New Template User Manual - FTP Directory Listing
Contents
1. Chapter Routing 281 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fes escrito O O Restart Age secs Displays the ammount of time since the last restart occured Restart Exit Reason Displays how the master unit on the stack last started up The possible values are e Not Attempted graceful restart has not been attempted e In Progress restart is in progress e Completed the previous gracefull restart completed successfully e Timed Out the previous graceful restart timed out Topology Changed the previous graceful restart terminated prematurely because of a topology change 282 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Router Discovery The Router Discovery protocol is used by hosts to identify operational routers on the subnet Router Discovery messages are of two types Router Advertisements and Router Solicitations The protocol mandates that every router periodically advertise the IP Addresses it is associated with Hosts listen for these advertisements and discover the IP Addresses of neighboring routers From the Router Discovery tab you can access the following pages Router Discovery Configuration on page 283 Router Discovery Configuration Use the Router Discovery Configuration page to enter or change Router Discovery parameters To display the Router Disco2. yos cms Pervert s di ana j aa a i J te sai Pervert s daii asia cakes esa s T A NAAN SEE a Sa E a i ee a aia walle Pervert 5 cas jaa poets aad 5 i ate oat noes eset rai a wiht cela Pervert 5 daii at 5 ai aa a N ahs event 5 apa as Ar aiat 5 Oi ithe RAS rece eat ate aik Wie ET ost li in each A T GAE aaa ai csi efor aaia aie alt Ge Ve Port Field Description Broadcast Storm Recovery Mode Enable or disable this option by selecting the corresponding line on the pull down entry field When you specify Enable for Broadcast Storm Recovery and the broadcast traffic on the specified Ethernet port exceeds the configured threshold the switch blocks discards the broadcast traffic The factory default is disabled Broadcast Storm Recovery Level Type Specify the Broadcast Storm Recovery Level as a percentage of link speed or as packages per second Broadcast Storm Recovery Level Specify the threshold at which storm control activates The factory default is 5 percent of port speed for pps type Chapter Managing Device Security 413 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fes escrito O O Multicast Storm Recovery Mode Enable or disable this option by selecting the corresponding line on the pull down entry field When you specify Enable for Multicast Storm Recovery and the multicast traffic on the specified Ethernet port exceeds the config
3. Key Generation In Progress Displays which key is being generated if any RSA DSA or None Host Keys Download Use this menu to transfer a file to or from the switch To display the Host Keys Download page click Security gt Access gt SSH gt Host Keys Download Host Keys Download Host Keys Download File Type SSH 1 RSA Key File v Transfer Mode TFTP a Server Address Type IPv4 Server Address 0 0 0 0 Remote File Path Remote File Name 1 Use File Type to specify the type of file you want to transfer e SSH 1 RSA Key File SSH 1 Rivest Shamir Adleman RSA Key File e SSH 2 RSA Key PEM File SSH 2 Rivest Shamir Adleman RSA Key File PEM Encoded 386 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e SSH 2 DSA Key PEM File SSH 2 Digital Signature Algorithm DSA Key File PEM Encoded 2 Use Transfer Mode to specify the protocol to use to transfer the file e TFTP Trivial File Transfer Protocol e SFTP Secure File Transfer Program e SCP Secure Copy 3 Use Server Address Type to specify either IPv4 or IPv6 to indicate the format of the TFTP SFTP SCP Server Address field The factory default is IPv4 4 Use Server Address to enter the IP address of the server in accordance with the format indicated by the Server Address Type The factory default is the IPv4 address 0 0 0 0 5 Use Remote File Name to enter the name on the
4. Click REFRESH to show the latest OSPFv3 Link State information Virtual Link Configuration Use the Virtual Link Configuration page to define a new or configure an existing virtual link To display this page a valid OSPF v3 area must be defined via the OSPFv3 Area Configuration page To display the Virtual Link Configuration page click Routing gt OSPFv3 gt Advanced gt Virtual Link Configuration Virtual Link Configuration OSPF v3 Virtual Link Configuration 1 Use Area ID to specify the Area ID portion of the virtual link identification for which data is to be displayed The Area ID and Neighbor Router ID together define the virtual link 2 Use Neighbor Router ID to specify the neighbor portion of the virtual link identification Virtual links may be configured between any pair of area border routers having interfaces to a common non backbone area 3 Use Hello Interval to specify the OSPF v3 hello interval for the specified interface in seconds This parameter must be the same for all routers attached to a network Valid values range from 1 to 65 535 The default is 10 seconds 4 Use Dead Interval to specify the OSPFv3 dead interval for the specified interface in seconds This specifies how long a router will wait to see a neighbor router s Hello packets before declaring that the router is down This parameter must be the same for all routers attached to a network This value should a multiple of the Hello Interval e
5. Mask Use SSM Group Address to enter the source specific multicast group ip address Use SSM Group Mask to enter the source specific multicast group ip address mask Click ADD to add a new source specific group Se Click DELETE to delete an existing source specific group Adding an SSM Range To add the Source Specific Multicast SSM Group IP Address and Group Mask IPv4 or Prefix Length IPv6 for the PIM router 1 Open the SSM Range Configuration page 2 Enter the SSM Group IP Address 3 Enter the SSM Group Mask IPv4 or SSM Prefix Length IPv6 4 Click the Add button The new SSM Range is added and the device is updated 310 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Interface Configuration Use the Interface Configuration page to configure specific interfaces with PIM or to view PIM interface settings To display the PIM Interface Configuration page click Routing gt Multicast gt PIM gt Interface Configuration PIM Interface Configuration PIM Interface Configuration All Go To Interface Go Admin 1P Join Prune BSR Designated Neighbor DR Priority Interface Hello Interval secs Interval secs Border Router Count Address a al amy LJ 10 1 Dsable Non Operational 0 0 0 0 30 a Disable O wer Ovsable Non Operational 0 0 0 0 30 Disable 3 O wes sable Non Operationa l 0 0 0 0 i Oisatte O sos Orsable Non Ope
6. Path Cost offered to the LAN by the Designated Port 138 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Designated Bridge Bridge Identifier of the bridge with the Designated Port It is made up using the bridge priority and the base MAC address of the bridge Designated Port Port Identifier on the Designated Bridge that offers the lowest cost to the LAN It is made up from the port priority and the interface number of the port Topology Change Acknowledge Identifies whether the next BPDU to be transmitted for this port would have the topology change acknowledgement flag set It is either True or False Edge port Indicates whether the port is enabled as an edge port It takes the value Enabled or Disabled Point to point MAC Derived value of the point to point status CST Regional Root Bridge Identifier of the CST Regional Root It is made up using the bridge priority and the base MAC address of the bridge CST Path Cost Path Cost to the CST Regional Root Port Up Time Since Counters Last Cleared Time since the counters were last cleared displayed in Days Hours Minutes and Seconds MST Configuration Use the Spanning Tree MST Configuration page to configure Multiple Spanning Tree MST on the switch To display the Spanning Tree MST Configuration page cl
7. 459 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Packets Received 256 511 Octets Packets Received 512 1023 Octets Packets Received 1024 1518 Octets Packets Received gt 1518 Octets Total Packets Received Without Errors The total number of packets including bad packets received that were between 256 and 511 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received that were between 512 and 1023 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received that were between 1024 and 1518 octets in length inclusive excluding framing bits but including FCS octets The total number of packets received that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed The total number of packets received that were without errors Unicast Packets Received The number of subnetwork unicast packets delivered to a higher layer protocol Multicast Packets Received The total number of good packets received that were directed to a multicast address Note that this number does not include packets directed to the broadcast address Broadcast Packets Received The total number of good packets received that were directed to the broadcast address
8. Enables RIP for an interface The default is Disable Indicates whether the RIP interface is up or down The number of RIP response packets received by the RIP process which were subsequently discarded for any reason The number of routes in valid RIP packets which were ignored for any reason e g unknown address family or invalid metric The number of triggered RIP updates actually sent on this interface This explicitly does NOT include full updates sent containing new information Click REFRESH to show the latest RIP information Route Redistribution Use the RIP Route Redistribution page to configure which routes are redistributed to other routers using RIP The allowable values for each fields are displayed next to the field If any invalid values are entered an alert message is displayed with the list of all the valid values To display the Route Redistribution page click Routing gt RIP gt Advanced gt Route Redistribution Route Redistribution Configuration se o Redmtrbete made mere Dreet ete I mt a eirs trax Catoe Distefiwte Lint Match Internal Match External Tyee 1 232 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual RIP Route Redistribution Configuration This screen can be used to configure the RIP Route Redistribution parameters The allowable values for each fields are displayed next to the field If any invalid valu
9. Please click APPLY below to be taken to the Online Support site at netgear com To connect to the NETGEAR support site for ProSafe Managed Switches click Apply Chapter Help 502 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual User Guide Use the User Guide page to access the ProSafe Managed Switch the guide you are now reading that is available on the NETGEAR Website To access the User Guide page click Help gt Online Help gt User Guide User Guide User Guide Please click APPLY button below to view the PDF User Guide s You will need Adobe Acrobat Reader to view a Guide To access to the User Guide that is available online click Apply Chapter Help 503 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 504 Chapter Help Detault Settings This appendix describes the default settings for many of the NETGEAR 7000 series Managed Switch software features Table 3 Default Settings Feature Default IP address 169 254 100 100 Subnet mask 255 255 0 0 Default gateway 0 0 0 0 Protocol DHCP Management VLAN ID Minimum password length 1 Eight characters IPv6 management mode Enabled SNTP client Enabled SNTP server Not configured Global logging Enabled CLI command logging Disabled Console logging RAM logging Persistent FLASH logging Enabled Severity level debug and above Enabled Severity level debu
10. Advertisement Version Entry Last Changed Time Software Version Displays the ISDP version sending from the neighbor Displays the time since last entry is changed Displays the software version on the neighbor Chapter Configuring System Information 109 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual ISDP Statistics To display this page click System gt ISDP gt Advanced gt Statistics A screen similar to the following displays ISDP Statistics ISDP Statistics ISDP Packets Received 60333 ISOP Packets Transmitted 13196 ISDPv1 Packets Received 0 ISDPv1 Packets Transmitted 0 ISDPv2 Packets Received 60333 ISDPv2 Packets Transmitted 13196 ISOP Bad Header ISDP Checksum Error 0 0 ISOP Transmission Failure 0 ISDP Invalid Format 0 0 ISDP Table Full ISDP IP Address Table Full 0 The following table describes the ISDP Statistics fields Field Description ISDP Packets Received Displays the ISDP packets received including ISDPv1 and ISDPv2 packets ISDP Packets Transmitted Displays the ISDP packets transmitted including ISDPv1 and ISDPv2 packets ISDPv1 Packets Received Displays the ISDPv1 packets received ISDPv1 Packets Transmitted Displays the ISDPv1 packets transmitted ISDPv2 Packets Received Displays the ISDPv2 packets received ISDPv2 Packets Transmitted Displays the ISDPv2 packets transmitted ISDP Bad Header Displays
11. Enable IP Multicast Use the Multicast Global Configuration page Multicast Global Configuration on page 293 and enable the Admin Mode Enable IGMP Use the IGMP Global Configuration page GMP Global Configuration on page 300 and enable the Admin Mode Enable a Unicast Routing protocol RIP OSPF Refer to the respective help of this item To use Dense mode PIM DM a Enable Dense Mode Use the PIM Global Configuration page Global Configuration on page 309 select the PIM Protocol Type as PIM DM and enable the Admin Mode To use Sparse mode PIM SM a Enable Sparse Mode Use the PIM Global Configuration page Global Configuration on page 309 select the PIM Protocol Type as PIM SM and enable the Admin Mode 526 Appendix Configuration Examples ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Interface Configuration 1 Enable Routing Use the IP Interface Configuration page P Configuration on page 193 select the ports 1 0 4 and 1 0 6 and enable their Routing Mode 2 Configure IP Address the IP Interface Configuration page P Interface Configuration on page 198 select the ports 1 0 4 and 1 0 6 and set their IP Address and Subnet Mask as follows e Port 1 0 4 IP Address 3 3 3 1 Subnet Mask 255 255 255 0 e Port 1 0 6 IP Address 2 2 2 2 Subnet Mask 255 255 255 0 3 Enable a Unicast Routing protocol RIP OSPF Refer to the respective help of this item 4 Enable PIM
12. VLAN Status a SEA VLAN Type Member Ports ID Name 1 default Default 1 0 1 1 0 24 0 3 1 0 3 64 Field Definition VLAN ID The VLAN Identifier VID of the VLAN The range of the VLAN ID is 1 to 4093 VLAN Name The name of the VLAN VLAN ID 1 is always named Default Chapter Configuring Switching Information 117 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Definition SOS VLAN Type The VLAN type e Default VLAN ID 1 always present e Static a VLAN you have configured e Dynamic a VLAN created by GVRP registration that you have not converted to static and that GVRP may therefore remove Routing Interface The interface associated with the VLAN in the case that VLAN routing is configured for this VLAN The ports that are included in the VLAN Member Ports 118 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Port PVID Configuration The Port PVID Configuration screen lets you assign a port VLAN ID PVID to an interface There are certain requirements for a PVID e All ports must have a defined PVID e If no other value is specified the default VLAN PVID is used e Ifyou want to change the port s default PVID you must first create a VLAN that includes the port as a member e Use the Port VLAN ID PVID Configuration page to configure a virtual LAN on a
13. e Basic on page 202 e Advanced on page 205 Basic From the Basic link you can access the following pages e IPv6 Global Configuration on page 203 e IPv6 Route Table on page 204 202 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IPv6 Global Configuration Use the Global Configuration page to enable IPv6 forwarding on the router and to enable the forwarding of IPv6 unicast datagrams To display the IPv6 Global Configuration page click Routing gt IPv6 gt Basic gt Global Configuration IPv6 Global Configuration IPv6 Global Configuration 2 IPv6 Unicast Routing Disable Enable IPv6 Forwarding Disable Enable Hop Limit 0 ICMPv6 Rate Limit Error Interval 1000 ICMPv6 Rate Limit Burst Size 100 1 Use IPv6 Unicast Routing to globally enable or disable IPv6 unicast routing on the entity 2 Use IPv6 Forwarding to enable or disable forwarding of IPv6 frames on the router 3 Use the Hop Limit option to define the unicast hop count used in IPv6 packets originated by the node The value is also included in router advertisements Valid values for lt hops gt are 1 64 inclusive The default not configured means that a value of zero is sent in router advertisements and a value of 64 is sent in packets originated by the node Note that this is not the same as configuring a value of 64 4 Use ICMPv6 Rate Limit Error Interval to control the ICMPv 6 error pack
14. 498 Chapter Maintenance ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Traceroute IPv4 Use this screen to tell the switch to send a TraceRoute request to a specified IP address or Hostname You can use this to discover the paths packets take to a remote destination Once you click the Apply button the switch will send traceroute and the results will be displayed below the configurable data If a reply to the traceroute is received you will see e 1x y z w 9869 usec 9775 usec 10584 usec e 2 0 0 0 0 0 usec 0 usec 0 usec e 30 0 0 0 0 usec 0 usec 0 usec e Hop Count w Last TTL z Test attempt x Test Success y To display the Traceroute IPv4 page click Maintenance gt Troubleshooting gt Traceroute IPv4 TraceRoute IPv4 TraceRoute Ipv4 IP Address Hostname Probes Per Hop Ww w MaxTTL InitTTL MaxFail w we Interval secs Port 33434 Size 0 Results To configure the Traceroute settings and send probe packets to discover the route to a host on the network 1 Use IP Address Hostname to enter the IP address or Hostname of the station you want the switch to discover path The initial value is blank The IP Address or Hostname you enter is not retained across a power cycle 2 Optionally configure the following settings Probes Per Hop Enter the number of probes per hop The initial value is default The Probes per Hop you enter is not retained a
15. DHCPv 6 Bindings Information amp DHCPv6 Bindings Information Search By Binding IP fete Client Prefix Prefix Expiry Valid Prefer Client Address Client DUID Prefix Interface Length Type Time Lifetime Lifetime The following table describes the DHCPv6 Bindings Information fields Field Description Client Address Specifies the IPv6 address of the client associated with the binding Client Interface Specifies the interface number where the client binding occurred Client DUID Specifies client s DHCPv6 unique identifier Prefix PrefixLength Specifies the IPv6 address and mask length for delegated prefix associated with this binding Prefix Type Specifies the type of prefix associated with this binding Expiry Time Specifies the number of seconds until the prefix associated with a binding will expire Valid Lifetime Specifies the valid lifetime value in seconds of the prefix associated with a binding Prefer Lifetime Specifies the preferred lifetime value in seconds of the prefix associated with a binding 68 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DHCPv6 Server Statistics Use the DHCPV6 Server Statistics page to display DHCPV 6 statistics for one or all interfaces To display the DHCPv6 Server Statistics page click System gt Services gt DHCPv6 Server gt DHCPV 6 Server Statistics A s
16. NETGEAR ProSate Managed Switch Web Management User Manual ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 2011 NETGEAR Inc All rights reserved No part of this publication may be reproduced transmitted transcribed stored in a retrieval system or translated into any language in any form or by any means without the written permission of NETGEAR Inc Technical Support Thank you for choosing NETGEAR To register your product get the latest product updates get support online or for more information about the topics covered in this manual visit the Support website at http support netgear com Phone US amp Canada only 1 888 NETGEAR Phone Other Countries Check the list of phone numbers at http support netgear com app answers detail a_id 984 Trademarks NETGEAR the NETGEAR logo ReadyNAS ProSafe ProSecure Smart Wizard Auto Uplink X RAID2 and NeoTV are trademarks or registered trademarks of NETGEAR Inc Microsoft Windows Windows NT and Vista are registered trademarks of Microsoft Corporation Other brand and product names are registered trademarks or trademarks of their respective holders Statement of Conditions To improve internal design operational function and or reliability NETGEAR reserves the right to make changes to the products described in this document without notice NETGEAR does not assume any liability that may occur due to the use or application
17. The Link State ID identifies the piece of the routing domain that is being described by the advertisement The value of the LS ID depends on the advertisement s LS type Age The time since the link state advertisement was first originated in seconds Sequence The sequence number field is a signed 32 bit integer It is used to detect old and duplicate link state advertisements The larger the sequence number the more recent the advertisement Checksum The checksum is used to detect data corruption of an advertisement This corruption can occur while an advertisement is being flooded or while it is being held in a router s memory This field is the checksum of the complete contents of the advertisement except the LS age field Chapter Routing 277 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fes escrito O O The Options field in the link state advertisement header indicates which optional capabilities are associated with the advertisement The options are e Q This enables support for QoS Traffic Engineering e E This describes the way AS external LSAs are flooded e MC This describes the way IP multicast datagrams are forwarded according to the standard specifications e O This describes whether Opaque LSAs are supported e V This describes whether OSPF extensions for VPN COS are supported Router Options The router specific options
18. The number of IPv6 datagrams that have been successfully fragmented at this output interface Datagrams Failed To Fragment Datagrams Fragments Created The number of output datagrams that could not be fragmented at this interface The number of output datagram fragments that have been generated as a result of fragmentation at this output interface Chapter Routing 211 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O Multicast Datagrams Received The number of multicast packets received by the interface Multicast Datagrams Transmitted The number of multicast packets transmitted by the interface ICMPv 6 Statistics Feis escrito O O Total ICMPv6 Messages Received The total number of ICMP messages received by the interface which includes all those counted by ipv6lflcmpInErrors Note that this interface is the interface to which the ICMP messages were addressed which may not be necessarily the input interface for the messages ICMPv6 Messages With Errors Received The number of ICMP messages which the interface received but determined as having ICMP specific errors bad ICMP checksums bad length etc ICMPVv6 Destination Unreachable Messages The number of ICMP Destination Unreachable Received messages received by the interface ICMPv6 Messages Prohibited Administratively The number of ICMP destination Received unreachable communi
19. To display the Voice VLAN Configuration page click Switching gt VLAN gt Advanced gt Voice VLAN Configuration Voice VLAN Configuration Voice VLAN Global Admin Admin Mode Disable Enable Voice VLAN Configuration 1 All Go To Interface GO J CoS Override Operational Interface Interface Mode Value DSCP Value P Mode State O 170 1 Disable 0 Disable 0 Disable C 170 2 Disable i Disable 0 Disable O 10 3 Disable 0 Disable 0 Disable O os Disable 0 Disable 0 Disable DO os Disable 0 Disable 0 Disable O swore Disable 0 Disable 0 Disable O wvo7 Disable 0 Disable 0 Disable C 170 8 Disable 0 Disable 0 Disable O 10 9 Disable 0 Disable 0 Disable CO 1 0 10 Disable 0 Disable 0 Disable O 1 0 11 Disable 0 Disable 0 Disable O 10 12 Disable o Disable o Disable O wos Disable 0 Disable o Disable C 1 0 14 Disable o Disable o Disable O 10 15 Disable 0 Disable 0 Disable C 1 0 16 Disable Disable o Disable O 1 0 17 Disable 0 Disable 0 Disable O 10 18 Disable 0 Disable 0 Disable O 1 0 19 Disable 0 Disable 0 Disable C 1 0 20 Disable Disable 0 Disable O 10 21 Disable 0 Disable 0 Disable O 10 22 Disable 0 Disable o Disable O 1 0 23 Disable 0 Disable 0 Disable O 1 0 24 Disable o Disable o Disable i all Go To Interface GO 1 Use Admin Mode to select the administrative mode for Voice VLAN for the switch The default is disable 2 Use Interface to select the physical interface for which you want to configure data 3 U
20. Use this menu to download a file to the switch from a USB device To display this page click Maintenance gt Download gt USB File Download Download File From USB Download File From USB File Type Archive Image Name image l USB File 1 Use File Type to specify what type of file you want to transfer a Use Archive to specify archive STK code when you want to download to the operational flash e Image1 Specify the code image1 when you want to download e Image2 Specify the code image2 when you want to download b Use Text Configuration to specify configuration in text mode when you want to update the switch s configuration If the file has errors the update will be stopped The factory default is Image1 494 Chapter Maintenance ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 2 Use USB File to specify a name along with path for the file you want to download You may enter up to 32 characters The factory default is blank 3 Download Status displays the status during transfer file to the switch 4 The last row of the table is used to display information about the progress of the file transfer The screen will refresh automatically until the file transfer completes File Management The system maintains two versions of the ProSafe Managed Switches software in permanent storage One image is the active image and the second image is the backup image The active im
21. Configuration Examples 525 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Dynamic 1 Configure BSR Candidate Use the PIM BSR Candidate Configuration page BSR Candidate Configuration on page 313 set Interface as 1 0 4 and rest are default values 2 Configure Candidate RP Use PIM Candidate RP Configuration page BSR Candidate Configuration on page 313 set the following parameters e Interface 1 0 4 e Group Address 224 1 2 0 e Group Mask 225 255 255 0 e Override Disable Interface Configuration 1 2 Enable Routing Use the IP Interface Configuration page P Interface Configuration on page 198 select the ports 1 0 4 and 1 0 6 and enable their Routing Mode Configure IP Address Use the IP Interface Configuration page P Interface Configuration on page 198 select the ports 1 0 4 and 1 0 6 and set their IP Address and Subnet Mask as follows e Port 1 0 4 IP Address 1 1 1 2 Subnet Mask 255 255 255 0 e Port 1 0 6 IP Address 2 2 2 1 Subnet Mask 255 255 255 0 Enable a Unicast Routing protocol RIP OSPF Refer to the respective help of this item Enable PIM Use the PIM Interface Configuration page nterface Configuration on page 311 select the ports 1 0 4 and 1 0 6 and enable their Admin Mode Configuration of Switch_2 Global Configuration 1 2 Enable IP Routing Use the IP Configuration page P Configuration on page 186 and enable the Routing Mode
22. The number of ICMP Destination Unreachable messages sent The number of ICMP Time Exceeded messages sent The number of ICMP Parameter Problem messages sent Chapter Routing 197 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fes escrito O O IcmpOutSrcQuenchs The number of ICMP Source Quench messages sent IcmpOutRedirects The number of ICMP Redirect messages sent For a host this object will always be zero since hosts do not send redirects IcmpOutEchos The number of ICMP Echo request messages sent IcmpOutEchoReps The number of ICMP Echo Reply messages sent IcmpOutTimestamps The number of ICMP Timestamp request messages IcmpOutTimestampReps The number of ICMP Timestamp Reply messages sent IcmpOutAddrMasks The number of ICMP Address Mask Request messages sent IcmpOutAddrMaskReps The number of ICMP Address Mask Reply messages sent IP Interface Configuration Use the IP Interface Configuration page to update IP interface data for this switch To display the IP Interface Configuration page click Routing gt IP gt Advanced gt IP Interface Configuration PUPIEVEUEVES ECR E EE Ei HENNEN PICT EUPERI EIDE EIELELE TOTP IETS TESTE TE Te te te THER PIGLESELEIELECELEIEUELE TETETSTE TE TELE TE TS te ae PiGIRSEEIEIEUELER ETE HHN HENNEN NENNNI PIGS EUELEU EEL EUEU EEE STECEC ELEC ELE Ete eras KENNEN 1 Use Port
23. 308 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual PIM This section provides information about the Managed Switch Administrator pages for configuring and monitoring PIM SM and PIM DM for IPv4 and IPv6 multicast routing on a XSM 7224S switch From the PIM link you can access the following pages e Global Configuration on page 309 e SSM Configuration on page 310 e Interface Configuration on page 311 PIM Neighbor on page 312 e Candidate RP Configuration on page 313 e BSR Candidate Configuration on page 313 e Static RP Configuration on page 314 Global Configuration Use the Global Configuration page to configure or view the administrative status of PIM DM or PIM SM on the switch To display the PIM Global Configuration page click Routing gt Multicast gt PIM gt Global Configuration PIM Global Configuration PIM Global Configuration 2 PIM Protocol Type O PIM DM PIM SM Admin Mode f Disable Enable Data Threshold Rate Kbps 0 Register Threshold Rate Kbps 0 If you select PIM SM as the PIM protocol additional fields appear as shown above 5 Use PIM Protocol Type to select the protocol variant of PIM sparse mode or dense mode to be enabled 6 Use Admin Mode to set the administrative status of PIM DM in the router The default is disable 7 Use Data Threshold Rate kbps to enter the rate in K bits second above which the last hop router will switc
24. 5 In the Secret field type the shared secret to use with the specified accounting server 6 From the Accounting Mode menu enable or disable the RADIUS accounting mode 7 To delete a configured RADIUS Accounting server click Delete The following table describes RADIUS accounting server statistics available on the page Click CLEAR COUNTERS to clear the accounting server statistics Field Description Accounting Server Address Identifies the accounting server associated with the statistics Round Trip Time secs Accounting Requests Accounting Retransmissions Accounting Responses Displays the time interval in hundredths of a second between the most recent Accounting Response and the Accounting Request that matched it from this RADIUS accounting server Displays the number of RADIUS Accounting Request packets sent not including retransmissions Displays the number of RADIUS Accounting Request packets retransmitted to this RADIUS accounting server Displays the number of RADIUS packets received on the accounting port from this server Malformed Accounting Responses Bad Authenticators Pending Requests Timeouts Displays the number of malformed RADIUS Accounting Response packets received from this server Malformed packets include packets with an invalid length Bad authenticators and unknown types are not included as malformed accounting responses Displays the number of RADIUS Ac
25. 513 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Differentiated Services DiffServ Standard IP based networks are designed to provide best effort data delivery service Best effort service implies that the network deliver the data in a timely fashion although there is no guarantee that it will During times of congestion packets may be delayed sent sporadically or dropped For typical Internet applications such as e mail and file transfer a slight degradation in service is acceptable and in many cases unnoticeable However any degradation of service has undesirable effects on applications with strict timing requirements such as voice or multimedia Quality of Service QoS can provide consistent predictable data delivery by distinguishing between packets that have strict timing requirements from those that are more tolerant of delay Packets with strict timing requirements are given special treatment in a QoS capable network With this in mind all elements of the network must be QoS capable If one node is unable to meet the necessary timing requirements this creates a deficiency in the network path and the performance of the entire packet flow is compromised There are two basic types of QoS Integrated Services network resources are apportioned based on request and are reserved resource reservation according to network management policy RSVP for example Differentiated Services ne
26. AOVANGCEO o 9 3 88 20d ceski inerenti rinie apee Eeka Zameen 284 MUNICAS E E Gems ee ee ee E E EEE TT ECET 290 Mroute Table ce recrerrire tirer N eE EEEE 290 Multicast Global Configuration a a aaa auaa 291 Interface Configuration esasssssrrerssserersersrerrane 292 DVMR Pe pedang kr E enne ER E E a EE 293 IOMP sic ceca st 5 EELEE a ah Ss ca ished E AAE NEE E EEE 298 PIM cic eh ta ae tilt oh ee eh esa ad dee oaths 307 Static Routes Configuration sac ohaad eee diode am Raa e dae 314 Admin Boundary Configuration 0 0 0 cee eee 314 PVG MUMICASE o eena anal Schon er avai anls B Arava dled Gans oun Aland 315 Mroute Table 222930208 occerrceelietewditewdetee ebeeko TESE 315 IPVOHPIM 5 3 SS crenshiceeh geek hers weber rE ts Loree NARA 316 MUD secs ae as Rte da dn dear de tekorte en die rer aaa abe Ream end 325 Static Routes Configuration 0 0 ee 333 Chapter 5 Configuring Quality of Service Class Of SERVICE oid a6 a 0 6 a aresdie agp arate greed chu n Ba Rane d averw Gea eae 335 BaSe re as oea dea oh arte hp Gc od a Gao ie deren Ga 339 Advanced lt 4 dccsccke radar a a a EES 337 Differentiated Services 0 0 eee 343 DiffServ Wizard ereere 09 0 4 0 63 9 4404904694 59450 0eR 0 oo400 RE45 344 Auto VolP Configuration s r rsrsrsrs erii Raia a Sok oe aeaeia 346 Basiri ensar as Eh ae ERS Be hae Se a 347 Advanced 22 sie cb kk RE Aaa RAE SEA DERE RES EEEN 348 Chapter 6 Managing Device Security Management
27. In Italy the end user should apply for a license at the national spectrum authorities in order to obtain authorization to use the device for setting up outdoor radio links and or for supplying public access to telecommunications and or network services This device may not be used for setting up outdoor radio links in France and in some areas the RF output power may be limited to 10 mW EIRP in the frequency range of 2454 2483 5 MHZ For detailed information the end user should contact the national spectrum authority in France FCC Requirements for Operation in the United States FCC Information to User This product does not contain any user serviceable components and is to be used with approved antennas only Any product changes or modifications will invalidate all applicable regulatory certifications and approvals FCC Guidelines for Human Exposure This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with minimum distance of 20 cm between the radiator and your body This transmitter must not be co located or operating in conjunction with any other antenna or transmitter FCC Declaration of Conformity We NETGEAR Inc 350 East Plumeria Drive San Jose CA 95134 declare under our sole responsibility that the GSM7224S ProSafe 10G Managed Stackable Switch complies with Part 15 Subpart B of FCC CFR47 Rules Operation is subject to the followin
28. IpInDiscards Description The total number of input datagrams received from interfaces including those received in error The number of input datagrams discarded due to errors in their IP headers including bad checksums version number mismatch other format errors time to live exceeded errors discovered in processing their IP options etc The number of input datagrams discarded because the IP address in their IP header s destination field was not a valid address to be received at this entity This count includes invalid addresses e g 0 0 0 0 and addresses of unsupported Classes e g Class E For entities which are not IP Gateways and therefore do not forward datagrams this counter includes datagrams discarded because the destination address was not a local address The number of input datagrams for which this entity was not their final IP destination as a result of which an attempt was made to find a route to forward them to that final destination In entities which do not act as IP Gateways this counter will include only those packets which were Source Routed via this entity and the Source Route option processing was successful The number of locally addressed datagrams received successfully but discarded because of an unknown or unsupported protocol The number of input IP datagrams for which no problems were encountered to prevent their continued processing but which were discarded e g for lack of buffe
29. It can be up to 24 non blank characters long Group Mode This field identifies the mode of the Private Group you selected The modes are community e isolated The group mode can be either isolated or community When in isolated mode the member port in the group cannot forward its egress traffic to any other members in the same group By default the mode is community mode that each member port can forward traffic to other members in the same group but not to members in other groups 410 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Protected Ports Configuration If a port is configured as protected it does not forward traffic to any other protected port on the switch but it will forward traffic to unprotected ports Use the Protected Ports Configuration page to configure the ports as protected or unprotected You need read write access privileges to modify the configuration To display the Protected Ports Configuration page click the Security gt Traffic Control gt Protected Ports Protected Ports Configuration Protected Ports Configuration Group ID Group Name To configure protected ports 1 Use Group ID to identify a group of protected ports that can be combined into a logical group Traffic can flow between protected ports belonging to different groups but not within the same group Th
30. LAGS All The following table describes the information available on the STP Statistics page Chapter Configuring Switching Information 143 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fea escrito O O Interface Selects one of the physical or port channel interfaces of the switch STP BPDUs Received Number of STP BPDUs received at the selected port STP BPDUs Transmitted Number of STP BPDUs transmitted from the selected port RSTP BPDUs Received Number of RSTP BPDUs received at the selected port RSTP BPDUs Transmitted Number of RSTP BPDUs transmitted from the selected port MSTP BPDUs Received Number of MSTP BPDUs received at the selected port MSTP BPDUs Transmitted Number of MSTP BPDUs transmitted from the selected port Multicast Multicast IP traffic is traffic that is destined to a host group Host groups are identified by class D IP addresses which range from 224 0 0 0 to 239 255 255 255 From the Multicast link you can access the following pages e MFDB on page 144 e IGMP Snooping on page 146 e MLD Snooping on page 157 MFDB From the MFDB link you can access the following pages e MFDB Table on page 145 e MFDB Statistics on page 146 144 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual MFDB Table The Multicast Forwarding Database holds the port membership
31. LS type 5 link state advertisements The sum can be used to determine if there has been a change in a router s link state database and to compare the link state database of two routers Import Summary LSAs The summary LSAs will be enabled disabled imported into this area Chapter Routing 265 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Stub Area Configuration To display the Stub Area Configuration page click Routing gt OSPFv3 gt Advanced gt Stub Area Configuration Stub Area Configuration OSPF v3 Stub Area Configuration Area ID E Import Area LSA Type of Summary Default Cost Checksum Service LSAs 1 Use Area ID to enter the OSPF area ID An Area ID is a 32 bit integer in dotted decimal format that uniquely identifies the area to which a router interface connects 2 Use Import Summary LSAs to select enable or disable If you select enable summary LSAs will be imported into areas Defaults to Enable 3 Use Default Cost to enter the metric value you want applied for the default route advertised into the stub area Valid values range from 1 to 16 777 215 This value is applicable only to Stub areas 4 Click ADD to configure the area as a stub area 5 Click DELETE to delete the stub area designation The area will be returned to normal state Feis o Desertion O O SPF Runs The number of times that the intra area route table has been calcula
32. N E 1 0 1 Disable Disable z 1 0 2 Disable 600 48 Disable C 1 0 3 Disable 600 48 Disable O 1 0 4 Disable 600 48 Disable 1 0 5 Disable 600 48 Disable 1 0 6 Disable 600 48 Disable O 1 0 7 Disable 600 48 Disable O 1 0 8 Disable 600 48 Disable O 1 0 9 Disable 600 48 Disable J 1 0 10 Disable 600 48 Disable O 1 0 11 Disable 600 48 Disable O 1 0 12 Disable 600 48 Disable C 1 0 13 Disable 600 48 Disable O 1 0 14 Disable 600 48 Disable C 1 0 15 Disable 600 48 Disable 1 0 16 Disable 600 48 Disable C 1 0 17 Disable 600 48 Disable C 1 0 18 Disable 600 48 Disable O 1 0 19 Disable 600 48 Disable 406 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual To configure port security settings 1 Port Selects the interface to be configured 2 Select the check box next to the port or LAG to configure Select multiple check boxes to apply the same setting to all selected interfaces Select the check box in the heading row to apply the same settings to all interfaces 3 Specify the following settings e Security Mode Enables or disables the Port Security feature for the selected interface e Max Allowed Dynamically Learned MAC Sets the maximum number of dynamically learned MAC addresses on the selected interface Max Allowed Statically Locked MAC Sets the maximum number of statically locked MAC addresses on the selected interface Violati
33. No Neighbor at Source Address The number of OSPFv3 packets dropped because the sender is not an existing neighbor or the sender s IP address does not match the previously recorded IP address for that neighbor Invalid OSPF Packet Type The number of OSPFv3 packets discarded because the packet type field in the OSPFv3 header is not a known type Hellos Ignored The number of received Hello packets that were ignored by this router from the new neighbors after the limit has been reached for the number of neighbors on an interface or on the system as a whole Hellos Sent The number of Hello packets sent on this interface by this router Hellos Received The number of Hello packets received on this interface by this router DD Packets Sent The number of Database Description packets sent on this interface by this router DD Packets Received The number of Database Description packets received on this interface by this router LS Requests Sent The number of LS Requests sent on this interface by this router LS Requests Received The number of LS Requests received on this interface by this router LS Updates Sent The number of LS updates sent on this interface by this router LS Updates Received The number of LS updates received on this interface by this router LS Acknowledgements Sent The number of LS acknowledgements sent on this interface by this router LS Acknowledgements Received The number of LS acknowledgements
34. Search By Group IP GO Last u Ex pame a i Proxy Interface Group IP Source Hosts p dd State of Reporter Time Time 3 Sources Fes O Desertion O O Group IP Displays the IP multicast group address Proxy Interface Displays the interface on which IGMP proxy is enabled Source Hosts This parameter shows source addresses which are members of this multicast address Last Reporter The IP address of the source of the last membership report received for the IP Multicast group address on the IGMP Proxy interface Uptime The time elapsed since this entry was created Expiry Time This parameter shows expiry time interval against each source address which is a member of this multicast group This is the amount of time after which the specified source entry is aged out The state of the host entry A Host can be in one of the state Non member state does not belong to the group on the interface Delaying member state host belongs to the group on the interface and report timer running The report timer is used to send out the reports Idle member state host belongs to the group on the interface and no report timer running Filter Mode The group filter mode Include Exclude None for the specified group on the IGMP Proxy interface Number of Sources The number of source hosts present in the selected multicast group Click REFRESH to refresh the data on the screen with latest IGMP proxy member information
35. The following table describes the LLDP Remote Device Inventory fields Field Description Specifies the list of all the ports on which LLDP frame is enabled Management Address Specifies the advertised management address of the remote system MAC Address Specifies the MAC Address associated with the remote system 96 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description System Name Specifies model name of the remote device Remote Port ID Specifies the port component associated with the remote system LLDP MED From the LLDP MED link you can access the following pages e LLDP MED Global Configuration on page 97 e LLDP MED Interface Configuration on page 98 e LLDP MED Local Device Information on page 100 e LLDP MED Remote Device Information on page 102 e LLDP MED Remote Device Inventory on page 104 LLDP MED Global Configuration Use the LLDP MED Global Configuration page to specify LLDP MED parameters that are applied to the switch To display this page click System gt LLDP gt LLDP MED gt Global Configuration A screen similar to the following displays LLDP MED Global Configuration Global Configuration g Fast Start Repeat Count 3 Device Class Network Connectivity 1 Use Fast Start Repeat Count to specify the number of LLDP PDUs that will be transmitted when the protocol is enabled The r
36. The valid Encryption Protocols are None or DES e If you select the DES Protocol you must enter a key in the Encryption Key field If None is specified for the Protocol the Encryption Key is ignored 5 Encryption Key If you selected DES in the Encryption Protocol field enter the SNMPv3 Encryption Key here otherwise this field is ignored Valid keys are 0 to 15 characters long The Apply checkbox must be checked in order to change the Encryption Protocol and Encryption Key 6 Click CANCEL to cancel the configuration on the screen Resets the data on the screen to the latest value of the switch 7 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately LLDP The IEEE 802 1AB defined standard Link Layer Discovery Protocol LLDP allows stations on an 802 LAN to advertise major capabilities and physical descriptions This information is viewed by a network manager to identify system topology and detect bad configurations on the LAN From the LLDP link you can access the following pages e LLDPon page 90 e LLDP MED on page 97 LLDP is a one way protocol there are no request response sequences Information is advertised by stations implementing the transmit function and is received and processed by stations implementing the receive function The transmit and receive functions can be enabled disabled separately per port By default both transmit and receive are disabled on
37. Use the PIM Interface Configuration page nterface Configuration on page 311 select the ports 1 0 4 and 1 0 6 and enable their Admin Mode 5 Enable IGMP Use the IGMP Routing Interface Configuration page IGMP Routing Interface Configuration on page 301 select the port 1 0 4 and enable the Admin Mode Appendix Configuration Examples 527 Notification of Compliance NETGEAR Managed Stackable Switch Regulatory Compliance Information Note This section includes user requirements for operating this product in accordance with National laws for usage of radio spectrum and operation of radio devices Failure of the end user to comply with the applicable requirements may result in unlawful operation and adverse action against the end user by the applicable National regulatory authority Note This product s firmware limits operation to only the channels allowed in a particular Region or Country Therefore all options described in this user s guide may not be available in your version of the product Europe EU Declaration of Conformity CEO Marking by the above symbol indicates compliance with the Essential Requirements of the R amp TTE Directive of the European Union 1999 5 EC This equipment meets the following conformance standards EN300 328 2 4Ghz EN301 489 17 EN301 893 5Ghz EN60950 1 For complete DoC visit the NETGEAR EU Declarations of Conformity website at http support netgear com app answers detail a_id 116
38. Use the RADIUS Server Configuration page to view and configure various settings for the current RADIUS server configured on the system To access the RADIUS Server Configuration page click Security gt Management Security gt RADIUS gt Server Configuration link Server Configuration Server Configuration Pending Unknown Packets Timeouts Authenticators Requests Types Dropped To configure a RADIUS server 1 To adda RADIUS server specify the settings the following list describes and click Add e Inthe Radius Server IP Address field specify the IP address of the RADIUS server to add e In the Radius Server Name field specify the Name of the server being added e Use Port to specify the UDP port used by this server The valid range is 0 65535 e Secret Configured The Secret will only be applied if this option is yes If the option is no anything entered in the Secret field will have no affect and will not be retained 368 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e Use Secret to specify the shared secret for this server e Use Primary Server to set the selected server to the Primary or Secondary server e Use Message Authenticator to enable or disable the message authenticator attribute for the selected server 2 Click ADD to add a new server to the switch This button is only available to READWRITE users These changes wi
39. e Disabled Snooping Querier is not operational on the VLAN The Snooping Querier moves to disabled mode when MLD Snooping is not operational on the VLAN or when the querier address is not configured or the network management address is also not configured Operational Version Displays the operational MLD protocol version of the querier Last Querier Address Displays the IP address of the last querier from which a query was snooped on the VLAN Last Querier Version Operational Max Response Time Displays the MLD protocol version of the last querier from which a query was snooped on the VLAN Displays maximum response time to be used in the queries that are sent by the Snooping Querier Chapter Configuring Switching Information 163 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Address Table From the Address Table link you can access the following pages e Basic on page 164 e Advanced on page 166 Basic From the Basic link you can access the following pages e Address Table on page 164 Address Table This table contains information about unicast entries for which the switch has forwarding and or filtering information This information is used by the transparent bridging function in determining how to propagate a received frame To display the Address Table page click Switching gt Address Table gt Basic gt Address Table Address Table MA
40. excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with an integral number of octets 460 Chapter Monitoring the System ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Overruns Total Received Packets Not Forwarded Local Traffic Frames 802 3x Pause Frames Received Unacceptable Frame Type The total number of frames discarded as this port was overloaded with incoming packets and could not keep up with the inflow A count of valid frames received which were discarded i e filtered by the forwarding process The total number of frames dropped in the forwarding process because the destination address was located off of this port A count of MAC Control frames received on this interface with an opcode indicating the PAUSE operation This counter does not increment when the interface is operating in half duplex mode The number of frames discarded from this port due to being an unacceptable frame type VLAN Membership Mismatch The number of frames discarded on this port due to ingress filtering VLAN Viable Discards The number of frames discarded on this port when a lookup on a particular VLAN occurs while that entry in the VLAN table is being modified or if the VLAN has not been configured Multicast Tree Viable Discards Reserved Address Discards Broadcas
41. interface is not enabled for routing It is not valid to set this value to 0 if routing is enabled Range of MTU is 1280 to 1500 Use Duplicate Address Detection Transmits to specify the number of duplicate address detections transmits on an interface DAD transmits values must be in range 0 to 600 ad 206 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 9 Use Life Time Interval to specify the router advertisement lifetime field sent from the interface This value must be greater than or equal to the maximum advertisement interval 0 means do not use the router as the default router The range of router lifetime is 0 to 9000 10 Use Adv NS Interval to specify the retransmission time field of router advertisement sent from the interface A value of 0 means interval is not specified for router Range of neighbor solicit interval is 1000 to 4294967295 11 Use Adv Reachable Time to specify the router advertisement time to consider neighbor reachable after ND confirmation Range of reachable time is 0 to 3600000 12 Use Adv Interval to specify the maximum time allowed between sending router advertisements from the interface Default value is 600 Range of maximum advertisement interval is 4 to 1800 13 Use Adv Managed Config Flag to specify the router advertisement managed address configuration flag When true end nodes use DHCPV6 When false end nodes auto configure addresses Defau
42. pull down menu The default is None The choices are e 0Q None No authentication will be performed e 1 Simple Authentication will be performed using a text password Authentication Data If you selected simple authentication enter the password Use Status to select active or inactive to start or stop the operation of the Virtual Router The default is inactive Click ADD to add a new Virtual Router to the switch configuration Click DELETE to delete the selected Virtual Router Note that the router can not be deleted if there are secondary addresses configured Interface IP Address Indicates the IP Address associated with the selected interface Owner Set to True if the Virtual IP Address and the VMAC Address The virtual MAC Address associated with the Virtual State The current state of the Virtual Router Interface IP Address are the same otherwise set to False If this parameter is set to True the Virtual Router is the owner of the Virtual IP Address and will always win an election for master router when it is active Router composed of a 24 bit organizationally unique identifier the 16 bit constant identifying the VRRP address block and the 8 bit VRID Initialize Master e Backup Chapter Routing 287 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual VRRP Secondary IP To display the VRRP Secondary IP page click Routing gt VRRP gt
43. the switch will send traceroute and the results will be displayed below the configurable data If a reply to the traceroute is received you will see e 1 a b c d e f g 9869 usec 9775 usec 10584 usec e 2 0 0 0 0 0 0 0 0 0 usec 0 usec 0 usec e Hop Count w Last TTL z Test attempt x Test Success y To display the Traceroute IPv6 page click Maintenance gt Troubleshooting gt Traceroute IPv6 Traceroute IPv6 Traceroute IPv6 IPv6 Address Host Name Port 33434 Results 1 Use IPv6 Address Hostname to enter the IPv6 address or Hostname of the station you want the switch to discover path The initial value is blank The IPv6 Address or Hostname you enter is not retained across a power cycle 2 Use Port to enter the UDP Dest port in probe packets The initial value is default value The port you enter is not retained across a power cycle 500 Chapter Maintenance ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Chapter Maintenance 501 Help Use the features available from the Help tab to connect to online resources for assistance The Help tab contains a link to Online Help Online Help The Online Help includes the following pages e Support on page 502 e User Guide on page 503 Support Use the Support page to connect to the Online Support site at netgear com To access the Support page click Help gt Online Help gt Support Support Support
44. ver inte 7 et 3 3 beet Cente net Desset Deste Dasi orea one tes cee treve treces traced wane s stai Desse s a lt gt see tassa astas vas m as tee 3 p besi nae Sasse Deset Seaton aate onan pns toata ineei vw lt a s traded boatas lt er ca esses Deot reeta os sa toota cee wee ines fut a i tated Deste aee Deset Dastu Dasta pen Dasme taea ramtes t ene trares trotse esise aere cates a asire ecto taoro vesised ve we bei J beei 3 bebei nate oe Cvstont Deste Tama Daere cee te cates ven trate tremes trenet cawe save Destet Deene basve cave sone trate bastat u o ba owt 3 bew gt w Sse eaten Daet Ds omen te ees t ene toores treet sera san cevet oone Testa s sen tase Cosemed uaz ne bw t 2 treet Daath oe Destet Dest pes Deme eee trate i meres t ene tremens taedia astas ante swi Desta asro sare tere nrav rs is me ie i bet 3 7 bebei Desie oa Destet Dastre cee Caen Deme to amres trates sse s Deves Desr esve saire a tasima estes wi 5 ree J ba 3 beei ale nnn Laanet Daten Dente nae nanan trae Eees i treme as s moet Deste sore lt sace trate weatvet O wa is rate bt 3 a buous Desie one Destes Dest Desti eed cate tate eatin Vawe Ke Gobe o r a lt en casso esros ote c i ome t e Taseias uva ne fee bet 3 t bebt Dube oe Dossat Dese Desne Casia eee tae Dearer ves prenes ces ene sees Deetme ote seire set tare soros O wau m oa ect ome 8 eee beiet Danae a Deaton Desta Dana aea pee od tremens uan trate Cre
45. you can access the following pages e PFC Configuration on page 177 e PFC Statistics on page 178 PFC Configuration Use the PFC Configuration page to set the PFC administration mode and to set PFC priority and action mappings To access the PFC Configuration page click Switching gt PFC gt PFC Configuration Chapter Configuring Switching Information 177 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual PFC Configuration PFC Configuration Interface 1 0 1 M Set PFC Admin Mode g PFC Admin Mode Disable PFC Status Inactive PFC Priorirty and Action Mapping Set PFC Priorirty and Action Mappings F 0 Drop 1 Drop 2 Drop 3 Drop 4 Drop 5 Drop 6 Drop 7 Drop 1 Use Interface to select the interface to be configured Select All to specify all interfaces 2 Use PFC Admin Mode to enable or disable the PFC for the selected interface It is disabled by default 3 Use Action to select the action Drop No Drop to be applied for the corresponding Priority value on the selected interface It is Drop by default 4 Click Apply to update the switch with the values on the screen If you want the switch to retain the new values across a power cycle you must perform a save Fes escrito O O PFC Status Displays the operational status Active Inactive of PFC on the selected interface Priority This displays the priority value for which an action Drop No Drop has been configu
