) Configure the follo wing Access Rule Configuration settings for IP: Parameter Descr iption Pr ofile ID This is the identifier number f or this pr ofile set. Mode Select P ermit to specify that the pack ets that match the access pr ofile ar e f orwar ded by the Switch, according to any ad ditional [...]
-
Página 82
Figure 6- 66. Access Rule Display windo w (IP) T o configure the Access Rule for Ethernet , open the Access Profile T a ble and click Modify for an Ethernet entry . This will open the following scr een: Figur e 6- 67. Access Rule T able T o remo ve a pr eviously cr eated rule, select it and click the 8 button. T o add a ne w Access Rule, click the [...]
-
Página 83
Parameter Descr iption Pr ofile ID This is the identifier number for this pr ofile set. Mode Select Permit to specify that the pack ets that match the access profile are f orwarded by the Switch, according to any ad ditional rule added (see below). Select Deny to specify that packets that do not match the access pr ofile are not forwarded by the Sw[...]
-
Página 84
Figure 6- 70. Access Rule T able (Pack et Content Mask) T o remo ve a pr eviously cr eated rule, select it and click the 8 button. T o add a ne w Access Rule, click the Add button: Figure 6- 71. Access Rule Configuration – Packet Content Mask T o set the Access Rule f or the Pack et Content Mask , adjust the following parameters and click Apply .[...]
-
Página 85
Pr ior ity This parameter is specified if you want to r e-write the 802.1p default priority pre viously set in the Switch, which is used to determine the CoS queue to which pack ets are forwar ded to. Once this field is specified, packets accepted b y the Switch that match this priority are forwar ded to the CoS queue specified pre viously by the u[...]
-
Página 86
P ort-Based Networ k Access Contr ol Figur e 6- 73. Example of T ypical Port-Based Configuration Once the connected device has successfully been authenticated, the Port then becomes Authorized, and all subsequent traffic on the Port is not subject to access control r estriction until an ev ent occurs that causes the Port to become Unauthorized. Hen[...]
-
Página 87
Configur e Authenticator T o configure the 802.1X Authenticator Settings, click P AE Access Entity > Configure Authenticator : Figure 6- 75. 802.1X Authenticator Settings window T o vie w the 802.1X Authenticator settings on a different switch in the s witch stack, use the Unit pull-down menu to select that switch by its ID n umber in the switch[...]
-
Página 88
This screen allows y ou to set the following f eatures: Parameter Descr iption Unit Choose the Switch ID number of the Switch in the switch stack to be modified. Fr om [ ] T o [ ] Enter the port or por ts to be set. AdmCtrlDir Sets the administrativ e-controlled dir ection to either in or both . If in is selected, control is only ex er ted over inc[...]
-
Página 89
P AE System Contr ol Existing 802.1x port settings are displa yed and can be configur ed using the windows below . Por t Capability Settings Click Por t Access Entity > P AE System Contr ol > 802.1X Capability Settings to view the following windo w: Figur e 6- 78. 802.1x Capability Settings and T able window T o set up the Switch's 802.1[...]
-
Página 90
Initializing P orts for P ort Based 802.1x Existing 802.1x port settings are displa yed and can be configur ed using the window below . Note: Ensure P ort Based 802.1x is enabled under Configuration > Advanced Settings . Click Por t Access Entity > P AE System Contr ol > Initialize P ort(s) to open the following window: Figur e 6- 79. Init[...]
-
Página 91
Initializing P orts for MAC Based 802.1x T o initialize ports for the MA C side of 802.1x, the user must first enable 802.1x by MA C addr ess in the Advanced Settings window . Click Port Access Entity > P AE System Contr ol > Initialize P ort(s) to open the following windo w: Figure 6- 80. Initialize Ports window (MAC based 802.1x) T o initia[...]
-
Página 92
This window displa ys the following inf ormation: Parameter Descr iption Unit Choose the Switch ID number of the Switch in the switch stack to be modified. Por t The port number of the reauthenticated port. Auth State The Authenticator State will display one of the f ollowing: Initialize , Disconnected , Connecting , Authenticating , Authenticated [...]
-
Página 93
RADIUS Server The RADIUS feature of the Switch allo ws you to facilitate centralized user administration as w ell as pro viding protection against a sniffing, active hacker . The W eb Manager off ers three windo ws. Click Por t Access Entity > RADIUS Server > Authentic R adius Server to open the RADIUS Server Authentication Setting window sho[...]
-
Página 94
6-23 Layer 3 IP Netw orking Lay er 3 Gl obal Advanced Settings The L3 Global Advanced Settings window allo ws the user to enable and disable La yer 3 settings and functions fr om a single window . The full settings and descriptions for these functions will appear later in this section.T o view this window , open the Configuration f older and then t[...]
-
Página 95
VLAN Name VID Network Number IP Address System (default) 1 10.32.0.0 10.32.0.1 Engineer 2 10.64.0.0 10.64.0.1 Marketing 3 10.96.0.0 10.96.0.1 Finance 4 10.128.0.0 10.128.0.1 Sales 5 10.160.0.0 10.160.0.1 Backbone 6 10.192.0.0 10.192.0.1 T able 6- 6. VLAN Example – Assigned IP Interfaces The 6 IP interfaces, each with an IP address (listed in the [...]