46. 16 0 1 0 17 0 1 0 18 o 1 0 19 0 1 0 20 0 1 0 21 0 1 0 22 u 1 0 23 0 1 0 24 0 1 LAGS All Messages With Opt82 oo o ooo oG o 0O oO oO0O ooog oo o oF oOo Go o Messages Without Opt82 Messages Without Opt82 0 o o 0 0 0 0 0 0 o 0 o 0 0 0 0 0 0 o o 0 o 0 o 0 0 0 0 0 o o o 0 o o o 0 o o 0 0 o o 0 0 o o o The following table describes the DHCP L2 Relay Interface Statistics fields Field Description Interface UntrustedServerMsgsWithOpt82 UntrustedClientMsgsWithOpt82 Shows the interface from which the DHCP message is received Shows the number of DHCP message with option82 received from an untrusted server Shows the number of DHCP message with option82 received from an untrusted client Chapter Configuring System Information 59 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O TrustedServerMsgsWithoutOpt82 Shows the number of DHCP message without option82 received from a trusted server TrustedClientMsgsWithoutOpt82 Shows the number of DHCP message without option82 received from a trusted client UDP Relay From the UDP Relay link you can access the following pages e UDP Relay Global Configuration on page 60 e UDP Relay Interface Configuration on page 61 UDP Relay Global Configuration To display the UDP Relay Global Configuration page click System gt Services gt UDP Relay gt UDP
47. 2 Use Remote IP Address to configure Remote IP Address on which the snooping database will be stored when Remote is selected 3 Use Remote File Name to configure Remote file name to store the database when Remote is selected 4 Use Write Delay to configure the maximum write time to write the database into local or remote The range of Write Delay is 15 to 86400 418 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DHCP Snooping Statistics To display the DHCP Snooping Statistics page click Security gt Control gt DHCP Snooping gt Statistics DHCP Snooping Statistics __DHCP Snooping Statistics iior DHCP Server Msgs Interface MAC Verify Failures Client Ifc Mismatch Received LAGS all Chapter Managing Device Security 419 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O Interface The untrusted and snooping enabled interface for which statistics to be displayed MAC Verify Failures Number of packets that were dropped by DHCP Snooping as there is no matching DHCP Snooping binding entry found Client Ife Mismatch The number of DHCP messages that are dropped based on source MAC address and client HW address verification DHCP Server Msgs Received Click CLEAR to clear all interfaces statistics The number of Server messages that are dropped on a
48. 22 Disable 6 CO 1 0 23 Disable 5 CO 1 0 24 Disable 6 i LAGS All Go To Interface lagoa 1 Interface Specifies the Auto VolP configurable interfaces 2 Use Auto VolP Mode to enable or disable the Auto VolP mode Auto VolP Mode can only be one of the following e Enable e Disable Default 346 Chapter Configuring Quality of Service ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Traffic Class Displays the Traffic Class used for VoIP traffic Basic From the Basic link you can access the following pages e DiffServ Configuration on page 347 DiffServ Configuration Packets are filtered and processed based on defined criteria The filtering criteria is defined by aclass The processing is defined by a policy s attributes Policy attributes may be defined on a per class instance basis and it is these attributes that are applied when a match occurs The configuration process begins with defining one or more match criteria for a class Then one or more classes are added to a policy Policies are then added to interfaces Packet processing begins by testing the match criteria for a packet The all class type option defines that each match criteria within a class must evaluate to true for a packet to match that class The any class type option defines that at least one match criteria must evaluate to true for a packet to match that class Classes are te
49. 300 1 Use Address Aging Timeout seconds to specify the time out period in seconds for aging out dynamically learned forwarding information 802 1D 1990 recommends a default of 300 seconds The value may be specified as any number between 10 and 1000000 seconds The factory default is 300 166 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Address Table This table contains information about unicast entries for which the switch has forwarding and or filtering information This information is used by the transparent bridging function in determining how to propagate a received frame To display the Address Table page click Switching gt Address Table gt Advanced gt Address Table Address Table MAC Address Table Search By VLAN ID v GO Total MAC Addresses 9 VLAN ID MAC Address Port status 1 00 04 06 02 04 07 0 5 1 Management 1 00 05 04 03 02 42 1 0 22 Learned 1 00 16 9C E1 D8 00 1 0 22 Learned 1 00 19 E7 D3 82 2D 1 0 22 Learned 1 00 1A A0 1A 94 FA 1 0 22 Learned 1 00 C0 05 01 98 05 1 0 22 Learned 1 30 46 9A 0C A0 CB 1 0 13 Learned 1 C8 0A A9 32 F3 59 1 0 22 Learned 1 C8 0A A9 32 F3 63 1 0 22 Learned 1 Use Search By to search for MAC Addresses by MAC Address VLAN ID and port e Searched by MAC Address Select MAC Address from pull down menu enter the 6 byte hexadecimal MAC Address in two digit groups separated by colons for example
50. 5806 0 00000000 00247 18 EVENT gt bootos c 220 0 AAAAAAAA 00031 19 EVENT gt unitmgr c 5806 0 00000000 014817 20 EVENT gt bootos c 220 0 AAAAAAAA 00031 21 EVENT gt unitmgr c 5806 0 00000000 001210 22 EVENT gt bootos c 220 0 AAAAAAAA 00031 23 EVENT gt unitmgr c 5806 0 00000000 00045 24 EVENT gt bootos c 220 0 AAAAAAAA 00031 25 EVENT gt unitmagr c 5806 0 00000000 00148 26 EVENT gt bootos c 220 0 AAAAAAAA 00031 27 EVENT gt unitmgr c 5806 0 00000000 00340 oe m mae nnn gt The following table describes the Event Log information displayed on the screen Use the buttons at the bottom of the page to perform the following actions 474 Chapter Monitoring the System ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e Click Clear to clear the messages out of the Event Log e Click Refresh to refresh the data on the screen and display the most current information Field Description Entry The sequence number of the event Type The type of the event File Name The file in which the event originated Line The line number of the event Task Id The task ID of the event Code The event code Time The time this event occurred Persistent Logs A persistent log is a log that is stored in persistent storage Persistent storage survives across platform reboots The first log type is the system startup log The system startup log stores the first N messages received after system
51. 7 Disable C s0 s Disable O 1 0 9 Disable C 1 0 10 Disable C 1 0 11 Disable O 1 0 12 Disable O 1 0 13 Disable O 1 0 14 Disable O 1 0 15 Disable O 1 0 16 Disable O 1 0 17 Disable C 1 0 18 Disable O 1 0 19 Disable C 1 0 20 Disable O 1 0 21 Disable C 1 0 22 Disable CJ 1 0 23 Disable CO 1 0 24 Disable i LAGS all Go To Interface aso 152 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 Use Interface to select the physical interface for which you want Multicast Router to be enabled 2 Use Multicast Router to enable or disable Multicast Router on the selected interfaces Multicast Router VLAN Configuration This page configures the interface to only forward the snooped IGMP packets that come from VLAN ID lt vlanld gt to the multicast router attached to this interface The configuration is not needed most of the time since the switch will automatically detect the presence of a multicast router and forward IGMP packets accordingly It is only needed when you want to make sure that the multicast router always receives IGMP packets from the switch in a complex network To access the Multicast Router VLAN Configuration page click Switching gt Multicast gt IGMP Snooping gt Multicast Router VLAN Configuration Multicast Router VLAN Configuration Multicast Router VLAN Configuration Interface 1 0 1 iw Multicast Router VLAN Configuratio
52. ACL rule from the pull down menu The possible values are IP DSCP IP precedence and IP TOS which are alternative ways of specifying a match criterion for the same Service Type field in the IP header however each uses a different user notation After a selection is made the appropriate value can be specified IP DSCP Specify the IP DiffServ Code Point DSCP field The DSCP is defined as the high order six bits of the Service Type octet in the IP header This is an 446 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual optional configuration Enter an integer from 0 to 63 The IP DSCP is selected by possibly selection one of the DSCP keyword from a dropdown box If a value is to be selected by specifying its numeric value then select the Other option in the dropdown box and a text box will appear where the numeric value of the DSCP can be entered e IP Precedence The IP Precedence field in a packet is defined as the high order three bits of the Service Type octet in the IP header This is an optional configuration Enter an integer from 0 to 7 e IP TOS The IP TOS field in a packet is defined as all eight bits of the Service Type octet in the IP header The TOS Bits value is a hexadecimal number from 00 to FF The TOS Mask value is a hexadecimal number from 00 to FF The TOS Mask denotes the bit positions in the TOS Bits value that are used for comparison agains
53. ARP Entries IPv4 Unicast Routes IPv NOP Entries Pv6 Unicast Routes ECHP Next eps IPv4 Multicast Routes IPv Multicast Routes To configure the SDM Template Preference settings 1 Use SDM Next Template ID to configure the next active template It will be active only after the next reboot To revert to the default template after the next reboot use the Default option Possible values are e Default e Dual IPv4 and IPv6 e Pv4 routing Default e IPv4 Data Center Chapter Configuring System Information 43 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual The following table displays Summary information Field Description SDM Current Template ID Displays the current active SDM Template Possible values are Dual IPv4 and IPv6 e IPv4 routing Default IPv4 Data Center SDM Template Identifies the Template The possible values are e Dual IPv4 and IPv6 e IPv4 routing Default e IPv4 Data Center ARP Entries The maximum number of entries in the IPv4 Address Resolution Protocol ARP cache for routing interfaces IPv4 Unicast Routes The maximum number of IPv4 unicast forwarding table entries IPv6 NDP Entries The maximum number of IPv6 Neighbor Discovery Protocol NDP cache entries IPv6 Unicast Routes ECMP Next Hops The maximum number of IPv6 unicast forwarding table entries The maximum number of next hops that can be i
54. ARP packets will be dropped If this value is None there is no limit The factory default is 15pps packets per second Use Burst Interval secs to specify the burst interval value for rate limiting purpose on this interface If the rate limit is None burst interval has no meaning shows it as N A The factory default is 1 second DAI ACL Configuration This screen shows the ARP ACLs configured To display the DAI ACL Configuration page click Security gt Control gt Dynamic ARP Inspection gt DAI ACL Configuration 1 2 3 Dynamic ARP Inspection ACL Configuration DAI ACL Configuration Use Name to create New ARP ACL for DAI Click ADD to add a new DAI ACL to the switch configuration Click DELETE to remove the currently selected DAI ACL from the switch configuration DAI ACL Rule Configuration This screen shows the Rules for selected DAI ARP ACL To display the DAI ACL Rule Configuration page click Security gt Control gt Dynamic ARP Inspection gt DAI ACL Rule Configuration Dynamic ARP Inspection ACL Rules Configuration Rules No ARP ACLs Found ACL Name Selects the DAI ARP ACL for which information want to be displayed or configured Click ADD to add a new Rule to the selected ACL Click DELETE to remove the currently selected Rule from the selected ACL 426 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field S
55. Admin Mode to enable or disable RIP for the switch The default is enable 2 Use Split Horizon Mode to select none simple or poison reverse from the radio buttons Split horizon is a technique for avoiding problems caused by including routes in updates sent to the router from which the route was originally learned The options are e None No special processing for this case e Simple A route will not be included in updates sent to the router from which it was learned e Poison reverse A route will be included in updates sent to the router from which it was learned but the metric will be set to infinity The default is simple 3 Use Auto Summary Mode to select enable or disable If you select enable groups of adjacent routes will be summarized into single entries in order to reduce the total number of entries The default is disable Chapter Routing 227 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 4 Use Host Routes Accept Mode to select enable or disable If you select enable the router will be accept host routes The default is enable 5 Use Default Information Originate to enable or disable Default Route Advertise 6 Use Default Metric to set a default for the metric of redistributed routes This field displays the default metric if one has already been set or blank if not configured earlier The valid values are 1 to 15 Fig Deseripion O O Global Route Changes The number
56. Advanced gt VRRP Secondary IP VRRP Secondary IP Address Configuration Routing Interface VRRP Interface VRRP ID a a VRRP Secondary IP Address Configuration Prima IP r ey Secondary IP Address Address 1 Use VRRP ID and Interface to select one of the existing Virtual Routers listed by interface number and VRRP ID 2 Use Secondary IP Address to enter the IP address for the interface This address must be a member of one of the subnets currently configured on the interface This value is read only once configured 3 Click ADD to add a new secondary IP address to the selected VRRP interface 4 Click DELETE to delete the selected secondary IP address Field Description Virtual Router ID The Virtual Router ID for which data is to be displayed or configured Primary IP Address The Primary IP Address of the Virtual Router 288 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Tracking Configuration Use Tracking Configuration to track specific route IP states within the router that can alter the priority level of a virtual router fora VRRP group To display the Tracking Configuration page click Routing gt VRRP gt Advanced gt Tracking Configuration VRRP Tracking Configuration Routing Interface VRRP Interface VRRP ID VRRP Tracking Interface Configuration Tracked Interface Tracked Priority Decrement Interface St
57. Advertise Address to enter the IP Address to be used to advertise the router 4 Use Maximum Advertise Interval to enter the maximum time in seconds allowed between router advertisements sent from the interface 5 Use Minimum Advertise Interval to enter the minimum time in seconds allowed between router advertisements sent from the interface 6 Use Advertise Lifetime to enter the value in seconds to be used as the lifetime field in router advertisements sent from the interface This is the maximum length of time that the advertised addresses are to be considered as valid router addresses by hosts 7 Use Preference Level to specify the preference level of the router as a default router relative to other routers on the same subnet Higher numbered addresses are preferred You must enter an integer VRRP The Virtual Router Redundancy protocol is designed to handle default router failures by providing a scheme to dynamically elect a backup router The driving force was to minimize plack hole periods due to the failure of the default gateway router during which all traffic directed towards it is lost until the failure is detected Though static configuration of default routes is popular such an approach is susceptible to a single point of failure when the default router fails VRRP advocates the concept of a virtual router associated with one or more IP Addresses that serve as default gateways In the event that the VRRP Router
58. Always Metric and Metric Type are already configured then setting Default Information Originate back to disable will set the Always Metric and Metric Type values to default 2 Use Always to set the router advertise when set to True 3 Use Metric to specify the metric of the default route The valid values are O to 16777214 262 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 4 Use Metric Type to set the metric type of the default route Valid values are External Type 1 and External Type 2 OSPF v3 Configuration 1 Use Router ID to specify the 32 bit integer in dotted decimal format that uniquely identifies the router within the autonomous system AS If you want to change the Router ID you must first disable OSPFv3 After you set the new Router ID you must re enable OSPF v3 to have the change take effect The default value is 0 0 0 0 although this is not a valid Router ID Use Admin Mode to select enable or disable If you select enable OSPF v3 will be activated for the switch The default value is enable You must configure a Router ID before OSPF v3 can become operational This can also be done by issuing the CLI command router id in the IPv6 router OSPF mode Note Once OSPFv3 is initialized on the router it will remain initialized until the router is reset Use Exit Overflow Interval to enter the number of seconds that after entering overflo
59. Binding Configuration on page 439 e MAC Binding Table on page 440 MAC ACL AMAC ACL consists of a set of rules which are matched sequentially against a packet When a packet meets the match criteria of a rule the specified rule action Permit Deny is taken and the additional rules are not checked for a match On this menu the interfaces to which an MAC ACL applies must be specified as well as whether it applies to inbound or outbound traffic Rules for the MAC ACL are specified created using the MAC ACL Rule Configuration menu There are multiple steps involved in defining a MAC ACL and applying it to the switch 1 Use the MAC ACL page to create the ACL ID 2 Use the MAC Rules page to create rules for the ACL 3 Use the MAC Binding Configuration page to assign the ACL by its ID number to a port 4 Optionally use the MAC Binding Table page to view the configurations To display the MAC ACL page click Security gt ACL gt Basic gt MAC ACL MAC ACL MAC ACL Current Number of ACL 0 Maximum ACL 100 MAC ACL Table Direction The MAC ACL table displays the number of ACLs currently configured in the switch and the maximum number of ACLs that can be configured The current size is equal to the number of configured IPv4 ACLs plus the number of configured MAC ACLs To configure a MAC ACL 1 To add a MAC ACL specify a name for the MAC ACL in the Name field and click Add The name string may include alphabetic numeric d
60. Bit Status Specifies the tagged bit associated with a particular policy type Inventory Information Specifies if inventory TLV is received in LLDP frames on this port Specifies hardware version of the remote device Firmware Revision Specifies Firmware version of the remote device Software Revision Specifies Software version of the remote device Serial Number Specifies serial number of the remote device Manufacturer Name Specifies manufacturers name of the remote device Model Name Specifies model name of the remote device Asset ID Specifies asset id of the remote device Location Information Specifies if location TLV is received in LLDP frames on this port Chapter Configuring System Information 103 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Sub Type Specifies type of location information Location Information Specifies the location information as a string for given type of location id Extended POE Specifies if remote device is a PoE device Device Type Specifies remote device s PoE device type connected to this port Extended POE PSE Specifies if extended PSE TLV is received in LLDP frame on this port Available Specifies the remote ports PSE power value in tenths of watts Source Specifies the remote ports PSE power source Priority Specifies the remote ports PSE power priority Extended POE P
61. Checkpoint Statistics page click System gt Stacking gt NSF gt Checkpoint Statistics A screen similar to the following displays Checkpoint Statistics Checkpoint Statistics Messages Checkpointed Bytes Checkpointed Time Since Counters Cleared Checkpoint Message Rate Last 10 second Message Rate Highest 10 second Message Rate 0 0 1 days 23 hrs 59 mins 15 secs 0 000 msg sec 0 0 msg sec 0 0 msg sec The following table describes the Checkpoint Statistics fields Field Description Messages Checkpointed Bytes Checkpointed Time Since Counters Cleared Displays the number of messages sent from master unit to backup unit Displays how much data has been sent from master unit to the backup unit Displays the amount of time since the counters have been reset Message Rate Interval Indicates the number of seconds between measurements Message Rate Indicates how many messages have been sent in the last measurement interval Highest Message Rate Indicates the highest number of messages have been sent in a measurement interval Chapter Configuring System Information 81 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual SNMP From SNMP link under the System tab you can configure SNMP settings for SNMP V1 V2 and SNMPv3 From the SNMP link you can access the following pages e SNMPV1 V2 on page 82 e SNMP V3 on page 88 SNMPV1 V2 Th
62. Default e Reauthenticate If the termination action is default then at the end of the session the client details are initialized Otherwise re authentication is attempted 400 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Port Status This field shows the authorization status of the specified port The possible values are Authorized Unauthorized and N A If the port is in detached state the value will be N A since the port cannot participate in port access control Port Method This field shows the authorization mode of the specified port The possible values are Mac based Port based Client Summary To access the Client Summary page click Security gt Port Authentication gt Advanced gt Client Summary Client Summary Client Summary 1 All S I at sry on Session Filter ID Name P i Time Termination Action Session Timeout VLAN VLAN ID Assigned Field Description Port The port to be displayed User Name This field displays the User Name representing the identity of the supplicant device Supplicant Mac Address This field displays supplicant s device Mac Address Session Time Filter ID Vlan ID Vlan Assigned This field displays the time since the supplicant as logged in seconds This field displays polic
63. Description Port ID Subtype Specifies the string describes the source of the port identifier Port ID Specifies the string that describes the source of the port identifier System Name Specifies the system name of the local system System Description Specifies the description of the selected port associated with the local system Port Description Specifies the description of the selected port associated with the local system System Capabilities Supported Specifies the system capabilities of the local system System Capabilities Enabled Specifies the system capabilities of the local system which are supported and enabled Management Address Specifies the advertised management address of the local system Management Address Type Specifies the type of the management address LLDP Remote Device Information This page displays information on remote devices connected to the port To display this page click System gt LLDP gt LLDP gt Remote Device Information A screen similar to the following displays LLDP Remote Device Information LLDP Interface Selection Interface 1 0 1 iv No LLDP data has been received on this interface 1 Use Interface to select the local ports which can receive LLDP frames The following table describes the LLDP Remote Device Information fields Field Description Chassis ID Subtype Specifies the source of the chassis identifier Chassis ID Specifies the ch
64. Destination MAC mask of 00 00 00 ff ff ff VLAN Specifies the VLAN ID to compare against an Ethernet frame Valid range of values is 0 to 4095 Either VLAN Range or VLAN can be configured Logging When set to Enable logging is enabled for this ACL rule subject to resource availability in the device If the Access List Trap Flag is also enabled this will cause periodic traps to be generated indicating the number of times this rule was hit during the current report interval A fixed 5 minute report interval is used for the entire system A trap is not issued if the ACL rule hit count is zero for the current interval This field is only supported for a Deny Action 3 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 4 To delete a rule select the check box associated with the rule and click Delete 5 To change a rule select the check box associated with the rule change the desired fields and click Apply Configuration changes take effect immediately MAC Binding Configuration When an ACL is bound to an interface all the rules that have been defined are applied to the selected interface Use the MAC Binding Configuration page to assign MAC ACL lists to ACL Priorities and Interfaces To display the MAC Binding Configuration page click Security gt ACL gt Basic gt MAC Binding Configuration MAC Binding Configuration Binding Configurat
65. Disable ICMP Redirects Enable Disable ICMP Rate Limit Interval 1000 ICMP Rate Limit Burst Size 100 Maximum Next Hops Maximum Routes 6112 Select to configure Global Default Gateway ad Global Default Gateway 0 0 0 0 1 Use Routing Mode to select enable or disable You must enable routing for the switch before you can route through any of the interfaces The default value is disable 2 Use ICMP Echo Replies to select enable or disable If it is enable then only the router can send ECHO replies By default ICMP Echo Replies are sent for echo requests 3 Use ICMP Redirects to select enable or disable If it is enabled globally and on interface level then only the router can send ICMP Redirects 4 Use ICMP Rate Limit Interval to control the ICMP error packets by specifying the number of ICMP error packets that are allowed per burst interval By default Rate limit is 100 186 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual packets sec i e burst interval is 1000 msec To disable ICMP Rate limiting set this field to 0 Valid Rate Interval must be in the range 0 to 2147483647 5 Use ICMP Rate Limit Burst Size to control the ICMP error packets by specifying the number of ICMP error packets that are allowed per burst interval By default burst size is 100 packets When burst interval is 0 then configuring this field is not a valid operation Valid Burst Size must be in the
66. Enable Dynamic VLAN Creation Mode Disable v Monitor Mode Disable v Users admin Login defaultList Authentication List dotixList To configure global 802 1X settings 1 Select the appropriate radio button in the Port Based Authentication State field to enable or disable 802 1X administrative mode on the switch e Enable Port based authentication is permitted on the switch Note If 802 1X is enabled authentication is performed by a RADIUS server This means the primary authentication method must be RADIUS To set the method go to Security gt Management Security gt Authentication List and select RADIUS as method 1 for defaultList For more information see lt pdf gt Authentication List Configuration on page 6 374 e Disable The switch does not check for 802 1X authentication before allowing traffic on any ports even if the ports are configured to allow only authenticated users Default value 2 Use VLAN Assignment Mode to select one of options for VLAN Assignment mode enable and disable The default value is disable 392 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 3 Use Users to select the user name that will use the selected login list for 802 1x port security 4 Use Login to select the login to apply to the specified user All configured logins are displayed Field Description Authentication List Displays the authent
67. G Eds OBE ORES 132 IONIC ASU nS os Ses agin Acayses bas a ete cB eat Sd Sea aac Goo Bee Hien a EE 144 MEDD v2c o0engeedttee needa ORE eee ead dee pee 144 IGMP SMOOPING ees ces Pesach 2 oped Bee ae eae ee oa 146 MED SNOOP 2ec cdacetated heteeeiaes ahi Seea teed daneee ded 157 Address WAS sasas asin pinsiad ava hse Ah ales A 164 Basio su setae ott cies ere sen ed Men De eee ees 164 Advanced 0 x 6 8 s0ty0sst 556 Sb Sard Ah Sateen ed Ae Wa eke a 166 PON cig acy he aaa ss a aoe ee Gs a ae eae 169 POM COMIGUIAUON 22 02 44 02aeaoser aided oteenagedoatdnneda 169 POR DESCHDUOM 254 6 4 0 ace2ataihs scoala Rata gona ola ae ore 9 aa 171 Link Aggregation Groups 2 4 2224 edeeettaas ebdesee eek eee 172 LAG Coniiguratoi 22 sj404 otdad eee ed ide ine deed bale ape ERA 173 LAG Membership e se arcrnaseeeesihiasagoeieeoade peesaeeees 175 PRO eas datev eked d rade thd Pode ed Ps Sais dah esd DO ded 177 PFC Configuration oeer ideti hire Gey oV ede e heed ete pedis 177 PFC SltaliStes ays ths uae Co ewe eae a wh eh ER ens ae 178 Chapter 4 Routing Roung Table 5 2 5 coh cok iee cate e alae ee ket occas 180 ASICS oa here o gt ea ieee Gene det t0 ee aed ete ew ates een 181 Advanced co 5 i Sra 4 an 8 Gescas Sheed vas Bocce nbd A ea cas lo fh Aas Lect odeehv 183 E EREE AEA EE wetted ot ae th tna EAT EET deat aidan are 186 BASIC ss 6 ronida a RH Ae haa a A Ae Rene aE dna a Oa ES 186 Advanced ac saves h d balnaced 6445 REGS SEDER HERES EEE AT RI EERE 193 I
68. Group name to be configured The name string can be up to 24 bytes of non blank characters 2 Use the optional Group ID field to specify the private group identifier If not specified a group id not used will be assigned automatically The range of group id is 1 to 192 3 Use Group Mode to configure the mode of private group The group mode can be either isolated or community When in isolated mode the member port in the group cannot forward its egress traffic to any other members in the same group By default the mode is community mode that each member port can forward traffic to other members in the same group but not to members in other groups 4 Click ADD to create a new private group in the switch 5 Click DELETE to delete a selected private group from the switch Chapter Managing Device Security 409 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Private Group Membership To display the Private Group Membership page click Security gt Traffic Control gt Private Group gt Private Group Membership 1 Private Group Membership Private Group Membership Group ID I Group Mode E Group Name Use Group ID to select the Group ID for which you want to display or configure data 2 Use Port List to add the ports you selected to this private group Description Group Name This field identifies the name for the Private Group you selected
69. IP ACL Name which is dependent on the IP ACL Type IP ACL ID must be an integer from 1 to 99 for an IP basic ACL and from 100 to 199 for an IP Extended ACL IPv6 ACL Name string includes alphanumeric characters only The name must start with an alphabetic character 2 Click ADD to add a new IP ACL to the switch configuration 3 Click DELETE to remove the currently selected IP ACL from the switch configuration Current Number of ACL The current number of the IP ACLs configured on the switch Maximum ACL The maximum number of IP ACL can be configured on the switch it depends on the hardware Rules The number of the rules associated with the IP ACL IPv6 Rules Use these screens to configure the rules for the IPv6 Access Control Lists which is created using the IPv6 Access Control List Configuration screen By default no specific value is in effect for any of the IPv6 ACL rules To display the IPv6 Rules page click Security gt ACL gt Advanced gt IPv6 Rules IPv6 Rules IPv6 Rules ACL Name ovt_ad_S IPv6 ACL Rule Table Assign Quese 1D Interface 1 Use the ACL Name pull down menu to select the IPv6 ACL for which to create or update a rule 2 Use Rule ID to enter a whole number in the range of 1 to 12 that will be used to identify the rule An IP ACL may have up to 12 rules 3 Use Action to specify what action should be taken if a packet matches the rule s criteria The choices are permit or
70. IPv6 Statistics IPv6 Interface Selection Interface 1 0 21 IPv6 Statistics Total Datagrams Received Received Datagrams Locally Delivered Received Datagrams Discarded Due To Header Errors Received Datagrams Discarded Due To MTU Received Datagrams Discarded Due To No Route Received Datagrams With Unknown Protocol Received Datagrams Discarded Due To Invalid Address Received Datagrams Discarded Due To Truncated Data Received Datagrams Discarded Other Received Datagrams Reassembly Required Datagrams Successfully Reassembled Datagrams Failed To Reassemble Datagrams Forwarded Datagrams Locally Transmitted Datagrams Transmit Failed Datagrams Successfully Fragmented Datagrams Failed To Fragment Datagrams Fragments Created Multicast Datagrams Received eo OGOOGO OOOOGOGO OCOOODO OOOO Multicast Datagrams Transmitted ICMPv6 Statistics Total ICMPv6 Messages Received ICMPv6 Messages With Errors Received ICMPv6 Destination Unreachable Messages Received ICMPv6 Messages Prohibited Administratively Received ICMPv6 Time Exceeded Messages Received ICMPv6 Parameter Problem Messages Received ICMPv6 Packet Too Big Messages Received ICMPv6 Echo Request Messages Received ICMPv6 Echo Reply Messages Received ICMPv6 Router Solicit Messages Received oo OOOOOOOO Chapter Routing 209 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 Use Interface to select the interface to be configured When th
71. If you logon with a user account with Read Write privileges i e as admin you can use the User Accounts screen to assign passwords and set security parameters for the default accounts and to add and delete accounts other than admin up to the maximum of six Only a user with Read Write privileges may alter data on this screen and only one account may be created with Read Write privileges To display the User Management page click Security gt Management Security gt Local User gt User Management User Management Manage Users Conf A ane Password y Iir User Name Edit Password Password SERD Te EN Expiration Password Mode Status Date a ee J admin Disable SOSSSSTO ssecesss READ_WRITE FALSE J guest Disable a a tne ae READ_ONLY FALSE 1 Use User Name to enter the name you want to give to the new account You can only enter data in this field when you are creating a new account User names are up to eight characters in length and are not case sensitive Valid characters include all the alphanumeric characters as well as the dash and underscore _ characters User name default is not valid User names once created cannot be changed modified 2 Set the Edit Password field to Enable only when you want to change the password The default value is Disable 3 Use Password to enter the optional new or changed password for the account It will not display as it is typed onl
72. IpInReceives IpInHdrErrors IpInAddrErrors lpForwDatagrams IpInUnknownProtos IpInDiscards Description The total number of input datagrams received from interfaces including those received in error The number of input datagrams discarded due to errors in their IP headers including bad checksums version number mismatch other format errors time to live exceeded errors discovered in processing their IP options etc The number of input datagrams discarded because the IP address in their IP header s destination field was not a valid address to be received at this entity This count includes invalid addresses e g 0 0 0 0 and addresses of unsupported Classes e g Class E For entities which are not IP Gateways and therefore do not forward datagrams this counter includes datagrams discarded because the destination address was not a local address The number of input datagrams for which this entity was not their final IP destination as a result of which an attempt was made to find a route to forward them to that final destination In entities which do not act as IP Gateways this counter will include only those packets which were Source Routed via this entity and the Source Route option processing was successful The number of locally addressed datagrams received successfully but discarded because of an unknown or unsupported protocol The number of input IP datagrams for which no problems were encountered
73. Mae aegyest PASE 2 Detar wa Port Based UAF hts wa sase am Versions Autharncets a ineaioe tot inged PALSE ate wa Gaoes wee Ae wa ase em Vapen Atenteme Intetee eer 0 Ma asoge PALSE Cetea wa Port Saeed Vo Ase wa rase nere vemte Avttertcete interes are Mi aged PASE o wee wa Poa Beres LID Ats wa mse oon Veworl Authertcers Intetce h sse Mat aged PASE 2 Tatna wa Pot Cased Oil Auto wa race Bor veso Aserca Intetse int akz0 Na Aeegred FASE Oot n Po Dores Van Am wa rse vepos Atbertcee intutee bese 0 Wa asoge PALSE Oea ya Pon foosd wend Aa aas tase be veve aetan intere itens Oe vea a set Pon Reset Vana Ate mwa ase on vepe dettertcete Intetce besse Mt aged PaE a Cote ya Port besed VUS Ato wa rae So gt Autertces Intese aze Mot Amgred FALSE Catt w Poe tere ane Ate Wa m am Vemosj Ademco intense be o eon Asegred PALSE Cate Port heces Wa tame wa rae an oe ADetcae intense te ma Apeyrred Paa stea y a et nosos vane Awe wa mse own Vewerl Amenmose istoire bese 9 Mt aged PADE s Tea wa fort Dowes LUNS Ato wa rast Boe e arenes Intance eare Not Aemgred PASE Datat Pot nase Uana Ats wa ase so Vepa AutherScater inteice item o et Amgred PASE 9 Cote ya Port Cased LAJI Ao wa tasa un oe Acrertcms intehse as ee PALSE stna wa oon neses Wats aae Ase mi mem Vewerl Amerone Intieter barre o Wet apea et s Cetea mAtereed Pon baset LI ate na rast en veme ismencor intere istoire Mat agred Pase Tetea wa Pot Bered vane Ats wa rast oon Vermors Autherocete Intwtce
74. Neighbor IP The IP address of the PIM neighbor for this entry Up Time hh mm ss The time since this PIM neighbor last became a neighbor of the local router Expiry Time hh mm ss The minimum time remaining before this PIM neighbor will be aged out Click REFRESH to refresh the data on the screen with latest PIM DM neighbor information 312 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Candidate RP Configuration Use the Candidate RP Configuration page to display add and delete the configured rendezvous points RPs for each port using PIM To display the PIM Candidate RP Configuration page click Routing gt Multicast PIM gt Candidate RP Configuration PIM Candidate RP Configuration PIM Interface Selection Interface 1 0 1 PIM Candidate RP Configuration Group Mask a Group Address 1 Use Interface to select the interface for which data is to be displayed 2 Use Group Address to specify the group address transmitted in Candidate RP Advertisements 3 Use Group Mask to specify the group address mask transmitted in Candidate RP Advertisements 4 Click ADD to add a new Candidate RP Address for the PIM SM router 5 Click DELETE to delete an extant Candidate RP Address for the PIM SM router Adding a Candidate RP To add PIM Candidate rendezvous points RPs for each IP multicast group 1 Open the Candidate RP Configuration
75. Norma Eratbre tnadie Enebte Auto Unarcar Lire Oow Enable 1410 O wio Neme Enable Enable Enable Ano Uuninowa Unk Oewn Ensbie 1818 10 Normal Erotic Enadte Enebie Ato Unarow Link Down Enabie ii O uara Meme Erate Enadie Enade Ano Uninawa Unk Doan Enable 12 10 33 Normal Eratie Enade Enebe 10G Full P Ur Up Ensbie w O Naia Nemai Faatie trade Enable Ato Unkagan Unk Down Enable WOES Norme frable tradi Enable Ato Unaroar Ur Down Enable is O Mere nems trestia Ens ie Enable Ate Uninoan Unk Ocan Enable 1 0 37 Neemel trate tredle Ensbie Auto Unaroar Unk Ocan treble 1 O 1 0 28 neema Enable Enable Enable Ato Unknown Link Oown Enable 18 9 Normal Enatie Enadle Eneble Ato Anoan Lak Oown Enable is O ano neme Enable Enade Enade Ato Unerone Unk Dewn Enable iste 25 t Nome Eretie inane Enebie Ano Unerowr Line Oown Ensbie 18 O van woms Eratie Enable Enathe Aco 1500 Mbps Ur Up Ensbie 15 0 2 J Nome fratie Tradie fnebe Ato Inaroen Lura Down treble iste 2 O Nas Nemei ratte rable Enabie Ass Unknown Urk Down Enable 1518 u LAGS alt Cole Pert Led To configure port settings 1 Use Port to select the interface for which data is to be displayed or configured 2 Use STP Mode to select the Spanning Tree Protocol Administrative Mode for the port or LAG The possible values are Enable Select this to enable the Spanning Tree Protocol for this port e Disable Select this to disable the Spanning Tree Protocol for this port 3 Use the A
76. Not Supported The SNTP version supported by the server is not compatible with the version supported by the client e Server Unsynchronized The SNTP server is not synchronized with its peers This is indicated via the leap indicator field on the SNTP message e Server Kiss Of Death The SNTP server indicated that no further queries were to be sent to this server This is indicated by a stratum field equal to 0 in a message received from a server Requests Specifies the number of SNTP requests made to this server since last agent reboot Failed Requests Specifies the number of failed SNTP requests made to this server since last reboot 40 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DNS You can use these pages to configure information about DNS servers the network uses and how the switch operates as a DNS client DNS Configuration Use this page to configure global DNS settings and DNS server information To access this page click System gt Management gt DNS gt DNS Configuration DNS Configuration DNS Configuration DNS Status Disable Enable DNS Default Name 1 to 255 alphanumeric characters Retry Number 2 Response Timeout secs 3 0 to 3600 secs 3 DNS Server Configuration E Serial No DNS Server Preference 10 27 138 20 2 10 27 138 21 1 To configure the global DNS settings 1 Specify wh
77. OSPF packets dropped because the sender is not an existing neighbor or the sender s IP address does not match the previously recorded IP address for that neighbor The number of OSPF packets dropped because the sender is not an existing neighbor or the sender s IP address does not match the previously recorded IP address for that neighbor The number of OSPF packets discarded because the packet type field in the OSPF header is not a known type The number of received Hello packets that were ignored by this router from the new neighbors after the limit has been reached for the number of neighbors on an interface or on the system as a whole Hellos Sent Hellos Received DD Packets Sent DD Packets Received The number of Hello packets sent on this interface by this router The number of Hello packets received on this interface by this router The number of Database Description packets sent on this interface by this router The number of Database Description packets received on this interface by this router LS Requests Sent The number of LS Requests sent on this interface by this router LS Requests Received The number of LS Requests received on this interface by this router LS Updates Sent LS Updates Received The number of LS updates sent on this interface by this router The number of LS updates received on this interface by this router Chapter Routing 251 ProSaf
78. Prefix Length Displays the Prefix Length for the Active Route Protocol Displays the Type of Protocol for the Active Route Next Hop Interface Displays the Interface over which the Route is Active For a Reject Route the next hop would be a Null0 interface Next Hop IP Address Displays the Next Hop IPv6 Address for the Active Route Preference Displays the Route Preference of the Configured Route Click REFRESH to refresh the web page to show the latest IP information 204 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Advanced From the Basic link you can access the following pages IPv6 Global Configuration on page 205 IPv6 Interface Configuration on page 206 IPv6 Prefix Configuration on page 207 IPv6 Statistics on page 209 IPv6 Neighbor Table on page 214 IPv6 Route Configuration on page 216 IPv6 Route Table on page 216 IPv6 Route Preferences on page 217 Tunnel Configuration on page 218 IPv6 Global Configuration Use the Global Configuration page to enable IPv6 forwarding on the router and to enable the forwarding of IPv6 unicast datagrams To display the IPv6 Global Configuration page click Routing gt IPv6 gt Advanced gt Global Configuration IPv6 Global Configuration IPv6 Global Configuration g IPv6 Unicast Routing Disable Enable IPv6 Forwarding Disable Enable Hop Limit 0 ICMPVv6 Rate Limit Error Interval 1000 ICMPVv6 Rate Li
79. ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 3 If Logging Invalid Packets is enabled DHCP snooping application logs invalid packets on this interface The factory default is disabled 4 Use Rate Limit pps to specify rate limit value for DHCP Snooping purpose If the incoming rate of DHCP packets exceeds the value of this object for consecutively burst interval seconds the port will be shutdown If this value is None there is no limit The factory default is 15pps packets per second The range of Rate Limit is 0 to 300 5 Use Burst Interval secs to specify the burst interval value for rate limiting purpose on this interface If the rate limit is None burst interval has no meaning shows it as N A The factory default is 1 second The range of Burst Interval is 1 to 15 DHCP Snooping Binding Configuration To display the DHCP Snooping Binding Configuration page click Security gt Control gt DHCP Snooping gt Binding Configuration DHCP Snooping Binding Configuration Static Binding Configuration E Interface MAC Address VLAN ID IP Address Dynamic Binding Configuration Interface MAC Address VLAN ID IP Address Lease Time Static Binding Configuration 1 Interface Selects the interface to add a binding into the DHCP snooping database 2 Use MAC Address to specify the MAC address for the binding to be added This is the Key to the binding database 3 Use VLAN ID to select the VLAN
80. ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Polling for Unicast information is used for polling a server for which the IP address is known SNTP servers that have been configured on the device are the only ones that are polled for synchronization information T1 through T4 are used to determine server time This is the preferred method for synchronizing device time because it is the most secure method If this method is selected SNTP information is accepted only from SNTP servers defined on the device using the SNTP Server Configuration page The device retrieves synchronization information either by actively requesting information or at every poll interval SNTP Global Configuration Use the SNTP Global Configuration page to view and adjust date and time settings To display the SNTP Global Configuration page click System gt Management gt Time gt SNTP Global Configuration SNTP Global Configuration SNTP Global Configuration v Client Mode Disable Unicast Broadcast Port 123 1 to 65535 Default 123 Unicast Poll Interval 6 Broadcast Poll Interval 6 6 Unicast Poll Timeout 5 3 Unicast Poll Retry 1 Time Zone Name Offset Hours 0 Offset Minutes 0 to 59 SNTP Global Status Version Supported Mode Unicast and Broadcast Last Update Time JAN 01 00 00 00 1970 UTC 0 00 Last Attempt Time JAN 01 00 00 00 1970 UTC 0 00 Last Attempt Status Other Server IP Address Address Type Unknown
81. RP to be created or deleted 4 Use Override to indicate that if there is a conflict the RP configured with this option prevails over the RP learned by BSR 5 Click ADD to add a new static RP address for one or more multicast groups 6 Click DELETE to delete the RP address selected 326 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual MLD From the MLD link you can access the following pages e MLD Global Configuration on page 327 e MLD Routing Interface Configuration on page 328 e MLD Routing Interface Statistics on page 329 e MLD Groups on page 330 e MLD Traffic on page 331 e MLD Proxy Interface Configuration on page 332 e MLD Proxy Interface Statistics on page 333 e MLD Proxy Membership on page 334 MLD Global Configuration To display the MLD Global Configuration page click Routing gt IPv6 Multicast MLD gt Global Configuration MLD Global Configuration MLD Global Configuration D Admin Mode Disable Enable 1 Use Admin Mode to set the administrative status of MLD in the router to active or inactive The default is disable Chapter Routing 327 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual MLD Routing Interface Configuration To display the MLD Routing Interface Configuration page click Routing gt IPv6 Multicast MLD gt Routing Interface Configuration MLD Routing Intertece Comdigue ation MID R
82. SPT For other protocols an is displayed Multicast Global Configuration To display the Multicast Global Configuration page click Routing gt Multicast Global Configuration Global Configuration Global Configuration Admin Mode Protocol State Table Maximum Entry Count Protocol Table Entry Count Disable Enable Non Operational 2048 No Protocol Enabled 0 Y 1 Use Admin Mode to set the administrative status of Multicast Forwarding in the router The default is disable Field Description Protocol State The operational state of the multicast forwarding module Table Maximum Entry Count The maximum number of entries in the IP Multicast routing table Protocol The multicast routing protocol presently activated on the router if any Table Entry Count The number of multicast route entries currently present in the Multicast route table Chapter Routing 293 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Interface Configuration To display the Multicast Interface Configuration page click Routing gt Multicast gt Interface Configuration Interface Configuration Configuration 1 All Go To Interface GO Ea Interface TTL Threshold 1 0 1 1 0 2 1 0 3 1 0 4 1 0 5 1 0 6 1 0 7 1 0 8 1 0 9 1 0 10 1 0 11 1 0 12 1 0 13 1 0 14 1 0 15 1 0 16 1 0 17 1 0 18 1 0 19 1 0 20 1 0 21 1 0 22 1 0
83. Security Settings 0 6500 cee ee eee 362 LOCANUSE 40 c2e0ddugde o2rbce E E add dee Pedehuddae eed 362 Enable Password Configuration 0 0 cee eee 365 Line Password Configuration a a asau auaa eee eee eae 365 RADIUS erne deeb ete Rew acted ea hes Be eR St 366 Contiguring TAGACS 2 3 4ac0iee cin we eer betuwedaede towns 372 Authentication List Configuration 0 0002 e eee eee 374 LOGIN SESSIONS 265 dis cca cn c alata a att Gace AE aaa GRANA 378 Contents 5 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Configuring Management AcceSS 0 0 000 c cee 379 FA UE cocaine dete ce ara Ger eae heed Bean ech EAS EA EEA 379 HTTPS e icatecegdnd dua toatl d COLO a Redd didn hae dada EA 381 SOR 4 4 200 ceadd peae serge eege aed ds tae Oaths ahaa sues 384 MEMEL sts esata aearuiq acttag te 4 45 wich aya Gan wate lace 3a Ralauian aaa EGA 387 Console Poms vic 6sd469 need occas ouchet and o han Beha eds 389 Denial of Service 0 0000 cee ee 390 Por Authemcavlon i54 0442 2 0gh05 00 4 0945 0 00a Fo eeeadene 391 BASIC iara era p wars a stats A agg anus sua E 392 Advanced sere cerae Sense elgg wd ence GRRE a ee ae othe Gees 393 Trame Contolera bad ROMS ea ead 402 MAC FING Wo iS die dd a cot dy here ee caeidceed i Glow ane eee 402 POM SECU asas ontroer iire eer rA Aten a ald eRe td 404 Private Group ca 6 i rosetes tiee ee a E a o 409 Protected Ports Configuratio
84. Server Stratum 0 Reference Clock Id Server Mode Reserved Unicast Server Max Entries 3 Unicast Server Current Entries 0 Broadcast Count 0 Chapter Configuring System Information 35 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual SNTP Global Configuration SNTP stands for Simple Network Time Protocol As its name suggests it is a less complicated version of Network Time Protocol which is a system for synchronizing the clocks of networked computer systems primarily when data transfer is handled via the Internet 1 Use Client Mode to specify the mode of operation of SNTP Client An SNTP client may operate in one of the following modes e Disable SNTP is not operational No SNTP requests are sent from the client nor are any received SNTP messages processed e Unicast SNTP operates in a point to point fashion A unicast client sends a request to a designated server at its unicast address and expects a reply from which it can determine the time and optionally the round trip delay and local clock offset relative to the server e Broadcast SNTP operates in the same manner as multicast mode but uses a local broadcast address instead of a multicast address The broadcast address has a single subnet scope while a multicast address has Internet wide scope Default value is Disable 2 Use Port to specify the local UDP port to listen for responses broadcasts Allowed range is 1 to 65535 Default valu
85. Shows the type of session telnet serial or SSH 378 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Configuring Management Access From the Access page you can configure HTTP and Secure HTTP access to the ProSafe Managed Switches management interface The Security gt Access tab contains the following folders e HTTPon page 379 e HTTPS Configuration on page 381 e SSHon page 384 e Telnet on page 387 e Console Port on page 389 e Denial of Service on page 390 HTTP From the HTTP link you can access the following pages e HTTP Configuration on page 379 HTTP Configuration To access the switch over a web you must first configure it with IP information IP address subnet mask and default gateway You can configure the IP information using any of the following e BOOTP e DHCP e Terminal interface via the EIA 232 port Once you have established in band connectivity you can change the IP information using a Web based management To access the HTTP Configuration page click Security gt Access gt HTTP gt HTTP Configuration Chapter Managing Device Security 379 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual HTTP Configuration HTTP Configuration HTTP Access Disable Enable Java Mode O Disable Enable HTTP Session Soft Timeout Minutes 60 HTTP Session Hard Timeout Hours 24 Maxi
86. Software Administration Manual DHCP Snooping Interface Configuration To display the DHCP Snooping Interface Configuration page click Security gt Control gt DHCP Snooping gt Interface Configuration DHCP Snooping Interface Configuration DHCP Snooping Interface Configuration 1 LAGS All Go To Interface eG Logging Interface Trust Mode Invalid Rate Limit pps Burst Interval secs O 1 0 12 Disable Disable N A N A O 10 2 Disable Disable N A N A O wos Disable Disable N A N A OO 1 0 4 Disable Disable N A N A 1 0 s Disable Disable N A N A O 10 6 Disable Disable N A N A O 1 0 7 Disable Disable N A N A CO o s Disable Disable N A N A C 1 0 9 Disable Disable N A N A O 10 10 Disable Disable N A N A O 1 0 11 Disable Disable N A N A O 1 0 12 Disable Disable N A N A C 1 0 13 Disable Disable N A N A O 1 0 14 Disable Disable N A N A O 1 0 15 Disable Disable N A N A O 1 0 16 Disable Disable N A N A C 1 0 17 Disable Disable N A N A O 1 0 18 Disable Disable N A N A C 1 0 19 Disable Disable N A N A O 1 0 20 Disable Disable N A N A O 1 0 21 Disable Disable N A N A O 1 0 22 Disable Disable N A N A C 1 0 23 Disable Disable N A N A O 1 0 24 Disable Disable N A N A i LAGS All Go To Interface GO 1 Interface Selects the interface for which data is to be configured 2 If Trust Mode is enabled DHCP snooping application considers as port trusted The factory default is disabled 416 Chapter Managing Device Security
87. Specifies the supported and enabled capabilities that was received in MED TLV on this port Supported Capabilities Specifies supported capabilities that was received in MED TLV on this port 102 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Enabled Capabilities Specifies enabled capabilities that was received in MED TLV on this port Device Class Specifies device class as advertised by the device remotely connected to the port Network Policy Information Specifies if network policy TLV is received in the LLDP frames on this port Media Application Type Specifies the application type Types of application types are unknown voicesignaling guestvoice guestvoicesignalling softphonevoice videoconferencing streammingvideo vidoesignalling Each application type that is received has the VLAN id priority DSCP tagged bit status and unknown bit status A port may receive one or many such application types If a network policy TLV has been receive on this port only then would this information be displayed VLAN Id Specifies the VLAN id associated with a particular policy type Priority Specifies the priority associated with a particular policy type DSCP Specifies the DSCP associated with a particular policy type Unknown Bit Status Specifies the unknown bit associated with a particular policy type Tagged
88. Static VLAN Entries Dynamic VLAN Entries The maximum number of Virtual LANs VLANs allowed on this switch The largest number of VLANs that have been active on this switch since the last reboot The number of presently active VLAN entries on this switch that have been created statically The number of presently active VLAN entries on this switch that have been created by GVRP registration VLAN Deletes The number of VLANs on this switch that have been created and then deleted since the last reboot Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this switch were last cleared Click CLEAR to clear all the counters resetting all switch summary and detailed statistics to default values The discarded packets count cannot be cleared Chapter Configuring System Information 25 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual System CPU Status Use this page to display the system resources To display the System Resource page click System gt Management gt System CPU Status A screen similar to the following displays System CPU Status CPU Memory Status F Total System Memory 524288 KBytes Avadable Memory 142660 KBytes CPU Utilization 7 CPU Utilization PID Name 5 Secs 60 Secs 300 Secs 64509230 ataTask 0 02 02 84534670 tNetO 0 00 0 02 0 02 68453b850 BusM A 40 5 14 Syste
89. Statistics Binding Details Automatic Bindings Expired Bindings Malformed Messages Message Received DHCPDISCOVER DHCPREQUEST DHCPDECLINE DHCPRELEASE DHCPINFORM Message Sent DHCPOFFER DHCPACK DHCPNAK Oo o oOo a The following table describes the DHCP Server Statistics fields Field Description Automatic Bindings Specifies the number of Automatic Bindings on the DHCP Server Expired Bindings Specifies the number of Expired Bindings on the DHCP Server Malformed Messages DHCPDISCOVER DHCPREQUEST Specifies the number of the malformed messages Specifies the number of DHCPDISCOVER messages received by the DHCP Server Specifies the number of DHCPREQUEST messages received by the DHCP Server DHCPDECLINE Specifies the number of DHCPDECLINE messages received by the DHCP Server DHCPRELEASE Specifies the number of DHCPRELEASE messages received by the DHCP Server Chapter Configuring System Information 53 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O DHCPINFORM Specifies the number of DHCPINFORM messages received by the DHCP Server DHCPOFFER Specifies the number of DHCPOFFER messages sent by the DHCP Server DHCPACK Specifies the number of DHCPACK messages sent by the DHCP Server DHCPNAK Specifies the number of DHCPNAK messages sent by the DHCP Server DHCP Bindings Info