-
Página 96
Figure 6- 87. IP Interface Configuration – Edit window Choose a name for the interface to be added and enter it in the Interface Name field (if you ar e editing an IP Interface, the Interface Name will already be in the top field as seen in the window abov e). Enter the interface’ s IP address and subnet mask in the cor responding fields. Pull [...]
-
Página 97
The following fields can be set: Parameter Descr iption K ey ID A number fr om 1 to 255 used to identify the MD5 K ey . Ke y A alphanumeric string of betw een 1 and 16 case-sensitive characters used to generate the Message Digest which is in turn, used to authenticate OSPF packets within the OSPF r outing domain. Click Apply to enter the new K ey I[...]
-
Página 98
97 Allied T elesyn A T -9724TS High-Density La yer 3 Stackable Gigabit Ethernet Switch The following parameters ma y be set or viewed: Parameter Descr iption Dest Pr otocol Allows for the selection of the pr otocol for the destination device. Choose between RIP and OSPF . Sr c Pr otocol Allo ws for the selection of the protocol f or the source de v[...]
-
Página 99
Figure 6- 91. Static/Default Route Settings – Add window The following fields can be set: Parameter Descr iption IP Addr ess Allows the entry of an IP address that will be a static entry into the Switch’ s Routing T able. Subnet Mask Allows the entry of a subnet mask corresponding to the IP addr ess abov e. Gateway IP Allows the entr y of an IP[...]
-
Página 100
3. After changing the route pr efer ence value for a specific routing pr otocol, that pr otocol needs to be restarted because the previousl y learned routes ha ve been dr opped from the Switch.The Switch must learn the routes again befor e the new settings can tak e effect. T o view the Route Pr eference Settings window , click Configuration > L[...]
-
Página 101
Static ARP T a ble The Address Resolution Protocol ( ARP ) is a TCP/IP pr otocol that conv erts IP addresses into ph ysical addresses.This table allows network managers to view , define, modify and delete ARP information f or specific devices. Static entries can be defined in the ARP T a ble . When static entries ar e defined, a permanent entr y is[...]
-
Página 102
T o maximize stability , the hop count RIP uses to measure distance must ha ve a low maximum value. Infinity (that is, the network is unreachable) is defined as 16 hops. In other words, if a network is more than 16 r outers fr om the source, the local router will consider the netw ork unreachable. RIP can also be slow to conv erge (to remo ve incon[...]
-
Página 103
T o setup RIP for the IP interfaces configur ed on the Switch, the user must enable RIP and then configure RIP settings f or the individual IP interfaces. T o globally enable RIP on the Switch, open the Configuration folder to Layer 3 Netw orking and then open the RIP folder and click on the RIP Configuration link to access the following scr een: F[...]
-
Página 104
Parameter Descr iption Interface Na me The name of the IP interface on which RIP is to be setup . This interface must be previousl y configured on the Switch. IP Addr ess The IP addr ess corresponding to the Interface Name sho wing in the field above. TX Mode < Disabled > T oggle among Disabled , v1 Only , v1 Compatible , and v2 Only . This e[...]
-
Página 105
Shortest P ath T r ee T o build Router A’ s shortest path tree for the netw ork diagrammed below , Router A is put at the root of the tr ee and the smallest cost link to each destination netw ork is calculated. Figur e 6- 98. Constructing a Shor test Path T r ee The diagram abov e shows the network fr om the viewpoint of Router A. Router A can re[...]
-
Página 106
Figure 6- 99. Constructing a Shor test Path T r ee – Completed Note that this shortest path tree is only fr om the viewpoint of Router A. The cost of the link from Router B to Router A, for instance is not important to constructing Router A’ s shortest path tree, but is very impor tant when Router B is constructing its shortest path tree. Note [...]
-
Página 107
OSPF Authentication OSPF packets can be authenticated as coming fr om trusted routers by the use of predefined pass wor ds. The default for routers is to use not authentication. There ar e two other authentication methods – simple pass word authentication (k ey) and Message Digest authentication (MD-5). Message Digest A uthentication (MD-5) MD-5 [...]
-
Página 108
Adjacencies Adjacent routers g o beyond the simple Hello exchange and participate in the link-state database exchange pr ocess. OSPF elects one router as the Designated Router (DR) and a second r outer as the Backup Designated Router (BDR) on each m ulti-access segment (the BDR is a backup in case of a DR failure). All other routers on the segment [...]
-
Página 109
Figure 6- 100. OSPF Packet Header Format Field Descr iption V ersion No. The OSPF v ersion number . Type The OSPF pack et type . The OSPF packet types ar e as follows: T ype Description Hello Database Description Link-State Request Link-State Update Link-State Acknowledgment. Pack et Length The length of the packet in b ytes. This length includes t[...]
-
Página 110
Figure 6- 101. Hello Packet Field Descr iption Netw or k Mask The netw ork mask associated with this interface . Options The optional capabilities supported by the router . Hello Interval The number of seconds between this r outer’ s Hello pack ets. Router Pr ior ity This router’ s Router Priority . The Router Priority is used in the election o[...]
-
Página 111
Figur e 6- 102. Database Description Packet Field Descr iption Options The optional capabilities supported by the router . I – bit The Initial bit. When set to 1, this packet is the first in the sequence of Database Description pack ets. M – bit The Mor e bit. When set to 1, this indicates that more Database Description pack ets will follow . M[...]
-
Página 112
Figure 6- 103. Link-State Request Packet Each advertisement requested is specified b y its Link-State T ype, Link-State ID , and Adv ertising Router . This uniquely identifies the advertisement, but not its instance. Link-State Request packets are understood to be r equests for the most r ecent instance. Link-State Update P ack et Link-State Update[...]
-
Página 113
Link-State Acknowledgment P ack et Link-State Acknowledgment pack ets are OSPF packet type 5. T o mak e the folding of link-state adv ertisements reliable, flooded advertisements are explicitly ackno wledged. This acknowledgment is accomplished thr ough the sending and receiving of Link-State Acknowledgment packets. Multiple link-state advertisemen[...]
-
Página 114
Link State Adver tisement Header All link state advertisements begin with a common 20-byte header . This header contains enough information to uniquely identify the adv ertisements (Link State T ype , Link State ID , and Advertising Router). Multiple instances of the link state advertisement ma y exist in the routing domain at the same time. It is [...]
-
Página 115
Figure 6- 107. Routers Links Advertisements In r outer links adv ertisements, the Link State ID field is set to the router’ s OSPF Router ID . The T -bit is set in the advertisement’ s Option field if and only if the r outer is able to calculate a separate set of r outes for each IP T ype of Ser vice (T OS). Router links advertisements are floo[...]
-
Página 116
For each link, separate metrics may be specified for each T ype of Ser vice (T OS). The metric for T OS 0 must alwa ys be included, and was discussed above. Metrics for non-zer o T OS are described below . Note that the cost for non-zer o T OS values that are not specified defaults to the T OS 0 cost. Metrics must be listed in order of incr easing [...]
-
Página 117
Figure 6- 109. Summar y Link Advertisements For stub ar ea, T ype 3 summar y link advertisements can also be used to describe a default route on a per -area basis. Default summar y routes ar e used in stub area instead of flooding a complete set of external routes.When describing a default summar y route, the advertisement’ s Link State ID is alw[...]
-
Página 118
Field Descr iption Network Mask The IP addr ess mask for the advertised destination. E – bit The type of external metric. If the E - bit is set, the metric specified is a T ype 2 external metric. This means the metric is considered larger than an y link state path. If the E - bit is zero , the specified metric is a T ype 1 external metric. This m[...]
-
Página 119
T o add an OSPF Area to the table, type a unique Area ID (see belo w) select the Type fr om the dr op-down menu. For a Stub type , choose Enabled or Disabled from the Stub Impor t Summary L SA dr op-down menu and determine the Stub Default Cost . Click the Add/Modify button to add the Area ID set to the table. T o remo ve an Area ID configuration s[...]
-
Página 120
Figure 6- 115. OSPF Interface Settings – Edit window Configure each IP interface individually using the O SPF Interface Settings – Edit menu. Click the Apply button when you hav e entered the settings.The new configuration appears listed in the OSPF Interface Settings table. T o return to the OSPF Interface Settings table, click the Show All OS[...]
-
Página 121
OSPF Vir tual Interf ace Settings Click the OSPF Virtual Interface Settings link to vie w the current OSPF V irtual Interface Settings . There are not virtual interface settings configured by default, so the first time this table is viewed ther e will be not interfaces listed. T o add a new OSPF virtual interface configuration set to the table, cli[...]
-
Página 122
OSPF Ar ea Agg r eg ation Settings Area Aggregation allows all of the r outing information that ma y be contained within an area to be aggr egated into a summary LSDB advertisement of just the netw ork addr ess and subnet mask. This allows for a r eduction in the volume of LSDB adv ertisement traffic as well as a reduction in the memory overhead in[...]
-
Página 123
T o configure OSPF host r outes, click the OSPF Host Route Settings link. T o add a ne w OSPF Route, click the Add button. Configure the setting in the menu that appears. The Add and Modify menus f or OSPF host route setting ar e nearly identical. The difference being that if y ou are changing an existing configuration you will be unable to change [...]
-
Página 124
Figure 6- 122. DHCP/BootP Global Settings window The following fields can be set: Parameter Descr iption BOO TP Relay Status This field can be toggled between Enabled and Disabled using the pull-down men u. It is used to enable or disable the BOO TP/DHCP Relay service on the Switch. The default is Disabled . BOO TP HOPS Count Limit (1-16) This fiel[...]
-
Página 125
Mapping Doma in Names to Addr esses Name-to-address translation is perf ormed by a pr ogram called a Name ser v er . The client program is called a Name r esolver . A Name resolver ma y need to contact sev eral Name ser vers to translate a name to an ad dress. The Domain Name System (DNS) servers are organized in a somewhat hierar chical fashion. A[...]