90. Temperature Status cae Pe cpu 36 C MAC 51 C System 28 C Device Status C ce ee ce cece oe Firmware 5 21 13 28 Version acres Boot Chapter Configuring System Information 19 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual The System Information provides various statuses Switch Status To define system information 1 Open the System Information page 2 Define the following fields want to use to identify this switch You may use person for this switch You may use up to 25 a System Name Enter the name you up to 255 alphanumeric characters The factory default is blank b System Location Enter the location of this switch You may use up to 255 alphanumeric characters The factory default is blank c System Contact Enter the contact alphanumeric characters The factory default is blank d Login Timeout Specify how many minutes of inactivity should occur on a serial port connection before the switch closes the connection Enter a number between 0 and 160 the factory default is 5 Entering 0 disables the timeout Click Apply to send the updated screen to the switch and cause the changes to take effect on the switch These changes will not be retained across a power cycle unless a save is performed The following table describes the status information the System Page displays Field Description Product Name IPv4 Network Interface The
91. The 802 1p to Queue Mapping page also displays the Current 802 1p Priority Mapping table To display the 801 p to Queue Mapping page click QoS gt CoS gt Advanced gt 802 1p to Queue Mapping 802 1p to Queue Mapping Interface Selection G Interface 1 0 1 iv 802 1p to Queue Mapping Queue 1m olm ols 1 m 2x 2 3 3 x To map 802 1p priorities to queues 1 2 Use Interface to specify CoS configuration settings based per interface or specify all CoS configurable interfaces Specify which internal traffic class to map the corresponding 802 1p value The queue number depends on the specific hardware The 802 1p Priority row contains traffic class selectors for each of the eight 802 1p priorities to be mapped The priority goes from low 0 to high 3 For example traffic with a priority of 0 is for most data traffic and is sent using best effort Traffic with a higher priority such as 3 might be time sensitive traffic such as voice or video The values in each drop down menu represent the traffic class The traffic class is the hardware queue for a port Higher traffic class values indicate a higher queue position Before traffic in a lower queue is sent it must wait for traffic in higher queues to be sent Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch If you make changes to the page click Apply to apply the changes to the
92. The default is disable 2 VRID is only configurable if you are creating new Virtual Router in which case enter the VRID in the range 1 to 255 3 Use Interface to select the Unit Slot Port for the new Virtual Router from the pull down menu 286 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 10 11 12 Field Description Use Pre empt Mode to select enable or disable If you select enable a backup router will preempt the master router if it has a priority greater than the master virtual router s priority provided the master is not the owner of the virtual router IP address The default is enable Use Priority to enter the priority value to be used by the VRRP router in the election for the master virtual router If the Virtual IP Address is the same as the interface IP Address the priority gets set to 255 no matter what the user enters If the user enters a priority of 255 when the Virtual and interface IP Addresses are not the same the priority gets set to the default value of 100 Use Advertisement Interval to enter the time in seconds between the transmission of advertisement packets by this virtual router Enter a number between 1 and 255 The default value is 1 second Use Primary IP Address to enter the IP Address associated with the Virtual Router The default is 0 0 0 0 Use Authentication Type to select the type of Authentication for the Virtual Router from the
93. The number of routes sent on the selected interface DVMRP Neighbor To display the DVMRP Neighbor page click Routing gt Multicast DVMRP gt DVMRP Neighbor DVMRP Neighbor DVMRP Neighbor t Search By Interface v GO Received Received Neighbor Up Expiry Generation Major Minor Received Interface State Capabilities Bod Bad IP Time Time ID Version Version Routes Packets Routes 1 Interface Select the interface for which data is to be displayed or all interfaces will be displayed 2 Use Neighbor IP to specify the IP address of the neighbor whose information is displayed Field Description State The state of the specified neighbor router on the selected interface either active or down Up Time The DVMRP uptime for the specified neighbor on the selected interface This is the time since the neighbor entry was learned Chapter Routing 297 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O Expiry Time The DVMRP expiry time for the specified neighbor on the selected interface This is the time left before this neighbor entry will age out and is not applicable if the neighbor router s state is down Generation ID The DVMRP generation ID for the specified neighbor on the selected interface Major Version The DVMRP Major Version for the specified neighbor on the selected interface Minor Version The DVMRP Minor Version for th
94. This counter has a max increment rate of 815 counts per sec at 10 Mb s The maximum ethernet frame size the interface supports or is configured including ethernet header CRC and payload 1518 to 9216 The default maximum frame size is 1518 The number of frames that have been transmitted by this port to its segment The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent The total number of packets that higher level protocols requested be transmitted to a Multicast address including those that were discarded or not sent The total number of packets that higher level protocols requested be transmitted to the Broadcast address including those that were discarded or not sent The sum of Single Multiple and Excessive Collisions Tx FCS Errors The total number of packets transmitted that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with an integral number of octets Underrun Errors The total number of frames discarded because the transmit FIFO buffer became empty during frame transmission Total Transmit Packets Discarded Single Collision Frames Multiple Collision Frames Excessive Collision Frames The sum of single collision frames discarded multiple collision frames discarded and excessive f
95. VLAN ID on which MLD Snooping Querier is administratively enabled and VLAN exists in the VLAN database 2 Use Querier Election Participate Mode to enable or disable the MLD Snooping Querier participate in election mode When this mode is disabled up on seeing other querier of same version in the vlan the snooping querier move to non querier state Only when this mode is enabled the snooping querier will participate in querier election where in the least ip address will win the querier election and operates as the querier in that VLAN The other querier moves to non querier state 3 Use Querier VLAN Address to specify the Snooping Querier Address to be used as source address in periodic MLD queries sent on the specified VLAN 162 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Operational State Description Specifies the operational state of the MLD Snooping Querier on a VLAN It can be in any of the following states e Querier Snooping switch is the Querier in the VLAN The Snooping switch will send out periodic queries with a time interval equal to the configured querier query interval If the snooping switch sees a better querier in the VLAN it moves to non querier mode e Non Querier Snooping switch is in Non Querier mode in the VLAN If the querier expiry interval timer is expires the snooping switch will move into querier mode
96. a eia bese o8 42 et oes wn pee said iki muenoer pabaanape arora cere fans wa aa am ae fe 288 eo aao Se ae an imine nie momes puing camamennaionat 4 somameneseheset teat nne tass as Scabeeceaseee ide ki t ew ttee e i wadied aks mm tome eee o jaikia wet anna ik heanasur Fiar Sam on Tisis fila mere semereen I Dew hor et me mnm eet are ores naemen 2 dee hr 00 ee TE ee s Saiid pees atm oemtteenr e Maik en a mamni fas emassan So Farivaa toms basin cme suasannsenanesee A Xow wifes tome 8 Denied tan msia a T be oumes sae mamnnenr to ma a e i wane oa Co ma ea aL eet Faaiu oma o na E E e ne i The following table describes the CST Status information displayed on the screen Field Description Port ID Port Forwarding State Identify the physical or port channel interfaces associated with VLANs associated with the CST The port identifier for the specified port within the CST Itis made up from the port priority and the interface number of the port The Forwarding State of this port Port Role Designated Root Designated Cost Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree The port role will be one of the following values Root Port Designated Port Alternate Port Backup Port Master Port or Disabled Port Root Bridge for the CST It is made up using the bridge priority and the base MAC address of the bridge
97. a port the tag for that packet is unaffected by the default VLAN ID setting The packet proceeds to the VLAN specified by its VLAN ID tag number If the port through which the packet entered does not have membership with the VLAN specified by the VLAN ID tag the packet is dropped If the port is a member of the VLAN specified by the packet s VLAN ID the packet can be sent to other ports with the same VLAN ID Packets leaving the switch are either tagged or untagged depending on the setting for that port s VLAN membership properties A U for a given port means that packets leaving the switch from that port are untagged Inversely a T for a given port means that packets leaving the switch from that port are tagged with the VLAN ID that is associated with the port The example given in this section comprises numerous steps to illustrate a wide range of configurations to help provide an understanding of tagged VLANs VLAN Example Configuration This example demonstrates several scenarios of VLAN use and describes how the switch handles tagged and untagged traffic In this example you create two new VLANs change the port membership for default VLAN 1 and assign port members to the two new VLANs 1 In the Basic VLAN Configuration screen see VLAN Configuration on page 137 create the following VLANs e AVLAN with VLAN ID 10 e AVLAN with VLAN ID 20 In the VLAN Membership screen see VLAN Configuration on page 137 specify
98. add a new Virtual Router to the switch configuration 7 Click DELETE to delete the selected Virtual Router Note that the router can not be deleted if there are secondary addresses configured Field Description Interface IP Address Indicates the IP Address associated with the selected interface State The current state of the Virtual Router Initialize e Master Backup Chapter Routing 285 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O VMAC Address The virtual MAC Address associated with the Virtual Router composed of a 24 bit organizationally unique identifier the 16 bit constant identifying the VRRP address block and the 8 bit VRID The current state of the Virtual Router e State Initialize e Master e Backup Advanced From the Advanced link you can access the following pages e VRRP Configuration on page 286 e VRRP Secondary IP on page 288 e Tracking Configuration on page 289 e Virtual Router Statistics on page 290 VRRP Configuration Use the VRRP Configuration page to enable or disable the administrative status of a virtual router To display the VRRP Configuration page click Routing gt VRRP gt Advanced gt VRRP Configuration VRRP Configuration Global Configuration 1 Use Admin Mode to set the administrative status of VRRP in the router to active or inactive Select enable or disable from the radio button
99. address is 192 168 1 0 through 192 168 1 255 inclusive will be allowed access To allow access from only one station use a Client IP Mask value of 255 255 255 255 and use that machine s IP address for Client Address 4 Use Access Mode to specify the access level for this community by selecting Read Write or Read Only from the pull down menu 5 Use Status to specify the status of this community by selecting Enable or Disable from the pull down menu If you select enable the Community Name must be unique among all valid Community Names or the set request will be rejected If you select disable the Community Name will become invalid 6 Click ADD to add the currently selected community to the switch 7 Click DELETE to delete the currently selected Community Name Chapter Configuring System Information 83 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Trap Configuration This page displays an entry for every active Trap Receiver To access this page click System gt SNMP gt SNMP V1 V2 gt Trap Configuration Trap Configuration Trap Configuration Community Version Protocol Address Status Name ee Ea es 1 To add a host that will receive SNMP traps enter trap configuration information in the available fields described below and then click Add a Community Name Enter the community string for the SNMP trap packet to be sent to the trap manager This may be up to 16
100. all fields to be updated for the newly selected port All physical interfaces are valid This displays the PAE capabilities of the selected port EAPOL Frames Received This displays the number of valid EAPOL frames of any type that have been received by this authenticator EAPOL Frames Transmitted EAPOL Start Frames Received This displays the number of EAPOL frames of any type that have been transmitted by this authenticator This displays the number of EAPOL start frames that have been received by this authenticator 464 Chapter Monitoring the System ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description EAPOL Logoff Frames Received EAPOL Last Frame Version EAPOL Last Frame Source EAPOL Invalid Frames Transmitted This displays the number of EAPOL logoff frames that have been received by this authenticator This displays the protocol version number carried in the most recently received EAPOL frame This displays the source MAC address carried in the most recently received EAPOL frame This displays the number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized EAPOL Length Error Frames Received This displays the number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized EAP Response ID Frames Received This displays t
101. all ports The application is responsible for starting each transmit and receive state machine appropriately based on the configured status and operational state of the port The Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an enhancement to LLDP with the following features e Auto discovery of LAN policies such as VLAN Layer 2 Priority and DiffServ settings enabling plug and play networking e Device location discovery for creation of location databases e Extended and automated power management of Power over Ethernet endpoints e Inventory management enabling network administrators to track their network devices and determine their characteristics manufacturer software and hardware versions serial asset number Chapter Configuring System Information 89 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual LLDP From the LLDP link you can access the following pages LLDP Global Configuration on page 90 LLDP Interface Configuration on page 91 LLDP Statistics on page 92 LLDP Local Device Information on page 94 LLDP Remote Device Information on page 95 LLDP Remote Device Inventory on page 96 LLDP Global Configuration Use the LLDP Global Configuration page to specify LLDP parameters that are applied to the switch To display this page click System gt LLDP gt LLDP gt Global Configuration A screen similar to the following displays LLDP Global Configura
102. all ports on the switch select the check box in the row heading and click Clear The button resets all statistics for all ports to default values e Toclear the counters for a specific port select the check box associated with the port and click Clear e Click Refresh to refresh the data on the screen and display the most current statistics Chapter Monitoring the System 455 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Interface This object indicates the iflndex of the interface table entry associated with this port on an adapter Total Packets Received Without Errors Packets Received With Error Broadcast Packets Received Packets Transmitted Without Errors The total number of packets received that were without errors The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol The total number of good packets received that were directed to the broadcast address Note that this does not include multicast packets The number of frames that have been transmitted by this port to its segment Transmit Packet Errors The number of outbound packets that could not be transmitted because of errors Collision Frames Time Since Counters Last Cleared The best estimate of the total number of collisions on this Ethernet segment The elapsed time in days hours minutes and seconds sinc
103. an interface can be associated to only one CP ata time To display the Captive Portal Global Configuration page click Security gt Control gt Captive Portal gt CP Binding Configuration Captive Portal Binding Configuration Captive Portal Binding Configuration cP ID CP Name Default 1 Use the CP ID pull down list to select the CP ID for which to create or update a CP instance 2 Use CP Name to enter the name of the configuration Name can contain 1 to 31 alphanumeric characters 3 Use Port List to select the interface or interfaces Captive Portal Binding Table To display the Captive Portal Binding Table page click Security gt Control gt Captive Portal gt CP Binding Table Captive Portal Binding Table Captive Portal Binding Table Operational Block Authenticated Interface CP ID Status Status users Click DELETE to remove the currently selected interface 432 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Interface The interface for which you want to view information CP ID The ID of captive portal instance Operational Status Shows whether the portal is active on the specified interface Block Status Indicates whether the captive portal is temporarily blocked for authentications Authenticated users Displays the number of authenticated users using the captive portal instance on this i
104. and 127 octets in length inclusive excluding framing bits but including FCS octets Packets Transmitted 128 255 Octets The total number of packets including bad packets received that were between 128 and 255 octets in length inclusive excluding framing bits but including FCS octets Chapter Monitoring the System 461 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Packets Transmitted 256 511 Octets Packets Transmitted 512 1023 Octets Packets Transmitted 1024 1518 Octets Packets Transmitted gt 1518 Octets Maximum Frame Size Total Packets Transmitted Successfully Unicast Packets Transmitted Multicast Packets Transmitted Broadcast Packets Transmitted Total Transmit Errors The total number of packets including bad packets received that were between 256 and 511 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received that were between 512 and 1023 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received that were between 1024 and 1518 octets in length inclusive excluding framing bits but including FCS octets The total number of packets transmitted that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed
105. and complicated SNMP software products From your Web browser you can monitor the performance of your switch and optimize its configuration for your network You can configure all switch features such as VLANs QoS and ACLs by using the Web based management interface Web Access To access the ProSafe Managed Switches management interface e Open a Web browser and enter the IP address of the switch in the address field You must be able to ping the IP address of the ProSafe Managed Switches management interface from your administrative system for Web access to be available If you did not change the IP address of the switch from the default value enter 169 254 100 100 into the address field Accessing the switch directly from your Web browser displays the login screen shown below Chapter Getting Started 10 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual NETGEAR _ eSMr2 245 Understanding the User Interfaces ProSafe Managed Switches software includes a set of comprehensive management functions for configuring and monitoring the system by using one of the following methods e Web user interface e Simple Network Management Protocol SNMP e Command Line Interface CLI Each of the standards based management methods allows you to configure and monitor the components of the ProSafe Managed Switches software The method you use to manage the system depends on your network size and req
106. as local no other method will be tried even if you have specified more than one method The options are e Local The user s locally stored ID and password will be used for authentication e Radius The user s ID and password will be authenticated using the RADIUS server instead of locally e Tacacs The user s ID and password will be authenticated using the TACACS server e None The user will not be authenticated 3 Use the dropdown menu to select the method if any that should appear second in the selected authentication login list This is the method that will be used if the first method times out If you select a method that does not time out as the second method the third method will not be tried Note that this parameter will not appear when you first create a new login list 4 Use the dropdown menu to select the method if any that should appear third in the selected authentication login list Login Sessions To display the Login Sessions page click Security gt Management Security gt Login Sessions Login Sessions Login Sessions l Connection Session Idle T From TERA Type 11 admin 10 12 17 158 00 00 00 00 59 31 HTTP Description Identifies the ID of this row User Name Shows the user name of user made the session Connection From Shows the user is connected from which machine Idle Time Shows the idle session time Shows the total session time Session Type
107. b ste Mat Ampat FASE a Defne wa Pot neces LAGS Aii The following table describes the fields on the Port Summary page Field Description Specifies the port whose settings are displayed in the current table row Control Mode This field indicates the configured control mode for the port Possible values are e Force Unauthorized The authenticator port access entity PAE unconditionally sets the controlled port to unauthorized e Force Authorized The authenticator PAE unconditionally sets the controlled port to authorized e Auto The authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant authenticator and the authentication server 398 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Operating Control Mode This field indicates the control mode under which the port is actually operating Possible values are e ForceUnauthorized ForceAuthorized Auto e N A If the port is in detached state it cannot participate in port access control Reauthentication Enabled Control Direction Protocol Version This field shows whether reauthentication of the supplicant for the specified port is allowed The possible values are true and false If the value is true reauthentication will occur Otherwise reauthentica
108. be the BSR the candidates flood the domain with advertisements The router with the highest priority is elected If all the priorities are equal then the candidate with the highest IP address becomes the BSR PIM SM is defined in RFC 4601 From the IPv6 PIM link you can access the following pages e Global Configuration on page 319 e SSM Configuration on page 321 Interface Configuration on page 322 PIM Neighbor on page 323 e Candidate RP Configuration on page 324 e BSR Candidate Configuration on page 324 e Static RP Configuration on page 325 Global Configuration Use this page to administratively enable or disable the PIM protocol Chapter Routing 319 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual To display the PIM Global Configuration page click Routing gt IPv6 Multicast gt PIM gt Global Configuration PIM Global Configuration i PIM Global Configuration PIM Protocol Type PIM DM PIM SM Admin Mode Disable Enable Data Threshold Rate Kbps 0 Register Threshold Rate Kbps 0 1 Use PIM Protocol Type to select the protocol variant of PIM sparse mode or dense mode to be enabled 2 Use Admin Mode to select enable or disable to set the administrative status of PIM in the router The default is disable 3 Use Data Threshold Rate kbps to enter the rate in K bits second above which the last hop router will switch to a source specific shortest path tree
109. c 614 1734 5 Spanning Tree Topology Change Recewed MSTID 0 Unt 1 Sist O Fort 22 lt 13 gt JAN 03 22 35 59 10 27 34 52 1 TRAPMGR 1948147584 traputil c 614 1733 Spenning Tree Topology Change Received MSTID 0 Und 1 Stot 0 Port 22 Buffered Log Configuration This log stores messages in memory based upon the settings for message component and severity On stackable systems this log exists only on the top of stack platform Other platforms in the stack forward their messages to the top of stack log 1 A log that is Disabled shall not log messages A log that is Enabled shall log messages Enable or Disable logging by selecting the corresponding radio button 2 Behavior Indicates the behavior of the log when it is full It can either wrap around or stop when the log space is filled 3 Click REFRESH to refresh the web page to show the latest messages in the log 4 Click CLEAR to clear the buffered log in the memory 468 Chapter Monitoring the System ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Message Log This help message applies to the format of all logged messages which are displayed for the message log persistent log or console log Format of the messages Messages logged to a collector or relay via syslog have an identical format of either type If system is not stacked e lt 15 gt Aug 24 05 34 05 STKO MSTP 2110 mspt_api c 318 237 Interface 12 transiti
110. characters and is case sensitive b Version Select the trap version to be used by the receiver from the pull down menu e SNMP v1 Uses SNMP v1 to send traps to the receiver e SNMP v2 Uses SNMP v2 to send traps to the receiver c Protocol Select the protocol to be used by the receiver from the pull down menu Select the IPv4 if the receiver s address is IPv4 address or IPv6 if the receiver s address is IPv6 d Address Enter the IPv4 address in x x x x format or IPv6 address in XXXX XXXX XXXX XXXXX XXXX XXXX XXXX XXXX Or a hostname starting with an alphabet to receive SNMP traps from this device Length of address can not exceed 158 characters e Status Select the receiver s status from the pull down menu e Enable Send traps to the receiver e Disable Do not send traps to the receiver 2 To modify information about an existing SNMP recipient select the check box next to the recipient change the desired fields and then click Apply Configuration changes take effect immediately 3 To delete a recipient select the check box next to the recipient and click Delete 4 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 84 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Trap Flags Use the Trap Flags page to enable or disable traps When the condition identified by
111. configuration fields for the class IPv6 Class Configuration IPv6 Class Information Class Name Class Type IPv6 DiffServ Class Configuration Match Every Reference Class Protocol Type Source Prefix Length Source L4 Port Destination Prefix Length Destination L4 Port Flow Label 1p osce Class Summary Class2 All Any x Classi ICMP 0 to 255 domain 0 to 65535 domain 0 to 65535 O to 1048575 afii 0 to 63 Match Criteria Values All Class Name Displays the name for the configured DiffServ class Class Type Displays the DiffServ class type Options Only when a new class is created this field is a selector field After class creation this becomes a non configurable field displaying the configured class type Define the criteria to associate with a DiffServ class 354 Chapter Configuring Quality of Service ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e Match Every This adds to the specified class definition a match condition whereby all packets are considered to belong to the class e Reference Class This lists the class es that can be assigned as reference class es to the current class e Protocol Type This lists the keywords for the layer 4 protocols from which one can be selected The list includes other as an option for the remaining values Source Prefix Length This is a valid Source IPv6 Prefix to comp
112. created the specified route The possibilities are one of the following e Local e Static OSPF e RIP Next Hop IP Address The outgoing router IP address to use when forwarding traffic to the next router if any in the path towards the destination The next router will always be one of the adjacent neighbors or the IP address of the local interface for a directly attached network Next Hop Interface The outgoing router interface to use when forwarding traffic to the destination Metric Administrative cost of the path to the destination If no value is entered default is 1 The range is 0 255 Preference The preference is an integer value from 0 to 255 The user can specify the preference value sometimes called administrative distance of an individual static route Among routes to the same destination the route with the lowest preference value is the route entered into the forwarding database By specifying the preference of a static route the user controls whether a static route is more or less preferred than routes from dynamic routing protocols The preference also controls whether a static route is more or less preferred than other static routes to the same destination Click REFRESH to refresh the web page to show the latest learned routes 184 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Route Preferences Use this panel to configure the def
113. determine the shortest path known to the protocol independent of any other protocol The best route to a destination is chosen by selecting the route with the lowest preference value When there are multiple routes to a destination the preference values are used to determine the preferred route If there is still a tie the route with the best route metric will be chosen To avoid problems with mismatched metrics you must configure different preference values for each of the protocols To display the IPv6 Route Preferences page click Routing gt IPv6 gt Advanced gt Route Preferences IPv6 Route Preferences IPv6 Route Preferences Local Static OSPF v2 Intra OSPFv3 Inter OSPFv3 External 1 Use Static to specify the Static Route preference value for the router The default value is 1 The range is 1 to 255 H p be po p oO O o 2 Use OSPFv3 Intra to specify the OSPFv3 intra route preference value in the router The default value is 110 The range is 1 to 255 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 3 Use OSPFv3 Inter to specify the OSPFv3 inter route preference value in the router The default value is 110 The range is 1 to 255 4 Use OSPFv3 External to specify the OSPFv3 External route preference value in the router The default value is 110 The range is 1 to 255 Fes escrito O O Local Local preference Tunnel Configuration ProSaf
114. enter an integer that specifies the maximum number of times an ARP request will be retried The range for this field is O to 10 The default value for Retries is 4 4 Use Cache Size to enter an integer that specifies the maximum number of entries for the ARP cache The range for this field is 256 to 1664 The default value for Cache Size is 1664 5 Use Dynamic Renew to control whether the ARP component automatically attempts to renew ARP Entries of type Dynamic when they age out The default setting is Enable 6 Use Remove from Table to remove certain entries from the ARP Table The choices listed specify the type of ARP Entry to be deleted All Dynamic Entries All Dynamic and Gateway Entries e Specific Dynamic Gateway Entry Selecting this allows the user to specify the required IP Address Chapter Routing 225 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e Specific Static Entry Selecting this allows the user to specify the required IP Address e None Selected if the user does not want to delete any entry from the ARP Table 7 Use Remove IP Address to enter the IP Address against the entry that is to be removed from the ARP Table This appears only if the user selects Specific Dynamic Gateway Entry or Specific Static Entry in the Remove from Table Drop Down List Fea Description O OS Total Entry Count Total number of Entries in the ARP table Peak Total Entries Highest value
115. exclude a single address 2 Use the IP Range To field to specify the high address if you want to exclude a range of addresses To exclude a single address enter the same IP address as specified in IP range from or leave as 0 0 0 0 3 Click ADD to add the exclude addresses configured on the screen to the switch 4 Click DELETE to delete the exclude address from the switch 48 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DHCP Pool Configuration To display the DHCP Pool Configuration page click System gt Services gt DHCP Server gt DHCP Pool Configuration A screen similar to the following displays DHCP Pool Configuration DHCP Pool Configuration Pool Name Create Pool Name 1 to 31 alphanumeric characters Type of Binding Unallocated Network Address 0 0 0 0 Network Mask 0 0 0 0 Network Prefix Length 0 to 32 Client Name Hardware Address 00 00 00 00 00 00 Hardware Address Type Ethernet Client ID Host Number 0 0 0 0 Host Mask 0 0 0 0 Host Prefix Length 8 to 32 Lease Time Infinite Days 0 0 to 59 Hours 0 0 to 23 Minutes 0 0 to 59 NetBIOS Node Type b node Broadcast Next Server Address 0 0 0 0 Domain Name 0 to 255 characters Bootfile O to 128 characters The following table describes the DHCP Pool Configuration fields Chapter Configuring System Information 49 ProSafe XSM7224S 10G Manage
116. flags 1 Use Authentication to enable or disable activation of authentication failure traps by selecting the corresponding radio button The factory default is enabled 2 Use Link Up Down to enable or disable activation of link status traps by selecting the corresponding radio button The factory default is enabled 3 Use Multiple Users to enable or disable activation of multiple user traps by selecting the corresponding radio button The factory default is enabled This trap is triggered when the same user ID is logged into the switch more than once at the same time either via telnet or the serial port 4 Use Spanning Tree to enable or disable activation of spanning tree traps by selecting the corresponding radio button The factory default is enabled 5 Use ACL to enable or disable activation of ACL traps by selecting the corresponding radio button The factory default is disabled 6 Use DVMRP to enable or disable activation of DVMRP traps by selecting the corresponding radio button The factory default is disabled 7 Use PIM to enable or disable activation of spanning tree traps by selecting the corresponding radio button The factory default is disabled 8 Use OSPF to enable or disable activation of OSPF traps by selecting the corresponding radio button The factory default is enabled This field can be configured only if the OSPF admin mode is enabled 9 Click CANCEL to cancel the configuration on the screen Resets the d
117. g 4 Valid values range from 1 to 65535 The default is 40 278 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 5 Use lIftransit Delay Interval to specify the OSPFv3 Transit Delay for the specified interface This specifies the estimated number of seconds it takes to transmit a link state update packet over the selected interface Valid values range from 1 to 3600 seconds 1 hour The default value is 1 second 6 Use Retransmit Interval to specify the OSPFv3 retransmit interval for the specified interface This is the number of seconds between link state advertisements for adjacencies belonging to this router interface This value is also used when retransmitting database descriptions and link state request packets Valid values range from 1 to 3600 seconds 1 hour The default is 5 seconds 7 Click ADD to add a new virtual link to the switch 8 Click DELETE to remove the specified virtual link from the switch configuration Field Description Neighbor State The state of the Virtual Neighbor Relationship The state of the interface Down This is the initial interface state In this state the lower level protocols have indicated that the interface is unusable In this state interface parameters will be set to their initial values All interface timers will be disabled and there will be no adjacencies associated with the interface Waiting The router is trying to
118. gt Management gt Network Interface gt IPv6 Network Interface Configuration A screen similar to the following displays IPv6 Network Interface Configuration Global Configuration Admin Mode Disable Enable IPv6 Address Auto Configuration Mode Disable Enable Current Network Configuration Protocol None OHCPv6 IPv6 Gateway Interface Status Up IPv6 Network Interface Configuration es IPv6 Prefix Prefix Length EUI64 g FE80 204 6FF FE02 407 64 True The IPv6 network interface is the logical interface used for in band connectivity with the switch via any of the switch s front panel ports The configuration parameters associated with the switch s network interface do not affect the configuration of the front panel ports through which traffic is switched or routed To access the switch over an IPv6 network you must first configure it with IPv6 information IPv6 prefix prefix length and default gateway You can configure the IP information using any of the following e IPv6 Auto Configuration e DHCPv6 e Terminal interface via the EIA 232 port Once you have established in band connectivity you can change the IPv6 information using any of the following e Terminal interface via the EIA 232 port e Terminal interface via telnet e SNMP based management e Web based management 1 Use Admin Mode to enable or disable the IPv6 network interface on the switch The default value is enable 2 Use IPv6 Address Aut
119. identifier used to identify the configuration currently being used The values allowed are between 0 and 65535 The default value is 0 Use Forward BPDU while STP Disabled to specify whether spanning tree BPDUs should be forwarded or not while spanning tree is disabled on the switch Value is enabled or disabled Use BPDU Guard to specify whether the BPDU guard feature is enabled The STP BPDU guard allows a network administrator to enforce the STP domain borders and keep the active topology consistent and predictable The switches behind the edge ports that have STP BPDU guard enabled will not be able to influence the overall STP topology At the reception of BPDUs the BPDU guard operation disables the port that is configured with this option and transitions the port into disable state This would lead to administrative disable of the port Use BPDU Filter to specify whether the BPDU Filter feature is enabled STP BPDU filtering applies to all operational edge ports Edge Port in an operational state is supposed to be connected to hosts that typically drop BPDUs If an operational edge port receives a BPDU it immediately loses its operational status In that case if BPDU filtering is enabled on this port then it drops the BPDUs received on this port VID ID Table consisting of the VLAN IDs and the Field Description Configuration digest key Identifier used to identify the configuration currently being used MST ID Table consisting of
120. in the heading row to apply a trust mode or rate to all interfaces 2 Configure any of the following settings e Queue ID Use the menu to select the queue to be configured platform based e Use Minimum Bandwidth to specify the minimum guaranteed bandwidth allotted to this queue Setting this value higher than its corresponding Maximum Bandwidth automatically increases the maximum to the same value Default value is 0 Valid Range is 0 to 100 in increments of 1 The value 0 means no guaranteed minimum Sum of individual Minimum Bandwidth values for all queues in the selected interface cannot exceed defined maximum 100 e Use Scheduler Type to specify the type of scheduling used for this queue Options are Weighted and Strict Defining on a per queue basis allows the user to create the desired service characteristics for different types of traffic e Weighted Weighted round robin associates a weight to each queue This is the default e Strict Services traffic with the highest priority on a queue first 3 Queue Management Type displays the Queue depth management technique used for queues on this interface This is only used if device supports independent settings per queue Queue Management Type can only be taildrop All packets on a queue are safe until congestion occurs At this point any additional packets queued are dropped 4 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the late
121. information for all active multicast address entries The key for an entry consists of a VLAN ID and MAC address pair Entries may contain data for more than one protocol To display the MFDB Table page click Switching gt Multicast gt MFDB gt MFDB Table MFDB Table MFDB Table Search By MAC Address MAC Address Forwarding Type Description Interfaces 1 Use Search by MAC Address to enter a MAC Address whose MFDB table entry you want displayed Enter six two digit hexadecimal numbers separated by colons for example 00 01 23 43 45 67 Then click on the GO button If the address exists that entry will be displayed An exact match is required Field Description MAC Address VLAN ID Type Component Description ForwardingInterfaces The multicast MAC address for which you requested data The VLAN ID to which the multicast MAC address is related This displays the type of the entry Static entries are those that are configured by the end user Dynamic entries are added to the table as a result of a learning process or protocol This is the component that is responsible for this entry in the Multicast Forwarding Database Possible values are IGMP Snooping GMRP Static Filtering and MLD Snooping The text description of this multicast table entry Possible values are Management Configured Network Configured and Network Assisted The resultant forwarding list is deriv
122. interface This specifies the estimated number of seconds it takes to transmit a link state update packet over the selected interface Valid values range from 1 to 3600 seconds 1 hour The default value is 1 second Use Retransmit Interval to enter the OSPF retransmit interval for the specified interface This is the number of seconds between link state advertisements for adjacencies belonging to this router interface This value is also used when retransmitting database descriptions and link state request packets Valid values range from 1 to 3600 seconds 1 hour The default is 5 seconds Use Authentication Type to select an authentication type other than none by clicking on the Configure Authentication button You will then see a new screen where you can select the authentication type from the pull down menu The choices are e None This is the initial interface state If you select this option from the pull down menu on the second screen you will be returned to the first screen e Simple If you select Simple you will be prompted to enter an authentication key This key will be included in the clear in the OSPF header of all packets sent on the network All routers on the network must be configured with the same key 256 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e Encrypt If you select Encrypt you will be prompted to enter both an authentication key a
123. interface gigabit ports 6 7 and 8 and then click Apply See MAC Binding Configuration on page 538 You can assign an optional sequence number to indicate the order of this access list relative to other access lists if any are already assigned to this interface and direction 4 The MAC Binding Table displays the interface and MAC ACL binding information See MAC Binding Table on page 540 The ACL named Sales_ACL looks for Ethernet frames with destination and source MAC addresses and MAC masks defined in the rule Also the frame must be tagged with VLAN ID 2 which is the Sales department VLAN The CoS value of the frame must be 0 which is the default value for Ethernet frames Frames that match this criteria are permitted on interfaces 6 7 and 8 and are assigned to the hardware egress queue 0 which is the default queue All other traffic is explicitly denied on these interfaces To allow additional traffic to enter these 512 Appendix Configuration Examples ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual ports you must add a new permit rule with the desired match criteria and bind the rule to interfaces 6 7 and 8 Standard IP ACL Example Configuration The following example shows how to create an IP based ACL that prevents any IP traffic from the Finance department from being allowed on the ports that are associated with other departments Traffic from the Finance department is identified by e
124. length 1 Use ADD to create the Pool Configuration Chapter Configuring System Information 51 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 2 Use APPLY to change the Pool Configuration Sends the updated configuration to the switch Configuration changes take effect immediately 3 Use DELETE to delete the Pool This field is not visible to a user with read only permission DHCP Pool Options To display the DHCP Pool Options page click System gt Services gt DHCP Server gt DHCP Pool Options A screen similar to the following displays DHCP Pool Options DHCP Pool Options No Pool Exists 1 Use Pool Name to select the Pool Name 2 Option Code specifies the Option Code configured for the selected Pool Use Option Type to specify the Option Type against the Option Code configured for the selected pool e ASCII e Hex e IP Address 4 Option Value specifies the Value against the Option Code configured for the selected pool 5 Click ADD to add a new Option Code for the selected pool 6 Click DELETE to delete the Option Code for the selected pool 52 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DHCP Server Statistics To display the DHCP Server Statistics page click System gt Services gt DHCP Server gt DHCP Server Statistics A screen similar to the following displays DHCP Server
125. machine Possible values are e Request e Response e Success Fail Timeout Initialize Idle Vlan Assigned This field displays the vlan id assigned to the selected interface by the Authenticator This field is displayed only when the port control mode of the selected interface is not mac based This field is not configurable Vlan Assigned Reason This field displays reason for the vlan id assigned by the authenticator to the selected interface This field is displayed only when the port control mode of the selected interface is not mac based This field is not configurable Possible values are Radius Unauth Default Not Assigned Key Transmission Enabled This field displays if key transmission is enabled on the selected port This is not a configurable field The possible values are true and false If the value is false key transmission will not occur Otherwise Key transmission is supported on the selected port Session Timeout This field displays Session Timeout set by the Radius Server for the selected port This field is displayed only when the port control mode of the selected port is not mac based Session Termination Action This field displays Termination Action set by the Radius Server for the selected port This field is displayed only when the port control mode of the selected port is not mac based Possible values are
126. must be exactly 128 hexidecimal characters RADIUS RADIUS servers provide additional security for networks The RADIUS server maintains a user database which contains per user authentication information The switch passes information to the configured RADIUS server which can authenticate a user name and password before authorizing use of the network RADIUS servers provide a centralized authentication method for e Web Access e Access Control Port 802 1X The RADIUS folder contains links to the following features e Radius Configuration on page 367 e RADIUS Server Configuration on page 368 e Accounting Server Configuration on page 370 366 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Radius Configuration Use the Radius Configuration page to add information about one or more RADIUS servers on the network To access the Radius Configuration page click Security gt Management Security gt RADIUS gt Radius Configuration Radius Configuration Radius Configuration Current Server Address Number of Configured Authentication Servers 0 Number of Configured Accounting Servers 0 Number of Named Authentication Server Groups 0 Number of Named Accounting Server Groups 0 Max Number of Retransmits Timeout Duration secs 5 Accounting Mode Disable Enable Radius Attribute 4 Mode Disable Enable The Current Server IP Address field is blan
127. not use IGMP messages instead it uses a message that is encapsulated in IP packets with protocol number 103 In Version 2 the Hello message is introduced in place of the query message PIM DM is appropriate for e Densely distributed receivers e A ratio of few senders to many receivers due to frequent flooding e High volume of multicast traffic e Constant stream of traffic PIM SM is used to efficiently route multicast traffic to multicast groups that may span wide area networks where bandwidth is a constraint PIM SM uses shared trees by default and implements source based trees for efficiency it assumes that no hosts want the multicast traffic unless they specifically ask for it It creates a shared distribution tree centered on a defined rendezvous point RP from which source traffic is relayed to the receivers Senders first send the multicast data to the RP which in turn sends the data down the shared tree to the receivers Shared trees centered on an RP do not necessarily provide the shortest most optimal path In such cases PIM SM provides a means to switch to more efficient source specific trees A data threshold rate is defined for toggling between trees PIM SM uses a Bootstrap Router BSR which advertises information to other multicast routers about the rendezvous point RP In a given network a set of routers can be administratively enabled as candidate bootstrap routers If it is not apparent which router should
128. number of hours difference from UTC See Time Zone Name step 7 previous for more information Allowed range is 24 to 24 The default value is 0 9 Use Offset Minutes to specify the number of Minutes difference from UTC See Time Zone Name step 7 previous for more information Allowed range is 0 to 59 The default value is 0 36 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual SNTP Global Status The following table displays SNTP Global Status information Field Description Version Specifies the SNTP Version the client supports Supported Mode Specifies the SNTP modes the client supports Multiple modes may be supported by a client Last Update Time Last Attempt Time Last Attempt Status Server IP Address Address Type Server Stratum Specifies the local date and time UTC the SNTP client last updated the system clock Specifies the local date and time UTC of the last SNTP request or receipt of an unsolicited message Specifies the status of the last SNTP request or unsolicited message for both unicast and broadcast modes If no message has been received from a server a status of Other is displayed These values are appropriate for all operational modes e Other None of the following enumeration values e Success The SNTP operation was successful and the system time was updated e Request Timed Out A dire
129. of route changes made to the IP Route Database by RIP This does not include the refresh of a route s age Global queries The number of responses sent to RIP queries from other systems Advanced From the Advanced link you can access the following pages e RIP Configuration on page 228 Interface Configuration on page 230 e Route Redistribution on page 232 RIP Configuration Use the RIP Configuration page to enable and configure or disable RIP in Global mode To display the RIP Configuration page click Routing gt RIP gt Advanced gt RIP Configuration RIP Configuration RIP Configuration RIP Admin Mode Disable Enable Split Horizon Mode None Simple Poison Reverse Auto Summary Mode Enable Disable Host Routes Accept Mode Enable Disable Global Route Changes 0 Global Queries 0 Default Information Originate Enable Disable Default Metric 0 1 Use RIP Admin Mode to enable or disable RIP for the switch The default is enable 228 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 2 Use Split Horizon Mode to select none simple or poison reverse from the radio buttons Split horizon is a technique for avoiding problems caused by including routes in updates sent to the router from which the route was originally learned The options are e None No special processing for this case e Simple A route will not be included in updates sen
130. onregeidradamedhe aeoewieagans 520 Contents 7 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual MSTP Example Configuration 00000 cece eee 522 PIM Dense Sparse Configuration Examples 525 Configurationot SWIC 4acodee spraet d GES s hea ddd 525 Configuration of Switch Zia 25 22 ces eng e2aseiaeianrannaeead 526 Appendix Notification of Compliance Index 8 Contents ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Contents 9 Getting Started This chapter provides an overview of starting your NETGEAR ProSafe Managed Switches and accessing the user interface This chapter contains the following sections e Switch Management Interface on page 10 e Web Access on page 10 e Web Access on page 10 e Understanding the User Interfaces on page 11 e Interface Naming Convention on page 16 Switch Management Interface NETGEAR ProSafe Managed Switches contain an embedded Web server and management software for managing and monitoring switch functions ProSafe Managed Switches function as simple switches without the management software However you can use the management software to configure more advanced features that can improve switch efficiency and overall network performance Web based management lets you monitor configure and control your switch remotely using a standard Web browser instead of using expensive
131. open with the client To access the network through a portal the client must first enter authentication information on an authentication Web page When the time out expires the switch disconnects any active TCP or SSL connection with the client The valid range is 60 to 600 seconds Default Authentication Timeout is 300 seconds Chapter Managing Device Security 429 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O Operational Status Shows whether the CP feature is Enabled or Disabled Default is Disabled Disabled Reason If CP is disabled this field displays the reason which can be one of the following e Administrator Disabled e IP Address Not Configured e No IP Routing Interface e Routing Disabled CP IP Address Shows the captive portal IP address Supported Captive Portals Shows the number of supported captive portals in the system Configured Captive Portals Shows the number of captive portals configured on the switch Active Captive Portals Shows the number of captive portal instances that are operationally enabled System Supported Users Shows the number of authenticated users that the system can support Local Supported Users Shows the number of entries that the Local User database supports Authenticated Users Shows the number of users currently authenticated to all captive portal instances on this switch Captive Portal Configurat
132. page 2 Select the interface for which the Candidate RP is to be configured 3 Enter the group address transmitted in Candidate RP Advertisements 4 Enter the prefix length transmitted in Candidate RP Advertisements to fully identify the scope of the group which the router supports if elected as a Rendezvous Point 5 Click the Add button The new Candidate RP is added and the device is updated BSR Candidate Configuration Use this page to configure information to be used if the interface is selected as a bootstrap router or to display information about the configured BSR candidates To display the PIM BSR Candidate Configuration page click Routing gt Multicast PIM gt BSR Candidate Configuration Chapter Routing 313 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual PIM BSR Candidate Configuration PIM BSR Candidate Configuration G Interface 1 0 1 v Hash Mask Length 30 BSR Expiry Time hh mm ss Priority 0 IP Address Next bootstrap Message hh mm ss Next Candidate RP Advertisement hh mm ss 1 Use Interface to select the interface for which data is to be configured 2 Use Hash Mask Length to enter the C BSR hash mask length to be advertised in bootstrap messages This hash mask length will be used in the hash algorithm for selecting the RP for a particular group The valid values are from 0 to 32 Default value is 30 3 Use Priority to enter the priority of C BSR 4 Cli
133. page 416 e DHCP Snooping Binding Configuration on page 417 e DHCP Snooping Persistent Configuration on page 418 e DHCP Snooping Statistics on page 419 414 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DHCP Snooping Global Configuration To display the DHCP Snooping Global Configuration page click Security gt Control gt DHCP Snooping gt Global Configuration DHCP Snooping Global Configuration DHCP Snooping Global Configuration DHCP Snooping Mode Disable Enable MAC Address Validation Disable Enable VLAN Configuration VLAN ID DHCP Snooping Mode DHCP Snooping Configuration 1 Use DHCP Snooping Mode to enable or disable the DHCP Snooping feature The factory default is disabled 2 Use MAC Address Validation to enable or disable the validation of sender MAC Address for DHCP Snooping The factory default is enabled DHCP Snooping VLAN Configuration 1 Use VLAN ID to enter the VLAN for which the DHCP Snooping Mode is to be enabled 2 Use DHCP Snooping Mode to enable or disable the DHCP Snooping feature for entered VLAN The factory default is disabled 3 Click APPLY to apply the new configuration and cause the changes to take effect These changes will not be retained across a power cycle unless a save configuration is performed Chapter Managing Device Security 415 ProSafe XSM7224S 10G Managed Stackable Switch
134. policy Policy Configura tion Policy Configuration Policy Name Policy Type Member Class a C O Class2 In The policy name is a hyperlink The following figure shows the configuration fields for the policy 356 Chapter Configuring Quality of Service ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Policy Class Configuration Class Information Policy Name Class2 Policy Type In Member Class Name Policy Attribute Policy Attribute Assign Queve oOo Drop Mark VLAN CoS 0 Mark IP Precedence 0 v Mark IP OSCP afii C Simple Policy Color Mode Color Blind Committed Rate Comitted Burst Size Conform Action G Send Drop Mark CoS 0 Mark IP Precedence Mark IP DSCP afii 10 Violate Action Send Drop Mark CoS J Mark IP Precedence Mark IP DSCP afil 10 2 Select the queue to which packets will of this policy class will be assigned This is an integer value in the range 0 to 7 3 Configure the policy attributes e Drop Select the drop radio button This flag indicates that the policy attribute is defined to drop every inbound packet e Mark VLAN CoS This is an integer value in the range from 0 to 7 for setting the VLAN priority e Mark IP Precedence This is an IP Precedence value in the range from 0 to 7 e Mark IP DSCP This lists the keywords for the known DSCP values from which one can be selected The list includes other as an optio