-
Página 126
Figure 6- 125. DNS Relay Static Settings and T able window T o add an entry into the DNS Relay Static T a bl e, simply enter a Domain Name with its corresponding IP ad dress and click Add . A successful entr y will be presented in the table below , as shown in the example abov e. T o erase an entr y from the table, click the corresponding 8 of the [...]
-
Página 127
VRRP Interf ace Settings The following window will allo w the user to view the parameters for the VRRP function on the Switch. T o vie w this window , click Configuration > Layer 3 IP Networking > VRRP > VRRP Configur ation : Figure 6- 127.VRRP Configuration window The following fields ar e displa yed in the window abo ve: Parameter Descr [...]
-
Página 128
Parameter Descr iption Interface Na me Enter the name of a pre viously configured IP interface to cr eate a VRRP entry for . This IP interface must be assigned to a VLAN on the Switch. VRID (1-255) Enter a value between 1 and 255 to uniquely identify this VRRP gr oup on the Switch. All routers participating in this group m ust be assigned the same [...]
-
Página 129
Figur e 6- 129.VRRP Interface Entr y Displa y window This window displa ys the following inf ormation: Parameter Descr iption Interface Na me An IP interface name that has been enabled for VRRP . This entry must hav e been pre viously set in the IP Interface Settings table. A uthentication type Displa ys the type of authentication used to compar e [...]
-
Página 130
IP Multicast Routing Pr otocol The functions supporting IP multicasting are added under the IP Multicast Routing Pr otocol folder , from the Layer 3 IP Networ king folder . IGMP Snooping , DVMRP , and PIM-DM can be enabled or disabled on the Switch without changing the individual protocol’ s configuration. IGMP Interf ace Configuration The Intern[...]
-
Página 131
DVMRP Interface Configuration The Distance V ector Multicast Routing Pr otocol ( DVMRP ) is a hop-based method of building m ulticast delivery trees from m ulticast sources to all nodes of a network. Because the deliver y trees ar e ‘pruned’ and ‘shor test path’, D VMRP is relativ ely efficient. Because multicast group membership informatio[...]
-
Página 132
The following fields can be set: Parameter Descr iption Interface Na me Displa ys the name of the IP interface for which D VMRP is to be configured. This must be a pre viously defined IP interface. IP Addr ess Displa ys the IP address cor responding to the IP Interface name enter ed above. Neighbor Timeout Interval (1-65535) This field allows an en[...]
-
Página 133
T o view the PIM-DM T able , open the IP Multicasting folder under Configuration and click PIM-DM Interface Configuration . This window allows the PIM-DM to be configured f or each IP interface defined on the Switch. Each IP interface configured on the Switch is displa yed in the below PIM-DM Interface Table dialog box. T o configur e PIM-DM for a [...]
-
Página 134
Chapter 7 - Secur ity Mana gement 7-1 Security IP 7-2 User Accounts 7-3 Access Authentication Control (T A CACS) 7-4 Secure Sock ets La yer (SSL) 7-5 Secure Shell (SSH) The following section will aid the user in configuring security functions f or the Switch. The Switch includes various functions for security , including TAC AC S , Security IPs , S[...]
-
Página 135
Figure 7- 3. User Accounts Modify T able – Add Ad d a new user b y typing in a User Na me , and N e w Passwor d and r etype the same passw ord in the Confirm Ne w P asswor d . Choose the lev el of privilege ( Admin or User ) from the Access Right drop-down men u. Figur e 7- 4. User Account Modify T able – Modify Modify or delete an existing use[...]
-
Página 136
7-3 Access Authentication Contr ol The T A CACS / XT ACACS / T A C A CS+ / RADIUS commands let you secur e access to the Switch using the T A C A CS / XT ACACS / T A C A CS+ / RADIUS protocols.When a user logs in to the Switch or tries to access the administrator level privilege, he or she is prompted for a pass word. If T ACA CS / XT A CACS / T A [...]
-
Página 137
The following parameters can be set: Parameter Descr iption Authentication Policy Use the pull down menu to enable or disable the Authentication P olicy on the Switch. Response Timeout (0-255) This field will set the time the Switch will wait for a response of authentication fr om the user . The user may set a time between 0 and 255 seconds.The def[...]
-
Página 138
Figure 7- 7. Authentication Ser ver Gr oup Settings window This screen displa ys the Authentication Ser ver Gr oups on the Switch. The Switch has four built-in Authentication Ser ver Groups that cannot be r emov ed but can be modified. T o modify a particular group , click its hyperlink ed Gr oup Name , which will then display the f ollowing window[...]
-
Página 139
Authentication Server Hosts This window will set user -defined Authentication Server Hosts for the T A CACS / XT ACA CS / T A C A CS+ / RADIUS security pr otocols on the Switch. When a user attempts to access the Switch with Authentication P olicy enabled, the Switch will send authentication packets to a r emote T A CACS / XT ACACS / T A CACS+ / RA[...]
-
Página 140
Note: More than one authentication pr otocol can be run on the same ph ysical server host but, remember that T A CACS/XT ACACS/T ACA CS+ are separate entities and ar e not compatible with each other . Login Method Lists This command will configure a user -defined or default Login Method List of authentication techniques for users logging on to the [...]
-
Página 141
T o define a Login Method List, set the following parameters and click Apply : Parameter Descr iption Method List Name Enter a method list name defined by the user of up to 15 characters. Method 1, 2, 3, 4 The user may add one, or a combination of up to four (4) of the following authentication methods to this method list: tacacs – Adding this par[...]
-
Página 142
Figure 7- 16. Enable Method List – Edit window Figure 7- 17. Enable Method List – Add window T o define an Enable Login Method List, set the following parameters and click A pply : Parameter Descr iption Method List Na me Enter a method list name defined b y the user of up to 15 characters. Method 1, 2, 3, 4 The user may add one, or a combinati[...]
-
Página 143
Figure 7- 18. Configure Local Enable Passwor d window T o set the Local Enable Passw ord, set the following parameters and click Apply . Parameter Descr iption Old Local Enable Passw or d If a pass wor d was previousl y configured for this entry , enter it here in order to change it to a ne w passwor d. New Local Enable Passwor d Enter the ne w pas[...]
-
Página 144
7-4 Secur e Sock et Layer (SSL) Secure Sock ets Layer or SSL is a security featur e that will pr ovide a secure comm unication path between a host and client thr ough the use of authentication, digital signatures and encryption. These security functions are implemented through the use of a ciphersuite, which is a security string that determines the[...]
-
Página 145
Configuration This screen will allow the user to enable SSL on the Switch and implement an y one or combination of listed ciphersuites on the Switch. A cipher suite is a security string that determines the exact cryptographic parameters, specific encr yption algorithms and k ey sizes to be used for an authentication session. The Switch possesses fo[...]
-
Página 146
7-5 Secur e Shell (SSH) SSH is an abbre viation of Secure Shell , which is a program allo wing secure r emote login and secure netw ork ser vices ov er an insecure netw ork. It allows a secure login to r emote host computers, a safe method of ex ecuting commands on a remote end node, and will provide secur e encrypted and authenticated communicatio[...]
-
Página 147
Figure 7- 24. SSH Algorithms window The f ollowing alg orithms ma y be set: Para meter Descr iption Authentication Mode Configuration Passw or d This field ma y be enabled or disabled to choose if the administrator wishes to use a locally configur ed pass wor d for authentication on the Switch. This field is Enabled by default. Pub lic K ey This fi[...]
-
Página 148
Data Integ r ity Algor ithm HMAC-SHA1 Use the pull-down to enable or disable the HMA C (Hash for Message Authentication Code) mechanism utilizing the Secure Hash algorithm.The default is Enabled . HMAC-MD5 Use the pull-down to enable or disable the HMA C (Hash for Message Authentication Code) mechanism utilizing the MD5 Message Digest encryption al[...]
-
Página 149
Parameter Descr iption User Name Enter a User Name of no mor e than 15 characters to identify the SSH user . This User Name must be a pre viously configured user account on the Switch. Auth. Mode The administrator may choose one of the f ollowing to set the authorization for users attempting to access the Switch. Host Based – This parameter shoul[...]
-
Página 150
Chapter 8 - SNMP Ma nager SNMP Settings Simple Network Management Pr otocol (SNMP) is an OSI La yer 7 (Application La yer) designed specifically for managing and monitoring netw ork devices. SNMP enables network management stations to r ead and modify the settings of gatewa ys, routers, switches, and other network devices. Use SNMP to configure sys[...]
-
Página 151
T o displa y the detailed entry for a given user , click on the hyperlink ed User Name. This will open the SNMP User Table Display page, as shown below . Figure 8- 2. SNMP User T able Displa y window The following parameters ar e displa yed: Parameter Descr iption User Name An alphan umeric string of up to 32 characters. This is used to identify th[...]
-
Página 152
Parameter Descr iption User Name Enter an alphan umeric string of up to 32 characters. This is used to identify the SNMP user . Gr oup Name This name is used to specify the SNMP group cr eated can request SNMP messages. SNMP V ersion V1 – Specifies that SNMP version 1 will be used. V2 – Specifies that SNMP version 2 will be used. V3 – Specifi[...]
-
Página 153
Figure 8- 5. SNMP View T able Configuration windo w The SNMP Group cr eated with this table maps SNMP users (identified in the SNMP User T able ) to the views created in the pr evious menu. The f ollowing parameters can be set: Parameter Descr iption View Name T ype an alphanumeric string of up to 32 characters. This is used to identify the new SNM[...]
-
Página 154
Figure 8- 7. SNMP Group T able Configuration windo w The following parameters can be set: Parameter Descr iption Gr oup Name T ype an alphan umeric string of up to 32 characters. This is used to identify the new SNMP group of SNMP users. Read View Name This name is used to specify the SNMP group cr eated can request SNMP messages. Wr ite View Na me[...]
-
Página 155
Figure 8- 8. SNMP Community T able Configuration and T able window The following parameters can be set: P arameter Descr iption Community Name T ype an alphanumeric string of up to 33 characters that is used to identify members of an SNMP community . This string is used like a pass wor d to give r emote SNMP managers access to MIB objects in the Sw[...]