135. range 1 to 200 Field Description Default Time to Live The default value inserted into the Time To Live field of the IP header of datagrams originated by the switch if a TTL value is not supplied by the transport layer protocol Maximum Next Hops The maximum number of hops supported by the switch This is a compile time constant Chapter Routing 187 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Statistics The statistics reported on this screen are as specified in RFC 1213 To display the Statistics page click Routing gt IP gt Basic gt Statistics IP Statistics IP Statistics IpInReceives 9835 IpInHdrErrors 0 IpInAddrErrors 0 IpForwDatagrams 0 IpInUnknownProtos 0 IpInDiscards 0 IpInDelivers 9017 IpOutRequests 7956 IpOutDiscards 0 IpOutNoRoutes 0 IpReasmTimeout 60 IpReasmReqds IpReasmOKs IpReasmFails IpFragOKs IpFragFails IpFragCreates IpRoutingDiscards IcmpInMsgs IempInErrors IcmpInDestUnreachs IcmpInTimeExcds IcmpInParmProbs IempInSrcQuenchs IcmpInRedirects IcmpInEchos IcmpInEchoReps IcmpInTimestamps IcmpInTimestampReps IcmpInAddrMasks IcmpInAddrMaskReps IcmpOutMsgs IcmpOutErrors IempOutDestUnreachs coo orwrdogcoeoesoorFro7ogoecogogoesodqgceaoesgceforo qogcieieses S amp S 8S S amp S IcmpOutTimeExcds 188 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field
136. reached by Total Entry Count This counter value is restarted whenever the ARP table Cache Size value is changed Active Static Entries Total number of Active Static Entries in the ARP table Configured Static Entries Total number of Configured Static Entries in the ARP table Maximum Static Entries Maximum number of Static Entries that can be defined 226 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual RIP RIP is an Interior Gateway Protocol IGP based on the Bellman Ford algorithm and targeted at smaller networks network diameter no greater than 15 hops The routing information is propagated in RIP update packets that are sent out both periodically and in the event of a network topology change On receipt of a RIP update depending on whether the specified route exists or does not exist in the route table the router may modify delete or add the route to its route table From the RIP link you can access the following pages e Basic on page 227 e Advanced on page 228 Basic From the Basic link you can access the following pages e RIP Configuration on page 227 RIP Configuration Use the RIP Configuration page to enable and configure or disable RIP in Global mode To display the RIP Configuration page click Routing gt RIP gt Basic gt RIP Configuration RIP Configuration RIP Configuration RIP Admin Mode O Disable Enable 1 Use RIP
137. reboot The second log type is the system operation log The system operation log stores the last N messages received during system operation To access the Persistent Logs page click Monitoring gt Logs gt Persistent Logs Persistent Logs Persistent Logs Admin Mode Disable Enable Behavior Alert x Message Log Total number of Messages 0 Description 1 A log that is Disabled shall not log messages A log that is Enabled shall log messages Enable or Disable logging by selecting the corresponding line on the pull down entry field 2 Behavior A log records messages equal to or above a configured severity threshold Select the severity option by selecting the corresponding line on the pull down entry field These severity levels have been enumerated below e Emergency 0 system is unusable e Alert 1 action must be taken immediately Chapter Monitoring the System 475 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e Critical 2 critical conditions e Error 3 error conditions e Warning 4 warning conditions e Notice 5 normal but significant conditions e Informational 6 informational messages e Debug 7 debug level messages 3 Click REFRESH to refresh the web page to show the latest messages in the persistent log Format of the messages e Total number of Messages Number of persistent log messages displayed on the switch e
138. received on this interface by this router 274 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Neighbor Table This screen shows the OSPF v3 Neighbor Table This information is displayed only if OSPFv3 is enabled and there exists at least on OSPFv3 enabled interface having a valid neighbor To display the Neighbor Table page click Routing gt OSPFv3 gt Advanced gt Neighbor Table OSPFv3 Neighbor Table OSPFv3 Neighbor Table Search By Interface Interface Router Interface GO Router Dead Retransmission State Events Identifier ID Priority Time secs Queue length Router Priority State Dead Time Events Field Description Interface The Interface for which the data needs to be displayed Router ID A 32 bit integer in dotted decimal format representing the Router ID of the neighbor on the selected Interface Area ID A 32 bit integer in dotted decimal format representing the area common to the neighbor selected Options A Bit Mask corresponding to the neighbor s options field The priority of this neighbor in the designated router election algorithm A value of 0 signifies that the neighbor is not eligible to become the designated router on this particular network State of the relationship with this neighbor Number of seconds since last Hello was received from Adjacent Neighbors Set to 0 for neighbors in a state less than o
139. rule Valid range of Queue lds is 0 to 6 Mirror Interface Specifies the specific egress interface where the matching traffic stream is copied in addition to being forwarded normally by the device This field Chapter Managing Device Security 445 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual cannot be set if a Redirect Interface is already configured for the ACL rule This field is visible for a Permit Action e Match Every Select true or false from the pull down menu True signifies that all packets will match the selected IP ACL and Rule and will be either permitted or denied In this case since all packets match the rule the option of configuring other match criteria will not be offered To configure specific match criteria for the rule remove the rule and re create it or re configure Match Every to False for the other match criteria to be visible e Protocol Keyword Specify that a packet s IP protocol is a match condition for the selected IP ACL rule The possible values are ICMP IGMP IP TCP and UDP e TCP Flag Specify that a packet s TCP flag is a match condition for the selected IP ACL rule The TCP flag values are URG ACK PSH RST SYN FIN Each TCP flag has these possible values below and can be set separately e Ignore A packet matches this ACL rule whatever the TCP flag in this packet is set or not e Set A packet matches this ACL rule if the TCP flag in this pack
140. screen and reset the data on the screen to the latest value of the switch If you make changes to the page click Apply to apply the changes to the system Chapter Configuring Quality of Service 339 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual CoS Interface Configuration Use the CoS Interface Configuration page to apply an interface shaping rate to all interfaces or to a specific interface To display the CoS Interface Configuration page click QoS gt CoS gt Advanced gt CoS Interface Configuration CoS Interface Configuration CoS Interface Configuration 1 LAGS All Go To Interface GO Interface Interface Trust Mode O yvo 1 802 1p i C 10 2 802 1p o O 10 3 802 1p 0 CI 10 4 802 1p i O 10 5 802 1p o C 10 6 802 1p 0 O 1 0 77 802 1p e C 170 8 802 1p 0 O 1 0 9 802 1p 0 CO 1 0 10 802 1p o O 1 0 12 802 1p 0 C 1 0 12 802 1p o O 1 0 13 802 1p 0 O 1 0 14 802 1p o O 1 0 15 802 1p 0 O 1 0 16 802 1p o O 1 0 17 802 1p 0 O 1 0 18 802 1p o O 1 0 19 802 1p 0 C 1 0 20 802 1p 0 O 1 0 21 802 1p o O 1 0 22 802 1p 0 O 1 0 23 802 1p o C 1 0 24 802 1p 0 i LAGS AIl Go To Interface so To configure CoS settings for an interface 1 Use Interface to specify all CoS configurable interfaces 340 Chapter Configuring Quality of Service ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 2 Use Interface Trust Mode to specify whether to t
141. seconds The Older Version Querier Interval is the time out for transitioning a host back to IGMPv3 mode once an older version query is heard When an older version query is received hosts set their Older Version Querier Present Timer to Older Version Querier Interval The older IGMP version 2 querier timeout value in seconds The number of times the proxy was brought up IGMP Proxy Interface Statistics To display the IGMP Proxy Interface Statistics page click Routing gt Multicast gt IGMP gt Proxy Interface Statistics IGMP Proxy Interface Statistics IGMP Proxy Interface Statistics IGMP Proxy non operational Field Description Interface Displays the interface on which IGMP packets received Version The version of IGMP packets received Queries Received Report Received Reports Sent The number of IGMP queries received The number of IGMP reports received The number of IGMP reports sent Leaves Received The number of IGMP leaves received Leaves Sent The number of IGMP leaves sent Click REFRESH to refresh the data on the screen with the latest IGMP Proxy interface statistics Chapter Routing 307 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IGMP Proxy Membership To display the IGMP Proxy Membership page click Routing gt Multicast gt IGMP gt Proxy Membership IGMP Proxy Membership IGMP Proxy Membership
142. security The Security tab contains links to the following features e Management Security Settings on page 362 e Configuring Management Access on page 379 Port Authentication on page 391 e Traffic Control on page 402 e Control on page 414 e Configuring Access Control Lists on page 436 Management Security Settings From the Management Security Settings page you can configure the login password Remote Authorization Dial In User Service RADIUS settings Terminal Access Controller Access Control System TACACS settings and authentication lists To display the page click the Security gt Management Security tab The Management Security folder contains links to the following features e Local User on page 362 e Enable Password Configuration on page 365 e Line Password Configuration on page 365 e RADIUS on page 366 e Configuring TACACS on page 372 e Authentication List Configuration on page 374 e Login Sessions on page 378 Local User From the Local User link you can access the following pages e User Management on page 363 e User Password Configuration on page 364 Chapter Managing Device Security 362 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual User Management By default two user accounts exist e admin with Read Write privileges e guest with Read Only privileges By default both of these accounts have blank passwords The names are not case sensitive
143. selection has the effect of excluding all ports from the selected VLAN 3 Use Port List to add the ports you selected to this VLAN Each port has three modes 116 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Tagged Select the ports on which all frames transmitted for this VLAN will be tagged The ports that are selected will be included in the VLAN e U Untagged Select the ports on which all frames transmitted for this VLAN will be untagged The ports that are selected will be included in the VLAN e BLANK Autodetect Select the ports that may be dynamically registered in this VLAN via GVRP This selection has the effect of excluding a port from the selected VLAN Field Definition VLAN Name This field identifies the name for the VLAN you selected It can be up to 32 alphanumeric characters long including blanks VLAN ID 1 always has a name of Default VLAN Type This field identifies the type of the VLAN you selected The VLAN type Default VLAN ID 1 always present Static a VLAN you have configured Dynamic a VLAN created by GVRP registration that you have not converted to static and that GVRP may therefore remove VLAN Status Use this page to display the status of all currently configured VLANs To display the VLAN Status page click Switching gt VLAN gt Advanced gt VLAN Status VLAN Status
144. source port Use the Multiple Port Mirroring page to define port mirroring sessions To access the Multiple Port Mirroring page click Monitoring gt Mirroring gt Port Mirroring 476 Chapter Monitoring the System ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Multiple Port Mirroring Status Table LAGS All Go To Interface Source i Session Dukani eee LA mo Ei ae es C 1 0 2 Disable C 1 0 3 Disable 1 0 4 Disable O 1 0 5 Disable 1 0 6 Disable 1 0 7 Disable O 1 0 8 Disable C 1 0 9 Disable C 1 0 10 Disable C 1 0 11 Disable C 1 0 12 Disable 1 0 13 Disable C 1 0 14 Disable 1 0 15 Disable C 1 0 16 Disable C 1 0 17 Disable C 1 0 18 Disable 1 0 19 Disable C 1 0 20 Disable C 1 0 21 Disable T1 1 0 22 Disable To configure Port Mirroring Chapter Monitoring the System 477 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 Select the check box next to a port to configure it as a source port e Mode Specifies the Mode for mirroring By default Mode is disabled 2 Use Source Port to specify the configured port s as mirrored port s Traffic of the configured port s is sent to the probe port 3 In the Destination Port field specify the port to which port traffic is be copied Use the unit slot port format to specify the port You can configure only one destination port on the system Acts as a probe p
145. table describes Switch Statistics information Field Description iflndex Octets Received The total number of octets of data received by the processor excluding framing bits but including FCS This object indicates the iflndex of the interface table entry associated with the Processor of this switch octets Chapter Configuring System Information 23 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fes escrito O O Packets Received Without Errors The total number of packets including broadcast packets and multicast packets received by the processor Unicast Packets Received The number of subnetwork unicast packets delivered to a higher layer protocol Multicast Packets Received The total number of packets received that were directed to a multicast address Note that this number does not include packets directed to the broadcast address Broadcast Packets Received The total number of packets received that were directed to the broadcast address Note that this does not include multicast packets Receive Packets Discarded The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol A possible reason for discarding a packet could be to free up buffer space Octets Transmitted The total number of octets transmitted out of the interface including framin
146. the IP interface address Waiting The router is trying to determine the identity of the Backup Designated Router for the network by monitoring received Hello Packets The router is not allowed to elect a Backup Designated Router or a Designated Router until it transitions out of Waiting state This prevents unnecessary changes of Backup Designated Router Designated Router This router is itself the Designated Router on the attached network Adjacencies are established to all other routers attached to the network The router must also originate a network LSA for the network node The network LSA will contain links to all routers including the Designated Router itself attached to the network Backup Designated Router This router is itself the Backup Designated Router on the attached network It will be promoted to Designated Router if the present Designated Router fails The router establishes adjacencies to all other routers attached to the network The Backup Designated Router performs slightly different functions during the Flooding Procedure as compared to the Designated Router Other Designated Router The interface is connected to a broadcast or NBMA network on which other routers have been selected to be the Designated Router and Backup Designated Router either The router attempts to form adjacencies to both the Designated Router and the Backup Designated Router The State is only displayed if the OSPFv3 admin mode is enable
147. the ISDP bad packets received ISDP Checksum Error Displays the number of the checksum error ISDP Transmission Failure Displays the number of the transmission failure ISDP Invalid Format Displays the number of the invalid format ISDP packets received 110 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description ISDP Table Full Displays the table size of the ISDP table ISDP Ip Address Table Full Displays the table size of the ISDP IP address table Chapter Configuring System Information 111 Contiguring Switching Information Use the features in the Switching tab to define Layer 2 features The Switching tab contains links to the following features VLANs on page 112 Spanning Tree Protocol on page 129 Multicast on page 144 Address Table on page 164 Ports on page 169 Link Aggregation Groups on page 172 PFC on page 177 VLANs Adding Virtual LAN VLAN support to a Layer 2 switch offers some of the benefits of both bridging and routing Like a bridge a VLAN switch forwards traffic based on the Layer 2 header which is fast and like a router it partitions the network into logical segments which provides better administration security and management of multicast traffic By default all ports on the switch are in the same broadcast domain VLANs electronically separate ports on the same switch into separate b
148. the MST instances including the CST and the corresponding VLAN IDs associated with each of them corresponding FID associated with each of them FID ID Table consisting of the FIDs and the corresponding VLAN IDs associated with each of them Chapter Configuring Switching Information 131 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Advanced From the Advanced link you can access the following pages STP Configuration on page 132 CST Configuration on page 134 CST Port Configuration on page 136 CST Port Status on page 138 MST Configuration on page 139 MST Port Status on page 141 STP Statistics on page 143 STP Configuration The Spanning Tree Configuration Status page contains fields for enabling STP on the switch To display the Spanning Tree Configuration Status page click Switching gt STP gt Advanced gt STP Configuration STP Configuration STP Configuration Spanning Tree Admin Mode Disable Enable Force Protocol Version IEEE 802 1d IEEE 802 1w IEEE 802 1s Configuration Name 00 04 06 02 04 07 Configuration Revision Level 0 D to 65535 Forward BPDU while STP Disabled Disable Enable BPDU Guard Disable Enable BPDU Filter Disable Enable Configuration Digest Key 0xac36177f50283cd4b83821d8ab26de62 Configuration Format Selector 0 STP Status MST ID VID FID 0 1 1 Use Spanning Tree Admin Mode to specify whether span
149. the address was confirmed to be reachable Chapter Routing 215 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IPv6 Route Configuration To display the IPv6 Route Configuration page click Routing gt IPv6 gt Advanced gt Static Route Configuration IPv6 Route Configuration Configure Routes D Next Hop IPv6 Next Hop IPv6 Address Type Address IPv6 Prefix Prefix Length Interface Preference 1 Use IPv6 Prefix Prefix Length to enter the Network Prefix and Prefix Length for the Configured Route 2 Use Next Hop IPv6 Address Type to specify if the Next Hop IPv6 Address is a Global IPv6 Address or a Link local IPv6 Address or a Static Reject IPv6 Address If the Next Hop IPv6 address specified is a Link Local IPv6 Address specify the Interface for the Link local IPv6 Next Hop Address Select Static Reject from this menu to create a static reject route for a destination prefix No next hop address is specified in that case 3 Use Next Hop IPv6 Address to enter the Next Hop IPv6 Address for the Configured Route 4 Use Interface to specify the unit slot and port number for the Link local IPv6 Next Hop Address This field is enabled only if the Link local is selected 5 Use Preference to specify the Route Preference of the Configured Route 6 Click ADD to configure a new route 7 Click DELETE to delete the corresponding route IPv6 Route Table To display the IPv6 Route Table pag
150. the format of the TFTP SFTP SCP Server Address field The factory default is IPv4 4 Use Server Address to enter the IP address of the server in accordance with the format indicated by the Server Address Type The factory default is the IPv4 address 0 0 0 0 5 Use Remote File Name to enter the name of the file you want to download from the server You may enter up to 32 characters The factory default is blank 6 Use User Name to enter the username for remote login to SFTP SCP server where the file resides This field is visible only when SFTP or SCP transfer modes are selected 7 Use Password to enter the password for remote login to SFTP SCP server where the file resides This field is visible only when SFTP or SCP transfer modes are selected 8 The last row of the table is used to display information about the progress of the file transfer The screen will refresh automatically until the file transfer completes HTTP File Download Use the HTTP File Download page to download files of various types to the switch using an HTTP session for example via your Web browser To display this page click Maintenance gt Download gt HTTP File Download HTTP File Download HTTP File Download File Type Archive v Image Name imagel Select File Browse 492 Chapter Maintenance ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual To download a file to the switch by using HTTP 1 Use File Ty
151. the last restart occured Restart Exit Reason Displays how the master unit on the stack last started up The possible values are e Not Attempted graceful restart has not been attempted e In Progress restart is in progress e Completed the previous gracefull restart completed successfully e Timed Out the previous graceful restart timed out Topology Changed the previous graceful restart terminated prematurely because of a topology change OSPFv3 OSPFv3 is the Open Shortest Path First routing protocol for IPv6 It is similar to OSPF v2 in its concept of a link state database intra inter area and AS external routes and virtual links It differs from its IPv4 counterpoint in a number of respects including the following peering is done via link local addresses the protocol is link based rather than network based and addressing semantics have been moved to leaf LSAs which eventually allow its use for both IPv4 and IPv6 Point to point links are also supported in order to enable operation over tunnels It is possible to enable OSPF and OSPF v3 at the same time OSPF works with IPv4 and OSPF v3 works with IPv6 From the OSPF link you can access the following pages e Basic on page 260 e Advanced on page 261 Basic From the Basic link you can access the following pages e OSPFv3 Configuration on page 261 260 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administrat
152. the web page is displayed The default value is Enable 384 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 3 Use SSH Version 2 to Enable or Disable Protocol Level 2 for SSH The currently configured value is shown when the web page is displayed The default value is Enable 4 Use SSH Session Timeout to configure the inactivity time out value for incoming SSH sessions to the switch The acceptable range for this value is 1 160 minutes 5 Use Maximum Number of SSH Sessions to configure the maximum number of inbound SSH sessions allowed on the switch The currently configured value is shown when the web page is displayed The range of acceptable values for this field is 0 5 6 Use Login Authentication List to select an authentication list from the pull down menu This list is used to authenticate users who try to login the switch 7 Use Enable Authentication List to select an authentication list from the pull down menu This list is used to authenticate users who try to get enable level privilege 8 Click REFRESH to refresh the web page to show the latest SSH Sessions Field Description Current Number of SSH Sessions Displays the number of SSH connections currently in use in the system Keys Present Displays which keys RSA DSA or both are present if any Host Keys Management Use this menu to generate or delete RSA and DSA keys
153. to the policy A policy is applied to a packet when a class match within that policy is found To display the DiffServ Configuration page click QoS gt DiffServ gt Advanced gt Diffserv Configuration Diffserv Configuration Diffserv Config DiffServ Admin Mode Disable Enable Status MIB Table Class Table 0 32 Class Rule table 0 416 Policy table 0 64 Policy Instance table 0 1792 Policy Attributes table 0 5376 Service table 0 160 To configure the global DiffServ mode 1 2 3 Select the administrative mode for DiffServ e Enable Differentiated Services are active e Disable The DiffServ configuration is retained and can be changed but it is not active Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch If you make changes to the page click Apply to apply the changes to the system The following table describes the information displayed in the Status table on the DiffServ Configuration page Field Description Class table Displays the number of configured DiffServ classes Class Rule table Displays the number of configured class rules out of Policy table Displays the number of configured policies out of the out of the total allowed on the switch the total allowed on the switch total allowed on the switch Policy Instance table Displays the number of configured policy class instances out of
154. true or false from the pull down menu True signifies that all packets will match the selected IPv6 ACL and Rule and will be either permitted or denied In this case since all packets match the rule the option of configuring other match criteria will not be offered To configure specific match criteria for the rule remove the rule and recreate it or reconfigure Match Every to False for the other match criteria to be visible Use Protocol to configure IPv6 protocol a Specify an integer ranging from 0 to 255 after selecting protocol keyword other This number represents the IP protocol b Select name of a protocol from the existing list of Internet Protocol IP Transmission Control Protocol TCP User Datagram Protocol UDP Internet Control Message Protocol ICMP and Internet Group Management Protocol IGMP Use Source Prefix PrefixLength to specify IPv6 Prefix combined with IPv6 Prefix length of the network or host from which the packet is being sent Prefix length can be in the range 0 to 128 Use Source L4 Port to specify a packet s source layer 4 port as a match condition for the selected IPv6 ACL rule Source port information is optional Source port information can be specified in two ways a Select keyword other from the drop down menu and specify the number of the port in the range from 0 to 65535 b Select one of the keyword from the list DOMAIN ECHO FTP FTPDATA HTTP SMTP SNMP TELNET TFTP a
155. will be authenticated using the RADIUS server instead of locally e Line The line password will be used for authentication Enable The privileged EXEC password will be used for authentication e Tacacs The user s ID and password will be authenticated using the TACACS server e None The user will not be authenticated 374 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 3 Use the dropdown menu to select the method if any that should appear second in the selected authentication login list This is the method that will be used if the first method times out If you select a method that does not time out as the second method the third method will not be tried Note that this parameter will not appear when you first create a new login list 4 Use the dropdown menu to select the method if any that should appear third in the selected authentication login list 5 Click ADD to add a new login list to the switch 6 Click DELETE to remove the selected authentication login list from the configuration The delete will fail if the selected login list is assigned to any user including the default user for system login You can only use this button if you have Read Write access The change will not be retained across a power cycle unless you perform a save Enable Authentication List You use this page to configure enable lists A enable list specifies the auth
156. 0 Changing the value will not change the configuration until the APPLY button is pressed Transmit Period This input field allows the user to configure the transmit period for the selected port The transmit period is the value in seconds of the timer used by the authenticator state machine on the specified port to determine when to send an EAPOL EAP Request Identity frame to the supplicant The transmit period must be a number in the range of 1 and 65535 The default value is 30 Changing the value will not change the configuration until the APPLY button is pressed GuestVLAN ld This field allows the user to configure Guest Vlan Id on the interface The valid range is 0 3965 The default value is 0 Changing the value will not change the configuration until the Apply button is pressed Enter O to clear the Guest Vlan Id on the interface Guest VLAN Period This input field allows the user to enter the guest Vlan period for the selected port The guest Vlan period is the value in seconds of the timer used by the GuestVlan Authentication The guest Vlan time out must be a value in the range of 1 and 300 The default value is 90 Changing the value will not change the configuration until the Apply button is pressed Unauthenticated VLAN id This input field allows the user to enter the Unauthenticated Vlan Id for the selected port The valid range is 0 3965 The default value is 0 Changing the value will not change the configuration until th
157. 01 23 45 67 89 AB Then click on the Go button If the address exists that entry will be displayed as the first entry followed by the remaining greater mac addresses An exact match is required e Searched by VLAN ID Select VLAN ID from pull down menu enter the VLAN ID for example 100 Then click on the Go button If the address exists the entry will be displayed as the first entry followed by the remaining greater mac addresses e Searched by Port Select Port from pull down menu enter the port ID in Unit Slot Port for example 2 1 1 Then click on the Go button If the address exists the entry will be displayed as the first entry followed by the remaining greater mac addresses Chapter Configuring Switching Information 167 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fea escrito O O Total MAC Address Displaying the number of total MAC addresses learned or configured MAC Address A unicast MAC address for which the switch has forwarding and or filtering information The format is a 6 byte MAC Address that is separated by colons for example 01 23 45 67 89 AB The VLAN ID associated with the MAC Address The port upon which this address was learned The status of this entry The meanings of the values are Static the value of the corresponding instance was added by the system or a user and cannot be relearned e Learned the value of the
158. 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 Go To Port PortList Bit Offset DO LN GOAUOA UN we a be Re Be Fe oe w O won AUA wh m O 24 eo ifindex o On owe wn ve et BS Ee B EG hoffe Ook gt w ry OM ON DUM kFWN re O Use Port Description to enter the description string to be attached to a port It can be up to 64 characters in length Chapter Configuring Switching Information 171 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O Port Selects the interface for which data is to be displayed or configured MAC Address Displays the physical address of the specified interface PortList Bit Offset Displays the bit offset value which corresponds to the port when the MIB object type PortList is used to manage in SNMP a ST Link Aggregation Groups Link aggregation groups LAGs which are also known as port channels allow you to combine multiple full duplex Ethernet links into a single logical link Network devices treat the aggregation as if it were a single link which increases fault to
159. 1 13 28 True 1 image2 False False 9 0 0 10 True To configure Dual Image settings 1 Use Unit to select the unit whose code image you want to activate update or delete 2 Use Image Description to specify the description for the image that you have selected 3 Use Next Active Image to make the selected image the next active image for subsequent reboots 4 Use Update Bootcode to update the bootloader with the selected image gl Click DELETE to delete the selected image from permanent storage on the switch 6 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Note After activating an image you must perform a system reset of the switch in order to run the new code Field Description Image Name This displays the image name for the selected unit Active Image Displays the current active image of the selected unit Version Displays the version of the image1 code file 496 Chapter Maintenance ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Troubleshooting The Troubleshooting menu contains links to the following options e Ping IPv4 on page 497 e Ping IPv6 on page 498 e Traceroute IPv4 on page 499 e Traceroute IPv6 on page 500 Ping IPv4 Use this screen to tell the switch to send a Ping request to a specified IP address You can use this to check whether the switch can communicate with a particular IP sta
160. 1 to 8 5 Use Sampling Rate to specify the statistical sampling rate for packet sampling from this source A sampling rate of 1 counts all packets A sampling rate of 0 disables sampling Allowed range is 1024 to 65536 6 Use Maximum Header Size to specify the maximum number of bytes that should be copied from a sampled packet Allowed range is 20 to 256 482 Chapter Monitoring the System ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Chapter Monitoring the System 483 Maintenance Use the features available from the Maintenance tab to help you manage the switch The Maintenance tab contains links to the following features e Save Configuration on page 484 e Reseton page 485 e Upload File From Switch on page 487 e Download File To Switch on page 490 e File Management on page 495 e Troubleshooting on page 497 Save Configuration The Save Configuration menu contains links to the following options e Save Configuration on page 484 e Auto Install Configuration on page 485 Save Configuration To access the Save Configuration page click Maintenance gt Save Config gt Save Configuration Chapter Maintenance 484 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 Select the check box and click the APPLY button to have configuration changes you have made saved across a system reboot All changes submitted since the previous save or system r
161. 10 0 Disable O 1 0 13 Disable 260 10 0 Disable OO 10 14 Disable 260 10 0 Disable O 1 0 15 Disable 260 10 0 Disable O 1 0 16 Disable 260 10 0 Disable O 1 0 17 Disable 260 10 o Disable C 1 0 18 Disable 260 10 0 Disable O 1 0 19 Disable 260 10 0 Disable O 1 0 20 Disable 260 10 0 Disable C 1 0 21 Disable 260 10 0 Disable O 170 22 Disable 260 10 o Disable O 1 0 23 Disable 260 10 0 Disable O svo 2s Disable 260 10 o Disable 1 LAGS All Go To Interface asoa 1 Interface Displays all physical VLAN and LAG interfaces Select the interface you want to configure 158 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 2 Use Admin Mode to select the interface mode for the selected interface for MLD Snooping for the switch The default is disable 3 Use Group Membership Interval secs to specify the amount of time you want the switch to wait for a report for a particular group on a particular interface before it deletes that interface from the group The valid range is from 2 to 3600 seconds The configured value must be greater than Max Response Time The default is 260 seconds 4 Use Max Response Time secs to specify the amount of time you want the switch to wait after sending a query on an interface because it did not receive a report for a particular group on that interface Enter a value greater or equal to 1 and less than the Group Membership Interval in se
162. 1000 O 1 0 20 Disable Disable 20 60 1000 O 1 0 21 Disable Disable 20 60 1000 C 1 0 22 Disable Disable 20 60 1000 C 1 0 23 Disable Disable 20 60 1000 OO 1 0 24 Disable Disable 20 60 1000 i LAGS All Go To Interface SO 128 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 Use Interface to select the physical interface for which data is to be displayed or configured 2 Use Port GVRP Mode to choose the GARP VLAN Registration Protocol administrative mode for the port by selecting enable or disable from the dropdown list If you select disable the protocol will not be active and the Join Time Leave Time and Leave All Time will have no effect The factory default is disable 3 Use Port GMRP Mode to choose the GARP Multicast Registration Protocol administrative mode for the port by selecting enable or disable from the dropdown list If you select disable the protocol will not be active and Join Time Leave Time and Leave All Time have no effect The factory default is disable 4 Use Join Time centiseconds to specify the time between the transmission of GARP PDUs registering or re registering membership for a VLAN or multicast group in centiseconds Enter a number between 10 and 100 0 1 to 1 0 seconds The factory default is 20 centiseconds 0 2 seconds An instance of this timer exists for each GARP participant for each port 5 Use Leave Time centiseco
163. 20 Appendix Configuration Examples ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual working but not the end effect chief among the effects is the rapid transitioning of the port to the Forwarding state The difference between the RSTP and the traditional STP IEEE 802 1D is the ability to configure and recognize full duplex connectivity and ports that are connected to end stations resulting in rapid transitioning of the port to the Forwarding state and the suppression of Topology Change Notification These features are represented by the parameters pointtopoint and edgeport MSTP is compatible to both RSTP and STP It behaves appropriately to STP and RSTP bridges A MSTP bridge can be configured to behave entirely as a RSTP bridge or a STP bridge So an IEEE 802 1s bridge inherently also supports IEEE 802 1w and IEEE 802 1D The MSTP algorithm and protocol provides simple and full connectivity for frames assigned to any given VLAN throughout a Bridged LAN comprising arbitrarily interconnected networking devices each operating MSTP STP or RSTP MSTP allows frames assigned to different VLANs to follow separate paths each based on an independent Multiple Spanning Tree Instance MSTI within Multiple Spanning Tree MST Regions composed of LANs and or MSTP Bridges These Regions and the other Bridges and LANs are connected into a single Common Spanning Tree CST IEEE DRAFT P802 1s D13 MSTP connects all B
164. 21 EDOC in Languages of the European Community Language Statement Cesky Czech NETGEAR Inc t mto prohla uje Ze tento Radiolan je ve shode se z kladn mi po adavky a dal mi pr slu n mi ustanoven mi smernice 1999 5 ES Dansk Danish Undertegnede NETGEAR Inc erkl rer herved at f lgende udstyr Radiolan overholder de v sentlige krav og vrige relevante krav i direktiv 1999 5 EF Deutsch Hiermit erkl rt NETGEAR Inc dass sich das Ger t Radiolan in bereinstimmung mit German den grundlegenden Anforderungen und den brigen einschl gigen Bestimmungen der Richtlinie 1999 5 EG befindet Eesti Estonian K esolevaga kinnitab NETGEAR Inc seadme Radiolan vastavust direktiivi 1999 5 EU p hin uetele ja nimetatud direktiivist tulenevatele teistele asjakohastele s tetele Appendix Notification of Compliance 528 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual English Hereby NETGEAR Inc declares that this Radiolan is in compliance with the essential requirements and other relevant provisions of Directive 1999 5 EC Espanol Por medio de la presente NETGEAR Inc declara que el Radiolan cumple con los Spanish requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999 5 CE EAAnvikhy ME THN MAPOY2ZA NETGEAR Inc AHAQNE OTI Radiolan 2 gt YMMOP ONETAI MPO Greek TIX OYZIOAEIZ ANAITHZEIZ KAI T12 AOINES ZXETIKEZ AIATA EI
165. 215 4 Click ADD to configure the area as a stub area 5 Click DELETE to delete the stub area designation The area will be returned to normal state Field Description SPF Runs The number of times that the intra area route table has been calculated using this area s link state database This is typically done using Dijkstra s algorithm Area Border Router Count Area LSA Count Area LSA Checksum The total number of area border routers reachable within this area This is initially zero and is calculated in each SPF Pass The total number of link state advertisements in this area s link state database excluding AS External LSAs The 32 bit unsigned sum of the link state advertisements LS checksums contained in this area s link state database This sum excludes external LS type 5 link state advertisements The sum can be used to determine if there has been a change in a router s link state database and to compare the link state database of two routers Type of Service This field is the normal TOS associated with the stub metric Chapter Routing 241 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual NSSA Area Configuration To display the NSSA Area Configuration page click Routing gt OSPF gt Advanced gt NSSA Area Configuration NSSA Area Configuration OSPI RSSA Ares Configeration Use Area ID to enter the OSPF area ID An Area ID is a 32 bit integ
166. 23 e Protocol Based VLAN Group Configuration on page 124 e Protocol Based VLAN Group Membership on page 125 e Voice VLAN Configuration on page 126 e GARP Switch Configuration on page 127 GARP Port Configuration on page 128 VLAN Configuration To display the VLAN Configuration page click Switching gt VLAN gt Advanced gt VLAN Configuration VLAN Configuration Reset Reset Configuration g Internal VLAN Configuration Internal VLAN Allocation Base 4093 Internal VLAN Allocation Policy Ascending Descending VLAN Configuration VLAN ID VLAN Name Make Static Sl Disable afg default Default Disable Reset Configuration If you select this button and confirm your selection on the next screen all VLAN configuration parameters will be reset to their factory default values Also all VLANs except for the default VLAN will be deleted The factory default values are e All ports are assigned to the default VLAN of 1 e All ports are configured with a PVID of 1 Chapter Configuring Switching Information 115 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e All ports are configured to an Acceptable Frame Types value of Admit All Frames All ports are configured with Ingress Filtering disabled e All ports are configured to transmit only untagged frames e GVRP is disabled on all ports and all dynamic entries are cleared Internal VLAN Configuration Th
167. 23 1 0 24 All Go To Interface GO ER TCE CAL CE CR ee CA oe CRL ee T Ano go Oon 0o go co go co co go co gao 1 Interface The routing interface you want to configure or displayed 2 Use TTL Threshold to enter the TTL threshold below which a multicast data packet will not be forwarded from the selected interface You should enter a number between 0 and 255 If you enter 0 all multicast packets for the selected interface will be forwarded You must configure at least one router interface before you will see this field 294 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DVMRP From the DVMRP link you can access the following pages e DVMRP Global Configuration on page 295 e DVMPP Interface Configuration on page 296 e DVMRP Neighbor on page 297 e DVMRP Next Hop on page 298 e DVMRP Prune on page 299 e DVMRP Route on page 299 DVMRP Global Configuration To display the Global Configuration page click Routing gt Multicast DVMRP gt Global Configuration DVMRP Global Configuration DVMRP Global Configuration D Admin Mode Disable Enable Version 3 Total Number of Routes 0 Reachable Routes 0 1 Use Admin Mode to set the administrative status of DVMRP to active or inactive The default is disable Field Description Version The current value of the DVMRP version string Total Number of Routes The number of routes in the DVMRP routing table Reachabl
168. 242 e Area Range Configuration on page 243 Interface Configuration on page 244 e OSPF Interface Statistics on page 248 e OSPF Neighbor Table on page 252 e Link State Database on page 254 e Virtual Link Configuration on page 256 e Route Redistribution on page 258 e NSF OSPF Configuration on page 259 Chapter Routing 235 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual OSPF Configuration Use the OSPF Configuration page to enable OSPF on a router and to configure the related OSPF settings To display the OSPF Configuration page click Routing gt OSPF gt Advanced gt OSPF Configuration OSPF Configuration Default Route Advertise Configuration Default Information Originate Always Metric Metric Type OSPF Configuration Router ID Admin Mode ASBR Mode RFC 1583 Compatibility ABR Status Opaque LSA Status Exit Overflow Interval secs SPF Delay Time secs SPF Hold Time secs External LSA Count External LSA Checksum AS_OPAQUE LSA Count AS_OPAQUE LSA Checksum New LSAs Originated LSAs Received External LSDB Limit Default Metric Maximum Paths AutoCost Reference Bandwidth Default Passive Setting Helper Support Mode Helper Strict LSA Checking Disable Enable True False 0 O to 16777214 External Type 1 External Type 2 0 0 0 0 Enable Disable Enable Enable 0 O to 2147483647 5 0 to 65535 10 J to 65535 1 o 2147483647 0 9 to 1
169. 249 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O OSPF Area ID The OSPF area to which the selected router interface belongs An OSPF Area ID is a 32 bit integer in dotted decimal format that uniquely identifies the area to which the interface connects Area Border Router Count The total number of area border routers reachable within this area This is initially zero and is calculated in each SPF Pass AS Border Router Count The total number of Autonomous System border routers reachable within this area This is initially zero and is calculated in each SPF Pass Area LSA Count The total number of link state advertisements in this area s link state database excluding AS External LSAs IP Address The IP address of the interface Interface Events The number of times the specified OSPF interface has changed its state or an error has occurred Virtual Events The number of state changes or errors that have Neighbor Events The number of times this neighbor relationship has changed state or an error has occurred External LSA Count The number of external LS type 5 link state advertisements in the link state database Sent packets The number of OSPF packets transmitted on the interface Received packets The number of valid OSPF packets received on the interface Discards The number of received OSPF packets discarded because of an error in the p
170. 24S 10G Managed Stackable Switch Software Administration Manual 1 Interface Selects the interface to enable IPSG 2 Use IPSG Mode to enable or disable validation of Sender IP Address on this interface If IPSG is Enabled Packets will not be forwarded if Sender IP Address is not in DHCP Snooping Binding database The factory default is disabled 3 Use IPSG Port Security to enable or disables the IPSG Port Security on the selected interface If IPSG Port Security is enabled then the packets will not be forwarded if the sender MAC Address is not in FDB table and it is not in DHCP snooping binding database To enforce filtering based on MAC address other required configurations are e Enable port security globally e Enable port security on the interface level IPSG Port Security can t be Enabled if IPSG is Disabled The factory default is disabled IP Source Guard Binding Configuration To display the IP Source Guard Binding Configuration page click Security gt Control gt IP Source Guard gt Binding Configuration IP Source Guard Binding Configuration cic Binding Configuration Interface MAC Address VLAN ID IP Address Filter Type Of i MO O Dynamic Binding Configuration Interface MAC Address VLAN ID IP Address Filter Type Static Binding Configuration Interface Selects the interface to add a binding into the IPSG database Use MAC Address to specify the MAC address for the binding Use VLAN ID t
171. 30 60 Disable t 1 0 13 Disable Non Operavona 30 60 Orsable 1 0 14 Disable Non Operatonal 30 60 Disable t ois Disable Non Operatona 30 60 Disable 1 0 16 Disable Non Operatonal x 0 Disable t 1 0 27 Disable Non Operapons 30 6 Disable 1 0 28 Disable Non Operational 30 La Disable 1 1 0 19 Disable Non Operatona 30 60 Disable 1 0 20 Disable Non Operatonal 30 60 Disable 1 1 0 21 Disable Non Operatons 30 60 Disable 1 0 22 Disable Non Operatonal J30 La Disable i 1 0 23 Disable Non Operatons 30 60 Disable od Disable Non Operational 30 6 Disable 1 all Go Fo Interface ce Interface The interface for which data is to be displayed or configured You must have configured at least one router interface before configuring or displaying data for a PIM DM interface Use Admin Mode to select enable or disable from the pull down menu to set the administrative status of PIM in the router The default is disable Use Hello Interval secs to enter the time in seconds between the transmission of which PIM Hello messages on this interface The valid values are from O to 18000 The default value is 30 Use Join Prune Interval secs to enter the frequency at which PIM Join Prune messages are transmitted on this PIM interface The valid values are from 0 to 18000 The default value is 60 Use BSR Border to select enable or disable to set BSR border status on the selected interface 322 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch So
172. 39 255 255 255 Use Group Mask to enter the mask to be applied to the multicast group address The combination of the mask and the Group IP gives the range of administratively scoped addresses for the selected interface Click ADD to add a new administratively scoped boundary Click DELETE to delete the administratively scoped boundary selected IPv6 Multicast From the IPv6 Multicast link you can access the following pages Mroute Table on page 317 IPv6 PIM on page 318 MLD on page 327 Static Routes Configuration on page 335 Mroute Table This screen displays contents of the Mroute Table in tabular form To display the Mroute Table page click Routing gt IPv6 Multicast Mroute Table Group Source Incoming Outgoing Up Expiry RPF Mroute Table Mroute Table Protocol Flags IP IP Interface Interfaces Time hh mrm ss Time hh mm ss Neighbor Field Description Source IP The IP address of the multicast packet source to be Group IP The destination group IP address combined with the Group IP to fully identify a single route whose Mroute table entry Incoming Interface The incoming interface on which multicast packets for this source group arrive Outgoing Interface s The list of outgoing interfaces on which multicast packets for this source group are forwarded Up Time hh mm ss The time in seconds since the entry was created Chapter Routing 317 ProSaf
173. 404 rules 438 MD5 34 MIBs 16 N navigation 12 P port authentication 391 summary 398 Q QoS 334 802 1p to Queue Mapping 338 R RADIUS 362 server 366 reboot 485 reset configuration to defaults 486 switch 485 RSTP 129 S Simple Network Time Protocol 34 SNMP traps 84 using 16 v1 v2 82 SNTP 34 server configuration 38 server status 39 SSL 381 storm control 412 STP 129 example configuration 520 Status 130 132 Stratum 0 34 134 2 34 T T1 34 T2 34 T3 34 T4 34 TACACS folder 372 settings 372 technical support 2 time 34 levels 34 trademarks 2 traffic control 402 trap flags 85 U Unicast 34 upload configuration 487 V VLAN 112 example configuration 509 guest 518 ID 112 managing 112 Port VLAN ID 119 534 Index ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual PVID 119 Index 535
174. 476 Multiple Port MiImtOning sos 4 4 etd ope eit e andi SG Oe adie ate ie 476 SLOW oh esvesid ata aialtl ancl eRe tinea cece EE Ara aly Seed Re Gece ly 478 BASIC EO dita nna Sie bite to gaan ape a aA a id ob aed Hea aaa to ata aes 478 AGVANCCO ss dicc pth bch pdecahet banat bathed eae he 479 Chapter 8 Maintenance 6 Contents ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Save COMIOUIANON s 4 wee teeth oes Hohe Shep et 484 Save Configuration coho esist erkei iket tka pikar r gous 484 Auto Install Configuration aoaaa aaa 485 RESCl 24 4 5 245 4c00ne ona auesgeaonoagdaesigus AA Ea 485 Device Repol is gi tsting tn a na wich hava bak Bas alg gta Bala a te aaa anata 486 Factory Defaults lt iccudivartiegesh E Rana EE EE 486 Password Reset i ca gace caie Mande idni eredat idia AG ed Oc 487 Upload File From SWIC 2 64 5220 020044 nettan nroa ri meie 487 Fie Upload se bs geal chon Ditra EEE a EE A arene uaauanaaia 488 RTTP File WplOad lt erorri cy nok exe May EE E EE 489 USB File Upload we tcc 2 5 2 EN e E OEE 490 Download File TOeSWite hic 6 33 3 echo decane neds abe Awe dota peed Soe Rede aold hee ee ee 490 File DOWRIOAG a2 a d 8 ad eared nee a Sw da wid Als ee eed hs 491 HTTP Pile Download i0i0 200 dhs CEE GaSe SES whe ees 492 USE File Download cciac 5 ab b4owd2 dhia kiai bead dee 494 File Management lt 26 p4i25n0ic6axe s ard iara adadaa espa nasidd 495 Es ei ic kecedeohidearareg
175. 48 bits in the format 2002 tunnel source ipv4 address 48 7 Use Source Address to specify the desired source address The source address for this tunnel must be entered in dotted decimal notation 8 Use Source Interface to specify the source interface for this tunnel The address associated with the selected interface will be used as the source address 9 Use Destination Address to specify the destination address for this tunnel in dotted decimal notation 218 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 10 Click ADD to allow the user to configure a new tunnel 11 Click DELETE to delete the corresponding tunnel 12 Click CANCEL to discard the changes made on the page and navigate back to the referring page VLAN You can configure ProSafe Managed Switches software with some ports supporting VLANs and some supporting routing You can also configure the software to allow traffic on a VLAN to be treated as if the VLAN were a router port When a port is enabled for bridging default rather than routing all normal bridge processing is performed for an inbound packet which is then associated with a VLAN Its MAC Destination Address MAC DA and VLAN ID are used to search the MAC address table If routing is enabled for the VLAN and the MAC DA of an inbound unicast packet is that of the internal bridge router interface the packet is routed An inbound multicast packet is
176. 6 interface parameters To display the IPv6 Interface Configuration page click Routing gt IPv6 gt Advanced gt Interface Configuration ifi PIPL ELEEELELELELELELELE HENRETTE BESCHLHSHCHL ESE eic ess KRENKENDE PERLELELELEEELELEEELEEE iii bi TPES ES OPES Te OES itini HERREN NEAN pawa ce an Dass padas z Sai beste PEELEEELEEELELEL ELT i as ba ta baneetae 1 Use interface to select the interface to be configured or displayed All physical interfaces are valid 2 Use IPv6 Mode to enable disable IPv6 mode When IPv6 mode is enabled interface is capable of IPv6 operation without a global address In this case an EUI 64 based link local address is used This selector lists the two options for IPv6 mode enable and disable Default value is disable 3 Use DHCPv6 Client Mode to enable disable DHCPv6 Client mode on an interface At any point of time only one interface can act as a Client Default value is disable Use Stateless Address AutoConfig Mode to enable disable Stateless Address AutoConfig mode on an interface Default value is disable 5 Use Routing Mode to enable disable routing mode of an interface Default value is disable Use Admin Mode to enable disable the Administrative Mode of the interface The default value is enable This mode is not supported for Logical VLAN Interfaces A D 7 Use MTU to specify the maximum transmit unit on an interface If the value is 0 then this
177. 600 seconds 1 hour The default value is 1 second Use MTU Ignore to disable OSPF MTU mismatch detection on received database description packets Default value is Disable MTU mismatch detection is enabled Use Passive Mode to make an interface passive to prevent OSPF from forming an adjacency on an interface OSPF advertises networks attached to passive interfaces as stub networks Interfaces are not passive by default Use Network Type to set the OSPF network type on the interface to broadcast or point to point OSPF only selects a designated router and originates network LSAs for broadcast networks No more than two OSPF routers may be present on a point to point link The default network type for Ethernet interfaces is broadcast Use Authentication Type to select an authentication type other than none You can select the authentication type from the pull down menu The choices are e None This is the initial interface state If you select this option from the pull down menu no authentication protocols will be run e Simple If you select Simple you will be prompted to enter an authentication key This key will be included in the clear in the OSPF header of all packets sent on the network All routers on the network must be configured with the same key Encrypt If you select Encrypt you will be prompted to enter both an authentication key and an authentication ID Encryption uses the MD5 Message Digest algorithm All r
178. 6777214 4 to 4 100 1 to 4294967 Disable Always Enable 236 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Default Route Advertise Configuration 1 2 When Default Information Originate is enabled OSPF originates an external LSA advertising a default route 0 0 0 0 0 0 0 0 Always If Default Information Originate is enabled but the Always option is FALSE OSPF will only originate a default route if the router already has a default route in its routing table Set Always to TRUE to force OSPF to originate a default route regardless of whether the router has a default route Use Metric to specify the metric of the default route The range of valid values is 0 to 16777214 Use Metric Type to set the OSPF metric type of the default route Two types are supported e External Type 1 e External Type 2 Default is External Type 2 OSPF Configuration 1 Use Router ID to specify the 32 bit integer in dotted decimal format that uniquely identifies the router within the autonomous system AS If you want to change the Router ID you must first disable OSPF After you set the new Router ID you must re enable OSPF to have the change take effect The default value is 0 0 0 0 although this is not a valid Router ID Use Admin Mode to select enable or disable If you select enable OSPF will be activated for the switch The default value is disable You must configur
179. 9 DIFFSERV OSCP TC RFC 3289 OLFPSERV MIB FASTPATH QOS OIFFSERV EXTENSIONS MIB FASTPATH QOS OLPFSERV PRIVATE MIB RFC 2932 IPMROUTE MIB drak etf magna mgmd mib 03 RFC 5060 PIM STD MIS RFC 240 PIM BSR MIB OVMRP STD MIB LANA RTPROTO MIB FASTPATH NSF MIS 2 esc riptior The MIS module for SNMPv2 ertities Remote Network Monitoring Managemert Information Base Sroedcorn Reference This MIB module defines objects to help support coexistence between SNMPv1 SNMPy2 and SNMPv3 Tha SNMP Management Archtecture MIB The Notfication MIB Module The Target MIS Module The management eformation defintions for the SNMP User besed Securty Model The management informaton definitions for the View based Access Coetrol Model for SNMP SNMP Research Inc Fastpath Power Ethernet Extensions MIS Power Ethernet MIB sPlow MIB Industry Standard Discovery Protocol MIS Managemert Information Base for Network Management of TCP 1P dased internets MIB II Definitions of Managed Objects for Bridges dotid The Sridge MIS Extension module for managing Prerity and Mukicast Fitenng defined by IEEE 802 10 1938 The VLAN iride MIB module for managing Virtual Bridged Local Aree Networks Entity MIS Version 2 The Interfaces Group MI using SMIv2 Ocfinibens of Managed Objects for the Ethernet hike Interface Types FASTPATH Switching Layer 2 Unit and Sit corfiguraten Pon Secunty MIS LLOP bes MIB Port Access Entity module for managing IEEE 802 1X Broadcom FastPat