-
Página 156
Figure 8-10. SNMP Host T able Configuration window The following parameters can be set: Parameter Descr iption Host IP Addr ess T ype the IP ad dress of the r emote management station that will ser ve as the SNMP host f or the Switch. SNMP V ersion V1 – T o specifies that SNMP version 1 will be used. V2 – T o specify that SNMP version 2 will be[...]
-
Página 157
Chapter 9 - Monitor ing 9-1 P ort Utilization The Por t Utilization page displa ys the percentage of the total a vailable bandwidth being used on the port. T o view the port utilization, open the Monitor ing folder and then the P ort Utilization link: Figure 9- 1. Port Utilization window T o select a port to view these statistics f or , first selec[...]
-
Página 158
Figur e 9- 2. CPU Utilization graph Click Apply to implement the configured settings. The window will automatically r efresh with ne w updated statistics. The information is described as follo ws: Parameter Descr iption Time Interval Select the desired setting betw een 1s and 60s, where "s" stands for seconds.The default value is one seco[...]
-
Página 159
Figure 9- 3. Rx Packets Analysis windo w (line graph for Bytes and Pack ets) T o view the R eceived P ack ets T able , click the link View T a ble , which will show the following table: Figure 9- 4. Rx Packets Analysis windo w (table for Bytes and Pack ets) The following fields ma y be set or viewed: 158 Allied T elesyn A T -9724TS High-Density La [...]
-
Página 160
Parameter Descr iption Time Interval Select the desired setting betw een 1s and 60s, where "s" stands for seconds.The default value is one second. Recor d Number Select number of times the Switch will be polled between 20 and 200.The default value is 200. Bytes Counts the number of bytes r eceived on the port. Pack ets Counts the number o[...]
-
Página 161
Figure 9- 6. Rx Packets Analysis windo w (table for Unicast, Multicast, and Broadcast Pack ets) The following fields ma y be set or viewed: Parameter Descr iption Time Interval Select the desired setting betw een 1s and 60s, where "s" stands for seconds.The default value is one second. Recor d Number Select number of times the Switch will[...]
-
Página 162
Figur e 9- 7. Tx Pack ets Analysis windo w (line graph for Bytes and Pack ets) T o view the T ransmitted (TX) T a ble , click the link View T able, which will show the following table: Figure 9- 8. Tx Pack ets Analysis windo w (table for Bytes and Pack ets) 161 Allied T elesyn A T -9724TS High-Density La yer 3 Stackable Gigabit Ethernet Switch[...]
-
Página 163
The following fields ma y be set or viewed: Parameter Descr iption Time Interval Select the desired setting betw een 1s and 60s, where "s" stands for seconds.The default value is one second. Recor d Number Select number of times the Switch will be polled between 20 and 200.The default value is 200. Bytes Counts the number of bytes success[...]
-
Página 164
Figure 9- 10. Rx Error Analysis window (table) The following fields can be set: Parameter Descr iption Time Interval Select the desired setting betw een 1s and 60s, where "s" stands for seconds.The default value is one second. Recor d Number Select number of times the Switch will be polled between 20 and 200.The default value is 200. Cr c[...]
-
Página 165
Figur e 9- 11. Tx Err or Analysis windo w (line graph) T o view the T ransmitted Err or P ack ets T able , click the link View T able, which will show the following table: Figure 9- 12. Tx Err or Analysis windo w (table) The f ollo wing fields ma y be set or viewed: 164 Allied T elesyn A T -9724TS High-Density La yer 3 Stackable Gigabit Ethernet Sw[...]
-
Página 166
Parameter Descr iption Time Interval Select the desired setting betw een 1s and 60s, where "s" stands for seconds.The default value is one second. Recor d Number Select number of times the Switch will be polled between 20 and 200.The default value is 200. ExDefer Counts the number of pack ets for which the first transmission attempt on a [...]
-
Página 167
Figure 9- 14. Rx Size Analysis window (table) The following fields can be set or vie wed: Parameter Descr iption Time Interval Select the desired setting betw een 1s and 60s, where "s" stands for seconds.The default value is one second. Recor d Number Select number of times the Switch will be polled between 20 and 200.The default value is[...]
-
Página 168
Figure 9- 15. Stacking Information window The Stacking Information window holds the f ollowing information: Parameter Descr iption Box ID Displa ys the Switch’ s order in the stack. User Set Box ID can be assigned automatically (Auto), or can be assigned statically . Default is Auto . Type Displa ys the model name of the corresponding switch in a[...]
-
Página 169
Figure 9- 16. Device Status window The following fields ma y be viewed in this window: Parameter Descr iption ID The Box ID of the Switch in the switch stack. Internal Po wer A read only field denoting the curr ent status of the internal power suppl y . Active will suggest the mechanism is functioning correctl y while Fail will show the mechanism i[...]
-
Página 170
The following fields can be vie wed or set: Parameter Descr iption VLAN Name Enter a VLAN Name for the forwar ding table to be bro wsed by . MAC Addr ess Enter a MA C addr ess for the forwar ding table to be bro wsed by . Unit – Por t Select the switch Unit ID of the s witch in the Switch stack and then the port by using the corresponding pull- d[...]
-
Página 171
Parameter Descr iption Sequence A counter incremented whene ver an entry to the Switch's histor y log is made. The table displays the last entry (highest sequence number) first. Time Displa ys the time in da ys, hours, and minutes since the Switch was last restarted. Log T ext Displa ys text describing the ev ent that triggered the history log[...]
-
Página 172
The user ma y search the IGMP Snooping F orwar ding T able b y VLAN Name using the top left hand corner Sear ch . The following fields can be vie wed: Parameter Descr iption VLAN Name The VLAN Name of the multicast gr oup . Sour ce IP The Source IP address of the m ulticast group . Multicast Gr oup The IP addr ess of the multicast gr oup. Por t Map[...]
-
Página 173
Figure 9- 23. Authenticator State – MAC Based 802.1X This window displa ys the A uthenticator State f or individual ports on a selected device. T o select unit within the switch stack, use the pull-down menu at the top of the window and click Apply . A polling interval between 1 and 60 seconds can be set using the drop-do wn menu at the top of th[...]
-
Página 174
Figure 9- 24. Authenticator Statistics window The user can specify a switch in a switch stack using that s witch’ s Unit ID by using the pull down menu in the top left hand corner . The user ma y also select the desired time interval to update the statistics, between 1s and 60s , where “s” stands for seconds. The default value is one second. [...]
-
Página 175
Authenticator Session Statistics This table contains the session statistics objects for the Authenticator P AE associated with each port. An entry appears in this table for each port that suppor ts the Authenticator function. T o view the A uthenticator Session Statistics , click Monitor ing > Port Access Contr ol > A uthenticator Session Sta[...]
-
Página 176
Authenticator Dia gnostics This table contains the diagnostic information r egarding the operation of the Authenticator associated with each port. An entr y appears in this table for each por t that suppor ts the Authenticator function. T o vie w the A uthenticator Diagnostics , click Monitor ing > P ort Access Contr ol > A uthenticator Diagn[...]
-
Página 177
Authed Start Counts the number of times that the state machine transitions from AUTHENTICA TED to CONNECTING, as a result of an EAPOL-Start message being receiv ed from the Supplicant. Authed LogOf f Counts the number of times that the state machine transitions fr om AUTHENTIC A TED to DISCONNECTED , as a result of an EAPOL-Log off message being re[...]
-
Página 178
BadAuthenticators The number of RADIUS Access-Response packets containing invalid authenticators or Signatur e attributes receiv ed from this server . PendingR equests The number of RADIUS Access-Request packets destined for this server that ha ve not y et timed out or receiv ed a response. This variable is incremented when an Access-Request is sen[...]
-
Página 179
Note: T o configure 802.1x f eatures for the A T -9724TS, go to the Configuration folder and select P ort Access Entity . Configuration and other information concerning 802.1x ma y be found in Section 6 of this man ual under Port Access Entity . 9-12 Lay er 3 F eatur e This folder in the Monitor ing section will displa y information concerning sett[...]
-
Página 180
Br owse Routing T able The Br owse Routing T able window ma y be found in the Monitoring men u in the Layer 3 Featur e folder . This screen sho ws the current IP r outing table of the Switch. T o find a specific IP route, enter an IP addr ess into the Destination Address field along with a proper subnet mask into the Mask field and click Find . Fig[...]
-
Página 181
Figure 9- 32. Browse IP Multicast Forwar ding T able Br owse IGMP Gr oup T a ble The Br owse IGMP Gr oup Table window ma y be found in the Monitor ing menu in the Layer 3 Featur e f older . This window will show cur rent IGMP gr oup entries on the Switch.T o search a specific IGMP gr oup entr y , enter an interface name into the Interf ace Name fie[...]
-
Página 182
The following fields ar e displa yed in the OSPF L SDB T able : Parameter Descr iption Ar ea ID Allows the entry of an OSPF Area ID . This Ar ea ID will then be used to search the table, and displa y an entr y – if there is one. L SDB Type Displa ys which one of eight types of link advertisements by which the curr ent link was discover ed by the [...]
-
Página 183
Figure 9- 36 .OSPF Vir tual Neighbor T able DVMRP Monitor ing This menu allows the D VMRP (Distance-V ector Multicast Routing Pr otocol) to be monitored for each IP interface defined on the Switch.This folder , found in the Monitor ing folder , offers 3 screens for monitoring; Bro wse DVMRP Routing T a ble , Br owse DVMRP Neighbor Addr ess T a ble [...]
-
Página 184
Br owse D VMRP Routing Next Hop T able The DVMRP Routing Next Hop T able contains information r egarding the next-hop for f orwarding multicast pack ets on outgoing interfaces. Each entr y in the DVMRP Routing Next Hop T able ref ers to the next-hop of a specific source to a specific m ulticast group addr ess. This table is found in the Monitor ing[...]
-
Página 185
Chapter 10 - Switch Ma intenance 10-1 TFTP Services 10-2 Multiple Image Services 10-3 CF Services 10-4 Ping T est 10-5 Sa ve Changes 10-6 Reset 10-7 Reboot Services 10-8 Logout 10-1 TFTP Service Tr ivial File Transfer Pr otocol (TFTP) ser vices allow the Switch’ s firmwar e to be upgraded by transferring a ne w firmware file fr om a TFTP ser ver [...]