180. ACP REW lt tna Scan dasa dae E ats eco meagan EO 56 DACP LZ Roly x66 dhe GME 22 eee ee aca Oe bade ea Te eas 57 VDP Relay 22 025 2ivue sees ee eek te A BE See 60 DHCPVG SENEI irridu ronn rneer ea ea oe Se Hd ee edad 63 DHCPVG REV odsecs etd ieevak catia tensed ad bh ees 71 SACKING AEE E E Hoon RON aed been uth ooo RESO She 72 Basie sec4 cet hee ead a i eens e eee eee ee 72 Advanced precare subbed voided deed owed obs ceed 74 INSP a 4 o2 4195 408 neriie ae Ge aa n r e a E R 79 SNMP sucer eaae ES E EA E E nia eneeeanateicn ys 82 SNMPV IVZ e superna aea n aa a a Waele ate Re 82 SNMP Vides a ding act kk Rend 606 45 Rin Daa ae eas ade Rade 88 LEDE ceannann degen Oa GSE GEA DGS SEA ROT GIOG AIG DODRBMMEG DS 89 EU acca ance EEEE ian Scan dawe tunica seek an ieee gia E E es tema EEE 90 PLDP MEDS renidi i eG ebm eal eh GAG ga hein aad Leterme eee 97 Contents 3 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual ODR cs a ssh SS ae etn ee etd tad oti nn Sn ee 105 BaSe aae a age gin date ane eee ce eh ea Neg tee oat on 105 Advanced orrore deed SOS Gate Bh SD GARE So Ges dee a ee 106 VLANS cro de dea die adnate a diate ccin i gce ae die Er RE RRE EEA 112 BASIC ss 3 2 ds4cd 2ed a epea ar aa e e aa a a 113 ROVANCEG apane hb E R E EE E E E A anaes 115 Spanning Tree Protocol is icrsssrciririiresi ioska seek neia 129 BASIC ssf award ee Gna 6054 4 Rb N Ea aes aaa ETA 130 AAVANCCO ss 2 5 06 4 appa a srt a a GA tg Oe
181. All signifies the logical AND of all the match criteria Only when a new class is created this field is a selector field After class creation this becomes a non configurable field displaying the configured class type 2 To rename an existing class select the check box next to the configured class update the name and click Apply 3 To remove a class click the check box beside the Class Name then click Delete 4 Click Refresh to refresh the page with the most current data from the switch 5 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch After creating a Class click the class link to the Class page 350 Chapter Configuring Quality of Service ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual To configure the class match criteria 1 Click the class name for an existing class Class Name Class Name A Class Name Class Type C Classi The class name is a hyperlink The following figure shows the configuration fields for the class Class Confic iguration Class Information Class Name Classi Class Type All DiffServ Class Configuration Match Every Any l Reference Class Class Of Service 0 O vLAN O to 4095 O Secondary Class of Service 0 Secondary VLAN 0 to 4095 Ethernet Type Appletalk 600 to ffff hex Source MAC Address Mask Destination MAC Address Mask Protocol T
182. Basic on page 130 e Advanced on page 132 Basic From the Basic link you can access the following pages e STP Configuration on page 130 STP Configuration The Spanning Tree Configuration Status page contains fields for enabling STP on the switch To display the Spanning Tree Configuration Status page click Switching gt STP gt Basic gt STP Configuration STP Configuration STP Configuration Spanning Tree Admin Mode Disable Enable Force Protocol Version IEEE 802 1d IEEE 802 1w IEEE 802 15 Configuration Name 00 04 06 02 04 07 Configuration Revision Level 0 0 to 65535 Forward BPDU while STP Disabled Disable Enable BPDU Guard Disable Enable BPDU Filter Disable Enable Configuration Digest Key Oxac36177f50283cd4b83821d8ab26de62 Configuration Format Selector 0 STP Status MST ID VID FID 0 1 1 130 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Use Spanning Tree Admin Mode to specify whether spanning tree operation is enabled on the switch Value is enabled or disabled Use Force Protocol Version to specify the Force Protocol Version parameter for the switch The options are IEEE 802 1d IEEE 802 1w and IEEE 802 1s Use Configuration Name to specify an identifier used to identify the configuration currently being used It may be up to 32 alphanumeric characters Use Configuration Revision Level to specify an
183. C Address Table Search By VLAN ID GO Total MAC Addresses 9 VLAN ID MAC Address Port status 1 00 04 06 02 04 07 0 5 1 Management 1 00 05 04 03 02 42 1 0 22 Learned 1 00 16 9C E1 08 00 1 0 22 Learned 1 00 19 E7 D3 82 2D 1 0 22 Learned 1 00 1A A0 1A 94 FA 1 0 22 Learned 1 00 C0 05 01 98 05 1 0 22 Learned 1 30 46 9A 0C A0 CB 1 0 13 Learned 1 C8 0A A9 32 F3 59 1 0 22 Learned 1 C8 0A A9 32 F3 63 1 0 22 Learned 1 Use Search By to search for MAC Addresses by MAC Address VLAN ID and port e Searched by MAC Address Select MAC Address from pull down menu enter the 6 byte hexadecimal MAC Address in two digit groups separated by colons for example 01 23 45 67 89 AB Then click on the Go button If the address exists that entry will 164 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual be displayed as the first entry followed by the remaining greater mac addresses An exact match is required e Searched by VLAN ID Select VLAN ID from pull down menu enter the VLAN ID for example 100 Then click on the Go button If the address exists the entry will be displayed as the first entry followed by the remaining greater mac addresses Searched by Port Select Port from pull down menu enter the port ID in Unit Slot Port for example 2 1 1 Then click on the Go button If the address exists the entry will be displayed as the first e
184. CP This lists the keywords for the known DSCP values from which one can be selected The list includes other as an option for the remaining values 352 Chapter Configuring Quality of Service ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e Precedence Value This lists the keywords for the IP Precedence value in the range 0 to 7 e IP ToS Configure the IP ToS field e ToS Bits This is the Type of Service octet value in the range 00 to ff to compare against e ToS Mask This indicates which ToS bits are subject to comparison against the Service Type value 5 Click CANCEL to cancel the configuration on the screen Resets the data on the screen to the latest value of the switch 6 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately IPv6 Class Configuration Use the IPv6 Class Configuration page to add a new IPv6 DiffServ class name or to rename or delete an existing class The page also allows you to define the criteria to associate with a DiffServ class As packets are received these DiffServ classes are used to prioritize packets You can have multiple match criteria in a class The logic is a Boolean logical and for this criteria After creating a Class click the class link to the Class page To display the page click QoS gt DiffServ gt Advanced gt IPv6 Class Configuration IPv6 Class Name Ga IPv6 Class
185. Config Script to specify script configuration file Use SSH 1 RSA Key File to specify SSH 1 Rivest Shamir Adleman RSA Key File Use SSH 2 RSA Key PEM File to specify SSH 2 Rivest Shamir Adleman RSA Key File PEM Encoded Use SSH 2 DSA Key PEM File to specify SSH 2 Digital Signature Algorithm DSA Key File PEM Encoded Use SSL Trusted Root Certificate PEM File to specify SSL Trusted Root Certificate File PEM Encoded Use SSL Server Certificate PEM File to specify SSL Server Certificate File PEM Encoded Use SSL DH Weak Encryption Parameter PEM File to specify SSL Diffie Hellman Weak Encryption Parameter File PEM Encoded Use SSL DH Strong Encryption Parameter PEM File to specify SSL Diffie Hellman Strong Encryption Parameter File PEM Encoded License Key Specify license key in order to support licensing features Chapter Maintenance 491 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual The factory default is Image1 Note To download SSH key files SSH must be administratively disabled and there can be no active SSH sessions Note To download SSL PEM files SSL must be administratively disabled and there can be no active SSH sessions 2 Use Transfer Mode to specify what protocol to use to transfer the file e TFTP Trivial File Transfer Protocol e SFTP Secure File Transfer Program e SCP Secure Copy 3 Use Server Address Type to specify either IPv4 or IPv6 to indicate
186. Configuration page click System gt Services gt DHCP L2 Relay gt DHCP L2 Relay Global Configuration A screen similar to the following displays DHCP L2 Relay Configuration DHCP L2 Relay Global Configuration Admin Mode Disable Enable DHCP L2 Relay VLAN Configuration Circuit ID Remote ID t Mode String fF 2 Disable Disable DHCP L2 Relay Global Configuration 1 Use Admin Mode to enable or disable the DHCP L2 Relay on the switch The default is Disable DHCP L2 Relay VLAN Configuration VLAN ID shows the VLAN ID configured on the switch Use Admin Mode to enable or disable the DHCP L2 Relay on the selected VLAN Use Circuit ID Mode to enable or disable the Circuit ID suboption of DHCP Option 82 Use Remote ID String to specify the Remote ID when Remote ID mode is enabled Pe ON S Chapter Configuring System Information 57 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DHCP L2 Relay Interface Configuration To display the DHCP L2 Relay Interface Configuration page click System gt Services gt DHCP L2 Relay gt DHCP L2 Relay Interface Configuration A screen similar to the following displays DHCP L2 Relay Configuration DHCP L2 Relay Configuration 1 LAGS All Go To Interface SO it Interface Admin Mode 82 Option Trust Mode J C EEE O 1 0 1 Disable Disable C 1 0 2 Disable Disable 1 0 3 Disable Disable O 10 4 Disable Disable O 1 o s D
187. D Specifies if extended PD TLV is received in LLDP frame on this port Required Specifies the remote port s PD power requirement Source Specifies the remote port s PD power source Priority Specifies the remote port s PD power priority LLDP MED Remote Device Inventory To display this page click System gt LLDP gt LLDP MED gt Remote Device Inventory A screen similar to the following displays LLDP MED Remote Device Inventory is LLDP MED Remote Device Inventory Management Software Port MAC Address System Model Address Revision The following table describes the LLDP MED Remote Device Inventory fields Field Definition Port Specifies the list of all the ports on which LLDP MED is enabled Management Address Specifies the advertised management address of the remote system 104 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Definition MAC Address Specifies the MAC Address associated with the remote system System Model Specifies model name of the remote device Software Revision Specifies Software version of the remote device ISDP From the ISDP link you can access the following pages e Basicon page 105 e Advanced on page 106 Basic From the Basic link you can access the following pages e Global Configuration on page 105 Global Configuration To display this page
188. E to delete the IP subnet based VLAN selected 122 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Port DVLAN Configuration To display the Port DVLAN Configuration page click Switching gt VLAN gt Advanced gt Port DVLAN Configuration Port DVLAN Configuration l Global Configuration Global EtherType DVLAN Configuration 1 LAGS All 1 0 1 1 0 2 1 0 3 1 0 4 1 0 5 1 0 6 1 0 7 1 0 8 1 0 9 1 0 10 1 0 11 1 0 12 1 0 13 1 0 14 1 0 15 1 0 16 1 0 17 1 0 18 1 0 19 1 0 20 1 0 21 1 0 22 1 0 23 1 0 24 1 LAGS All Dooooosbo0sbo00o00000bo0b00000ne Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable 802 1Q Tag Go To Interface leso ai Interface Admin Mode Go To Interface leso Use Interface to select the physical interface for which you want to display or configure data Select All to set the parameters for all ports to same values Chapter Configuring Switching Information 123 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 2 Use Admin Mode to specify the administrative mode via which Double VLAN Tagging can be enabled or disabled The default value for this is Disabled 3 Use the 2 byte hex Global Ether
189. G Managed Stackable Switch Software Administration Manual Advanced From the Advanced link you can access the following pages e CoS Configuration on page 337 e 802 1p to Queue Mapping on page 338 Advanced e IP DSCP to Queue Mapping on page 339 Advanced e CoS Interface Configuration on page 340 Advanced Interface Queue Configuration on page 342 Advanced CoS Configuration To display the CoS Configuration page click QoS gt CoS gt Advanced gt CoS Configuration CoS Configuration u CoS Configuration Global All iw Global Trust Mode trust dotip iv Interface 1 0 1 Interface Trust Mode trust dotip 1 Use Global to specify all CoS configurable interfaces The option Global represents the most recent global configuration settings 2 Use Interface to specify CoS configuration settings based per interface 3 Use Global Trust Mode to specify whether to trust a particular packet marking at ingress Global Trust Mode can only be one of the following Default value is trust dot1p e untrusted e trust dot1p e trust ip dscp 4 Use Interface Trust Mode to specify whether to trust a particular packet marking at ingress Interface Trust Mode can only be one of the following Default value is untrusted e untrusted e trust dot1p e trust ip dscp Chapter Configuring Quality of Service 337 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 802 1p to Queue Mapping
190. GR 1940147504 traputil c 614 1744 Spanning Tree Topology Change Unit 1 lt 13 gt JAN 03 23 19 98 10 27 34 52 1 TRAPMGR 1940147564 traputil lt 614 1743 5 Spenning Tree Topology Change Received MSTID 0 Unk 1 Skt 0 Port 22 lt 34 gt JAN O3 23 10 43 10 27 34 352 1 AUTO_INST 427032532 auto_instell_contrel c 2026 1742 4 Autolnetall Waring for retry tmeot lt 14 gt JAN O3 23 10 43 20 27 34 52 3 AUTO_INST 427012512 auto install control c 3523 1742 s ONC option resolved TIT IP address 10 9 12 20 lt 14 gt JAN O3 23 00 43 20 27 34 52 2 AUTO_INST 427012512 auto_instell_contrel c 2026 1740 Autolnatall Waiting for retry temeout lt td JAN O3 23 00 43 20 27 34 52 3 AUTO_INST 427012522 auto_jnstall_contrel c 3523 1739 45 OHCP option resolved TFTP IP address 20 9 23 20 qtar JAN O3 22 50 43 10 27 34 52 AUTO_INST 427012512 aute_install_comtrel c 2026 1738 4 Autolnatall Waiting for retry mesut 14 gt JAN 03 22 50 43 10 27 34 52 2 AUTO_INST 427012512 auto_install_control c 3523 1737 4 DHCP option resolved TFTP IP address 10 9 11 20 lt td gt JAN O3 22 40 43 10 27 34 52 1 AUTO_INST 427012512 auto_install_control c 2026 1736 es Autolnatall Waiting for retry tenent lt td gt JAN 03 22 40 43 10 27 34 52 2 AUTO_INST 427012512 auto_install_control c 3523 1735 s DHCP option resolved TFTP IP address 10 9 11 20 lt 13 gt JAN 03 22 36 00 10 27 34 52 1 TRAPMGR 1948147584 traputil
191. Global Configuration Validate Source MAC Disable Enable Validate Destination MAC Disable Enable Validate IP Disable Enable 1 Use Validate Source MAC to choose the DAI Source MAC Validation Mode for the switch by selecting Enable or Disable radio button If you select Enable Sender MAC validation for the ARP packets will be enabled The factory default is disable Chapter Managing Device Security 423 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 2 Use Validate Destination MAC to choose the DAI Destination MAC Validation Mode for the switch by selecting Enable or Disable radio button If you select Enable Destination MAC validation for the ARP Response packets will be enabled The factory default is disable 3 Use Validate IP to choose the DAI IP Validation Mode for the switch by selecting Enable or Disable radio button If you select Enable IP Address validation for the ARP packets will be enabled The factory default is disable DAI VLAN Configuration To display the DAI VLAN Configuration page click Security gt Control gt Dynamic ARP Inspection gt DAI VLAN Configuration Dynamic ARP Inspection Configuration VLAN Configuration Logging tat Invalid ARP ACL Name a Packets Mii Disable Enable Disable 1 VLAN ID Select the DAI Capable VLANs for which information has to be displayed or configured 2 Use Dynamic ARP Inspection to indicate whether
192. He HTH HE err Click the port you want to view or configure to see a menu that displays statistics and configuration options Click the menu option to access the page that contains the configuration or monitoring options NETGEAR i sia z l ave J c fei L ir Rowen gt STP FRASE VLAN Comtquraton f Gos gt Muscat eters Pon FO Contgurston Ai Saas MAC Bases AANI gt PFC F Sutnet Based VLAN nee Prestocet Based VLAN Group Corpa abot a Protocol ased VLAN Group Membership voce VLAN Contig ston Pon DYLAN Cortguraton ARP Sarin Configurator CARP Pot Configuraton If you click the graphic but do not click a specific port the main menu appears This menu contains the same option as the navigation tabs at the top of the page 14 Chapter Getting Started ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Device View Port Configuration w a A Cable Test Port Detailed Statistics Port Summary Statstics Double VLAN Tunneling Spanning Tree Port Configuration Spanning Tree Port Configuration Status VLAN Port Configuration GARP Port Configuration Post Security interface ConSguration Port Security Static Port Security Dynamic Port Security Violation Status IP interface ConSguration RIP interface Configuration OSPF interface Configuration OSPF Virtual Link Configuration OSPF Neighbor Table IPv6 imerface Configuration OSPF v3 Interface C
193. Hello packets may still be sent to Down neighbors although at a reduced frequency e Attempt This state is only valid for neighbors attached to NBMA networks It indicates that no recent information has been received from the neighbor but that a more concerted effort should be made to contact the neighbor This is done by sending the neighbor Hello packets at intervals of Hello Interval e Init In this state a Hello packet has recently been seen from the neighbor However bidirectional communication has not yet been established with the neighbor i e the router itself did not appear in the neighbor s Hello packet All neighbors in this state or greater are listed in the Hello packets sent from the associated interface e 2 Way In this state communication between the two routers is bidirectional This has been assured by the operation of the Hello Protocol This is the most advanced state short of beginning adjacency establishment The Backup Designated Router is selected from the set of neighbors in state 2 Way or greater e Exchange Start This is the first step in creating an adjacency between the two neighboring routers The goal of this step is to decide which router is the master and to decide upon the initial DD sequence number Neighbor conversations in this state or greater are called adjacencies e Exchange In this state the router is describing its entire link state database by sending Database Description packet
194. IGMP Snooping Querier Configuration Querier Admin Mode Disable Enable Querier IP Address 0 0 0 0 IGMP Version 2 Query Interval secs 60 Querier Expiry Interval secs 60 VLAN Ids Enabled for IGMP Snooping Querier To configure IGMP Snooping Querier settings 1 Use Querier Admin Mode to select the administrative mode for IGMP Snooping for the switch The default is disable 2 Use Querier IP Address to specify the Snooping Querier Address to be used as source address in periodic IGMP queries This address is used when no address is configured on the VLAN on which query is being sent 3 Use IGMP Version to specify the IGMP protocol version used in periodic IGMP queries IGMP queries 4 Use Query Interval secs to specify the time interval in seconds between periodic queries sent by the snooping querier The Query Interval must be a value in the range of 1 and 1800 The default value is 60 5 Use Querier Expiry Interval secs to specify the time interval in seconds after which the last querier information is removed The Querier Expiry Interval must be a value in the range of 60 and 300 The default value is 60 Field Description VLAN Ids Enabled For IGMP Snooping Querier Displays VLAN Ids enabled for IGMP snooping querier 154 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IGMP Snooping Querier VLAN Configuration Use thi
195. IP address of the local interface for a directly attached network Preference displays an integer value from 1 to 255 The user can specify the preference value sometimes called administrative distance of an individual static route Among routes to the same destination the route with the lowest preference value is the route entered into the forwarding database By specifying the preference of a static route the user controls whether a static route is more or less preferred than routes from dynamic routing protocols The preference also controls whether a static route is more or less preferred than other static routes to the same destination Use Identifier to specify the description of this route that identifies the route Click ADD to add a new static route entry to the switch Click DELETE to delete a existing static route entry from the switch Chapter Routing 183 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Learned Routes Feis escrito O O Route Type This field can be either default or static If creating a default route all that needs to be specified is the next hop IP address otherwise each field needs to be specified Network Address The IP route prefix for the destination Subnet Mask Also referred to as the subnet network mask this indicates the portion of the IP interface address that identifies the attached network Protocol This field tells which protocol
196. Interface Index Interval Index Rate Header Size O on 0 o 0 0 128 C so 2 0 o C 128 C s o 3 0 0 0 0 128 O os o o o o 128 O uas 0 0 0 128 O uoe C o C C 128 O vo 9 0 o 128 O sore o o o o 128 O nos 0 0 0 128 O woo o o o o 128 O w a e 0 128 C woz o o o 0 128 O 2 0 13 0 0 0 128 C mois o o o o 128 O a705 0 0 0 0 128 C vors 128 O 1 0 17 0 0 0 0 128 C 1 0718 C 1 0 128 C 1 0 19 0 0 0 0 128 C 3 0 20 o o o 128 LJ 1 0 21 0 0 0 o 128 C s o 22 o o o o 128 O 1 023 0 0 0 0 128 O voas 0 0 o 128 1 alt Go To Interface aed Chapter Monitoring the System 481 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 Interface Interface for this flow poller and sampler This Agent will support Physical ports only 2 Use Receiver Index to specify the allowed range for the sFlowReceiver associated with this counter poller Allowed range is 1 to 8 3 Use Poller Interval to specify the maximum number of seconds between successive samples of the counters associated with this data source A sampling interval of 0 disables counter sampling Allowed range is 0 to 86400 secs 4 Use Receiver Index to specify the sFlow Receiver for this flow sampler If set to 0 the sampler configuration is set to default and the sampler is deleted Only active receivers can be set If a receiver expires then all samplers associated with the receiver will also expire Allowed range is
197. LD Packets Sent The number of valid MLD packets sent by the router Queries Received The number of valid MLD queries received by the router Queries Sent The number of valid MLD queries sent by the router Reports Received The number of valid MLD reports received by the router Reports Sent The number of valid MLD reports sent by the router Leaves Received The number of valid MLD leaves received by the router Leaves Sent The number of valid MLD leaves sent by the router Chapter Routing 331 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Click REFRESH to refresh the data on the screen with the latest MLD traffic Click CLEAR to clear all the MLD traffic MLD Proxy Interface Configuration To display the MLD Proxy Interface Configuration page click Routing gt IPv6 Multicast MLD gt Proxy Interface Configuration MLD Proxy Interface Configuration MLD Proxy Interface Configuration Interface 1 0 1 Admin Mode Disable w Unsolicited Report Interval 1 IPv6 Prefix Prefix Length Operational Mode Disable Querier Address on Proxy Interface Number of Groups Version V2 Version 1 Querier Timeout Proxy Start Frequency 1 Use Interface to select the interface to be configured 2 Use Admin Mode to set the administrative status of MLD Proxy on the selected interface The default is disable Routing MLD and Multicast global admin modes should be enabled to enable MLD Proxy inte
198. LL to display information for all Physical ports and LAGs 2 Select the check box next to the interfaces to configure You can select multiple interfaces to apply the same setting to the selected interfaces Select the check box in the heading row to apply the same settings to all interfaces 3 Use Interface to select the interface you want to configure 4 Use PVID to specify the VLAN ID you want assigned to untagged or priority tagged frames received on this port The factory default is 1 5 Use Acceptable Frame Types to specify the types of frames that may be received on this port The options are VLAN only and Admit All e When set to VLAN only untagged frames or priority tagged frames received on this port are discarded e When set to Admit All untagged frames or priority tagged frames received on this port are accepted and assigned the value of the Port VLAN ID for this port With either option VLAN tagged frames are forwarded in accordance to the 802 1Q VLAN specification 6 Ingress Filtering e When enabled the frame is discarded if this port is not a member of the VLAN with which this frame is associated In a tagged frame the VLAN is identified by the VLAN ID in the tag In an untagged frame the VLAN is the Port VLAN ID specified for the port that received this frame e When disabled all frames are forwarded in accordance with the 802 1Q VLAN bridge specification The factory default is disabled 7 U
199. LVs received on the local ports TLV 802 1 Specifies the total number of LLDP TLVs received on the local ports which are of type 802 1 TLV 802 3 Specifies the total number of LLDP TLVs received on the local ports which are of type 802 3 LLDP Local Device Information To display this page click System gt LLDP gt LLDP gt Local Device Information A screen similar to the following displays LLDP Local Device Information LLDP Interface Selection 7 Interface 1 io Local Device Information Chassis 1D Subtype MAC Address Chassis ID 00 04 06 02 04 07 Port ID Subtype Local Port ID 1 0 3 System Name System Description XSM7224S 24 Port 10G SFP Layer 2 Stackable Managed Switch with four 10G combo ports Port Description System Capabilities Supported bridge router System Capabilities Enabled bridge Management Address 10 27 34 52 Management Address Type 1Pv4 1 Use Interface to specify the list of all the ports on which LLDP 802 1AB frames can be transmitted The following table describes the LLDP Local Device Information fields Fig O Deepon O O Chassis ID Subtype Specifies the string that describes the source of the chassis identifier Chassis ID Specifies the string value used to identify the chassis component associated with the local system 94 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field
200. MP is robust to robustness variable 1 packet losses Valid values are from 1 to 255 The default value is 2 Use Query Interval to enter the frequency in seconds at which IGMP host query packets are to be transmitted on this interface Valid values are from 1 to 1800 The default value is 125 Chapter Routing 301 10 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Use Query Max Response Time to enter the maximum query response time to be advertised in IGMPv2 queries on this interface in tenths of a second The default value is 100 Valid values are from 0 to 255 Use Startup Query Interval to enter the number of seconds between the transmission of startup queries on the selected interface The valid values are from 1 to 300 The default value is 31 Use Startup Query Count to enter the number of queries to be sent on startup The valid values are from 1 to 20 The default value is 2 Use Last Member Query Interval to enter the last member query interval in tenths of a second This the maximum response time to be inserted into group specific queries sent in response to leave group messages and is also the amount of time between group specific query messages Valid values are from 0 to 255 The default value is 10 This value is not used for IGMP version 1 Use Last Member Query Count to enter the number of queries to be sent on receiving a leave group report Valid values are from 1 to 20 Th
201. N 500 see VLAN Configuration on page 137 From the STP Configuration screen enable the Spanning Tree State option see STP Configuration on page 158 Use the default values for the rest of the STP configuration settings By default the STP Operation Mode is MSTP and the Configuration Name is the switch MAC address From the CST Configuration screen set the Bridge Priority value for each of the three switches to force Switch 1 to be the root bridge e Switch 1 4096 e Switch 2 12288 e Switch 3 20480 Note Bridge priority values are multiples of 4096 If you do not specify a root bridge and all switches have the same Bridge Priority value the switch with the lowest MAC address is elected as the root bridge see CST Configuration on page 162 From the CST Port Configuration screen select ports 1 0 1 1 0 8 and select Enable from the STP Status menu see CST Port Configuration on page 164 Click Apply Appendix ConfigurationExamples 523 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 7 Select ports 1 0 1 1 0 5 edge ports and select Enable from the Fast Link menu Since the edge ports are not at risk for network loops ports with Fast Link enabled transition directly to the Forwarding state 8 Click Apply You can use the CST Port Status screen to view spanning tree information about each port 9 From the MST Configuration screen create a MST instances with the following
202. Name Ej Class Name Class Type To configure a DiffServ class 1 To create a new class enter a class name select the class type and click Add This field also lists all the existing DiffServ class names from which one can be selected The switch supports only the Class Type value All which means all the various match criteria defined for the class should be satisfied for a packet match All signifies the logical AND of all the match criteria Only when a new class is created this field is a selector field After class creation this becomes a non configurable field displaying the configured class type 2 To rename an existing class select the check box next to the configured class update the name and click Apply 3 To remove a class click the check box beside the Class Name then click Delete 4 Click Refresh to refresh the page with the most current data from the switch 5 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch After creating a Class click the class link to the Class page Chapter Configuring Quality of Service 353 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual To configure the class match criteria 1 Click the class name for an existing class IPv6 Class Name IPv6 Class Name C Class2 Si Class Name Class Type All The class name is a hyperlink The following figure shows the
203. Note that this does not include multicast packets Total Packets Received with MAC Errors Jabbers Received Fragments Received Undersize Received The total number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol The total number of packets received that were longer than 1518 octets excluding framing bits but including FCS octets and had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Note that this definition of jabber is different than the definition in IEEE 802 3 section 8 2 1 5 1OBASES5 and section 10 3 1 4 10BASE2 These documents define jabber as the condition where any packet exceeds 20 ms The allowed range to detect jabber is between 20 ms and 150 ms The total number of packets received that were less than 64 octets in length with ERROR CRC excluding framing bits but including FCS octets The total number of packets received that were less than 64 octets in length with GOOD CRC excluding framing bits but including FCS octets Alignment Errors Rx FCS Errors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with a non integral number of octets The total number of packets received that had a length
204. P for each port using PIM SM To display the PIM Candidate RP Configuration page click Routing gt IPv6 Multicast PIM gt Candidate RP Configuration 4 5 PIM Candidate RP Configuration PIM Interface Selection Interface 1 0 1 PIM Candidate RP Configuration Ea Group Address Prefix Length Use Interface to select the interface for which data is to be displayed Use Group Address to specify the group IPv6 address prefix transmitted in Candidate RP Advertisements Use Prefix Length to specify the group IPv6 Prefix Length transmitted in Candidate RP Advertisements Click ADD to add a new Candidate RP Address for the PIM SM router Click DELETE to delete an extant Candidate RP Address for the PIM SM router BSR Candidate Configuration Use this page to configure information to be used if the interface is selected as a bootstrap router To display the IPv6 PIM BSR Candidate Configuration page click Routing gt IPv6 Multicast PIM gt BSR Candidate Configuration 324 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual PIM BSR Candidate Configuration o PIM BSR Candidate Configuration Interface 1 0 21 x Hash Mask Length 126 BSR Expiry Time hh mm ss Priority 0 55 IP Address Next bootstrap Message hh mm ss Next Candidate RP Advertisement hh mm ss Use Interface to select the interface for which data is to be configured Use Priority to enter
205. PU and MACs The temperature is instant and can be refreshed when the REFRESH button is pressed The maximum temperature of CPU and MACs depends on the actual hardware The following table describes the Temperature Status information Field Description CPU The current temperature of the CPU in the switch MAC The current temperature of the MACs in the switch Click REFRESH to refresh the system information of the switch Device Status The screen shows the software version of each device The following table describes the Device Status information Field Description Firmware Version The release version maintenance build number of the code currently running on the switch For example if the release was 8 the version was 0 the maintenance number was 3 and the build number was 11 the format would be 8 0 3 11 Boot Version The version of the boot code which is in the flash memory to load the firmware into the memory CPLD Version The version of the software for CPLD Chapter Configuring System Information 21 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fes escrito O O Serial Number The serial number of this switch RPS Power Module Indicates the status of the RPS The status has three possible values Not Present RPS bank not connected OK RPS bank connected e FAIL RPS is present but power is failed Indicates
206. PVO ccs cds gence daar eda setri gry ected a ted eee Hic Rod anna ae bce eat a cs 201 BASIC ena oe tates ee Got aoe ae ieee e tat wees est ston aang ea a 201 Advanced ees hes crc hnd dade By Ba kia ee cd Gin A a a a a 204 MEAN erea coup oe et ab se osc ee a ben coattas a A pcs Bag aed Ga eee aes 218 VLAN Routing Wizard soceri ciradriristeri boo Era EEr beens 219 VLAN Routing Configuration aa aaaea aaaea 220 ARP Sata oars ce Shea a tec onc ewe boi a O ed 221 BASIC sca orice d oot ache ed eh a et ed ah eo 221 Advanced rircae arated e cee Gee ed a a a a eww 222 RIP arenen cs ah re e seen ey gcd a E ed As cogs ae hates 226 BaSe oh a saves atten cs as kas wee Glenna cesta N a ea coats 226 4 Contents ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual ADVANCE 224 ones tiron dite OPH ed Chee edad awd eae 227 OSPR oa aiuiwsd teed et Patou Bae Bain oid adit 233 BASIC sites toe E E ne 26 21 oad bie EE odRend 233 AOVANCED 43 2 0004 1 reas meee DPaoeraed de neneeeeds ear enwed d 234 OSPEVSG EEEE acne acai st AG ee adhe sg ade E EE EEEE 258 BaSICr 444 ceded eee ah he ea eee eed tee TESTE ATTAT 258 AOVANGCCE E coc a EEA Aim RRATA GSO ALMA sss ARS 259 Router DISCOVEN 3 266 4ces eras nee ereaadaneete nana ISEE aaa 281 Router Discovery Configuration 20 0 0 000000ee0e000 50s 281 VRRP oes pedicho ded pu deve deeds eee eens eee eee eer ae 282 BASIC lt 3 ixcik od Scat Lied Se aah ee aah TEE EENT dee Se tel 282
207. Port Path Cost is zero Hello Timer Displays the value of the parameter for the CST Auto Calculated External Port Path Cost Displays whether the external path cost is automatically calculated Enabled or not Disabled External Path cost will be calculated based on the link speed of the port if the configured value for External Port Path Cost is zero BPDU Guard Effect Display the BPDU Guard Effect it disables the edge ports that receive BPDU packets The possible values are Enable or Disable Port Forwarding State The Forwarding State of this port Chapter Configuring Switching Information 137 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual CST Port Status Use the Spanning Tree CST Port Status pag Internal Spanning Tree on a specific port on e to display Common Spanning Tree CST and the switch To display the Spanning Tree CST Port Status page click Switching gt STP gt Advanced gt CST Port Status int sae paad ag Besenane i shenancuesehentt sak fae e o peet aes lt zra s n e tone ee mo beas Damms mamis menena ma to ute an aeae atii meenacae s memnanee na nae ue ne saad aad maeaea o Ce te 4 ons aan e sailed mmeocewninenr amp eo cD Re ets ORT OF OE pees iit soe manasi Sad enemesenabanee 8 comenanmanecet saat tae iwis mee meme monad pememnceanaast mamimiisne ma tae ine ehh aia east nomen cnananenunenenat n ai weres aetas s lt ms tow wne ea Sst
208. Queue Directs traffic stream to the specified QoS queue This allows a traffic classifier to specify which one of the supported hardware queues are used for handling packets belonging to the class e Redirecting Forces classified traffic stream to a specified egress port physical or LAG This can occur in addition to any marking or policing action It may also be specified along with a QoS queue assignment DiffServ Example Configuration To create a DiffServ Class Policy and attach it to a switch interface follow these steps 516 Appendix Configuration Examples ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 From the QoS Class Configuration screen create a new class with the following settings e Class Name Class1 e Class Type All For more information about this screen see Class Configuration on page 425 2 Click the Class1 hyperlink to view the DiffServ Class Configuration screen for this class 3 Configure the following settings for Class1 e Protocol Type UDP e Source IP Address 192 12 1 0 e Source Mask 255 255 255 0 e Source L4 Port Other and enter 4567 as the source port value e Destination IP Address 192 12 2 0 e Destination Mask 255 255 255 0 e Destination L4 Port Other and enter 4568 as the destination port value For more information about this screen see Class Configuration on page 425 4 Click Apply 5 From the Policy Configuration screen create
209. RX and TX 256 511 Octets Packets RX and TX 512 1023 Octets Packets RX and TX 1024 1518 Octets Packets RX and TX 1519 2047 Octets Packets RX and TX 2048 4095 Octets Packets RX and TX 4096 9216 Octets Octets Received Indicates whether or not the port will send a trap when link status changes The total number of packets including bad packets received or transmitted that were 64 octets in length excluding framing bits but including FCS octets The total number of packets including bad packets received or transmitted that were between 65 and 127 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received or transmitted that were between 128 and 255 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received or transmitted that were between 256 and 511 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received or transmitted that were between 512 and 1023 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received or transmitted that were between 1024 and 1518 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received or trans
210. Relay Global Configuration A screen similar to the following displays UDP Relay UDP Relay Configuration Admin Mode Disable Enable UDP Relay Global Configuration Server UDP Port UDP Port Address y Other Value Count oe 1 Use Admin Mode to enable or disable the UDP Relay on the switch The default value is disable 2 Use Server Address to specify the UDP Relay Server Address in x x x x format 3 Use UDP Port to specify the UDP Destination Port These ports are supported e DefaultSet Relay UDP port 0 packets This is specified if no UDP port is selected when creating the Relay server e dhcp Relay DHCP UDP port 67 packets e domain Relay DNS UDP port 53 packets e isakmp Relay ISAKMP UDP port 500 packets e mobile ip Relay Mobile IP UDP port 434 packets nameserver Relay IEN 116 Name Service UDP port 42 packets e netbios dgm Relay NetBIOS Datagram Server UDP port 138 packets 60 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual netbios ns Relay NetBIOS Name Server UDP port 137 packets e ntp Relay network time protocol UDP port 123 packets e pim auto rp Relay PIM auto RP UDP port 496 packets e rip Relay RIP UDP port 520 packets e tacacs Relay TACACS UDP port 49 packet tftp Relay TFTP UDP port 69 packets e time Relay time service UDP port 37 packets Ot
211. Root for this MST instance 140 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual MST Port Status Use the Spanning Tree MST Port Status page to configure and display Multiple Spanning Tree MST settings on a specific port on the switch To display the Spanning Tree MST Port Status page click Switching gt STP gt Advanced gt MST Port Status MST Port Status MST ID Selection No MSTs Available Note If no MST instances have been configured on the switch the page displays a No MSTs Available message and does not display the fields shown in the field description table that follows To configure MST port settings 1 Use MST ID to select one MST instance from existing MST instances 2 Use Interface to select one of the physical or port channel interfaces associated with VLANs associated with the selected MST instance 3 Use Port Priority to specify the priority for a particular port within the selected MST instance The port priority is set in multiples of 16 For example if the priority is attempted to be set to any value between 0 and 15 it will be set to O If it is tried to be set to any value between 16 and 2 16 1 it will be set to 16 and so on 4 Use Port Path Cost to set the Path Cost to a new value for the specified port in the selected MST instance It takes a value in the range of 1 to 200000000 The following table
212. SOJ m Interface Trust Mode Rate Limit pps i Burst Interval secs mz e as C 1 o 1 Disable 15 1 O 170 2 Disable 15 1 O 1 0 3 Disable 15 1 O 1 0 4 Disable 15 1 O 1 0 s Disable 15 1 C 10 6 Disable 15 1 O 170 7 Disable 15 1 O 170 8 Disable 15 1 O 170 9 Disable 15 1 O 1 0 10 Disable 15 1 C 1 0 11 Disable 15 1 O 1 0 12 Disable 15 1 C 1 0 13 Disable 15 1 C 1 0 14 Disable 15 1 O 1 0 15 Disable 15 1 C 1 0 16 Disable 15 1 O 1 0 17 Disable 15 1 O 1 0 18 Disable 15 1 O 1 0 19 Disable 15 1 C 1 0 20 Disable 15 1 O 1 0 21 Disable 15 1 O 1 0 22 Disable 15 1 O 1 0 23 Disable 15 1 C 1 0 24 Disable 15 1 1 LAGS All Go To Interface GO 1 Interface Selects the physical interface for which data is to be configured 2 Use Trust Mode to indicate whether the interface is trusted for Dynamic ARP Inspection purpose If this object is set to Enable the interface is trusted ARP packets coming to this interface will be forwarded without checking If this object is set to Disable the interface is Chapter Managing Device Security 425 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual not trusted ARP packets coming to this interface will be subjected to ARP inspection The factory default is disable Use Rate Limit pps to specify rate limit value for Dynamic ARP Inspection purpose If the incoming rate of ARP packets exceeds the value of this object for consecutively burst interval seconds
213. STP Mode STP State Admin Mode LACP Mode Physical Mode The Spanning Tree Protocol Administrative Mode associated with the port or Port Channel The possible values are e Enable Spanning tree is enabled for this port e Disable Spanning tree is disabled for this port The port s current state Spanning Tree state This state controls what action a port takes on receipt of a frame If the bridge detects a malfunctioning port it will place that port into the broken state The other five states are defined in IEEE 802 1D e Disabled e Blocking e Listening e Learning e Forwarding e Broken The Port control administration state The port must be enabled in order for it to be allowed into the network The factory default is enabled Indicates the Link Aggregation Control Protocol administration state The mode must be enabled in order for the port to participate in Link Aggregation Indicates The port speed and duplex mode In auto negotiation mode the duplex mode and speed are set from the auto negotiation process Physical Status Indicates the port speed and duplex mode Link Status Indicates whether the Link is up or down 458 Chapter Monitoring the System ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Link Trap Packets RX and TX 64 Octets Packets RX and TX 65 127 Octets Packets RX and TX 128 255 Octets Packets
214. Serv Policy The policing rate will be applied 4 Committed Rate e When Policing is enabled the committed rate will be applied to the policy and the policing action is set to conform e When Policing is disabled the committed rate is not applied and the policy is set to markdscp 5 Outbound Priority e When Policing is enabled Outbound Priority defines the type of policing conform action where High sets action to markdscp ef Med sets action to markdscp af31 and Low sets action to send e When Policing is disabled Outbound Priority defines the policy where High sets policy to mark ipdscp ef Med sets policy to mark ipdscp af31 Low set policy to mark ipdscp be Chapter Configuring Quality of Service 345 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Auto VoIP Configuration To display the Auto VoIP Configuration page click QoS gt DiffServ gt Auto VoIP Auto VoIP Configuration Auto VoIP Configuration 1 LAGS All Go To Interface laSo Interface Auto VoIP Mode Traffic Class C 1 o 1 Disable 6 C 1 0 2 Disable 5 O wos Disable 6 O 10 4 Disable 6 O 1 0 s Disable s O o s Disable 6 O 1 0 7 Disable 6 C 170 8 Disable 6 O 1 0 9 Disable O 1 0 10 Disable 6 O 1 0 11 Disable 6 O 1 0 12 Disable 6 O 1 0 13 Disable 6 C 1 0 14 Disable 6 O 1 0 15 Disable O 1 0 16 Disable 6 O 1 0 17 Disable 6 O 1 0 18 Disable 6 O 1 0 19 Disable 6 O 1 0 20 Disable 6 O 1 0 21 Disable 6 C 1 0
215. Service 1 o 9 0 O 1o22 Disable Not In Service 1 o o o O 1 0 23 Disable Not In Service 1 0 0 O 1 0 24 Disable Not In Service 1 0 0 1 all Go To Interface 29 1 Use Interface to select the interface for which data is to be configured 2 Use Interface Mode to set the administrative mode of the selected DVMRP routing interface 3 Use Interface Metric to enter the DVMRP metric for the selected interface This value is sent in DVMRP messages as the cost to reach this network Valid values are from 1 to 31 The default value is 1 4 Click REFRESH to show the latest DVMRP interface information 296 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Protocol State The operational state of the DVMRP protocol on the selected interface either operational or non operational Local Address The IP address used as a source address in packets sent from the selected interface Generation ID The DVMRP generation ID used by the router for the selected interface This value is reset every time an interface is re started and is placed in prune messages A change in generation ID informs the neighbor routers that any previous information about this router should be discarded Received Bad Packets The number of invalid packets received on the selected interface Received Bad Routes The number of invalid routes received on the selected interface Sent Routes
216. Special treatment can be applied to out of profile packets that are either in excess of the conformance specification or are non conformant The DiffServ feature supports the following types of traffic policing treatments actions e drop The packet is dropped e mark cos The 802 1p user priority bits are re marked and forwarded e mark dscp The packet DSCP is re marked and forwarded e mark prec The packet IP Precedence is re marked and forwarded e send the packet is forwarded without DiffServ modification Color Mode Awareness Policing in the DiffServ feature uses either color blind or color aware mode Color blind mode ignores the coloration marking of the incoming packet Color aware mode takes into consideration the current packet marking when determining the policing outcome An auxiliary traffic class is used in conjunction with the policing definition to specify a value for one of the 802 1p Secondary 802 1p IP DSCP or IP Precedence fields designating the incoming color value to be used as the conforming color The color of exceeding traffic may be optionally specified as well e Counting Updating octet and packet statistics to keep track of data handling along traffic paths within DiffServ In this DiffServ feature counters are not explicitly configured by the user but are designed into the system based on the DiffServ policy being created See the Statistics section of this document for more details e Assigning QoS
217. Statistics VRRP Statistics Godal Statistics t Roster Chen beeen Errors Rector Vereen Frere Pewter VRID berora Field Description Router Checksum Errors The total number of VRRP packets received with an invalid VRRP checksum value Router Version Errors The total number of VRRP packets received with an unknown or unsupported version number Router VRID Errors The total number of VRRP packets received with an invalid VRID for this virtual router VRRP ID The VRID for the selected Virtual Router Interface The Unit Slot Port for the selected Virtual Router Up Time The time in days hours minutes and seconds that has elapsed since the virtual router transitioned to the initialized state State Transitioned to Master The total number of times that this virtual router s state has transitioned to Master Advertisement Received The total number of VRRP advertisements received by this virtual router Advertisement Interval Errors The total number of VRRP advertisement packets received for which the advertisement interval was different than the one configured for the local virtual router Authentication Failure The total number of VRRP packets received that did not pass the authentication check IP TTL Errors The total number of VRRP packets received by the virtual router with IP TTL Time To Live not equal to 255 Zero Priority Packets Received The total number of VRRP packets received by the virtua
218. System ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual SysLog Configuration To access the SysLog Configuration page click Monitoring gt Logs gt Sys Log Configuration Syslog Configuration Syslog Configuration amp Admin Status Disable Enable Local UDP Port 514 1 to 65535 Messages Received 1752 Messages Relayed 0 Messages Ignored 0 Host Configuration Host Address Status Port Severity Filter E 1 Use Admin Status to enable disable logging to configured syslog hosts Setting this to disable stops logging to all syslog hosts Disable means no messages will be sent to any collector relay Enable means messages will be sent to configured collector relays using the values configured for each collector relay Enable Disable the operation of the syslog function by selecting the corresponding radio button 2 Use Local UDP Port to specify the port on the local host from which syslog messages are sent The default port is 514 Specify the local port in the text field Field Description Messages Relayed The count of syslog messages relayed Messages Ignored The count of syslog messages ignored Chapter Monitoring the System 471 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Trap Logs This screen lists the entries in the trap log The information can be retrieved as a file by using System Utilities Upload File fro
219. T 427012512 aute_install_contrel c 3026 1882 SS Autolnatall Wetting for retry Smet 24 gt JAN O3 23 40 43 10 27 34 52 AUTO_INST 427012522 auto_install_contrel c 3523 1682 54 OHOP option resolved TFTP IP address 10 9 21 20 lt 14 gt JAN O3 23 30 43 10 27 34 52 3 AUTO_INST 427012522 auto_install_corerel c 2026 175 tt Autolnatall Waiting for retry beneowt 24 gt JAN O3 23 30 43 20 27 34 S2 2 AUTO_INST 427012512 auto_install_control c 3523 1751 5 DHCP option resolved TFTP IP address 10 9 11 20 24 gt JAN O3 23 20 43 10 27 34 52 1 AUTO_INST 427012512 auto_install_contret c 2026 1750 ss Autolnatall Waiting for retry teneout lt td gt JAN O3 23 20 43 10 27 34 S2 1 AUTO_INST 427012512 auto_install_control c 3523 1749 a s DHCP option resolved TFTP IP address 10 9 11 20 lt 13 gt JAN 03 23 20 01 10 27 34 S2 1 TRAPMGR 1948147584 traputil c 614 1748 Spanning Tree Topology Change O Lint 1 lt 13 gt JAN O3 23 20 01 10 27 34 52 1 TRAPMGR 1940147584 traputil c 614 1747 Spanning Tree Topology Change Received MSTID 0 Und 1 Stot 0 Port 22 lt 13 gt JAN 03 23 20 00 10 27 34 S2 3 TRAPMGR 1940147584 traputil c 614 1746 SW Spenning Tree Topology Change Recenved MSTID 0 Unt 1 Stct O Port 22 lt 13 gt JAN 03 23 19 59 10 27 34 52 1 TRAPMGR 1940147504 traputil c 614 1745 Spanning Tree Topology Change Received MSTID 0 Unit 1 Stot O Port 22 lt 13 gt JAN 0 23 19 9 10 27 J4 52 1 TRAPM
220. TFTP server of the file you want to download You may enter up to 32 characters The factory default is blank 6 Click APPLY to start to download the Host Key file Note that to download SSH key files SSH must be administratively disabled and there can be no active SSH sessions Telnet To display the Telnet page click Security gt Access gt Telnet TELNET Authentication List 2 Login Authentication List networkList Enable Authentication List enableList Inbound Telnet Telnet Server Admin Mode Enable v Allow new telnet sessions Disable Enable Session Timeout 5 Maximum Number of Sessions 5 Current Number of Sessions Outbound Telnet Allow new telnet sessions Disable Enable Session Timeout 5 Maximum Number of Sessions 5 0 Current Number of Sessions Chapter Managing Device Security 387 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Telnet Authentication List This page allows you to select the login and enable authentication list available The login list specifies the authentication method s you want used to validate switch or port access for the users associated with the list The enable list specifies the authentication method s you want used to validate privileged EXEC access for the users associated with the list These list can be created by Authentication List page under Management Security 1 Use Login Authentication List to specify which aut
221. TP destination port e Telnet sets match criteria to Telnet destination port e Every sets match criteria all traffic e Create a Diffserv Policy and add it to the DiffServ Class created e If Policing is set to YES then DiffServ Policy style is set to Simple Traffic which conforms to the Class Match criteria will be processed according to the Outbound Priority selection Outbound Priority configures the handling of conforming traffic as below e High sets policing action to markdscp ef e Med sets policing action to markdscp af31 e Low sets policing action to send 344 Chapter Configuring Quality of Service ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e If Policing is set to NO then all traffic will be marked as specified below e High sets policy mark ipdscp ef e Med sets policy mark ipdscp af31 e Low sets policy mark ipdscp be e Each port selected will be added to the policy created To display the DiffServ Wizard page click QoS gt DiffServ gt DiffServ Wizard Diffserv Wizard Diffserv Wizard Traffic Type VOIP Committed Rate Kbps Policing v Outbound Priority 1 Use Traffic Type to define the DiffServ Class Traffic type options VOIP HTTP FTP Telnet and Every 2 Ports displays the ports which can be configured to support a DiffServ policy The DiffServ policy will be added to selected ports 3 Use Enable Policing to add policing to the Diff
222. The valid values are from 0 to 2000 The default value is 0 4 Use Register Threshold Rate kbps to enter the rate in K bits second above which the Rendezvous Point router will switch to a source specific shortest path tree The valid values are from 0 to 2000 The default value is 0 320 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual SSM Configuration While PIM employs a specially configured RP router that serves as a meeting junction for multicast senders and listeners Protocol Independent Multicast Source Specific Multicast PIM SSM does not use an RP It supports only source route deliver trees It is used between routers so that they can track which multicast packets to forward to each other and to their directly connected LANs The SSM service model can be implemented with a strict subset of the PIM protocol mechanisms Both regular IP Multicast and SSM semantics can coexist on a single router and both can be implemented using the PIM protocol A range of multicast addresses currently 232 0 0 0 8 in IPv4 and FF3x 32 in IPv6 is reserved for SSM To display the PIM SSM Configuration page click Routing gt IPv6 Multicast PIM gt SSM Configuration PIM SSM Configuration SSM Configuration SSM Group Address SSM Group Mask Use SSM Group Address to enter the source specific multicast group ip address Use SSM Group Mask to enter the source specific multicast IPv6
223. This is the configuration for SNMP v3 From the SNMP V3 link you can access the following pages e User Configuration on page 88 User Configuration To access this page click System gt SNMP gt SNMP V3 gt User Configuration A screen similar to the following displays User Configuration User Names User Name admin v User Configuration 2 SNMP v3 Access Mode Read Write Authentication Protocol None O MDS SHA Encryption Protocol None DES To configure SNMPv3 settings for the user account 1 Use User Name to specify the user account to be configured 2 SNMP v3 Access Mode Indicates the SNMPv3 access privileges for the user account The admin account always has Read Write access and all other accounts have Read Only access 3 Use Authentication Protocol to specify the SNMPv3 Authentication Protocol setting for the selected user account The valid Authentication Protocols are None MD5 or SHA e If you select None the user will be unable to access the SNMP data from an SNMP browser 88 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e If you select MD5 or SHA the user login password will be used as the SNMPv3 authentication password and you must therefore specify a password and it must be eight characters long 4 Use Encryption Protocol to specify the SNMPv3 Encryption Protocol setting for the selected user account
224. Time secs to specify the number of seconds from when OSPF receives a topology change to the start of the next SPF calculation Delay Time is an integer from 0 to 65535 seconds The default time is 5 seconds A value of 0 means that there is no delay that is the SPF calculation is started upon a topology change Use SPF HoldTime secs to specify the minimum time in seconds between two consecutive SPF calculations The range is 0 to 65 535 seconds The default time is 10 Chapter Routing 237 10 11 12 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual seconds A value of 0 means that there is no delay that is two SPF calculations can be done one immediately after the other Use External LSDB Limit to set the number of the external LSDB limit for OSPF If the value is 1 then there is no limit When the number of non default AS external LSAs in a router s link state database reaches the external LSDB limit the router enters overflow state The router never holds more than the external LSDB limit none default AS external LSAs in database The external LSDB limit MUST be set identically in all routers attached to the OSPF backbone and or any regular OSPF area The range for limit is 1 to 2147483647 Use Default Metric to set a default for the metric of redistributed routes This field is blank if a default metric has not been configured The range of valid values is 1 to 16777214 Use Maximum Path