-
Página 186
Enter the IP addr ess of the TFTP ser ver and specify the location of the switch configuration file on the TFTP server . Click Start to initiate the file transfer . Upl oad Configur ation T o upload the Switch’ s settings to a TFTP ser ver , click on the TFTP Service folder in the Maintenance folder and then click the Save Settings link: Figure 1[...]
-
Página 187
Figure 10- 5. Firmware Information window This window holds the following inf ormation: Parameter Descr iption BO X States the stacking ID number of the switch in the s witch stack. ID States the image ID number of the firmwar e in the Switch’ s memor y . The Switch can store 2 firmware images for use. Image ID 1 will be the default boot up firmw[...]
-
Página 188
This window offers the follo wing information: Parameter Descr iption Image Select the firmware image to be configured using the pull-do wn menu. The Switch allows two firmwar e images to be stored in the Switch’ s memory . Active This field has tw o options for configuration. Delete – Select this option to delete the firmware image specified i[...]
-
Página 189
10-5 Save Changes The A T -9724TS has two le vels of memory; normal RAM and non-volatile or NV -RAM. Configuration changes are made effective clicking the Apply button. When this is done, the settings will be immediately applied to the switching software in RAM, and will immediately take eff ect. Some settings, though, require y ou to restart the S[...]
-
Página 190
10-7 Reboot Device The following menu is used to r estart the Switch. Figure 10- 10. Restar t System window Clicking the Ye s click-box will instruct the Switch to sa ve the curr ent configuration to non-volatile RAM bef ore r estarting the Switch. Clicking the No click-bo x instructs the Switch not to sa v e the cur rent configuration befor e rest[...]
-
Página 191
Appendix A - T echnical Specifications General Sta ndard IEEE 802.3u 100TX Fast Ethernet IEEE 802.3ab 1000T Gigabit Ethernet IEEE 802.1 P/Q VLAN IEEE 802.3x Full-duplex Flow Contr ol IEEE 802.3 Nwa y auto-negotiation Pr otocols CSMA/CD Data Tr ansfer R ates: Half-duplex Full-duplex Ethernet 10Mbps 20Mbps Fast Ethernet 100Mbps 200Mbps Gigabit Ethern[...]
-
Página 192
P erformance Tr ansmission Method: Store-and-forwar d RAM Buffer: 2 MB per device Filter ing Addr ess T a ble: 16 K MA C addr ess per device Pack et Filtering/ Full-wire speed for all connections. Forwar ding R ate: 148,810 pps per por t (for 100Mbps) 1,488,100 pps per port (for 1000Mbps) MAC Addr ess Lea rning: Automatic update. Forwar ding Table [...]
-
Página 193
Appendix B - Tr anslated Electr ical Safety a nd Emission Information Important : This appendix contains multiple-language translations for the saf ety statements in this guide. Wichtig : Dieser Anhang enthält Übersetzungen der in diesem Handbuch enthaltenen Sicherheitshinweise in mehrer en Sprachen. Vigtigt : Dette tillæg indeholder oversættel[...]
-
Página 194
Die Entlüftungsöffnungen dürfen nicht v ersperrt sein und müssen zum Kühlen freien Zugang zur Raumluft haben. 6 m BETRIEBSTEMPERA TUR: Dieses Produkt wur de für den Betrieb in einer Umgebungstemperatur von nicht mehr als 40° C entworfen. 7 m ALLE LÄNDER: Installation muß örtlichen und nationalen elektrischen V orschriften entspr echen. St[...]
-
Página 195
3 c ÉQUIPEMENT DE CLASSE 1 ÉLECTRIQUE CE MA TÉRIEL DOIT ÊTRE MIS A LA TERRE. La prise de courant doit être branchée dans une prise f emelle correctement mise à la terr e car des tensions danger euses risqueraient d’atteindre les pièces métalliques accessibles à l’utilisateur . 4 m EQUIPEMENT POUR BRANCHEMENT ELECTRIQUE, la prise de so[...]
-
Página 196
Sikk erhetsnormer: Dette produktet tilfr edsstiller følgende sikk erhetsnormer . 1 c F ARE FOR L YNNEDSLAG F ARE: ARBEID IKKE på utstyr eller KABLER i T ORDENVÆR. 2 c FORSIKTIG: STRØMLEDNINGEN BRUKES TIL Å FRAK OBLE UTSTYRET . FOR Å DEAKTIVISERE UTSTYRET , må strømforsyningen k obles fra. 3 c ELEKTRISK – TYPE 1- KLASSE UTSTYR DETTE UTSTYR[...]
-
Página 197
4 m EQUIPO CONECT ABLE, el tomacor riente se debe instalar cerca del equipo , en un lugar con acceso fácil". 5 m A TENCION: Las aberturas para ventilación no deberán bloquearse y deberán tener acceso libr e al aire ambiental de la sala para su enfriamiento. 6 m TEMPERA TURA REQUERID A P ARA LA OPERACIÓN: Este producto está diseñado para[...]