225. To disable Snooping Querier on a VLAN select the VLAN ID and click Delete 4 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 5 Click Refresh to update the page with the latest information from the switch Chapter Configuring Switching Information 155 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O Operational State Operational Version Last Querier Address Last Querier Version Operational Max Response Time Displays the operational state of the IGMP Snooping Querier on a VLAN It can be in any of the following states Querier Snooping switch is the Querier in the VLAN The Snooping switch will send out periodic queries with a time interval equal to the configured querier query interval If the snooping switch sees a better querier in the VLAN it moves to non querier mode e Non Querier Snooping switch is in Non Querier mode in the VLAN If the querier expiry interval timer is expires the snooping switch will move into querier mode e Disabled Snooping Querier is not operational on the VLAN The Snooping Querier moves to disabled mode when IGMP Snooping is not operational on the VLAN or when the querier address is not configured or the network management address is also not configured Displays the operational IGMP protocol version of the querier Displays the IP address of t
226. To display the Host Keys Management page click Security gt Access gt SSH gt Host Keys Management 1 Host Keys Management RSA Keys Management G None Generate RSA Keys Delete RSA Keys DSA Keys Management None Generate DSA Keys O Delete DSA Keys Host Keys Status Keys Present Both Key Generation In Progress None Host Keys Management None is the default selection Chapter Managing Device Security 385 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 2 Use Generate RSA Keys to begin generating the RSA host keys Note that to generate SSH key files SSH must be administratively disabled and there can be no active SSH sessions 3 Use Delete RSA Keys to delete the corresponding RSA key file if it is present 4 DSA Keys Management None is the default selection 5 Use Generate DSA Keys to begin generating the DSA host keys Note that to generate SSH key files SSH must be administratively disabled and there can be no active SSH sessions 6 Use Delete DSA Keys to delete the corresponding DSA key file if it is present 7 Click APPLY to start to download the Host Key file Note that to download SSH key files SSH must be administratively disabled and there can be no active SSH sessions 8 Click REFRESH to refresh the web page to show the latest SSH Sessions Fig escrito O O Keys Present Displays which keys RSA DSA or both are present if any
227. Type as the first 16 bits of the DVlan tag e 802 1Q Tag Commonly used tag representing 0x8100 e VMAN Tag Commonly used tag representing 0x88A8 e Custom Tag Configure the EtherType in any range from 0 to 65535 Protocol Based VLAN Group Configuration You can use a protocol based VLAN to define filtering criteria for untagged packets By default if you do not configure any port IEEE 802 1Q or protocol based VLANs untagged packets will be assigned to VLAN 1 You can override this behavior by defining either port based VLANs or protocol based VLANs or both Tagged packets are always handled according to the IEEE 802 1Q standard and are not included in protocol based VLANs If you assign a port to a protocol based VLAN for a specific protocol untagged frames received on that port for that protocol will be assigned the protocol based VLAN ID Untagged frames received on the port for other protocols will be assigned the Port VLAN ID either the default PVID 1 or a PVID you have specifically assigned to the port using the Port VLAN Configuration screen You define a protocol based VLAN by creating a group Each group has a one to one relationship with a VLAN ID can include one to three protocol definitions and can include multiple ports When you create a group you will choose a name and a Group ID will be assigned automatically To display the Protocol Based VLAN Group Configuration page click Switching gt VLAN gt Advanced gt P
228. VLAN Mac Based VLAN Group Configuration MAC Based VLAN Configuration MAC Address VLAN ID 3 00 00 00 00 00 00 7 1 MAC Address Valid MAC Address which is to be bound to a VLAN ID This field is configurable only when a MAC Based VLAN is created 2 Use VLAN ID to specify a VLAN ID in the range of 1 to 4093 Click ADD to add an entry of MAC Address to VLAN mapping 4 Click DELETE to delete and entry of MAC Address to VLAN mapping o Chapter Configuring Switching Information 121 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IP Subnet Based VLAN IP Subnet to VLAN mapping is defined by configuring an entry in the IP Subnet to VLAN table An entry is specified via a source IP address network mask and the desired VLAN ID The IP Subnet to VLAN configurations are shared across all ports of the device To display the MAC Based VLAN page click Switching gt VLAN gt Advanced gt IP Subnet Based VLAN IP Subnet Based VLAN Configuration IP Subnet Based VLAN Configuration E IP Address Subnet Mask VLAN ID S EE 1 Use IP Address to specify a valid IP Address bound to VLAN ID Enter the IP Address in dotted decimal notation 2 Use Subnet Mask to specify a valid Subnet Mask of the IP Address Enter the Subnet mask in dotted decimal notation 3 Use VLAN ID to specify a VLAN ID in the range of 1 to 4093 4 Click ADD to add a new IP subnet based VLAN 5 Click DELET
229. When an access list rule includes a destination IP address and netmask an extended access list the destination IP address is compared to the network mask of the destination of the route The destination netmask in the access list serves as a wildcard mask indicating which bits in the route s destination mask are significant for the filtering operation RIP Route Redistribution Summary This screen displays the RIP Route Redistribution Configurations Field Description Source The Source Route to be Redistributed by RIP Metric The Metric of redistributed routes for the given Source Route Displays Unconfigured when not configured Chapter Routing 233 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fes escrito O O Match List of Routes redistributed when OSPF is selected as Source The list may include one or more of e Internal Sets Internal OSPF Routes to be redistributed e External Type 1 Sets External Type 1 OSPF Routes to be redistributed e External Type 2 Sets External Type 2 OSPF Routes to be redistributed e NSSA External Type 1 Sets NSSA External Type 1 OSPF Routes to be redistributed e NSSA External Type 2 Sets NSSA External Type 2 OSPF Routes to be redistributed Distribute List The Access List that filters the routes to be redistributed by the Destination Protocol Displays 0 when not configured OSPF From the OSPF link you c
230. Z TH OAHMAZ 1999 5 EK Fran ais Par la pr sente NETGEAR Inc d clare que l appareil Radiolan est conforme aux French exigences essentielles et aux autres dispositions pertinentes de la directive 1999 5 CE Italiano Italian Con la presente NETGEAR Inc dichiara che questo Radiolan conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999 5 CE Latviski Latvian Lietuvi Lithuanian Ar o NETGEAR Inc deklar ka Radiolan atbilst Direkt vas 1999 5 EK b tiskaj m pras b m un citiem ar to saist tajiem noteikumiem iuo NETGEAR Inc deklaruoja kad is Radiolan atitinka esminius reikalavimus ir kitas 1999 5 EB Direktyvos nuostatas Nederlands Dutch Malti Maltese Magyar Hungarian Hierbij verklaart NETGEAR Inc dat het toestel Radiolan in overeenstemming is met de essenti le eisen en de andere relevante bepalingen van richtlijn 1999 5 EG Hawnhekk NETGEAR Inc jiddikjara li dan Radiolan jikkonforma mal htigijiet essenzjali u ma provvedimenti ohrajn relevanti li hemm fid Dirrettiva 1999 5 EC Alul rott NETGEAR Inc nyilatkozom hogy a Radiolan megfelel a vonatkoz alapvet k vetelm nyeknek s az 1999 5 EC ir nyelv egy b eldirasainak Polski Polish Niniejszym NETGEAR Inc o wiadcza e Radiolan jest zgodny z zasadniczymi wymogami oraz pozosta ymi stosownymi postanowieniami Dyrektywy 1999 5 EC Portugu s NETGEAR Inc declar
231. a area route table has been calculated using this area s link state database This is done using Dijkstra s algorithm Area Border Router Count The total number of area border routers reachable within this area This is initially zero and is calculated in each SPF Pass Chapter Routing 267 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Feis escrito O O Area LSA Count The total number of link state advertisements in this area s link state database excluding AS External LSAs Area LSA Checksum The 32 bit unsigned sum of the link state advertisements LS checksums contained in this area s link state database This sum excludes external LS type 5 link state advertisements The sum can be used to determine if there has been a change in a router s link state database and to compare the link state database of two routers Translator State Translator State Enabled means that the NSSA router OSPFv3 Area NssA Translator Role has been set to always Translator State of Elected means a candidate NSSA Border router is translating type 7 LSAs into type 5 Disabled implies that a candidate NSSA Border router is NOT translating type 7 LSAs into type 5 Area Range Configuration Use the Area Range Configuration page to configure OSPFv3 area ranges To display the Area Range Configuration page click Routing gt OSPFv3 gt Advanced gt Area Range Configuration Area Range Confi
232. a new policy with the following settings e Policy Selector Policy1 e Member Class Class For more information about this screen see Policy Configuration on page 429 6 Click Add to add the new policy 7 Click the Policy1 hyperlink to view the Policy Class Configuration screen for this policy 8 Configure the Policy attributes as follows e Assign Queue 3 e Policy Attribute Simple Policy e Color Mode Color Blind e Committed Rate 1000000 Kbps e Committed Burst Size 128 KB e Confirm Action Send e Violate Action Drop For more information about this screen see Policy Configuration on page 429 9 From the Service Configuration screen select the check box next to interfaces g7 and g8 to attach the policy to these interfaces and then click Apply See Service Interface Configuration on page 433 All UDP packet flows destined to the 192 12 2 0 network with an IP source address from the 192 12 1 0 network that have a Layer 4 Source port of 4567 and Destination port of 4568 from this switch on ports 7 and 8 are assigned to hardware queue 3 Appendix Configuration Examples 517 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual On this network traffic from streaming applications uses UDP port 4567 as the source and 4568 as the destination This real time traffic is time sensitive so it is assigned to a high priority hardware queue By default data traffic uses hardware queue 0 which i
233. a que este Radiolan est conforme com os requisitos essenciais e Portuguese outras disposi es da Directiva 1999 5 CE Slovensko NETGEAR Inc izjavlja da je ta Radiolan v skladu z bistvenimi zahtevami in ostalimi Slovenian relevantnimi dolo ili direktive 1999 5 ES Slovensky NETGEAR Inc t mto vyhlasuje e Radiolan sp a z kladn po iadavky a v etky Slovak pr slu n ustanovenia Smernice 1999 5 ES Suomi Finnish NETGEAR Inc vakuuttaa t ten ett Radiolan tyyppinen laite on direktiivin 1999 5 EY oleellisten vaatimusten ja sit koskevien direktiivin muiden ehtojen mukainen Appendix Notification of Compliance 529 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Svenska Harmed intygar NETGEAR Inc att denna Radiolan star 6verensstammelse med de Swedish v sentliga egenskapskrav och vriga relevanta best mmelser som framg r av direktiv 1999 5 EG slenska H r me l sir NETGEAR Inc yfir v a Radiolan er samr mi vi grunnkr fur og a rar Icelandic kr fur sem ger ar eru tilskipun 1999 5 EC Norsk NETGEAR Inc erkl rer herved at utstyret Radiolan er i samsvar med de grunnleggende Norwegian krav og vrige relevante krav i direktiv 1999 5 EF This device is a 2 4 GHz wideband transmission system transceiver intended for use in all EU member states and EFTA countries except in France and Italy where restrictive use applies
234. a save 9 Click APPLY to update the switch with the values you entered If you want the switch to retain the new values across a power cycle you must perform a save Field Description For normal ports this field will be normal Otherwise the possible values are e Mirrored The port is a mirrored port on which all the traffic will be copied to the probe port e Probe Use this port to monitor mirrored port e Trunk Number The port is a member of a Link Aggregation trunk Look at the LAG screens for more information Physical Status Indicates the port speed and duplex mode Link Status Indicates whether the Link is up or down iflndex The iflndex of the interface table entry associated with this port 170 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Port Description This screen configures and displays the description for all ports in the box To access the Port Description page click Switching gt Ports gt Port Description 1 gpo0o0po0po0pcooo0coooooooo0nooog Port Description Port Description LAGS All Port Description 1 0 1 1 0 2 1 0 3 10 4 1 0 S 1 0 6 1 0 7 1 0 8 1 0 9 1 0 10 1 0 11 1 0 12 1 0 13 1 0 14 1 0 15 1 0 16 1 0 17 1 0 18 1 0 19 1 0 20 1 0 21 1 0 22 1 0 23 1 0 24 LAGS All Go To Port MAC Address 00 04 06 02 04 09 00 04 06 02 04 09 00 04 06 02 04 09 00
235. ab contains links to the following features Routing Table on page 180 IP on page 186 IPv6 on page 202 VLAN on page 219 ARP on page 222 RIP on page 227 OSPF on page 234 OSPFv3 on page 260 Router Discovery on page 283 VRAP on page 284 Multicast on page 292 IPv6 Multicast on page 317 Routing Table The Routing Table collects routes from multiple sources static routes RIP routes OSPF routes and local routes The Routing Table may learn multiple routes to the same destination from multiple sources The Routing Table lists all routes From the Routing Table link you can access the following pages Basic on page 181 Advanced on page 183 Chapter Routing 180 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Basic From the Basic link you can access the following pages e Route Configuration on page 181 Route Configuration To display the Route Configuration page click Routing gt Routing Table gt Basic gt Route Configuration Route Configuration Configure Routes 7 Network Next Hop IP Subnet Mask Preference Identifier Address Address Next Hop IP Preference Address Network Next Hop Subnet Mask Protocol Address Interface Route Configuration 1 Use the Route Type field to specify default or static If creating a default route all that needs to be specified is the next hop IP address otherwise each field needs to be specified 2 Network Address displays
236. able Disable Disable Orsabie Disable Disabie Orsable Orsable Disable Orsable Orsable Orsable Disable Oisable Disable Orsable Disable Disable Disable EE CE 505 sis a lt u Go To Interface Robustness E 2 125 2 125 2 125 2 125 2 125 2 125 2 125 2 125 2 125 2 125 2 125 2 125 2 125 2 125 2 125 2 125 2 125 2 125 2 125 2 125 2 125 2 125 2 125 Go To Interface Query Max Response Time 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 100 Startup Query Interval Last Last Startup Member Member Query Query Query Count Interval Count 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 2 10 2 Interface The interface for which data is to be displayed or configured Use Admin Mode to set the administrative status of IGMP on the selected interface The default is disable Use Version to enter the version of IGMP you want to configure on the selected interface Valid values are 1 to 3 and the default value is 3 This field is configurable only when IGMP interface mode is enabled Use Robustness to enter the robustness value This variable allows tuning for the expected packet loss on a subnet If you expect the subnet to be lossy you should enter a higher number for this parameter IG
237. able Switch Software Administration Manual 4 Use Valid Lifetime to specify router advertisement per prefix time to consider prefix valid for purposes of on link determination Valid lifetime must be in the range 0 to 4294967295 5 Use Preferred Lifetime to specify router advertisement per prefix time An auto configured address generated from this prefix is preferred Preferred lifetime must be in range 0 to 4294967295 6 Use OnLink Flag to specify selected prefix can be used for on link determination Default value is enable This selector lists the two options for on link flag enable and disable 7 Use Autonomous Flag to specify selected prefix can be used for autonomous address configuration Default value is disable This selector lists the two options for autonomous flag enable and disable Field Description Current State Indicates the state of the IPV6 address The state is TENT if routing is disabled or DAD fails The state is Active if interface is active and DAD is successful e Click ADD to add a new IPv6 address to the interface e Click DELETE to delete a existing IPv6 address entry from the interface 208 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IPv Statistics Use the IPv6 Statistics page to display IPv6 traffic statistics for one or all interfaces To display the IPv6 Statistics page click Routing gt IPv6 gt Advanced gt Statistics
238. ach packet s network IP address 1 From the IP ACL screen create a new IP ACL with an IP ACL ID of 1 See P ACL on page 541 2 From the IP Rules screen create a rule for IP ACL 1 with the following settings e Rule ID 1 e Action Deny e Assign Queue ID 0 optional O is the default value e Match Every False e Source IP Address 192 168 187 0 e Source IP Mask 255 255 255 0 For additional information about IP ACL rules see P Rules on page 543 3 Click Add 4 From the IP Rules screen create a second rule for IP ACL 1 with the following settings e Rule ID 2 e Action Permit e Match Every True 5 Click Add 6 From the IP Binding Configuration page assign ACL ID 1 to the interface gigabit ports 2 3 and 4 and assign a sequence number of 1 See P Binding Configuration on page 552 By default this IP ACL is bound on the inbound direction so it examines traffic as it enters the switch 7 Click Apply 8 Use the IP Binding Table screen to view the interfaces and IP ACL binding information See IP Binding Table on page 554 The IP ACL in this example matches all packets with the source IP address and subnet mask of the Finance department s network and deny it on the Ethernet interfaces 2 3 and 4 of the switch The second rule permits all non Finance traffic on the ports The second rule is required because there is an explicit deny all rule as the lowest priority rule Appendix Configuration Examples
239. acket or an error in processing the packet Bad Version The number of received OSPF packets whose version field in the OSPF header does not match the version of the OSPF process handling the packet Source Not On Local Subnet The number of received packets discarded because the source IP address is not within a subnet configured on a local interface Virtual Link Not Found The number of received OSPF packets discarded where the ingress interface is in a non backbone area and the OSPF header identifies the packet as belonging to the backbone but OSPF does not have a virtual link to the packet s sender 250 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Area Mismatch The number of OSPF packets discarded because the area ID in the OSPF header is not the area ID configured on the ingress interface Invalid Destination Address The number of OSPF packets discarded because the packet s destination IP address is not the address of the ingress interface and is not the AllDrRouters or AllSpfRouters multicast addresses Wrong Authentication Type The number of packets discarded because the authentication type specified in the OSPF header does not match the authentication type configured on the ingress interface Authentication Failure No Neighbor at Source Address Invalid OSPF Packet Type Hellos Ignored The number of
240. address to a media MAC address defined by a local area network LAN such as Ethernet A station needing to send an IP packet must learn the MAC address of the IP destination or of the next hop router if the destination is not on the same subnet This is achieved by broadcasting an ARP request packet to which the intended recipient responds by unicasting an ARP reply containing its MAC address Once learned the MAC address is used in the destination address field of the layer 2 header prepended to the IP packet The ARP cache is a table maintained locally in each station on a network ARP cache entries are learned by examining the source information in the ARP packet payload fields regardless of whether it is an ARP request or response Thus when an ARP request is broadcast to all stations on a LAN segment or virtual LAN VLAN every recipient has the opportunity to store the sender s IP and MAC address in their respective ARP cache The ARP response being unicast is normally seen only by the requestor who stores the sender information in its ARP cache Newer information always replaces existing content in the ARP cache The number of supported ARP entries is platform dependent Devices can be moved in a network which means the IP address that was at one time associated with a certain MAC address is now found using a different MAC or may have disappeared from the network altogether i e it has been reconfigured disconnected or powere
241. age is loaded during subsequent switch restarts This feature reduces switch down time when upgrading or downgrading the ProSafe Managed Switches software The File Management menu contains links to the following options e Copy on page 495 e Dual Image Configuration on page 496 Copy To display the Copy page click Maintenance gt File Management gt Copy Copy Copy Source Image Imagel Image2 Stack Member 1 if Destination Image Imagel Image2 1 Use Source Image to select the image1 or image2 as source image when copy occurs 2 Use Stack member to select the destination unit to which you are going to copy from master 3 Use Destination Image to select the image1 or image2 as destination image when copy occurs Chapter Maintenance 495 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Dual Image Configuration The Dual Image feature allows switch to retain two images in permanent storage The user designates one of these images as the active image to be loaded during subsequent switch restarts This feature reduces switch down time when upgrading downgrading the image To display the Dual Image Configuration page click Maintenance gt File Management gt Dual Image Configuration Dual Image Configuration Dual Image Configuration Next X Active s re Update Unit Image Name Active Description Version Image Bootcode Image 1 imagel True True 3 2
242. alue must be in the range of 0 to 16 The default value is 16 The currently configured value is shown when the web page is displayed Field Description Certificate Present Displays whether there is a certificate present on the device Authentication List Displays authentication list for HTTPS Certificate Management Use this menu to generate or delete certificates To display the Certificate Management page click Security gt Access gt HTTPS gt HTTPS Certificate Management Certificate Management Certificate Management 2 Certificate Present Yes G None Generate Certificates C Delete Certificates Certificate Generation Status Certificate Generation Status No certificate generation in progress 1 Use None to specify there is no certificate management This is the default selection 2 Use Generate Certificates to begin generating the Certificate files 3 Use Delete Certificates to delete the corresponding Certificate files if present 382 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Certificate Generation Status Displays whether SSL certificate generation is in progress Certificate Download Use this menu to transfer a certificate file to the switch For the Web server on the switch to accept HTTPS connections from a management station the Web server needs a public key certificate You
243. amic MAC Addresses Learned Displays the number of dynamically learned MAC addresses on a specific port VLAN ID Displays the VLAN ID corresponding to the MAC address MAC Address Displays the MAC addresses learned on a specific port Static MAC Address To display the Static MAC Address page click Security gt Traffic Control gt Port Security gt Static MAC Address Static MAC Address Configuration Port List Interface 1 0 1 Static MAC Address Table Static MAC Address VLAN ID i Interface Select the physical interface for which you want to display data Static MAC Address Accepts user input for the MAC address to be deleted Use VLAN ID to select the VLAN ID corresponding to the MAC address being added Click ADD to add a new static MAC address to the switch Click DELETE to delete a existing static MAC address from the switch 2 PS YS 408 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Private Group The Private Group folder contains links to the following features e Private Group Configuration on page 409 e Private Group Membership on page 410 Private Group Configuration To display the Private Group Configuration page click Security gt Traffic Control gt Private Group gt Private Group Configuration Private Group Configuration Private Group Configuration oe 1 Use Group Name to enter the Private
244. ample 00 06 29 32 81 40 Click REFRESH to show the latest IP information 224 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual ARP Table Configuration You can use this screen to change the configuration parameters for the Address Resolution Protocol Table You can also use this screen to display the contents of the table To display the ARP Table Configuration page click Routing gt ARP gt Advanced gt ARP Table Configuration ARP Table Configuration ARP Table Configuration Age Time secs 1200 ResponseTime secs 1 Retries Cache Size 6144 384 to 6144 AN Dynamic Renew Y Disable Enable Total Entry Count Peak Total Entries Active Static Entries Oo oO oO oO Configured Static Entries Maximum Static Entries 128 Remove From Table None v 1 Use Age Time to enter the value for the switch to use for the ARP entry ageout time You must enter a valid integer which represents the number of seconds it will take for an ARP entry to age out The range for this field is 15 to 21600 seconds The default value for Age Time is 1200 seconds 2 Use Response Time to enter the value for the switch to use for the ARP response time out You must enter a valid integer which represents the number of seconds the switch will wait for a response to an ARP request The range for this field is 1 to 10 seconds The default value for Response Time is 1 second 3 Use Retries to
245. ample configuration 518 A access control ACL example configuration 511 ACLs 436 authentication 802 1X 391 518 enable 16 port based 391 RADIUS 366 SNMP 16 TACACS 372 C certificate 383 compliance 528 Configuration 802 1X 392 393 Access Control Lists 436 Class 350 353 Community 82 CoS 335 Differentiated Services 343 DNS 41 Dual Image 496 Dynamic Host 43 Global 147 IGMP Snooping 146 LAG 173 MAC Filter 403 Management Access 379 Policy 355 Port Security 405 Port VLAN ID 119 RADIUS Global 367 Secure HTTP 381 SNTP Server 38 Standard IP ACL Example 513 STP 129 TACACS 372 Trap 84 VLAN 113 VLAN example 510 CoS 335 D defaults CoS 512 DES 16 Device View 13 DiffServ 343 DNS 41 download from a remote system 490 E EAP 463 F file management 495 firmware download 490 G guest VLAN configuration 519 H help HTML based 13 HTTP 379 management interface access 10 secure 379 using to download files 492 HTTPS 381 IEEE 802 11x 518 IEEE 802 1AB 89 IEEE 802 1D 129 IEEE 802 1Q 112 130 Index 533 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IEEE 802 1s 130 IEEE 802 1w 129 IEEE 802 1X 366 IGMP 146 interface LAG 172 logical 17 naming convention 16 physical 17 queue configuration 342 IP DSCP 335 Mapping 339 L LAG VLAN 172 LAGPDUs 172 LAGs 172 Membership 175 Static 172 LLDP 89 LLDP MED 89 MAC 146 filter summary
246. an active trap is encountered by the switch a trap message is sent to any enabled SNMP Trap Receivers and a message is written to the trap log To access the Trap Flags page click System gt SNMP gt SNMP V1 V2 gt Trap Flags authentication failure bad packet config error virt authentication failure virt bad packet virt config error Isa lsa maxage Disable Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable Enable Disable Enable Isa originate Disable Enable overflow Isdb overflow Disable Enable Isdb approaching overflow Disable Enable retransmit packets Disable Enable virt packets Disable Enable state change if state change neighbor state change virtif state change Disable Enable Disable Enable Disable Enable virtneighbor state change Disable Enable OSPF v3 Traps errors bad packet Disable Enable IN mitt FA wt Trap Flags Trap Flags Authentication Disable Enable Link Up Down Disable Enable Multiple Users O Disable Enable Spanning Tree Disable Enable ACL Disable Enable Captive Portal Disable Enable DVMRP Disable Enable PIM Disable Enable OSPF v2 Traps errors Chapter Configuring System Information 85 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual To configure the trap
247. an access the following pages e Basic on page 234 e Advanced on page 235 Basic From the Basic link you can access the following pages e OSPF Configuration on page 234 OSPF Configuration Use the OSPF Configuration page to enable OSPF on a router and to configure the related OSPF settings To display the OSPF Configuration page click Routing gt OSPF gt Basic gt OSPF Configuration OSPF Configuration OSPF Configuration Admin Mode Disable Enable Router ID 0 0 0 0 234 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 Use Router ID to specify a 32 bit integer in dotted decimal format that uniquely identifies the router within the autonomous system AS To change the Router ID you must first disable OSPF After you set the new Router ID you must re enable OSPF to have the change take effect The default value is 0 0 0 0 although this is not a valid Router ID 2 Use Admin Mode to select enable or disable If you select enable OSPF will be activated for the switch The default value is disable You must configure a Router ID before OSPF can become operational see step 1 or by issuing the CLI command Config router router id Advanced From the Advanced link you can access the following pages e OSPF Configuration on page 236 e Common Area Configuration on page 239 e Stub Area Configuration on page 241 e NSSA Area Configuration on page
248. and direction and hence the attached policy if any Highlighting a member class name displays the statistical information for the policy class instance for the specified interface and direction To display the Service Statistics page click QoS gt DiffServ gt Advanced gt Service Statistics Service Statistics Statistics Type Selection z Counter Mode Selector Octets Packets Service Statistics g Search By Interface v GO Policy Operational Member Offered Discarded Sent Interface Direction Name Status Classes Packets Octets Packets Octets Packets Octets Counter Mode Selector specifies the format of the displayed counter values which must be either Octets or Packets The default is Octets The following table describes the information available on the Service Statistics page Fes escrito O O Interface List of all valid slot number and port number combinations in the system that have a DiffServ policy currently attached in In direction Direction List of the traffic direction of interface as In Only shows the direction s for which a DiffServ policy is currently attached Policy Name Name of the policy currently attached to the specified interface and direction 360 Chapter Configuring Quality of Service ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Operational Status Operational status of the policy currently at
249. and processed based on defined criteria The classification criteria is defined by a class The processing is defined by a policy s attributes Policy attributes may be defined on a per class instance basis and it is these attributes that are applied when a match occurs A policy can contain multiples classes When the policy is active the actions taken depend on which class matches the packet Packet processing begins by testing the class match criteria for a packet A policy is applied to a packet when a class match within that policy is found The Differentiated Services menu page contains links to the various Diffserv configuration and display features From the DiffServ link under the QoS tab you can access the following pages e DiffServ Wizard on page 344 e Auto VoIP Configuration on page 346 e Basic on page 347 e Advanced on page 348 DiffServ Wizard The DiffServ Wizard enables DiffServ on the switch by creating a traffic class adding the traffic class to a policy and then adding the policy to the ports selected on DiffServ Wizard page The DiffServ Wizard will e Create a DiffServ Class and define match criteria used as a filter to determine if incoming traffic meets the requirements to be a member of the class e Set the DiffServ Class match criteria based on Traffic Type selection as below e VOIP sets match criteria to UDP protocol e HTTP sets match criteria to HTTP destination port e FTP sets match criteria to F
250. ange is from 1 to 10 Default value of fast repeat count is 3 The following table describes the LLDP MED Global Configuration fields Chapter Configuring System Information 97 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O Device Class Specifies local device s MED Classification There are four different kinds of devices three of them represent the actual end points classified as Class Generic IP Communication Controller etc Class II Media Conference Bridge etc Class III Communication IP Telephone etc The fourth device is Network Connectivity Device which is typically a LAN Switch Router IEEE 802 1 Bridge IEEE 802 11 Wireless Access Point etc LLDP MED Interface Configuration To display this page click System gt LLDP gt LLDP MED gt Interface Configuration A screen similar to the following displays LLDP MED Interface Configuration Interface Configuration 1 all Go To Port Go Transmit Type Length Values Med Operational Notification MED Network Location Inventory Interface Status Status Status Capabilities Policy Identification Information a il mE a mS 6 D oi Down Enable Crsable Enable Enable Enable Enable Enable O woz Cown Enable Disable Enable Enable Enable Enable Enable O 170 3 Down Enable Crsable Enable Enable Enable Enable Enable O sos Down Enable Disable Enable Enable Enable Enable Enable O os Down Enab
251. anumeric characters A valid name has to be specified in order to create the LAG Use Hash Mode to select the load balancing mode used on a port channel LAG Traffic is balanced on a port channel LAG by selecting one of the links in the channel over which to transmit specific packets The link is selected by creating a binary pattern from selected fields in a packet and associating that pattern with a particular link e Src MAC VLAN EType incoming port Source MAC VLAN EtherType and incoming port associated with the packet e Dest MAC VLAN EType incoming port Destination MAC VLAN EtherType and incoming port associated with the packet e Src Dest MAC VLAN EType incoming port Source Destination MAC VLAN EtherType and incoming port associated with the packet Src IP and Src TCP UDP Port fields Source IP and Source TCP UDP fields of the packet e Dest IP and Dest TCP UDP Port fields Destination IP and Destination TCP UDP Port fields of the packet Src Dest IP and TCP UDP Port Fields Source Destination IP and source destination TCP UDP Port fields of the packet e Enhanced hashing mode Features MODULO N operation based on the number of ports in the LAG non Unicast traffic and unicast traffic hashing using a common hash algorithm excellent load balancing performance and packet attributes selection based on the packet type e For L2 packets source and destination MAC address are used for hash computation e F
252. are against an IPv6 Packet Prefix is always specified with the Prefix Length Prefix can be entered in the range of 0 to FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF and Prefix Length can be entered in the range of 0 to 128 e Source L4 Port This lists the keywords for the known source layer 4 ports from which one can be selected The list includes other as an option for the unnamed ports e Destination Prefix Length This is a valid Destination IPv6 Prefix to compare against an IPv6 Packet Prefix is always specified with the Prefix Length Prefix can be entered in the range of 0 to FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF and Prefix Length can be entered in the range of 0 to 128 Destination L4 Port This lists the keywords for the known destination layer 4 ports from which one can be selected The list includes other as an option for the unnamed ports e Flow Label This is a 20 bit number that is unique to an IPv6 Packet used by end stations to signify Quality of Service handling in routers Flow Label can be specified in the range of 0 to 1048575 e IP DSCP This lists the keywords for the known DSCP values from which one can be selected The list includes other as an option for the remaining values 5 Match Criteria Displays the configured match criteria for the specified class 6 Values Displays the values of the configured match criteria 7 Click CANCEL to cancel the configuration on the screen Resets
253. ary Management Unit To preserve the current configuration across a stack move please save the current configuration to the nvram before performing the stack move A stack move causes all routes and layer 2 addresses to be lost The administrator is prompted to confirm the management move To display the Stack Configuration page click System gt Stacking gt Advanced gt Stack Configuration A screen similar to the following displays Stack Configuration 74 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Use Management Unit Selected to select the unit to be managed unit and click APPLY to move the management to the selected unit Unit ID Displays the list of units of the stack Details of the selected unit are displayed There is also an ADD option visible only to Admin users which can be used to pre configure new members of the stack Use Switch Type to specify the type of switch hardware when creating a new switch in the stack Admin Management Preference is a 2 byte field that indicates whether the administrator wants this unit to become a management unit in preference to another unit The default value for this setting is one If the preference level is set to zero then the device cannot become a management unit This field is non configurable for users with read only access Click ADD to add a unit to the stack with the specific switch type Cli
254. ash underscore or space characters only The name must start with an alphabetic character Chapter Managing Device Security 437 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Each configured ACL displays the following information e Rules Displays the number of rules currently configured for the MAC ACL e Direction Displays the direction of packet traffic affected by the MAC ACL which can be Inbound or blank 2 To delete a MAC ACL select the check box next to the Name field then click Delete 3 To change the name of a MAC ACL select the check box next to the Name field update the name then click Apply 4 Click ADD to add a new MAC ACL to the switch configuration MAC Rules Use the MAC Rules page to define rules for MAC based ACLs The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded A default deny all rule is the last rule of every list To display the MAC Rules page click Security gt ACL gt Basic gt MAC Rules To configure MAC ACL rules 1 From the ACL Name field specify the existing MAC ACL to which the rule will apply To set up a new MAC ACL use the lt pdf gt MAC Binding Table on page 6 440 2 To add anew rule enter a whole number in the range of 1 to 12 that will be used to identify the rule configure the following settings and click Add e Action Specify what ac
255. ask to be applied to the Source IP address 3 Use RPF Neighbor to enter the IP address of the neighbor router on the path to the source 4 Use Metric to enter the link state cost of the path to the multicast source The range is 0 255 and the default is one You can change the metric for a configured route by selecting the static route and editing this field 5 Use RPF Interface to select the interface number This is the interface that connects to the neighbor router for the given source IP address 6 Click ADD to add a new static route to the switch 7 Click DELETE to delete the multicast static routes selected Admin Boundary Configuration The definition of an administratively scoped boundary is a mechanism to stop the ingress and egress of multicast traffic for a given range of multicast addresses on a given routing interface To display the Admin Boundary Configuration page click Routing gt Multicast Admin Boundary Configuration Admin Boundary Configuration Admin Boundary Configuration E Interface Group IP Group Mask OL M E 1 Use Interface to select the router interface for which the administratively scoped boundary is to be configured 316 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Use Group IP to enter the multicast group address for the start of the range of addresses to be excluded The address must be in the range of 239 0 0 0 through 2
256. assis component associated with the remote system Port ID Subtype Specifies the source of port identifier Chapter Configuring System Information 95 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Feis escrito O O Port ID Specifies the port component associated with the remote system System Name Specifies the system name of the remote system System Description Specifies the description of the given port associated with the remote system Port Description Specifies the description of the given port associated with the remote system System Capabilities Supported Specifies the system capabilities of the remote system System Capabilities Enabled Specifies the system capabilities of the remote system which are supported and enabled Time to Live Specifies the Time To Live value in seconds of the received remote entry Management Address e Management Address Specifies the advertised management address of the remote system e Type Specifies the type of the management address LLDP Remote Device Inventory To display this page click System gt LLDP gt LLDP gt Remote Device Inventory A screen similar to the following displays LLDP Remote Device Inventory LLDP Remote Device Inventory a Search By Interface GO Port Remote Device ID Management Address MAC Address System Name Remote Port ID 4 90 13 3 10 27 34 57 30 46 94 0C A0 C9 1 0 21
257. at should appear first in the selected authentication login list The options are e Local The user s locally stored ID and password will be used for authentication e Radius The user s ID and password will be authenticated using the RADIUS server instead of locally e None The user will not be authenticated HTTP Authentication List You use this page to configure HTTP lists A HTTP list specifies the authentication method s you want used to validate switch or port access through HTTP To display the HTTP Authentication List page click Security gt Management Security gt Authentication List gt HTTP Authentication List 376 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual HTTP Authentication List iv HTTP Authentication List List Name a httpList Local 1 List Name Select the HTTP list name for which you want to configure data 2 Use the dropdown menu to select the method that should appear first in the selected authentication login list If you select a method that does not time out as the first method such as local no other method will be tried even if you have specified more than one method The options are e Local The user s locally stored ID and password will be used for authentication e Radius The user s ID and password will be authenticated using the RADIUS server instead of locally e Tacacs The user s ID and
258. ata on the screen to the latest value of the switch 10 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately 86 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Supported MIBs This page displays all the MIBs supported by the switch To access this page click System gt SNMP gt SNMP V1 V2 gt Supported MIBs SNMP Supported MIBS Status Name RFC 1907 SNMPy2 MIB RFC 2819 RMON MIB Broedcom REF MIS SNMP COMMUNITY MIS SNMP FRAMEWORK MIS SNMP MPO MIS SNMP NOTIFICATION MIG SNMP TARGET MIB SNMP USER BASEO SM MIB SMMP VIEW BASED ACM MIB USM TARGET TAG MIB FASTPATH POWER ETHERNET MIS POWER ETHERNET MIS SFLOW MIB FASTPATH ISDP MIS LAG MIB RFC 1223 AFCI1213 MIS RPC 1493 BRIOGE MIB RFC 2674 P BRIDGE MIS RFC 2674 Q BRIDGE MIB RFC 2737 ENTITY MIS RFC 2063 IF MIB RFC 3635 Exhertike MIS FASTPATH SWITCHING MIB FASTPATH INVENTORY MIS FASTPATH PORTSECURITY PRIVATE MIB TEE Ora 02 148 013 TEEEBO22 PAE MIS FASTPATH RADIUS AUTM CLIENT MIB RADIVS ACC CLIENT MIS RADIVS AUTH CLIENT MI8 FASTPATH CAPTIVE PORTAL MIB FASTPATH MGMT SECURITY MIB TAMA ADORESS FAMILY NUMBERS MIB RFC 1724 RIPW2 MIB RFC 1850 OSPF MIS RFC 1850 OSPF TRAP MIB RFC 2787 VRRP MIB FASTPATH ROUTING MIS FASTPATH QOS MIB FASTPATH QOS ACL MIB FASTPATH QOS COS MIB FASTPATH QOS AUTOVOIP MIS RFC 328
259. atabase excluding AS External LSAs The 32 bit unsigned sum of the link state advertisements LS checksums contained in this area s link state database This sum excludes external LS type 5 link state advertisements The sum can be used to determine if there has been a change in a router s link state database and to compare the link state database of two routers Import Summary LSAs The summary LSAs will be enabled disabled imported into this area Click ADD to configure the area as a common area Click DELETE to delete the common area 240 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Stub Area Configuration To display the Stub Area Configuration page click Routing gt OSPF gt Advanced gt Stub Area Configuration Stub Area Configuration OSPF Stub Area Configuration Area ID Area Import Summa Checksum X y unt LSAs Border Area LSA Default Cost Router Count 4 ll aS 1 Use Area ID to enter the OSPF area ID An Area ID is a 32 bit integer in dotted decimal format that uniquely identifies the area to which a router interface connects 2 Use Import Summary LSAs to select enable or disable If you select enable summary LSAs will be imported into stub areas 3 Use Default Cost to enter the metric value you want applied for the default route advertised into the stub area Valid values range from 1 to 16 777
260. ate Specifies the state of the neighbor cache entry Following are the states for dynamic entries in the IPv6 neighbor discovery cache e Incmp Address resolution is being performed on the entry A neighbor solicitation message has been sent to the solicited node multicast address of the target but the corresponding neighbor advertisement message has not yet been received Reach Positive confirmation was received within the last Reachable Time milliseconds that the forward path to the neighbor was functioning properly While in REACH state the device takes no special action as packets are sent Stale More than ReachableTime milliseconds have elapsed since the last positive confirmation was received that the forward path was functioning properly While in STALE state the device takes no action until a packet is sent Delay More than ReachableTime milliseconds have elapsed since the last positive confirmation was received that the forward path was functioning properly A packet was sent within the last DELAY_FIRST_PROBE_TIME seconds If no reachability confirmation is received within DELAY_FIRST_PROBE_TIME seconds of entering the DELAY state send a neighbor solicitation message and change the state to PROBE Probe A reachability confirmation is actively sought by resending neighbor solicitation messages every RetransTimer milliseconds until a reachability confirmation is received Last Updated Time since
261. ate Tracked Interface Tracked Route Prefix 3 Tracked Route Prefix Length Priority Decrement Reachable 1 Use VRRP ID and Interface to select one of the existing Virtual Routers listed by interface number and VRRP ID 2 Use Tracked Interface to select a routing interface which is not yet tracked for this VRRP ID and interface configuration Exception loopback and tunnels could not be tracked 3 Use Tracked Interface Priority Decrement to specify the priority decrement for the tracked interface The valid range is 1 254 default value is 10 4 Use Tracked Route Prefix to specify the Prefix of the route 5 Use Tracked Route Prefix Length to specify the prefix length of the route 6 Use Tracked Route Priority Decrement to specify the priority decrement for the Route The valid range is 1 254 Default value is 10 7 Click ADD to add a new tracked interface or tracked route to the VRRP 8 Click DELETE to delete a selected tracked interface or tracked route Field Description Tracked Interface state The state of the tracked interface Reachable The reachability of the tracked Route Chapter Routing 289 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Virtual Router Statistics Use the Virtual Router Statistics page to display statistics for a specified virtual router To display the Virtual Router Statistics page click Routing gt VRRP gt Advanced gt
262. ate Database on page 276 Virtual Link Configuration on page 278 Route Redistribution on page 280 NSF OSPFv3 Summary on page 281 Chapter Routing 261 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual OSPFv3 Configuration Use the OSPF v3 Configuration page to activate and configure OSPF v3 for a switch To display the OSPF v3 Configuration page click Routing gt OSPFv3 gt Advanced gt OSPFv3 Configuration OSPF v3 Configuration Default Route Advertise Configuration Default Information Originate Always Metric Metric Type OSPFv3 Configuration Router ID Admin Mode ASBR Mode ABR Status Exit Overflow Interval secs External LSA Count External LSA Checksum New LSAs Originated LSAs Received External LSDB Limit Default Metric Maximum Paths AutoCost Reference Bandwidth Default Passive Setting Helper Support Mode Helper Strict LSA Checking Default Route Advertise Disable Enable True False z 1 to 16777214 Enter External Type 1 External Type 2 0 1 to 16777214 Enter 0 to unconfigure 0 0 0 0 Enable Disable 0 1 100 1 to 4294967 Disable x Always Enable v 1 Use Default Information Originate to enable or disable Default Route Advertise Note that the values for Always Metric and Metric Type can only be configured after Default Information Originate is set to enable If Default Information Originate is set to enable and values for
263. ate in bytes per seconds at which a client can receive data from the network 0 indicates limit not enforced Range 0 536870911 Use Max Bandwidth Up to specify the maximum rate Rate in bytes per seconds at which a client can send data into the network 0 indicates limit not enforced Range 0 536870911 Use Max Input to specify the maximum number of octets the user is allowed to transmit After this limit has been reached the user will be disconnected 0 indicates limit not enforced Range 0 4294967295 Chapter Managing Device Security 431 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 18 Use Max Output to specify the maximum number of octets the user is allowed to receive After this limit has been reached the user will be disconnected 0 indicates limit not enforced Range 0 4294967295 19 Use Max Total to specify the maximum number of octets the user is allowed to transfer i e the sum of octets transmitted and received After this limit has been reached the user will be disconnected 0 indicates limit not enforced Range 0 4294967295 20 Click ADD to add a new CP instance 21 Click DELETE to remove the currently selected CP instance Captive Portal Binding Configuration You can associate a configured captive portal with a specific network SSID The CP feature only runs on the interfaces you specify A CP can have multiple interfaces associated with it but
264. ation on page 3 136 Multiple Spanning Tree Protocol MSTP supports multiple instances of Spanning Tree to efficiently channel VLAN traffic over different interfaces Each instance of the Spanning Tree behaves in the manner specified in IEEE 802 1w Rapid Spanning Tree RSTP with slight modifications in the working but not the end effect chief among the effects is the rapid transitioning of the port to Forwarding The difference between the RSTP and the traditional STP IEEE 802 1D is the ability to configure and recognize full duplex connectivity and ports which are connected to end stations resulting in rapid transitioning of the port to Forwarding state and the suppression of Topology Change Notification These features are represented by the parameters pointtopoint and edgeport MSTP is compatible to both RSTP and STP Chapter Configuring Switching Information 129 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual It behaves appropriately to STP and RSTP bridges A MSTP bridge can be configured to behave entirely as a RSTP bridge or a STP bridge Note For two bridges to be in the same region the force version should be 802 1s and their configuration name digest key and revision level should match For additional information about regions and their effect on network topology refer to the IEEE 802 1Q standard From the VLAN link you can access the following pages e
265. ault preference for each protocol e g 60 for static routes 120 for RIP These values are arbitrary values in the range of 1 to 255 and are independent of route metrics Most routing protocols use a route metric to determine the shortest path known to the protocol independent of any other protocol The best route to a destination is chosen by selecting the route with the lowest preference value When there are multiple routes to a destination the preference values are used to determine the preferred route If there is still a tie the route with the best route metric will be chosen To avoid problems with mismatched metrics i e RIP and OSPF metrics are not directly comparable you must configure different preference values for each of the protocols To display the Route Preferences page click Routing gt Routing Table gt Advanced gt Route Preferences Route Preferences Route Preferences Local 0 Static RIP 120 OSPF Intra 110 OSPF Inter 110 OSPF External 110 1 Use Static to specify the static route preference value in the router The default value is 1 The range is 1 to 255 2 Use RIP to specify the RIP route preference value in the router The default value is 120 The range is 1 to 255 3 Use OSPF Intra to specify the OSPF intra route preference value in the router The default value is 110 The range is 1 to 255 The OSPF specification RFC 2328 requires that preferences must be given to the routes learned via OSPF i
266. ause the trap to be sent Chapter Configuring Switching Information 175 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 6 Use STP Mode to enable or disable the Spanning Tree Protocol Administrative Mode associated with the LAG The possible values are e Disable Spanning tree is disabled for this LAG Enable Spanning tree is enabled for this LAG 7 Use Static Mode to select enable or disable from the pull down menu When the LAG is enabled it does not transmit or process received LACPDUs i e the member ports do not transmit LACPDUs and all the LACPDUs it may receive are dropped The factory default is disable 8 Use Hash Mode to select the load balancing mode used on a port channel LAG Traffic is balanced on a port channel LAG by selecting one of the links in the channel over which to transmit specific packets The link is selected by creating a binary pattern from selected fields in a packet and associating that pattern with a particular link e Src MAC VLAN EType incoming port Source MAC VLAN EtherType and incoming port associated with the packet e Dest MAC VLAN EType incoming port Destination MAC VLAN EtherType and incoming port associated with the packet e Src Dest MAC VLAN EType incoming port Source Destination MAC VLAN EtherType and incoming port associated with the packet e Src IP and Src TCP UDP Port fields Source IP and Source TCP UDP fields of the pac
267. ave Admin Expiration P Admin Interface Membership Mode Time secs Interval secs Time secs O 1 0 11 Disable 0 Disable C 170 2 Disable 260 10 0 Disable O 10 3 Disable 260 10 0 Disable O 10 4 Disable 260 10 i Disable O vo s Disable 260 10 0 Disable O 10 6 Disable 260 10 0 Disable O 1 0 7 Disable 260 10 0 Disable O wos Disable 260 10 0 Disable O 170 9 Disable 260 10 e Disable O 1 0 10 Disable 260 10 0 Disable O 1 0 11 Disable 260 10 0 Disable C 1 0 12 Disable 260 10 0 Disable O 1 0 13 Disable 260 10 e Disable O 1 0 14 Disable 260 10 o Disable O 1 0 15 Disable 260 10 0 Disable O 1 0 16 Disable 260 10 0 Disable O 1 0 17 Disable 260 10 0 Disable O 1 0 18 Disable 260 10 o Disable O 1 0 19 Disable 260 10 0 Disable C 1 0 20 Disable 260 10 0 Disable O 1 0 21 Disable 260 10 0 Disable C 1 0 22 Disable 260 10 0 Disable O 1 0 23 Disable 260 10 0 Disable O 1 0 24 Disable 260 10 o Disable i LAGS All Go To Interface _ GO Chapter Configuring Switching Information 149 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual To configure IGMP Snooping interface settings Le 2 Interface Lists all physical VLAN and LAG interfaces Select the interface you want to configure Use Admin Mode to select the interface mode for the selected interface for IGMP Snooping for the switch from the pull down menu The default is disable Use Group Membership Interval to specify the amount of time
268. ay the IPv6 Network Neighbor page click System gt Management gt Network Interface gt IPv6 Network Interface Neighbor Table A screen similar to the following displays IPv6 Network Interface Neighbor Table IPv6 Network Interface Neighbor Table ma Neighbor Last IPv6 Add MAC Add Rt ress ress isRtr State Updated The following table displays IPv6 Network Interface Neighbor Table information Field Description IPv6 address The Ipv6 Address of a neighbor switch visible to the network interface MAC address The MAC address of a neighbor switch IsRtr True 1 if the neighbor machine is a router false 2 otherwise Chapter Configuring System Information 33 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O Neighbor State The state of the neighboring switch e reachable 1 The neighbor is reachable by this switch e stale 2 Information about the neighbor is scheduled for deletion e delay 3 No information has been received from neighbor during delay period e probe 4 Switch is attempting to probe for this neighbor unknown 6 Unknown status Last Updated The last sysUpTime that this neighbor has been updated Time ProSafe Managed Switches software supports the Simple Network Time Protocol SNTP You can also set the system time manually SNTP assures accurate network device clock time synchronization up
269. b page is displayed The default value is Disable You can only download SSL certificates when the HTTPS Admin mode is disabled 2 Use SSL Version 3 to Enable or Disable Secure Sockets Layer Version 3 0 The currently configured value is shown when the web page is displayed The default value is Enable 3 Use TLS Version 1 to Enable or Disable Transport Layer Security Version 1 0 The currently configured value is shown when the web page is displayed The default value is Enable Chapter Managing Device Security 381 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 4 Use HTTPS Port to set the HTTPS Port Number The value must be in the range of 1 to 65535 Port 443 is the default value The currently configured value is shown when the web page is displayed 5 Use HTTPS Session Soft Timeout Minutes to set the inactivity time out for HTTPS sessions The value must be in the range of 1 to 60 minutes The default value is 5 minutes The currently configured value is shown when the web page is displayed 6 Use HTTPS Session Hard Timeout Hours to set the hard time out for HTTPS sessions This time out is unaffected by the activity level of the session The value must be in the range of 1 to 168 hours The default value is 24 hours The currently configured value is shown when the web page is displayed 7 Use Maximum Number of HTTPS Sessions to set the maximum allowable number of HTTPS sessions The v
270. based on Enterprise Number 00 02 enterprise number identifier enterprise number 32 bit integer reserved by IANA identifier Variable length data for each vendor c Link layer address 00 03 hardware type link layer address hardware type 16 bit hardware type reserved by IANA 1 means an Ethernet device link layer address The link layer address of a device generating the DUID 4 Use Client Name to specify client s name This is useful for logging or tracing only It may be up to 31 alphanumeric characters Use Valid Lifetime to specify the valid lifetime in seconds for delegated prefix Use Prefer Lifetime to specify the prefer lifetime in seconds for delegated prefix Click ADD to add a new delegated prefix for the selected pool Click DELETE to delete the delegated prefix for the selected pool o NOA 66 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DHCPv 6 Interface Configuration Use the DHCPV6 Interface Configuration page to configure a DHCPV 6 interface To display the DHCPv6 Prefix Delegation Configuration page click System gt Services gt DHCPv6 Server gt DHCPv6 Interface Configuration A screen similar to the following displays DHCPv6 Interface Configuration DHCPv6 Interface Configuration 1 All Go To Interface GO Interface Admin mode Pool Name Rapid Commit Preference a O 1 0 21 Disable C 1 0 2 D
271. ber of seconds between PIM hello messages transmitted from the selected interface The default value is 30 Valid values are from 0 to 18000 Use Join Prune Interval secs to enter the frequency at which PIM Join Prune messages are transmitted on this PIM interface The valid values are from O to 18000 The default value is60 Use BSR Border to select enable or disable to set BSR border status on the selected interface Use DR Priority to enter the DR priority for the selected interface The valid values are from 0 to 2147483647 The default value is 1 Chapter Routing 311 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual ied Description O SOS Protocol State The operational state of PIM in the router IP Address The IP address of the selected PIM interface When entering an IPv6 address the format is Prefix Prefix Length Designated Router The designated router on the selected PIM interface Neighbor Count The number of PIM neighbors on the selected interface PIM Neighbor Use the PIM Neighbor page to view the PIM neighbors You can search PIM neighbors by Interface or Neighbor IP Address using the Search by option To display the PIM Neighbor page click Routing gt Multicast PIM gt PIM Neighbor Configuration PIM Neighbor PIM Neighbor Search By Interface v GO Interface Neighbor Up Expiry Biz Time hh mm ss Time hh mm ss Field Description
272. ble Enable Enable Enable Enable Enable O 1 0 20 Down Enable Enable Disable Enable Enable Enable Enable Enable O 20 21 Down Enable Enable Orsable Enable Enable Enable Enable Enable O so 22 Up Enable Enable Disable Enable Enable Enable Enable Enable O 1 0 23 Oown Enable Enable Disable Enable Enable Enable Enable Enable C 1 0 24 Down Enable Enable Disable Enable Enable Enable Enable Enable i All Go To Port 2 Use Port to specify the list of ports on which LLDP 802 1AB can be configured Link Status indicates whether the Link is up or down Use Transmit to specify the LLDP 802 1AB transmit mode for the selected interface Use Receive to specify the LLDP 802 1AB receive mode for the selected interface Use Notify to specify the LLDP 802 1AB notification mode for the selected interface Use Transmit Management Information to specify whether management address is transmitted in LLDP frames for the selected interface 7 Optional TLV s e Use System Name to include system name TLV in LLDP frames e Use System Description to include system description TLV in LLDP frames e Use System Capabilities to include system capability TLV in LLDP frames oo gt oN Chapter Configuring System Information 91 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Use Port Description to include port description TLV in LLDP frames LLDP Statistics To display this page click System gt LLDP gt LLDP gt Statis
273. can assign traffic that matches the Appendix Configuration Examples 511 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual criteria to a particular queue or redirect the traffic to a particular port A default deny all rule is the last rule of every list 2 Apply the access list to an interface in the inbound direction ProSafe Managed Switches allow ACLs to be bound to physical ports and LAGs The switch software supports MAC ACLs and IP ACLs MAC ACL Example Configuration The following example shows how to create a MAC based ACL that permits Ethernet traffic from the Sales department on specified ports and denies all other traffic on those ports 1 From the MAC ACL screen create an ACL with the name Sales ACL for the Sales department of your network See MAC ACL on page 534 By default this ACL will be bound on the inbound direction which means the switch will examine traffic as it enters the port 2 From the MAC Rules screen create a rule for the Sales_ACL with the following settings e ID 1 e Action Permit e Assign Queue ID 0 e Match Every False e CoS 0 e Destination MAC 01 02 1A BC DE EF e Destination MAC Mask 00 00 00 00 FF FF e EtherType User Value e Source MAC 02 02 1A BC DE EF e Source MAC Mask 00 00 00 00 FF FF e VLAN ID 2 For more information about MAC ACL rules see WAC Rules on page 536 3 From the MAC Binding Configuration screen assign the Sales_ACL to the
274. can be configured by the user The unique box serial number for this switch Up Time Displays the relative time since the last reboot of the switch Configured Model Identifier This field displays the model type assigned by the device manufacturer to identify the device Chapter Configuring System Information 73 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O Plugged in Model Identifier This field displays the model type assigned by the device manufacturer to identify the plugged in device Expected Code Type This field indicates the expected code type on this unit Running Code Version This field indicates the detected version of code on this unit Code Version in Flash Displays the Release number and version number of the code stored in flash Click REFRESH to update the information on the page Advanced From the Advanced link you can access the following pages e Stack Configuration on page 72 e Stack Port Configuration on page 76 e Stack Port Diagnostics on page 78 Stack Configuration This page moves the Primary Management Unit functionality from one unit to another Upon execution the entire stack including all interfaces in the stack is unconfiugred and reconfigured with the configuration on the new Primary Management Unit After the reload is complete all stack management capability must be performed on the new Prim
275. can generate a certificate externally for example off line and download it to the switch To display the Certificate Download page click Security gt Access gt HTTPS gt Certificate Download Downloading SSL Certificates Before you download a file to the switch the following conditions must be true e The file to download from the TFTP server is on the server in the appropriate directory e The file is in the correct format e The switch has a path to the TFTP server Certificate Download Certificate Download File Type SSL Trusted Root Certificate PEM File v Transfer Mode TFTP Server Address Type IPv m Server Address 0 0 0 0 Remote File Path Remote File Name To configure the certificate download settings for HTTPS sessions 1 Use File Type to specify the type of file you want to transfer e SSL Trusted Root Certificate PEM File SSL Trusted Root Certificate File PEM Encoded e SSL Server Certificate PEM File SSL Server Certificate File PEM Encoded e SSL DH Weak Encryption Parameter PEM File SSL Diffie Hellman Weak Encryption Parameter File PEM Encoded e SSL DH Strong Encryption Parameter PEM File SSL Diffie Hellman Strong Encryption Parameter File PEM Encoded Chapter Managing Device Security 383 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 2 Use Transfer Mode to specify the protocol to use to transfer the file e TFTP Trivial File Transfer Protoc
276. cation administratively prohibited messages received by the interface ICMPv6 Time Exceeded Messages Received The number of ICMP Time Exceeded messages received by the interface ICMPv6 Parameter Problem Messages Received The number of ICMP Parameter Problem messages received by the interface ICMPv6 Packet Too Big Messages Received The number of ICMP Packet Too Big messages received by the interface ICMPv6 Echo Request Messages Received The number of ICMP Echo request messages received by the interface ICMPv6 Echo Reply Messages Received The number of ICMP Echo Reply messages received by the interface ICMPv6 Router Solicit Messages Received The number of ICMP Router Solicit messages received by the interface ICMPv6 Router Advertisement Messages Received The number of ICMP Router Advertisement messages received by the interface ICMPv6 Neighbor Solicit Messages Received The number of ICMP Neighbor Solicit messages received by the interface ICMPv6 Neighbor Advertisement Messages The number of ICMP Neighbor Advertisement Received messages received by the interface 212 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description ICMPv6 Redirect Messages Received ICMPv6 Group Membership Query Messages Received ICMPv6 Group Membership Response Messages Received ICMPv6 Group Membership Reduction Messages Received The number of ICMP
277. ce Up Time The time elapsed since this entry was created Expiry Time This parameter shows expiry time interval against each source address which is a member of this multicast group This is the amount of time after which the specified source entry is aged out The state of the host entry A Host can be in one of the state Non member state does not belong to the group on the interface Delaying member state host belongs to the group on the interface and report timer running The report timer is used to send out the reports Idle member state host belongs to the group on the interface and no report timer running Filter Mode The group filter mode Include Exclude None for the Number of Sources The number of source hosts present in the selected multicast group Click REFRESH to refresh the data on the screen with the latest MLD proxy membership information 334 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Static Routes Configuration To display the Static Routes Configuration page click Routing gt IPv6 Multicast gt Static Routes Configuration Static Routes Configuration Static Routes Configuration D Source IP Prefix Length RPF Neighbor Metric RPF Interface SS 1 Use Source IP to enter the IP Address that identifies the multicast packet source for the entry you are creating 2 Use Prefix Length to enter the Prefix Length t
278. cess the IGMP Snooping VLAN Configuration page click Switching gt Multicast gt IGMP Snooping gt IGMP VLAN Configuration IGMP VLAN Configuration IGMP VLAN Configuration D Grou VLAN ID Admin iA Maximum Multicast Router Mod cate Interval esponse Time Expiry Time MWM MW To configure IGMP snooping settings for VLANs 1 To enable IGMP snooping on a VLAN enter the VLAN ID in the appropriate field and configure the IGMP Snooping values 150 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e Use Admin Mode to enable or disable IGMP Snooping for the specified VLAN ID e Use Fast Leave Admin Mode to enable or disable the IGMP Snooping Fast Leave Mode for the specified VLAN ID e Use Group Membership Interval to set the value for group membership interval of IGMP Snooping for the specified VLAN ID Valid range is Maximum Response Time 1 to 3600 seconds e Use Maximum Response Time to set the value for maximum response time of IGMP Snooping for the specified VLAN ID Valid range is 1 to Group Membership Interval 1 Its value should be greater than group membership interval value e Use Multicast Router Expiry Time to set the value for multicast router expiry time of IGMP Snooping for the specified VLAN ID Valid range is 0 to 3600 seconds 2 Click Cancel to cancel the configuration on the screen and reset the data on the s
279. ck DELETE to delete the RP address selected 5 Click REFRESH to refresh the data on the screen with the latest PIM SM neighbor information Feis escrito O O BSR Expiry Time hh mm ss Time in Hours Minutes and Seconds in which the learnt elected bootstrap router BSR expires IP Address Displays the IP address of the Elected BSR Next bootstrap Message Time in hours minutes and seconds in which the next bootstrap message is due from this BSR Next Candidate RP Advertisement Time in hours minutes and seconds in which the next candidate RP advertisement will be sent Static RP Configuration Use the Static RP Configuration page to display or remove the configured RP The page also allows adding new static RPs by clicking the Add button Only one RP address can be used at a time within a PIM domain If the PIM domain uses the BSR to dynamically learn the RP configuring a static RP is not required However you can configure the static RP to override any dynamically learned RP from the BSR To display the PIM Static RP Configuration page click Routing gt Multicast gt PIM gt Static RP Configuration 314 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual E SNS PIM Static RP Configuration Static RP Configuration E RP Address Group Address Group Mask Override Cf hie Use RP Address to specify the IP Address of the RP to be created or delete
280. ck DELETE to remove the selected unit from the stack The following table describes the Stack Configuration fields Field Description Hardware Management Preference The hardware management preference of the switch The hardware management preference can be disabled or unassigned Switch Status Displays the status of the selected unit The possible values are OK Unsupported e Code Mismatch e Config Mismatch e Not Present Management Status Displays whether the selected switch is the management unit or a normal stacking member or on standby Stack Status The following table describes the Stack Status fields Field Description Unit ID Switch Description Unit Id of the specific switch The description for the unit can be configured by the user Serial Number The unique box serial number for this switch Up Time Displays the relative time since the last reboot of the switch Chapter Configuring System Information 75 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O Configured Model Identifier This field displays the model type assigned by the device manufacturer to identify the device Plugged in Model Identifier This field displays the model type assigned by the device manufacturer to identify the plugged in device Expected Code Type This field indicates the expected cod
281. cket and if none of the explicit rules match then the final implicit deny all rule applies and the packet is dropped To display the IP extended Rules page click Security gt ACL gt Advanced gt IP Extended Rules Extended ACL Rules 1P Rules t ACL 10 NAME 2 Extended ACL Rube Table To configure rules for an IP ACL 1 To add an IP ACL rule select the ACL ID to add the rule to select the check box in the Extended ACL Rule table and click Add The page displays the extended ACL Rule Configuration fields 2 Configure the new rule Rule ID Specify a number from 1 12 to identify the IP ACL rule You can create up to 12 rules for each ACL Action Selects the ACL forwarding action which is one of the following e Permit Forwards packets which meet the ACL criteria e Deny Drops packets which meet the ACL criteria Logging When set to Enable logging is enabled for this ACL rule subject to resource availability in the device If the Access List Trap Flag is also enabled this will cause periodic traps to be generated indicating the number of times this rule was hit during the current report interval A fixed 5 minute report interval is used for the entire system A trap is not issued if the ACL rule hit count is zero for the current interval This field is visible for a Deny Action Assign Queue Specifies the hardware egress queue identifier used to handle all packets matching this IP ACL
282. click System gt ISDP gt Basic gt Global Configuration A screen similar to the following displays Global Configuration Global Configuration Admin Mode Disable Enable Timer 30 to 254 se Hold Time 180 Version 2 Advertisements Disable Enable Neighbors table last time changed 2 Days 01 15 07 Device ID 2ER1084000005 Device ID Format Capability Serial Number Host Name Device ID Format Serial Number 1 Use Admin Mode to specify whether the ISDP Service is to be Enabled or Disabled The default value is Enabled 2 Use Timer to specify the period of time between sending new ISDP packets The range is 5 to 254 seconds Default value is 30 seconds Chapter Configuring System Information 105 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 3 Use Hold Time to specify the hold time for ISDP packets that the switch transmits The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it The range 10 to 255 seconds Default value is 180 seconds 4 Use Version 2 Advertisements to enable or disable the sending of ISDP version 2 packets from the device The default value is Enabled The following table describes the ISDP Basic Global Configuration fields Field Description Neighbors table last time changed Specifies if Device ID Displays the device ID of this switch Device ID format capability Displays the dev
283. conds The default is 10 seconds The configured value must be less than the Group Membership Interval 5 Use Present Expiration Time to specify the amount of time you want the switch to wait to receive a query on an interface before removing it from the list of interfaces with multicast routers attached Enter a value between 0 and 3600 seconds The default is 0 seconds A value of zero indicates an infinite time out i e no expiration 6 Use Fast Leave Admin mode to select the Fast Leave mode for the a particular interface from the pull down menu The default is disable MLD VLAN Configuration To access the MLD VLAN Configuration page click Switching gt Multicast gt MLD Snooping gt MLD VLAN Configuration MLD VLAN Configuration MLD VLAN Configuration Group Membership Interval Maximum Multicast Router Response Time Expiry Time Admin Mode 1 Use VLAN ID to set the VLAN IDs for which MLD Snooping is enabled 2 Use Admin Mode to enable MLD Snooping for the specified VLAN ID 3 Use Fast Leave Admin Mode to enable or disable the MLD Snooping Fast Leave Mode for the specified VLAN ID 4 Use Group Membership Interval to set the value for group membership interval of MLD Snooping for the specified VLAN ID Valid range is Maximum Response Time 1 to 3600 5 Use Maximum Response Time to set the value for maximum response time of MLD Snooping for the specified VLAN ID Valid range is 1 to Group Membership Inter
284. controlling these IP Addresses formally known as the Master fails the group of IP Addresses and the default forwarding role is taken over by a Backup VRRP Router From the VRRP link you can access the following pages e Basic on page 284 e Advanced on page 286 Basic From the Basic link you can access the following pages e VRRP Configuration on page 285 284 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual VRRP Configuration Use the VRRP Configuration page to enable or disable the administrative status of a virtual router To display the VRRP Configuration page click Routing gt VRRP gt Basic gt VRRP Configuration VRRP Configuration Global Configuration Admin Mode Disable Enable Table Configuration Interface Primary IP VRID 1 to 255 Interface Address i 1 Use Admin Mode to set the administrative status of VRRP in the router to active or inactive Select enable or disable from the radio button The default is disable 2 VRID is only configurable if you are creating new Virtual Router in which case enter the VRID in the range 1 to 255 3 Use Interface to select the Unit Slot Port for the new Virtual Router from the pull down menu 4 Use Primary IP Address to enter the primary IP Address of the Virtual Router 5 Use Mode to select active inactive mode for the new Virtual Router from the pull down menu 6 Click ADD to
285. corresponding instance was learned and is being used e Management the value of the corresponding instance is also the value of an existing instance of dotidStaticAddress 168 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Ports The pages on the Ports tab allow you to view and monitor the physical port information for the ports available on the switch From the Ports link you can access the following pages e Port Configuration on page 169 Port Description on page 171 Port Configuration Use the Port Configuration page to configure the physical interfaces on the switch To access the Port Configuration page click Switching gt Ports gt Port Configuration Port Configuration Port Coefigeration 1 LAGS All Ge To Port eo Marimum Frame Physical Mode Pieysical Status Link Status Link Trap l Size 1518 to 9216 f Len m Norma Eratie Enedie Ensbie aro Uneroar L A Enable 1 t O ua Neme Enatie Enable Enable Ano Unarowe Unk Down Enable isis 2 3 Nermal Eratee Eracle Ense Aro marge Ur Down Enable ists 5 O yoa Noms Enatie tnazie Enstie Ato Uningwn Urk Down Enable ise Normal trede Tratte tnebe AS Unarocer Unk Oown Ensbie 1 O nvs Neme rable trable Enable Ato Unknown Unk Down Enable iste cy Normal trade tna ie Ensbie Auto Unknown Une Ocan Enable iste C ste Nemei Erable Enable Enable Ate Lnincan Urk Oewn Enable 1518 8 1
286. counting Response packets that contained invalid authenticators received from this accounting server Displays the number of RADIUS Accounting Request packets sent to this server that have not yet timed out or received a response Displays the number of accounting timeouts to this server Chapter Managing Device Security 371 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O Unknown Types Displays the number of RADIUS packets of unknown type that were received from this server on the accounting port Packets Dropped Displays the number of RADIUS packets that were received from this server on the accounting port and dropped for some other reason Configuring TACACS TACACS provides a centralized user management system while still retaining consistency with RADIUS and other authentication processes TACACS provides the following services e Authentication Provides authentication during login and via user names and user defined passwords Authorization Performed at login When the authentication session is completed an authorization session starts using the authenticated user name The TACACS server checks the user privileges The TACACS protocol ensures network security through encrypted protocol exchanges between the device and TACACS server The TACACS folder contains links to the following features e Configuring TACACS on page 372 e TACACS Se
287. creen similar to the following displays DHCPv6 Server Statistics DHCPVv6 Interface Selection Interface 1 0 1 x A Messages Received Total DHCPv6 Packets Received DHCPv 6 Solicit Packets Received DHCPv6 Request Packets Received DHCPv6 Confirm Packets Received DHCPv6 Renew Packets Received DHCPv6 Rebind Packets Received DHCPv6 Release Packets Received DHCPv6 Decline Packets Received DHCPVv6 Inform Packets Received DHCPv6 Relay forward Packets Received DHCPv6 Relay reply Packets Received DHCPv6 Malformed Packets Received Oo OOOOOOOOOOOO Received DHCPv6 Packets Discarded Messages Sent Total DHCPv6 Packets Sent DHCPv6 Advertisement Packets Transmitted DHCPVv6 Reply Packets Transmitted DHCPv6 Reconfig Packets Transmitted DHCPv6 Relay forward Packets Transmitted ooos3ss amp DHCPVv6 Relay reply Packets Transmitted 1 Use Interface to select the interface for which data is to be displayed or configured On selecting all data will be shown for all interfaces The following table describes the DHCPv6 Server Statistics fields Chapter Configuring System Information 69 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O Messages Received Specifies the aggregate of all interface level statistics for received messages Total DHCPv6 Packets Received Specifies the total number of Packets Received DHCPv6 Solicit Packets Received Specifies the number
288. creen to the latest value of the switch 3 To disable IGMP snooping on a VLAN and remove it from the list select the check box next to the VLAN ID and click Delete 4 To modify IGMP snooping settings for a VLAN select the check box next to the VLAN ID update the desired values and click Apply 5 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch Chapter Configuring Switching Information 151 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Multicast Router Configuration This page configures the interface as the one the multicast router is attached to All IGMP packets snooped by the switch will be forwarded to the multicast router reachable from this interface The configuration is not needed most of the time since the switch will automatically detect the presence of multicast router and forward IGMP packet accordingly It is only needed when you want to make sure the multicast router always receives IGMP packets from the switch in a complex network To access the Multicast Router Configuration page click Switching gt Multicast gt IGMP Snooping gt Multicast Router Configuration Multicast Router Configuration Multicast Router Configuration 1 LAGS All Go To Interface SO Interface Multicast Router O 1 0 1 Disable C 10 2 Disable OO wvo0 3 Disable C 1 0 4 Disable O 170 5 Disable OO 10 6 Disable O 10
289. cross a power cycle e MaxTTL Enter the maximum TTL for the destination The initial value is default value The MaxTTL you enter is not retained across a power cycle InitTTL Enter the initial TTL to be used The initial value is default value The InitTTL you enter is not retained across a power cycle Chapter Maintenance 499 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e MaxFail Enter the maximum Failures allowed in the session The initial value is default value The MaxFail you enter is not retained across a power cycle e Interval secs Enter the Time between probes in seconds The initial value is default value The Interval you enter is not retained across a power cycle e Port Enter the UDP Dest port in probe packets The initial value is default value The port you enter is not retained across a power cycle e Size Enter the Size of probe packets The initial value is default value The Size you enter is not retained across a power cycle 3 Click Cancel to cancel the operation on the screen and reset the data on the screen to the latest value of the switch 4 Click Apply to initiate the traceroute The results display in the TraceRoute area Traceroute IPv6 Use this screen to tell the switch to send a TraceRoute request to a specified IP address or Hostname You can use this to discover the paths packets take to a remote destination Once you click the Apply button
290. cted SNTP request timed out without receiving a response from the SNTP server e Bad Date Encoded The time provided by the SNTP server is not valid e Version Not Supported The SNTP version supported by the server is not compatible with the version supported by the client e Server Unsynchronized The SNTP server is not synchronized with its peers This is indicated via the leap indicator field on the SNTP message e Server Kiss Of Death The SNTP server indicated that no further queries were to be sent to this server This is indicated by a stratum field equal to 0 in a message received from a server Specifies the IP address of the server for the last received valid packet If no message has been received from any server an empty string is shown Specifies the address type of the SNTP Server address for the last received valid packet Specifies the claimed stratum of the server for the last received valid packet Reference Clock Id Specifies the reference clock identifier of the server for the last received valid packet Chapter Configuring System Information 37 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Feis escrito O O Server Mode Specifies the mode of the server for the last received valid packet Unicast Server Max Entries Specifies the maximum number of unicast server entries that can be configured on this client Unicast Serve
291. cted interface This field is displayed only if the interface is configured for IGMP version 1 Version 2 Host Timer The time remaining until the local router will assume that there are no longer any IGMP version 2 members on the IP subnet attached to this interface When an IGMPv2 membership report is received this timer is reset to the group membership timer While this timer is non zero the local router ignores any IGMPv1 and IGMPv3 leave messages for this group that it receives on the selected interface This field is displayed only if the interface is configured for IGMP version 2 304 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Compatibility This parameter shows group compatibility mode v1 v2 and v3 for this group on the specified interface Filter Mode The source filter mode Include Exclude NA for the specified group on this interface When NA mode is active the field is blank Click REFRESH to refresh the data on the screen with latest IGMP groups information IGMP Membership To display the IGMP Membership page click Routing gt Multicast gt IGMP gt IGMP Membership IGMP Membership IGMP Membership Search By Interface Interface GO Source Source Filter Hosts Mode Compatibility Mode Field Description Group IP The IP multicast group address for which data is to be displayed I
292. cted or unselected for re configuring the association of VLANs to MST instances 2 To delete an MST instance select the check box next to the instance and click Delete To modify an MST instance select the check box next to the instance to configure update the values and click Apply You can select multiple check boxes to apply the same setting to all selected ports 4 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch For each configured instance the information described in the following table displays on the page Fes escrito O O Bridge Identifier The bridge identifier for the selected MST instance It is made up using the bridge priority and the base MAC address of the bridge Time Since Topology Change The time n seconds since the topology of the selected MST instance last changed Topology Change Count Number of times topology has changed for the selected MST instance Topology Change The value of the topology change parameter for the switch indicating if a topology change is in progress on any port assigned to the selected MST instance It takes a value if True or False Designated Root The bridge identifier of the root bridge It is made up from the bridge priority and the base MAC address of the bridge Root Path Cost Path Cost to the Designated Root for this MST instance Root Portldentifier Port to access the Designated
293. ction Interface Network Policies Information Media Application Priority Type Inventory Information Hardware Revision Firmware Revision Software Revision Serial Number Manufacturer Name Model Name Asset Id Location Information 1 0 1 x Unknown Bit Status 0x0 1 3 21 13 28 2ER1084000005 Netgear XSM7224S Sub Type Location Information Coordinate Based Civic Address ELIN 1 Use interface to select the ports on which LLDP MED frames can be transmitted The following table describes the LLDP MED Local Device Information fields 100 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Network Policy Information Specifies if network policy TLV is present in the LLDP frames Media Application Type Specifies the application type Types of application types are unknown voicesignaling guestvoice guestvoicesignalling softphonevoice videoconferencing streammingvideo vidoesignalling Each application type that is received has the VLAN id priority DSCP tagged bit status and unknown bit status A port may receive one or many such application types If a network policy TLV has been transmitted only then would this information be displayed Inventory Specifies if inventory TLV is present in LLDP frames Hardware Revision Specifies hardware version Firmware Revision Specifies Firmwar
294. d Designated Router The identity of the Designated Router for this network in the view of the advertising router The Designated Router is identified here by its router ID The value 0 0 0 0 means that there is no Designated Router This field is only displayed if the OSPFv3 admin mode is enabled Chapter Routing 271 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig _ Deseription S O Backup Designated Router Number of Link Events Interface Statistics The identity of the Backup Designated Router for this network in the view of the advertising router The Backup Designated Router is identified here by its router ID Set to 0 0 0 0 if there is no Backup Designated Router This field is only displayed if the OSPFv3 admin mode is enabled This is the number of times the specified OSPFv3 interface has changed its state This field is only displayed if the OSPFv3 admin mode is enabled This screen displays statistics for the selected interface The information will be displayed only if OSPFv3 is enabled To display the Interface Statistics page click Routing gt OSPFv3 gt Advanced gt Interface Statistics OSPFv3 Interface Statistics OSPFv3 Interface Selection E Interface OSPFv3 Interface Statistics OSPFv3 Area ID Area Border Router Count AS Border Router Count Area LSA Count IPv6 Address Interface Events Virtual Events Neighbor Events E
295. d Use Group Address to specify the Group Address of the RP to be created or deleted Use Group Mask to specify the Group Mask of the RP to be created or deleted Use Override to indicate that if there is a conflict the RP configured with this option prevails over the RP learned by BSR Click ADD to add a new static RP address for one or more multicast groups Click DELETE to delete the RP address selected Adding a Static RP To add a static RP for the PIM router 1 oo Poe SN 6 Open the Static RP Configuration page Enter the IP address of the RP for the group range Enter the group address of the RP Enter the group mask of the RP Select the Enable option for the Override field to configure the static RP to override the dynamic candidate RPs learned for same group ranges Otherwise select the Disable option Click the Add button The new Static RP is added and the device is updated Chapter Routing 315 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Static Routes Configuration To display the Static Routes Configuration page click Routing gt Multicast gt Static Routes Configuration Static Routes Configuration Static Routes Configuration Source IP Source Mask RPF Neighbor Metric iT nf wf J 1 Use Source IP to enter the IP Address that identifies the multicast packet source for the entry you are creating 2 Use Source Mask to enter the subnet m
296. d Stackable Switch Software Administration Manual Fig escrito O O Pool Name Pool Name For a user with read write permission this field would show names of all the existing pools along with an additional option Create When the user selects Create another text box Pool Name appears where the user may enter name for the Pool to be created For a user with read only permission this field would show names of the existing pools only This field appears when the user with read write permission has selected Create in the Drop Down list against Pool Name Specifies the Name of the Pool to be created Pool Name can be up to 31 characters in length Type of Binding Specifies the type of binding for the pool e Unallocated e Dynamic e Manual Network Address Specifies the subnet address for a DHCP address of a dynamic pool Network Mask Specifies the subnet number for a DHCP address of a dynamic pool Either Network Mask or Prefix Length can be configured to specify the subnet mask but not both Network Prefix Length Client Name Specifies the subnet number for a DHCP address of a dynamic pool Either Network Mask or Prefix Length can be configured to specify the subnet mask but not both Valid Range is 0 to 32 Specifies the Client Name for DHCP manual Pool Hardware Address Specifies the MAC address of the hardware platform of the DHCP client Hardware Address T
297. d off This leads to stale information in the ARP cache unless entries are updated in reaction to new information seen on the network periodically refreshed to determine if an address still exists or removed from the cache if the entry has not been identified as a sender of an ARP packet during the course of an ageout interval usually specified via configuration From the ARP link you can access the following pages e Basic on page 222 e Advanced on page 223 Basic From the Basic link you can access the following pages e ARP Cache on page 223 222 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual ARP Cache Use this screen to show ARP entries in the ARP Cache To display the ARP Cache page click Routing gt ARP gt Basic gt ARP Cache ARP Cache ARP Cache IP Address Port MAC Address 10 27 34 1 1 0 22 00 16 9C E1 D8 00 1 Use Port to select the associated Unit Slot Port of the connection 2 IP Address displays the IP address It must be the IP address of a device on a subnet attached to one of the switch s existing routing interfaces 3 MAC Address displays the unicast MAC address of the device The address is six two digit hexadecimal numbers separated by colons for example 00 06 29 32 81 40 4 Click REFRESH to show the latest IP information Advanced From the Advanced link you can access the following pages e Static ARP Cache on page 223 e ARP Tabl
298. d the relay interface number or it can be specified as a user defined string Stacking From the Stacking link you can access the following pages e Basic on page 72 e Advanced on page 74 e NSFon page 79 Basic From the Basic link you can access the following pages e Stack Configuration on page 72 Stack Configuration This page moves the Primary Management Unit functionality from one unit to another Upon execution the entire stack including all interfaces in the stack is unconfiugred and reconfigured with the configuration on the new Primary Management Unit After the reload is complete all stack management capability must be performed on the new Primary Management Unit To preserve the current configuration across a stack move save the current configuration to the NVRAM before performing the stack move A stack move causes all routes and layer 2 addresses to be lost The administrator is prompted to confirm the management move To display the Stack Configuration page click System gt Stacking gt Basic gt Stack Configuration A screen similar to the following displays Stack Configuration 1 Use Management Unit Selected to select the unit to be managed unit and click APPLY to move the management to the selected unit 72 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Unit ID displays the list of units of the stack Details of the sel
299. deny 4 Use Logging to enable logging for this ACL rule subject to resource availability in the device If the Access List Trap Flag is also enabled this will cause periodic traps to be generated indicating the number of times this rule was hit during the current report interval A fixed 5 minute report interval is used for the entire system A trap is not issued if the ACL rule hit count is zero for the current interval This field is visible for a Deny Action 448 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 10 11 12 13 Use Assign Queue ID to specify the hardware egress queue identifier used to handle all packets matching this IPv6 ACL rule Valid range of Queue IDs is 0 to 6 This field is visible for a Permit Action Use Mirror Interface to specify the specific egress interface where the matching traffic stream is copied in addition to being forwarded normally by the device This field cannot be set if a Redirect Interface is already configured for the ACL rule This field is visible for a Permit Action Use Redirect Interface to specify the specific egress interface where the matching traffic stream is forced bypassing any forwarding decision normally performed by the device This field cannot be set if a Mirror Interface is already configured for the ACL rule This field is visible for a Permit Action Use Match Every to select
300. describes the read only MST port configuration information displayed on the Spanning Tree CST Configuration page Field Description Auto Calculated Port Path Cost Displays whether the path cost is automatically calculated Enabled or not Disabled Path cost will be calculated based on the link speed of the port if the configured value for Port Path Cost is zero Port ID The port identifier for the specified port within the selected MST instance It is made up from the port priority and the interface number of the port Port Uptime Since Last Clear Counters Time since the counters were last cleared displayed in Days Hours Minutes and Seconds Chapter Configuring Switching Information 141 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Feis escrito O O Port Mode Port Forwarding State Spanning Tree Protocol Administrative Mode associated with the port or port channel The possible values are Enable or Disable The Forwarding State of this port Port Role Designated Root Designated Cost Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree The port role will be one of the following values Root Port Designated Port Alternate Port Backup Port Master Port or Disabled Port Root Bridge for the selected MST instance It is made up using the bridge priority and the base MAC address of the bridge Path Cost offer
301. determine the identity of the Backup Designated Router by monitoring received Hello Packets The router is not allowed to elect a Backup Designated Router or a Designated Router until it transitions out of Waiting state This prevents unnecessary changes of Backup Designated Router Point to Point The interface is operational and is connected either to the virtual link On entering this state the router attempts to form an adjacency with the neighboring router Hello Packets are sent to the neighbor every Hellolnterval seconds Designated Router This router is itself the Designated Router on the attached network Adjacencies are established to all other routers attached to the network The router must also originate a network LSA for the network node The network LSA will contain links to all routers including the Designated Router itself attached to the network Backup Designated Router This router is itself the Backup Designated Router on the attached network It will be promoted to Designated Router if the present Designated Router fails The router establishes adjacencies to all other routers attached to the network The Backup Designated Router performs slightly different functions during the Flooding Procedure as compared to the Designated Router Other Designated Router The interface is connected to a broadcast or NBMA network on which other routers have been selected to be the Designated Router and Backup Designated Router either Th
302. ding to the Last Violation MAC address Chapter Managing Device Security 405 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Port Security Interface Configuration A MAC address can be defined as allowable by one of two methods dynamically or statically Both methods are used concurrently when a port is locked Dynamic locking implements a first arrival mechanism for Port Security You specify how many addresses can be learned on the locked port If the limit has not been reached then a packet with an unknown source MAC address is learned and forwarded normally When the limit is reached no more addresses are learned on the port Any packets with source MAC addresses that were not already learned are discarded You can effectively disable dynamic locking by setting the number of allowable dynamic entries to zero Static locking allows you to specify a list of MAC addresses that are allowed on a port The behavior of packets is the same as for dynamic locking only packets with an allowable source MAC address can be forwarded To display the Port Security Interface Configuration page click Security gt Traffic Control gt Port Security gt Interface Configuration Port Security Interface Configuration Interface Configuration 1 LAGS All Go To Port GO Max Allowed Security Mode Dynamically Max Allowed Statically Violation Tra Locked MAC p Learned MAC Omm M
303. dmin Mode pull down menu to select the Port control administration state You must select enable if you want the port to participate in the network The factory default is enabled Chapter Configuring Switching Information 169 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 4 Use LACP Mode to select the Link Aggregation Control Protocol administration state The mode must be enabled in order for the port to participate in Link Aggregation May be enabled or disabled by selecting the corresponding line on the pull down entry field The factory default is enabled 5 Use the Physical Mode pull down menu to select the port s speed and duplex mode If you select auto the duplex mode and speed will be set by the auto negotiation process Note that the port s maximum capability full duplex and speed will be advertised Otherwise your selection will determine the port s duplex mode and transmission rate The factory default is auto 6 Use the Link Trap object to determine whether to send a trap when link status changes The factory default is enabled 7 Use Maximum Frame Size to specify the maximum Ethernet frame size the interface supports or is configured including ethernet header CRC and payload 1518 to 9216 The default maximum frame size is 1518 8 Click CANCEL to update the switch with the values you entered If you want the switch to retain the new values across a power cycle you must perform
304. e Table 1 Command Buttons Button Function Add Clicking Add adds the new item configured in the heading row of a table Apply Clicking the Apply button sends the updated configuration to the switch Configuration changes take effect immediately Cancel Clicking Cancel cancels the configuration on the screen and resets the data on the screen to the latest value of the switch Delete Clicking Delete removes the selected item Refresh Clicking the Refresh button refreshes the page with the latest information from the device Logout Clicking the Logout button ends the session Device View The Device View is a Java applet that displays the ports on the switch This graphic provides an alternate way to navigate to configuration and monitoring options The graphic also Chapter Getting Started 13 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual provides information about device ports current configuration and status table information and feature components The Device View is available from the System gt Device View page The port coloring indicates whether a port is currently active Green indicates that the port is enabled red indicates that an error has occurred on the port or red indicates that the link is disabled The Device View of the switch is shown below Device View Master Full Stack View irene ST lt lt ee 1 NETGEAR Pore Mya ony
305. e Managed Switches software provides for the creation deletion and management of tunnel interfaces These are dynamic interfaces that are created and deleted via user configuration ProSafe Managed Switches support configured IPv6 over IPv4 tunnels to facilitate the transition of IPv4 networks to IPv6 networks With configured tunnels the user specifies the endpoints of the tunnel Tunnels operate as point to point links Tunnels can be created configured and deleted from this page To display the Tunnel Configuration page click Routing gt IPv6 gt Advanced gt Tunnel Configuration Tunnel Configuration 1 Use Tunnel ID to select from a list of all of available tunnel IDs 2 Use Mode to select the Tunnel mode The supported modes are 6 in 4 configured and 6 to 4 3 Use IPv6 Mode to enable IPv6 on this interface using the IPv6 address This option is only configurable prior to specifying an explicit IPv6 address 4 Use IPv6 Unreachables to specify the Mode of Sending ICMPv6 Destination Unreachables on this interface If Disabled then this interface will not send ICMPv6 Destination Unreachables By default IPv6 Destination Unreachables mode is enable 5 Use IPv6 Address to select a list of configured IPv6 addresses for the selected interface Address must be entered in the format prefix length 6 Use EUI64 to specify the 64 bit extended unique identifier EUI 64 For 6to4 tunnels configure the ipv6 address with first
306. e XSM7224S 10G Managed Stackable Switch Software Administration Manual Feis escrito O O LS Acknowledgements Sent The number of LS acknowledgements sent on this interface by this router LS Acknowledgements Received The number of LS acknowledgements received on this interface by this router Click REFRESH to refresh the data on the screen to show the latest interface statistics Click CLEAR to clear all the statistics of the OSPF interface OSPF Neighbor Table This screen displays the OSPF neighbor table list When a particular neighbor ID is specified detailed information about a neighbor is given The information below will only be displayed if OSPF is enabled To display the OSPF Neighbor Table page click Routing gt OSPF gt Advanced gt OSPF Neighbor Table OSPF Neighbor Table OSPF Neighbor Table t Search By Interface GO Neighbor Neighbor be Router Area Router Helios Retransmission Up Dead Interface 1P Interface Options State Events Permanence ID ID Priority Suppressed Queve length Time Time Address Index Field Description o O Interface Displays the interface for which data is to be displayed or configured Slot 0 is the base unit Router ID A 32 bit integer in dotted decimal format representing the neighbor interface Neighbor IP Address The IP address of the neighboring router s interface to the attached network It is used as the destination IP address when protocol pack
307. e XSM7224S 10G Managed Stackable Switch Software Administration Manual Fes escrito O O Expiry Time hh mm ss The time in seconds before this entry will age out and be removed from the table RPF Neighbor The IP address of the Reverse Path Forwarding neighbor Protocol The multicast routing protocol which created this entry The possibilities are e PIM DM e PIM SM The value displayed in this field is valid if the multicast routing protocol running is PIMSM The possible values are RPT or SPT For other protocols is displayed IPv6 PIM The PIM protocol can be configured to operate on IPv4 and IPv6 networks Most configuration options are common to both protocols therefore this section describes IPv6 configuration Multicast protocols are used to deliver multicast packets from one source to multi receivers They facilitate better bandwidth utilization and use less host and router processing making them ideal for usage in application such as video audio conferencing whiteboard tools stock distribution tickers and so on PIM is a widely used multicast routing protocol Protocol Independent Multicast PIM is a standard multicast routing protocol that provides scalable inter domain multicast routing across the Internet independent of the mechanisms provided by any particular unicast routing protocol PIM has two types e PIM Dense Mode PIM DM e PIM Sparse Mode PIM SM PIM DM protocol is a simple
308. e an untagged packet as it leaves port 6 For port 5 the outgoing packet leaves as a tagged packet with VLAN ID 20 Access Control Lists ACLs ACLs ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources ACLs are used to provide traffic flow control restrict contents of routing updates decide which types of traffic are forwarded or blocked and provide security for the network ACLs are normally used in firewall routers that are positioned between the internal network and an external network such as the Internet They can also be used on a router positioned between two parts of the network to control the traffic entering or exiting a specific part of the internal network The added packet processing required by the ACL feature does not affect switch performance That is ACL processing occurs at wire speed Access lists are a sequential collection of permit and deny conditions This collection of conditions known as the filtering criteria is applied to each packet that is processed by the switch or the router The forwarding or dropping of a packet is based on whether or not the packet matches the specified criteria Traffic filtering requires the following two basic steps 1 Create an access list definition The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded Additionally you
309. e click Routing gt IPv6 gt Advanced gt Route Table IPv6 Route Table IPv6 Route Table Routes Displayed All Routes x Number of Routes 0 Pref Next H Next H IP IPv6 Prefix Meyrin Protocol peri A Preference Length Interface Address 1 Use Routes Displayed to display e Configured Routes Shows the routes configured by the user e Best Routes Shows only the best active routes All Routes Shows all active IPv6 routes 2 Click REFRESH to show the latest IP information 216 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Number of Routes IPv6 Prefix Description Displays the total number of active routes in the route table Displays the Network Prefix for the Active Route Prefix Length Protocol Next Hop Interface Next Hop IP Address Displays the Prefix Length for the Active Route Displays the Type of Protocol for the Active Route Displays the Interface over which the Route is Active For a Reject Route the next hop would be a Nullo interface Displays the Next Hop IPv6 Address for the Active Route Preference Displays the Route Preference of the Configured Route IPv6 Route Preferences Use this panel to configure the default preference for each protocol These values are arbitrary values in the range of 1 to 255 and are independent of route metrics Most routing protocols use a route metric to
310. e parameters will be set to their initial values All interface timers will be disabled and there will be no adjacencies associated with the interface Loopback In this state the router s interface to the network is looped back either in hardware or software The interface is unavailable for regular data traffic However it may still be desirable to gain information on the quality of this interface either through sending ICMP pings to the interface or through something like a bit error test For this reason IP packets may still be addressed to an interface in Loopback state To facilitate this such interfaces are advertised in router LSAs as single host routes whose destination is the IP interface address Waiting The router is trying to determine the identity of the Backup Designated Router for the network by monitoring received Hello Packets The router is not allowed to elect a Backup Designated Router or a Designated Router until it transitions out of Waiting state This prevents unnecessary changes of Backup Designated Router Designated Router This router is itself the Designated Router on the attached network Adjacencies are established to all other routers attached to the network The router must also originate a network LSA for the network node The network LSA will contain links to all routers including the Designated Router itself attached to the network Backup Designated Router This router is itself th
311. e Backup Designated Router on the attached network It will be promoted to Designated Router if the present Designated Router fails The router establishes adjacencies to all other routers attached to the network The Backup Designated Router performs slightly different functions during the LSA flooding as compared to the Designated Router 246 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Other Designated Router Designated Router The interface is connected to a broadcast on which other routers have been selected to be the Designated Router and Backup Designated Router either The router attempts to form adjacencies to both the Designated Router and the Backup Designated Router The identity of the Designated Router for this network in the view of the advertising router The Designated Router is identified here by its router ID The value 0 0 0 0 means that there is no Designated Router This field is only displayed if the OSPF admin mode is enabled Backup Designated Router The identity of the Backup Designated Router for this network in the view of the advertising router The Backup Designated Router is identified here by its router ID Set to 0 0 0 0 if there is no Backup Designated Router Number of Link Events This is the number of times the specified OSPF interface has changed its state Local Link LSAs The number
312. e CP feature and configure global settings that affect all captive portals configured on the switch To display the Captive Portal Global Configuration page click Security gt Control gt Captive Portal gt CP Global Configuration Captive Portal Global Configuration Captive Portal Global Configuration Admin Mode Disable Enable Operational Status Disabled Disabled Reason Administrator Disabled CP IP Address 0 0 0 0 Additional HTTP Port 0 to 65535 Additional HTTP Secure Port 0 Authentication Timeout 300 Supported Captive Portals 10 Configured Captive Portals 1 Active Captive Portals 0 System Supported Users 1024 Local Supported Users 128 Configured Local Users 0 Authenticated Users 0 1 Use Admin Mode to enable or disable Captive Portal feature By default the Captive Portal feature is disabled 2 Use Additional HTTP Port to configure an additional port for HTTP traffic HTTP traffic uses port 80 but you can configure an additional port for HTTP traffic Enter a port number between 0 65535 excluding port 80 Enter 0 to unconfigure the Additional HTTP Port Default is 0 3 Use Additional HTTP Secure Port to configure an additional port for HTTP Secure traffic HTTP Secure traffic uses port 443 Enter a port number between 0 65535 excluding port 443 Enter 0 to unconfigure the Additional HTTP Secure Port Default is 0 4 Use Authentication Timeout to specify the number of seconds to keep the authentication session
313. e Configuration on page 225 Static ARP Cache To display the Static ARP Cache page click Routing gt ARP gt Advanced gt ARP Create Static ARP Cache ARP Static Configuration ARP Cache Port IP Address MAC Address ARP Static Configuration Use this screen to add an entry to the Address Resolution Protocol table Chapter Routing 223 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 Use IP Address to enter the IP address you want to add It must be the IP address of a device on a subnet attached to one of the switch s existing routing interfaces 2 Use MAC Address to specify the unicast MAC address of the device Enter the address as six two digit hexadecimal numbers separated by colons for example 00 06 29 32 81 40 3 Click ADD to add a new static ARP entry to the switch 4 Click DELETE to delete an existing static ARP entry from the switch 5 Click APPLY to change the MAC Address mapping to the IP Configuration changes take effect immediately ARP Cache Use this screen to show ARP entries in the ARP Cache Fes escrito O O Port The associated Unit Slot Port of the connection IP Address Displays the IP address It must be the IP address of a device on a subnet attached to one of the switch s existing routing interfaces MAC Address The unicast MAC address of the device The address is six two digit hexadecimal numbers separated by colons for ex
314. e Routes The number of routes in the DVMRP routing table that have a non infinite metric Chapter Routing 295 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DVMRP Interface Configuration To display the DVMRP Interface Configuration page click Routing gt Multicast DVMRP gt Interface Configuration DVMRP Interface Configuration DVMRP Interface Configuration 1 all Go To Interface Go Interface Parameters Interface Statistics Received Received Interface Protocol Local Interface Generation Interface Bad Bad Mode State Address Metric ID Packets Routes al O 10 2 Disable Not In Service 1 0 o 0 O so 2 Disable Not In Service 1 0 0 o C 1 0 73 Disable Not In Service 1 o 9 0 O so s Disable Not In Service 1 0 o O 10 5 Disable Not In Service 1 o o o O 10 6 Disable Not In Service 1 o 0 3 O 1 077 Disable Not In Service 1 o 0 0 O sore Disable Not In Service 1 o 0 o O 170 9 Disable Not In Service 1 0 o 0 C 1 0710 Disable Not In Service 1 0 O 1 0 21 Disable Not In Service 1 0 0 0 O 10 12 Disable Not In Service 1 0 0 0 O 1 0 23 Disable Not In Service 1 0 0 0 O sori Disable Not In Service 1 o o o O os Disable Not In Service 1 o 0 0 O vois Disable Not In Service 1 o 0 o O 1 0 17 Disable Not In Service 1 0 0 0 O 17 0 18 Disable Not In Service 1 0 0 O 170 19 Disable Not In Service 1 0 ti 0 O 10 20 Disable Not In Service 1 0 0 o O 1 0 21 Disable Not In
315. e Submit button is pressed Enter 0 to clear the Unauthenticated Vlan Id on the interface Supplicant Timeout This input field allows the user to enter the supplicant time out for the selected port The supplicant time out is the value in seconds of the timer used by the authenticator state machine on this port to time out the supplicant The supplicant time out must be a value in the range of 1 and 65535 The default value is 30 Changing the value will not change the configuration until the Apply button is pressed Server Timeout This input field allows the user to enter the server time out for the selected port The server time out is the value in seconds of the timer used by the authenticator on this port to time out the authentication server The server time out must be a value in the range of 1 and 65535 The default value is 30 Changing the value will not change the configuration until the APPLY button is pressed Maximum Requests This input field allows the user to enter the maximum requests for the selected port The maximum requests value is the maximum number of times the authenticator state machine on this port will retransmit an EAPOL EAP Request Identity before timing out the supplicant The maximum requests value must be in the range of 1 and 10 The default value is 2 Changing the value will not change the configuration until the APPLY button is pressed PAE Capabilities This field selects the port access entity PAE f
316. e a Router ID before OSPF can become operational see step 1 or by issuing the CLI command Config router router id Enable or disable RFC 1583 Compatibility to specify the preference rules that will be used when choosing among multiple AS external LSAs advertising the same destination If you select enable the preference rules will be those defined by RFC 1583 If you select disable the preference rules will be those defined in Section 16 4 1 of the OSPF 2 standard RFC 2328 which will prevent routing loops when AS external LSAs for the same destination have been originated from different areas The default value is enable All routers in the OSPF domain must be configured the same If all OSPF routers are capable of operating according to RFC 2328 RFC 1583 Compatibility should be disabled Set the Opaque LSA Status parameter to enable if OSPF should store and flood opaque LSAs An opaque LSA is used for flooding user defined information within an OSPF router domain Use Exit Overflow Interval secs to specify how long OSPF must wait before attempting to leave overflow state When the number of non default external LSAs exceeds a configured limit the router enters an overflow state as defined in RFC 1765 In overflow state OSPF cannot originate non default external LSAs If the Exit Overflow Interval is 0 OSPF will not leave overflow state until it is disabled and re enabled The range is 0 to 2 147 483 647 seconds Use SPF Delay
317. e default value is 2 IGMP Routing Interface Statistics To display the IGMP Routing Interface Statistics page click Routing gt Multicast gt IGMP gt Routing Interface Statistics IGMP Routing Interface Statistics IGMP Routing Interface Statistics 1 all x Querier Querier Wrong Number GOT vahuetnen I Subnet Protoc ol Querter Querier Up Expiry Version elt isis ae tear Stata n Satus Time Time Quertes Received Groups Received 1 0 1 0 0 0 0 0 0 0 0 Non Operationa 1 0 2 0 0 0 0 0 0 0 0 Non Operational 1 0 3 0 0 0 0 0 0 0 0 Non Operationa 1 0 4 0 0 0 0 0 0 0 0 Non Operational 1 0 5 0 0 0 0 0 0 0 0 Non Operationa 1 0 6 0 0 0 0 0 0 0 0 Non Operational 1 0 7 0 0 0 0 9 0 0 0 Non Operationa 170 8 0 0 0 0 0 0 0 0 Non Operational 2 0 9 0 0 0 0 0 0 0 0 Non Operationa 1 0 10 9 0 0 0 0 0 0 0 Non Operational 1 0 11 0 0 0 0 0 0 0 0 Non Operationa 1 0 12 0 0 0 0 0 0 0 0 Non Operational 1 0 13 0 0 0 0 0 0 0 0 Non Operationa 1 0 14 0 0 0 0 0 0 0 0 Non Operational 1 0 15 0 0 0 0 0 0 0 0 Non Operationa 1 0 16 0 0 0 0 0 0 0 0 Non Operational 1 0 17 0 0 0 0 0 0 0 0 Non Operational 1 0 18 0 0 0 0 0 0 0 0 Non Operational 1 0 19 0 0 0 0 0 0 0 0 Non Operational 1 0 20 0 0 0 0 0 0 0 0 Non Operational 1 0 21 0 0 0 0 0 0 0 0 Non Operational 1 0 22 0 0 0 0 0 0 0 0 Non Operational etnias AAAA aaan itan Ana cntinnat 302 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Ma
318. e is 123 3 Use Unicast Poll Interval to specify the number of seconds between unicast poll requests expressed as a power of two when configured in unicast mode Allowed range is 6 to 10 Default value is 6 4 Use Broadcast Poll Interval to specify the number of seconds between broadcast poll requests expressed as a power of two when configured in broadcast mode Broadcasts received prior to the expiry of this interval are discarded Allowed range is 6 to 10 Default value is 6 5 Use Unicast Poll Timeout to specify the number of seconds to wait for an SNTP response when configured in unicast mode Allowed range is 1 to 30 Default value is 5 6 Use Unicast Poll Retry to specify the number of times to retry a request to an SNTP server after the first time out before attempting to use the next configured server when configured in unicast mode Allowed range is 0 to 10 Default value is 1 7 When using SNTP NTP time servers to update the switch s clock the time data received from the server is based on Coordinated Universal Time UTC which is the same as Greenwich Mean Time GMT This may not be the time zone in which the switch is located Use Time Zone Name to configure a timezone specifying the number of hours and optionally the number of minutes difference from UTC with Offset Hours and Offset Minutes The time zone can affect the display of the current system time The default value is UTC 8 Use Offset Hours to specify the
319. e less than or equal to 2 Bridge Forward Delay 1 and greater than or equal to 2 Bridge Hello Time 1 The default value is 20 Bridge Hello Time secs Specifies the bridge Hello time for the Common and Internal Spanning Tree CST which indicates the amount of time in seconds a root bridge waits between configuration messages The value is fixed at 2 seconds The value must be less than or equal to Bridge Max Age 2 1 The default hello time value is 2 Bridge Forward Delay secs Specifies the bridge forward delay time which indicates the amount of time in seconds a bridge remains in a listening and learning state before forwarding packets The value must be greater or equal to Bridge Max Age 2 1 The time range is from 4 seconds to 30 seconds The default value is 15 Spanning Tree Maximum Hops Specifies the maximum number of bridge hops the information for a particular CST instance can travel before being discarded The valid range is 1 127 Spanning Tree Tx Hold Count Configures the maximum number of bpdus the bridge is allowed to send within the hello time window The default value is 6 Field Description Bridge identifier The bridge identifier for the CST It is made up using the bridge priority and the base MAC address of the bridge Time since topology change The time in seconds since the topology of the CST last changed Topology change count Number of times topology has chan
320. e optional Internal VLAN Allocation Policy field to specify a policy for the internal VLAN allocation There are two policies supported ascending and descending VLAN Configuration 1 Use VLAN ID to specify the VLAN Identifier for the new VLAN The range of the VLAN ID is 1 to 4093 2 Use the optional VLAN Name field to specify a name for the VLAN It can be up to 32 alphanumeric characters long including blanks The default is blank VLAN ID 1 always has a name of Default 3 Click ADD to add a new VLAN to the switch 4 Click DELETE to delete a selected VLAN from the switch Fig escrito O O VLAN Type This field identifies the type of the VLAN you are configuring You cannot change the type of the default VLAN VLAN ID 1 it is always type Default When you create a VLAN using this screen its type will always be Static A VLAN that is created by GVRP registration initially has a type of Dynamic When configuring a Dynamic VLAN you can change its type to Static 114 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Advanced From the Advanced link you can access the following pages e VLAN Configuration on page 113 e VLAN Membership on page 116 e VLAN Status on page 117 e Port PVID Configuration on page 119 e MAC Based VLAN on page 121 e IP Subnet Based VLAN on page 122 e Port DVLAN Configuration on page 1
321. e pages under the SNMPV1 V2 menu allow you to configure SNMP community information traps and trap flags From the SNMP V1 V2 link you can access the following pages e Community Configuration on page 82 e Trap Configuration on page 84 e Trap Flags on page 85 e Supported MIBs on page 87 Community Configuration By default two SNMP Communities exist e Private with Read Write privileges and status set to Enable e Public with Read Only privileges and status set to Enable These are well known communities Use this page to change the defaults or to add other communities Only the communities that you define using this page will have access to the switch using the SNMPv1 and SNMPv2c protocols Only those communities with read write level access can be used to change the configuration using SNMP Use this page when you are using the SNMPv1 and SNMPv2c protocol If you want to use SNMP v3 you should use the User Accounts menu To display this page click System gt SNMP gt SNMP V1 V2 gt Community Configuration A screen similar to the following displays 82 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Community Configuration Community Configuration c 0 Se Client Address Client IP Mask Access Mode Status Name C public 0 0 0 0 0 0 0 0 Read Only Enable C private 0 0 0 0 0 0 0 0 Read Write Enable 1 Use Community Name to reconfigure an exi
322. e router attempts to form adjacencies to both the Designated Router and the Backup Designated Router State Metric The metric value used by the Virtual Link Chapter Routing 279 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Route Redistribution This screen can be used to configure the OSPFv3 Route Redistribution parameters The allowable range for each field is displayed next to it If an invalid value is entered in one or multiple fields an alert message will be displayed with the list of all the valid values To display the Route Redistribution page click Routing gt OSPFv3 gt Advanced gt Route Redistribution Route Redistribution OSPF v3 Route Redistribution Redistribute Source Metric Metric Type Ta Option C Connected Disable External Type 2 C Static Disable 0 External Type 2 0 1 Use Source to select those Source Protocols that have already been configured for redistribution by OSPF v3 The valid values are Static and Connected 2 Use Redistribute Option to enable or disable the redistribution for the selected source protocol 3 Use Metric to set the metric value to be used as the metric of redistributed routes This field displays the metric if the source was pre configured and can be modified The valid values are 0 to 16777214 4 Use Metric Type to set the OSPFv3 metric type of redistributed routes 5 Use Tag to set the tag field in rou
323. e same format as MAC Address indicating which part s of the source MAC Address to use for matching against packet content Destination MAC Address This is the destination MAC address specified as six two digit hexadecimal numbers separated by colons Destination MAC Mask This is a bit mask in the same format as MAC Address indicating which part s of the destination MAC Address to use for matching against packet content Protocol Type This lists the keywords for the layer 4 protocols from which one can be selected The list includes other as an option for the remaining values Source IP Address This is a valid source IP address in the dotted decimal format Source Mask This is a bit mask in IP dotted decimal format indicating which part s of the source IP Address to use for matching against packet content Source L4 Port This lists the keywords for the known source layer 4 ports from which one can be selected The list includes other as an option for the unnamed ports Destination IP Address This is a valid destination IP address in the dotted decimal format DestinationMask This is a bit mask in IP dotted decimal format indicating which part s of the destination IP Address to use for matching against packet content Destination L4 Port This lists the keywords for the known destination layer 4 ports from which one can be selected The list includes other as an option for the unnamed ports IP DS
324. e selected port This button is only selectable if the control mode is auto If the button is not selectable it will be grayed out Once this button is pressed the action is immediate It is not required to press the APPLY button for the action to occur Click REAUTHENTICATE to begin the reauthentication sequence on the selected port This button is only selectable if the control mode is auto If the button is not selectable it will be grayed out Once this button is pressed the action is immediate It is not required to press the APPLY button for the action to occur Chapter Managing Device Security 397 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Port Summary Use the Port Summary page to view information about the port access control settings on a specific port To access the Port Summary page click Security gt Port Authentication gt Advanced gt Port Summary Poet Summary Port Summary i tags Al van Mto wa rast a poi dathertceter Intetes Intetre 60 Not Asgat PALSE 0 Cate wa Pot kosed van Ass wa ase oo Vems Authercceter Intulizs inmate O Ma Amgred FALSE 5 cote va Pon naest vaJ Ass wa tase a veros Atertcate takes het Asegred PALSE saa Pot Races vee Am wa mise oe Vowel Arneson Intense be o We aoed ane hoa ya Pet berod yS An wa rase am vesi Authenticate ze I eoire Not ampgt raise Tatae wa Port Berei vere Ata ma ond ao Verpeors Aumerecaty Intusce h s O
325. e selection box lists all the possible protected port Group IDs supported for the current platform The valid range of the Group ID is 0 to 2 2 Use the optional Group Name field to associate a name with the protected ports group used for identification purposes It can be up to 32 alphanumeric characters long including blanks The default is blank This field is optional 3 Click the orange bar to display the available ports 4 Click the box below each port to configure as a protected port The selection list consists of physical ports protected as well as unprotected The protected ports are tick marked to differentiate between them No traffic forwarding is possible between two protected ports If left unconfigured the default state is unprotected No traffic forwarding is possible between two protected ports 5 Click Refresh to refresh the page with the most current data from the switch 6 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 7 If you make changes to the page click Apply to apply the changes to the system Configuration changes take effect immediately Chapter Managing Device Security 411 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Storm Control A broadcast storm is the result of an excessive number of broadcast messages simultaneously transmitted across a network by a single port Forwarded mes
326. e selection is changed a screen refresh will occur causing all fields to be updated for the newly selected port IPv6 Statistics Fig escrito O O Total Datagrams Received The total number of input datagrams received by the interface including those received in error Received Datagrams Locally Delivered Received Datagrams Discarded Due To Header Errors Received Datagrams Discarded Due To MTU Received Datagrams Discarded Due To No Route Received Datagrams With Unknown Protocol Received Datagrams Discarded Due To Invalid Address Received Datagrams Discarded Due To Truncated Data The total number of datagrams successfully delivered to IPv6 user protocols including ICMP This counter is incremented at the interface to which these datagrams were addressed which might not be necessarily the input interface for some of the datagrams The number of input datagrams discarded due to errors in their IPv6 headers including version number mismatch other format errors hop count exceeded errors discovered in processing their IPv6 options etc The number of input datagrams that could not be forwarded because their size exceeded the link MTU of outgoing interface The number of input datagrams discarded because no route could be found to transmit them to their destination The number of locally addressed datagrams received successfully but discarded because of an unknown or unsupported protocol This counter
327. e specified neighbor on the selected interface Capabilities The DVMRP capabilities of the specified neighbor on the selected interface Received Routes The number of routes received for the specified neighbor on the selected interface Received Bad Packets The number of invalid packets received for the specified neighbor on the selected interface Received Bad Routes The number of invalid routes received for the specified neighbor on the selected interface DVMRP Next Hop To display the DVMRP Next Hop page click Routing gt Multicast DVMRP gt DVMRP Next Hop DVMRP Next Hop DVMRP Next Hop Source IP Source Mask Next Hop Interface Type Pld eserptin Source IP The IP address used with the source mask to identify the source network for this table entry Source Mask The network mask used with the source IP address Next Hop Interface The outgoing interface for this next hop Type The next hop type Leaf means that no downstream dependent neighbors exist on the outgoing interface Otherwise the type is branch 298 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DVMRP Prune To display the DVMRP Prune page click Routing gt Multicast DVMRP gt DVMRP Prune DVMRP Prune DVMRP Prune Group IP Source IP Source Mask Expiry Time Field Description Group IP The group address which has been pruned Source IP The addres
328. e the statistics for this port were last cleared 456 Chapter Monitoring the System ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Port Detailed Statistics The Port Detailed Statistics page displays a variety of per port traffic statistics To access the Port Detailed page click Monitoring gt Ports gt Port Detailed Statistics Following figure show some but not all of the fields on the Port Detailed Statistics page Port Detailed Statistics Port Detailed Statistics Interface 1 0 1 x MSTID CST ifIndex 1 Port Type Normal Port Channel ID not a lag member Port Role STP Mode Enable STP State Admin Mode Enable LACP Mode Enable Physical Mode Auto Physical Status Unknown Link Status Link Down Link Trap Enable Packets RX and TX 64 Octets Packets RX and TX 65 127 Octets Packets RX and TX 128 255 Octets Packets RX and TX 256 511 Octets Packets RX and TX 512 1023 Octets Packets RX and TX 1024 1518 Octets Packets RX and TX 1519 2047 Octets Packets RX and TX 2048 4095 Octets Packets RX and TX 4096 9216 Octets Octets Received Packets Received 64 Octets Packets Received 65 127 Octets Packets Received 128 255 Octets o oOo 0 oe 8s8tb8t8 8 8 amp 8 amp Packets Received 256 511 Octets gt Merth oein On en IEAn Annn WW The following table describes the detailed port information displayed on the screen To view information about a different port select the por
329. e type on this unit Running Code Version This field indicates the detected version of code on this unit Code Version in Flash Displays the Release number and version number of the code stored in flash Stack Port Configuration To display the Stack Port Configuration page click System gt Stacking gt Advanced gt Stack Port Configuration A screen similar to the following displays Stack Port Contiger ation Mied Port omtger othe 1 Configured Stack Mode Specify the operating mode of the port to be either ethernet or stacking The default value is set to stacking The following table describes Stack Port Configuration fields Fig escrito O O Unit ID Displays the unit Port Displays the stackable interfaces on the given unit Running Stack Mode Displays the run time mode of the stackable interface 76 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Link Status Link Speed Gbps Displays the link status UP DOWN of the port Displays the maximum speed of the stacking port Transmit Data Rate Mbps Displays the approximate transmit rate on the stacking port Total Transmit Errors Displays the total number of errors in transmit packets since boot The counter may wrap Receive Data Rate Mbps Total Receive Errors Displays the approximate receive
330. e value on this interface for the cost TOS type of service The range for the metric cost is between 1 and 65 535 Metric Cost is only configurable if OSPF V3 is initialized on the interface Field Description IPv6 Address The IPv6 address of the interface LSA Ack Interval The number of seconds between LSA Acknowledgment packet transmissions which must be less than the Retransmit Interval 270 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description State The current state of the selected router interface One of Down This is the initial interface state In this state the lower level protocols have indicated that the interface is unusable In this state interface parameters will be set to their initial values All interface timers will be disabled and there will be no adjacencies associated with the interface Loopback In this state the router s interface to the network is looped back either in hardware or software The interface is unavailable for regular data traffic However it may still be desirable to gain information on the quality of this interface either through sending ICMP pings to the interface or through something like a bit error test For this reason IP packets may still be addressed to an interface in Loopback state To facilitate this such interfaces are advertised in router LSAs as single host routes whose destination is
331. e version Software Revision Specifies Software version Serial Number Specifies serial number Manufacturer Name Specifies manufacturers name Model Name Specifies model name Asset ID Specifies asset id Location Information Specifies if location TLV is present in LLDP frames Sub Type Specifies type of location information Location Information Specifies the location information as a string for given type of location id Chapter Configuring System Information 101 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual LLDP MED Remote Device Information To display this page click System gt LLDP gt LLDP MED gt Remote Device Information A screen similar to the following displays LLDP MED Remote Device Information LLDP MED Interface Selection Interface 1 0 21 Remote ID Capability Information Supported Capabilities Enabled Capabilities Device Class Network Policies Information Media Unknown Application VLAN ID Priority Bit Type Status Inventory Information Hardware Revision Firmware Revision Software Revision Serial Number Manufacturer Name Model Name Asset Id Location Information Sub Type Location Information 1 Use Interface to select the ports on which LLDP MED is enabled The following table describes the LLDP MED Remote Device Information fields Field Description Capability Information
332. ea Configuration page to create and configure an OSPF v3 area To display the Common Area Configuration page click Routing gt OSPFv3 gt Advanced gt Common Area Configuration Common Area Configuration OSPFv3 Common Area Configuration Seon Area Import External SPF Border Area LSA p Arona Routin Router A Checksum y ecksu g Count LSAs Count C 0 0 0 0 Import External LSAs 1 Use Area ID to enter the OSPF area ID An Area ID is a 32 bit integer in dotted decimal format that uniquely identifies the area to which a router interface connects 2 Click ADD to configure the area as a common area 3 Click DELETE to delete the common area Field Description External Routing A definition of the router s capabilities for the area including whether or not AS external LSAs are flooded into throughout the area SPF Runs The number of times that the intra area route table has been calculated using this area s link state database This is done using Dijkstra s algorithm Area Border Router Count The total number of area border routers reachable within this area This is initially zero and is calculated in each SPF Pass Area LSA Count The total number of link state advertisements in this area s link state database excluding AS External LSAs Area LSA Checksum The 32 bit unsigned sum of the link state advertisements LS checksums contained in this area s link state database This sum excludes external
333. ear as links directly under the tabs The feature links in the blue bar change according to the navigation tab that is selected The configuration pages for each feature are available as links in the page menu on the left side of the page Some items in the menu expand to reveal multiple configuration pages as the following figure shows When you click a menu item that includes multiple configuration pages the item becomes preceded by a down arrow symbol and expands to display the additional pages 12 Chapter Getting Started ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual System Information Page Link Switch Statistics System CPU Status Slot Information Loopback Interface Network Interface Configuration gt IPv4 Network oe Pages gt IPv6 Network Corfiguration gt IPv6 Network Interface Neighbor Table Time DNS SDM Template Preference Configuration and Monitoring Options The area directly under the feature links and to the right of the page menu displays the configuration information or status for the page you select On pages that contain configuration options you can input information into fields or select options from drop down menus Each page contains access to the HTML based help that explains the fields and configuration options for the page Each page also contains command buttons Table 1 shows the command buttons that are used throughout the pages in the Web interfac
334. eboot will be retained by the switch Auto Install Configuration To access the Auto Install Configuration page click Maintenance gt Save Config gt Auto Install Configuration Auto Install Configuration Auto Install Configuration AutolInstall Mode Stop iv AutolInstall Persistent Mode Enabled AutoSave Mode Disabled AutolInstall Retry Count 3 AutoInstall State Waiting for restart timeout 1 Use Auto Install to enable disable start stop auto install mode on the switch 2 Select the Auto Save check box and click the APPLY button to have configuration changes you have made saved across a system reboot All changes submitted since the previous save or system reboot will be retained by the switch 3 Use Auto Install Retry Count to specify the number of times the unicast TFTP tries should be made for the DHCP specified file before falling back for broadcast TFTP tries Reset The Reset menu contains links to the following options e Device Reboot on page 486 e Factory Default on page 486 e Password Reset on page 487 Chapter Maintenance 485 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Device Reboot Use the Device Reboot page to reboot ProSafe Managed Switches To access the Device Reboot page click Maintenance gt Reset gt Device Reboot Device Reboot Device Reboot Reboot Unit No 1 Save prior to reboot w Don t save prior to reboot To rebo
335. ecify all address conflicts to be deleted e Specific Address Conflict to specify a specific dynamic binding to be deleted The following table describes the DHCP Conflicts Information fields Field Description the DHCP server IP Address Specifies the IP Address of the host as recorded on hosts were found on the DHCP Server Detection Method Specifies the manner in which the IP address of the N days NNh NNm NNs format with respect to the system up time Detection Time Specifies the time when the conflict was detected in Chapter Configuring System Information 55 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DHCP Relay To display the DHCP Relay page click System gt Services gt DHCP Relay A screen similar to the following displays DHCP Relay DHCP Relay Maximum Hop Count Admin Mode Disable Enable Minimum Wait Time secs 0 Circuit ID Option Mode Disable Enable DHCP Status Q Requests Received 0 Requests Relayed 0 Packets Discarded 0 DHCP Relay Configuration 1 2 Use Maximum Hop Count to enter the maximum number of hops a client request can take before being discarded The range is 1 to 16 The default value is 4 Use Admin Mode to select enable or disable radio button When you select enable DHCP requests will be forwarded to the IP address you entered in the Server Address field Use Minimum Wait Time to enter a Mini
336. ected interface 5 Click DELETE to delete the Secondary IP Address from the selected interface Field Description VLAN ID The VLAN ID associated with the displayed or configured interface Primary IP Address The Primary IP Address for the Interface Chapter Routing 201 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IPv6 IPv6 is the next generation of the Internet Protocol With 128 bit addresses versus 32 bit addresses for IPv4 IPv6 solves the address depletion issues seen with IPv4 and removes the requirement for Network Address Translation NAT which is used in IPv4 networks to reduce the number of globally unique IP addresses required for a given network Its aggregate addresses can dramatically reduce the size of the global routing table through well known address combinations Security is more integrated and network configuration is simplified yet more flexible IPv6 can coexists with IPv4 As with IPv4 IPv6 routing can be enabled on physical and VLAN interfaces Each L3 routing interface can be used for IPv4 IPv6 or both IP protocols running over L3 for example UDP and TCP do not change with IPv6 For this reason a single CPU stack is used for transport of both IPv4 and IPv6 and a single sockets interface provides access to both Routing protocols are capable of computing routes for one or both IP versions From the IPv6 link you can access the following pages
337. ected unit are displayed There is also an ADD option visible only to Admin users which can be used to pre configure new members of the stack Use Switch Type to specify the type of switch hardware when creating a new switch in the stack Admin Management Preference is a 2 byte field that indicates whether the administrator wants this unit to become a management unit in preference to another unit The default value for this setting is one If the preference level is set to zero then the device cannot become a management unit This field is non configurable for users with read only access Click ADD to add a unit to the stack with the specific switch type Click DELETE to remove the selected unit from the stack The following table describes the Stack Configuration fields Field Description Hardware Management Preference Switch Status Management Status The hardware management preference of the switch The hardware management preference can be disabled or unassigned Displays the status of the selected unit The possible values are OK e Unsupported e Code Mismatch e Config Mismatch e Not Present Displays whether the selected switch is the management unit or a normal stacking member or on standby The following table describes the Basic Stack Status fields Field Description Unit ID Switch Description Serial Number Unit Id of the specific switch The description for the unit
338. ection Displays selected packet filtering direction for ACL ACL Type Displays the type of ACL assigned to selected interface and direction ACL ID Displays the ACL Number in case of IP ACL or ACL Name in case of MAC ACL identifying the ACL assigned to selected interface and direction Displays the Sequence Number signifying the order of specified ACL relative to other ACLs assigned to selected interface and direction Chapter Managing Device Security 441 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IP ACL An IP ACL consists of a set of rules which are matched sequentially against a packet When a packet meets the match criteria of a rule the specified rule action Permit Deny is taken and the additional rules are not checked for a match On this menu the interfaces to which an IP ACL applies must be specified as well as whether it applies to inbound or outbound traffic Rules for the IP ACL are specified created using the IP ACL Rule Configuration menu To display the IP ACL page click Security gt ACL gt Advanced gt IP ACL IP ACL IP Configuration Current Number of ACL 5 Maximum ACL 100 IP ACL Table z IP ACL Rules Type F 2 2 Basic IP ACL O 102 1 Extended IP ACL C mw act 3 i Named IP ACL The IP ACL area shows the current size of the ACL table versus the maximum size of the ACL table The current size is equal to the number of configured IPv4 plus the nu
339. ectly below the port or LAG number so that an X appears in the box e To remove the selected ACL from a port or LAG click the box directly below the port or LAG number to clear the selection An X in the box indicates that the ACL is applied to the interface Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch Click Apply to save any changes to the running configuration MAC Binding Table Use the MAC Binding Table page to view or delete the MAC ACL bindings To display the MAC Binding Table click Security gt ACL gt Basic gt Binding Table MAC Binding Table MAC Binding Table ID Number ACL s 5 Interface Direction ACL Type equence The following table describes the information displayed in the MAC Binding Table To delete a MAC ACL to interface binding select the check box next to the interface and click Delete 440 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Sequence Number Advanced The Advanced folder contains links to the following features IP ACL on page 442 IP Rules on page 443 IP Extended Rules on page 445 IPv6 ACL on page 447 IPv6 Rules on page 448 IP Binding Configuration on page 450 IP Binding Table on page 451 IP Binding Table on page 451 Field Description Interface Displays the interface of the ACL assigned Dir
340. ed 2 Use MED Status to specify whether LLDP MED mode is enabled or disabled on this interface 3 Use Notification Status to specify the LLDP MED topology notification mode of the interface 4 Use Transmit Type Length Values to specify which optional type length values TLVs in the LLDP MED will be transmitted in the LLDP PDUs frames for the selected interface e MED Capabilities To transmit the capabilities TLV in LLDP frames e Network Policy To transmit the network policy TLV in LLDP frames e Location Identification To transmit the location TLV in LLDP frames e Extended Power via MDI PSE To transmit the extended PSE TLV in LLDP frames e Extended Power via MDI PD To transmit the extended PD TLV in LLDP frames Inventory Information To transmit the inventory TLV in LLDP frames The following table describes the LLDP MED Interface Configuration fields Field Description Link Status Specifies the link status of the ports whether it is Up Down Operational Status Specifies the LLDP MED TLVs are transmitted or not on this interface Chapter Configuring System Information 99 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual LLDP MED Local Device Information To display this page click System gt LLDP gt LLDP MED gt Local Device Information A screen similar to the following displays f LLDP MED Local Device Information LLDP MED Interface Sele
341. ed from combining all the forwarding interfaces and removing the interfaces that are listed as the static filtering interfaces Chapter Configuring Switching Information 145 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual MFDB Statistics To display the MFDB Statistics page click Switching gt Multicast gt MFDB gt MFDB Statistics MFDB Statistics MFDB Statistics Max MFDB Table Entries 2 Most MFDB Entries Since Last Reset 0 m Current Entries Fig escrito O O Max MFDB Table Entries The maximum number of entries that the Multicast Forwarding Database table can hold Most MFDB Entries Since Last Reset The largest number of entries that have been present in the Multicast Forwarding Database table since last reset This value is also known as the MFDB high water mark Current Entries The current number of entries in the Multicast Forwarding Database table IGMP Snooping Internet Group Management Protocol IGMP Snooping is a feature that allows a switch to forward multicast traffic intelligently on the switch Multicast IP traffic is traffic that is destined to a host group Host groups are identified by class D IP addresses which range from 224 0 0 0 to 239 255 255 255 Based on the IGMP query and report messages the switch forwards traffic only to the ports that request the multicast traffic This prevents the switch from broadcasting the traffic to all
342. ed on the ports in a corporate conference room 1 0 5 1 0 8 These ports are available to visitors and need to be authenticated before granting access to the network The authentication is handled by an external RADIUS server When the visitor is successfully authenticated traffic is automatically assigned to the guest VLAN This example assumes that a VLAN has been configured with a VLAN ID of 150 and VLAN Name of Guest Appendix Configuration Examples 519 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 From the Port Authentication screen select ports 1 0 5 1 0 6 1 0 7 and 1 0 8 2 From the Port Control menu select Unauthorized The Port Control setting for all other ports where authentication is not needed should Authorized When the Port Control setting is Authorized the port is unconditionally put in a force Authorized state and does not require any authentication When the Port Control setting is Auto the authenticator PAE sets the controlled port mode 3 In the Guest VLAN field for ports 1 0 5 1 0 8 enter 150 to assign these ports to the guest VLAN You can configure additional settings to control access to the network through the ports See lt pdf gt Port Security Interface Configuration on page 6 496 for information about the settings 4 Click Apply 5 From the 802 1X Configuration screen set the Port Based Authentication State and Guest VLAN Mode to Enable and then c
343. ed to an interface To display the IP Configuration page click Routing gt IP gt Advanced gt IP Configuration IP Configuration IP Configuration 2 Default Time to Live 64 Routing Mode O Enable Disable ICMP Echo Replies Enable Disable ICMP Redirects Enable Disable ICMP Rate Limit Interval 1000 to 2147483647 ICMP Rate Limit Burst Size 100 Maximum Next Hops lt Maximum Routes 6112 Select to configure Global Default Gateway F Global Default Gateway 0 0 0 0 Use Routing Mode to select enable or disable You must enable routing for the switch before you can route through any of the interfaces The default value is disable Use ICMP Echo Replies to select enable or disable If it is enable then only the router can send ECHO replies By default ICMP Echo Replies are sent for echo requests Use ICMP Redirects to select enable or disable If it is enabled globally and on interface level then only the router can send ICMP Redirects Use ICMP Rate Limit Interval to control the ICMP error packets by specifying the number of ICMP error packets that are allowed per burst interval By Default Rate limit is 100 packets sec i e burst interval is 1000 msec To disable ICMP Ratelimiting set this field to 0 Valid Rate Interval must be in the range 0 to 2147483647 Use ICMP Rate Limit Burst Size to control the ICMP error packets by specifying the number of ICMP error packets that are allowed per burst interval By Default burst s
344. ed to the LAN by the Designated Port Designated Bridge Bridge Identifier of the bridge with the Designated Port It is made up using the bridge priority and the base MAC address of the bridge Designated Port Port Identifier on the Designated Bridge that offers the lowest cost to the LAN It is made up from the port priority and the interface number of the port 142 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual STP Statistics Use the Spanning Tree Statistics page to view information about the number and type of bridge protocol data units BPDUs transmitted and received on each port To display the Spanning Tree Statistics page click Switching gt STP gt Advanced gt STP Statistics STP Statistics STP Statistics 1 LAGS All SIE STP BPDUs sha RSTP BPDUs sada ceed dat Interface BPDUs O BPDUs Transmitted BPDUs BPDUs Received Received Received Transmitted 1 0 1 0 0 0 0 0 0 1 0 2 0 0 0 0 0 0 1 0 3 0 0 0 0 0 0 1 0 4 0 0 o 0 0 0 1 0 5 0 0 0 0 0 0 1 0 6 0 0 0 0 0 0 1 0 7 0 0 0 0 0 0 1 0 8 0 o 0 0 1 0 1 0 9 0 0 0 0 0 0 1 0 10 0 0 0 0 0 0 1 0 11 0 0 0 0 0 0 1 0 12 0 0 0 0 0 0 1 0 13 0 0 0 0 3 11433 1 0 14 0 0 0 0 0 0 1 0 15 0 0 0 0 0 0 1 0 16 0 0 0 0 0 0 1 0 17 0 0 0 0 0 0 1 0 18 0 0 o 0 0 0 1 0 19 0 0 0 0 0 0 1 0 20 0 0 o 0 o 0 1 0 21 0 0 0 0 0 0 1 0 22 0 o 89771 0 o 8 1 0 23 0 0 0 0 0 0 1 0 24 0 0 o 0 it 0
345. eded to be reassembled at this entity IpReasmOKs The number of IP datagrams successfully re assembled IpReasmFails The number of failures detected by the IP re assembly algorithm for whatever reason timed out errors etc Note that this is not necessarily a count of discarded IP fragments since some algorithms can lose track of the number of fragments by combining them as they are received lpFragOKs The number of IP datagrams that have been successfully fragmented at this entity lpFragFails The number of IP datagrams that have been discarded because they needed to be fragmented at this entity but could not be e g because their Don t Fragment flag was set lpFragCreates The number of IP datagram fragments that have been generated as a result of fragmentation at this entity IpRoutingDiscards The number of routing entries which were chosen to be discarded even though they are valid One possible reason for discarding such an entry could be to free up buffer space for other routing entries IcmpInMsgs The total number of ICMP messages which the entity received Note that this counter includes all those counted by icmpInErrors 196 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description IcmpInErrors The number of ICMP messages which the entity received but determined as having ICMP specific errors bad ICMP checksums bad len
346. eft in seconds before the entry is removed from the MLD membership table of this interface Filter Mode The filter mode of the multicast group on this interface The values it can take are INCLUDE and EXCLUDE Version1 Host Timer The time remaining until the router assumes there are no longer any MLD version 1 Hosts on the specified interface Group Compat Mode The compatibility mode of the multicast group on the interface The values it can take are MLDv1 and MLDv2 330 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Source Hosts This parameter shows source addresses which are members of this multicast address Source Address Expiry Time This parameter shows expiry time interval against each source address which are members of this multicast group This is the amount of time after which the specified source entry is aged out Click REFRESH to refresh the data on the screen with latest MLD groups information MLD Traffic To display the MLD Traffic page click Routing gt IPv6 Multicast MLD gt MLD Traffic MLD Traffic MLD Traffic E Valid MLD Packets Received Valid MLD Packets Sent Queries Received Queries Sent Reports Received Reports Sent Leaves Received Leaves Sent Field Description Valid MLD Packets Received The number of valid MLD packets received by the router Valid M
347. eived MSTID 0 Unit 1 Slot O Port 22 15 2days 19 15 15 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 16 2days 19 15 14 Spanning Tree Topology Change 0 Unit 1 17 2days 19 15 14 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 18 2 days 19 10 49 Spanning Tree Topology Change 0 Unit 1 19 2days 19 10 49 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 20 2 days 19 10 48 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot O Port 22 21 2days 19 10 47 Spanning Tree Topology Change Received MSTID O Unit 1 Slot O Port 22 an a a a n _ P The following table describes the Trap Log information displayed on the screen The page also displays information about the traps that were sent Click Clear Counters to clear all the counters This resets all statistics for the trap logs to the default values 472 Chapter Monitoring the System ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Number of Traps Since Last Reset Trap Log Capacity Description The number of traps that have occurred since the switch last reboot The maximum number of traps stored in the log If the number of traps exceeds the capacity the entries will overwrite the oldest entries Number of Traps since log The number of traps that have occurred since the traps were last displayed last viewed Displaying the trap
348. elete If no DNS server is specified the check box is global and will delete all the DNS servers listed 7 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 8 Click Apply to send the updated configuration to the switch Configuration changes take effect immediately 9 Click ADD to add the specified DNS Server to the List of DNS Servers Configuration changes take effect immediately 10 Click Delete to delete the specified DNS Server from the list of DNS Servers If no DNS Server is specified then it will delete all the DNS Servers DNS Server Configuration The following table displays DNS Server Configuration information Fes escrito O O Serial No The sequence number of the DNS server Preference Shows the preference of the DNS Server The preference is determined by the order they were entered Host Configuration Use this page to manually map host names to IP addresses or to view dynamic DNS mappings To access this page click System gt Management gt DNS gt Host Configuration DNS Host Configuration DNS Host Configuration ci Host Name 1 to 255 characters IP Address Dynamic Host Mapping Host Total Elapsed Type Addresses To add a static entry to the local DNS table 1 Specify the static host name to add Its length can not exceed 255 characters and it is a mandatory field for the user 2 Specify the IP addr
349. ending of ISDP version 2 packets from the device The default value is Enabled The following table describes the ISDP Advanced Global Configuration fields Field Neighbors table last time changed Description Displays when the Neighbors table last changed Device ID Displays the device ID of this switch Device ID format capability Device ID format Displays the device ID format capability Displays the device ID format Chapter Configuring System Information 107 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Interface Configuration To display this page click System gt ISDP gt Advanced gt Interface Configuration A screen similar to the following displays ISDP Interface Configuration Interface Configuration 1 All Go To Port aSo Port Admin Mode 1 0 1 Enable 1 0 2 Enable 1 0 3 Enable 1 0 4 Enable 1 0 5 Enable 1 0 6 Enable 1 0 7 Enable 1 0 8 Enable 1 0 79 Enable 1 0 10 Enable 1 0 11 Enable 1 0 12 Enable 1 0 13 Enable 1 0 14 Enable 1 0 15 Enable 1 0 16 Enable 1 0 17 Enable 1 0 18 Enable 1 0 19 Enable 1 0 20 Enable 1 0 21 Enable 1 0 22 Enable 1 0 23 Enable 1 0 24 Enable All Go To Port Go J E0 OGD CoO Go G0 Go o0 Go co coa co giao 1 Use Port to select the port on which the admin mode is configured 2 Use Admin Mode to enable or disable ISDP on the port The default value is enable 108 Chapter Configu
350. entication method s you want to be used to validate privileged EXEC access for the users associated with the list The pre configured users admin and guest are assigned to a pre configured list named defaultList which you may not delete All newly created users are also assigned to the defaultList until you specifically assign them to a different list To display the Enable Authentication List page click Security gt Management Security gt Authentication List gt Enable Authentication List Enable Authentication List Enable Authentication List es List Name C enabletist None 1 List Name If you are creating a new enable list enter the name you want to assign It can be up to 15 alphanumeric characters long and is not case sensitive 2 Use the dropdown menu to select the method that should appear first in the selected authentication login list If you select a method that does not time out as the first method such as local no other method will be tried even if you have specified more than one method The options are e Radius The user s ID and password will be authenticated using the RADIUS server instead of locally e Line The line password will be used for authentication Enable The privileged EXEC password will be used for authentication e Tacacs The user s ID and password will be authenticated using the TACACS server e None The user will not be authenticated Chapter Managing Device Sec
351. enting isteria e cnfhpar ation Use Interface to select the interface for which data is to be configured or displayed Use Admin Mode to set the administrative status of MLD on the selected interface The default value is disable Use Version to enter the version to be configured on the selected interface Valid values are 1 to 2 The default value is 2 Use Query Interval to enter the frequency in seconds at which MLD host query packets are to be transmitted on this interface Valid values are from 1 to 1800 The default value is 125 Use Query Max Response Time to enter the maximum query response time to be advertised in MLDv2 queries on this interface in milliseconds Valid values are from 0 to 65535 The default value is 10000 milliseconds Use Robustness to specify the robustness parameter for the selected interface This variable allows tuning for the expected packet loss on a subnet If a subnet is expected to be lossy the robustness variable may be increased MLD is robust to robustness variable 1 packet losses Use Startup Query Interval to specify the value that indicates the configured interval in seconds between General Queries sent by a Querier on startup Use Startup Query Count to specify the value that indicates the configured number of Queries sent out on startup separated by the Startup Query Interval Use Last Member Query Interval to enter the last member query interval in milliseconds This is the maximum r
352. er in dotted decimal format that uniquely identifies the area to which a router interface connects Use Import Summary LSAs to select enable or disable If you select enable summary LSAs will be imported into NSSA areas The Default Information Originate area displays the default Route Information These options will permit a user to advertise a default route into the NSSA when Import Summary LSAs is disabled They can also be applied by the CLI command area area id nssa default info originate in the ip router OSPF config mode e Use Admin Mode to enable or disable the default information originate Valid values are True or False e Use Metric Value to set the Default Metric value for default information originate The valid range of values is 1 to 16777214 e Use Metric Type to select the type of metric specified in the Metric Value field e Comparable Cost External Type 1 metrics that are comparable to the OSPF metric e Non comparable Cost External Type 2 metrics that are assumed to be larger than the cost of the OSPF metric Use Translate Role to select the translator role of the NSSA e always Cause the router to assume the role of the translator the instant it becomes a border router e candidate Cause the router to participate in the translator election process when it attains border router status Use Translate Stability Interval to configure the translator of the NSSA The value is the period of time that an elected translatio
353. er than the configured ICMP Pkt Size The factory default is disabled Use Denial of Service Max ICMP Packet Size to specify the Max ICMP Packet Size allowed This includes the ICMP header size of 8 bytes If ICMP DoS prevention is enabled 390 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual the switch will drop ICMP ping packets that have a size greater then this configured Max ICMP Packet Size minus the ICMP header size of 8 bytes The factory default is 512 Use Denial of Service SIP DIP to enable SIP DIP DoS prevention causing the switch to drop packets that have a source IP address equal to the destination IP address The factory default is disabled Use Denial of Service TCP FLAG to enable TCP Flag DoS prevention causing the switch to drop these packets e TCP SYN flag 1 amp source port lt 1024 e TCP control flag 0 amp sequence number 0 e TCP FIN URG PSH bits set amp sequence number 0 e TCP SYN amp FIN bits set The factory default is disabled Use Denial of Service TCP Fragment to enable TCP Fragment DoS prevention causing the switch to drop packets First TCP fragments that has a TCP payload IP_Payload_Length IP_Header_Size lt Min_TCP_Header_Size The factory default is disabled Port Authentication In port based authentication mode when 802 1X is enabled globally and on the port successful authentication of any one s
354. es System Information on page 19 Switch Statistics on page 23 System CPU Status on page 26 Slot Information on page 27 Loopback Interface on page 29 Network Interface on page 30 Time on page 34 DNS on page 41 SDM Template Preference Chapter Configuring System Information 18 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual System Information After a successful login the System Information page displays Use this page to configure and view general device information To display the System Information page click System gt Management gt System Information A screen similar to the following displays System Information Switch Status XSM7224S 24 Port 10G SFP Layer 2 Stackable Managed Product Name y s Switch with four 10G combo ports System Name System Location System Contact L Login Timeout 5 0 to 160 mins IPv4 Network Interface 10 27 34 52 255 255 255 0 IPv6 Network Interface FESO 204 6FF FEO2 407 646 IPv4 Loopback Interface IPv6 Loopback Interface System Date JAN 02 22 21 07 1970 UTC 0 00 System Up Time 1 days 22 hours 20 mins 57 secs Current SNTP Sync Status Other System SNMP OID 1 3 6 1 4 1 4526 100 1 15 System MAC Address 00 04 06 02 04 07 Supported Java Plugin Version 1 6 Current SNTP Synchronized Time Not Synchronized FAN Status OK ri 1 System Fan2 System Fan3 System Fan4 OK OK OK Power Not Fanti Present Power OK Fan2
355. es are entered an alert message will be displayed with the list of all the valid values 1 The Source select box is a dynamic selector and is populated by only those Source Routes that have already been configured for redistribute by RIP Use Source to configure another Source Route from among the Available Source Routes The valid values are e Static e Connected e OSPF 2 Use Redistribute Mode to enable or disable RIP redistribute mode The default value is disable 3 Use Metric to specify the Metric of redistributed routes for the given Source Route 4 Use Distribute List to set the Access List that filters the routes to be redistributed by the destination protocol Only permitted routes are redistributed If this command refers to a non existent access list all routes are permitted The valid values for Access List IDs are 1 to 199 When used for route filtering the only fields in an access list that get used are e Source IP Address and netmask e Destination IP Address and netmask e Action permit or deny All other fields source and destination port precedence tos etc are ignored The source IP address is compared to the destination IP address of the route The source IP netmask in the access list rule is treated as a wildcard mask indicating which bits in the source IP address must match the destination address of the route Note that a 1 in the mask indicates a don t care in the corresponding address bit
356. es ppaatbiad aeagn aad a aang 495 Dual Image Configuration lt lt 4 044gax cesig wing ace aad gine tualn staal 496 WOUDIGSMOOGUNG 2 2i50 ioaaweeteledagh eh hovate ERE NEOR 497 Ping IPV4 254 0445 an ators ohic BRAGa ES AELE NEIRE BRS esa 497 Ping IFG 20060 444264 42 204 02 494 08 644 964 0 meggate stained 498 VWracerOute PVA esascs sinsa dea baa ais Dara aa deed Swe Camara 499 Traceroute IPVO ossu iore toys eine Hey OKs eee aa oa ee4 500 Online Helpt as 4580s 4 a0ep ten st deh a oo o S HEC Oe ees 502 SUPPO geek eaea dias sche ee a Che we ea ee Ss 502 User GUIdG 45 400 cmp ehatidit i Oatues She tense a e 503 Appendix A Default Settings Appendix B Configuration Examples Virtual Local Area Networks VLANS 0 000 eee eee eee 509 VLAN Example Configuration auaa 00 00 cee eee 510 Access Control Lists ACLs eis asxn da oP en Awa ahs RAS Ad 511 MAC ACL Example Configuration 0 0 00 ee 512 Standard IP ACL Example Configuration 004 513 Differentiated Services DiffServ 2 22 26 cee ee eee ees 514 ClASS IESNI deh Ried haere Rhee Behe ee E EE 514 DiffServ Traffic Classes 4 2 3 2 2iwdciey che Pp die se ele dae hab nabs 515 Creating Policies see risoseererer rirdi pie ceed Awe eneaens 515 DiffServ Example Configuration asana aaaea 516 OUZ TA tas oye eae theres Bae Se ad eN E ae bd 518 802 1X Example Configuration 5 04 60 0 40 e 04 cde ee eae 519 MSUP ctnecesneea sans miedo
357. esh the web page to show the latest sFlow agent information sFlow Receiver Configuration To display the sFlow Receiver Configuration page click Monitoring gt sFlow gt Advanced gt sFlow Receiver Configuration sFlow Receiver Configuration sFlow Receiver Configuration i Receiver Receiver Maximum Receiver Datagram Receiver Owner Receiver Port Index Timeout Datagram Sire Address Version LER o 1400 0 0 0 0 6343 5 0 4 0 0 0 4 6345 5 fj 4 o 1400 0 0 0 0 6343 5 5 0 40 0 0 0 0 634 5 is o 1490 0 0 0 0 6343 5 0 4 0 0 0 0 343 5 js o 1400 0 0 0 0 6343 5 Receiver Index Selects the receiver for which data is to be displayed or configured Allowed range is 1 to 8 Use Receiver Owner to specify the entity making use of this sFlowRcvrTable entry The empty string indicates that the entry is currently unclaimed and the receiver configuration is reset to default values An entity wishing to claim an sFlowRcvrTable entry must ensure that the entry is unclaimed before trying to claim it The entry is claimed by setting the owner string The entry must be claimed before any changes can be made to other sampler objects Use Receiver Timeout to specify the time in seconds remaining before the sampler is released and stops sampling A management entity wanting to maintain control of the sampler is responsible for setting a new value before the old one expires Allowed range is 0 to 4294967295 secs A value of zero sets the selected rece
358. esponse time to be inserted into group specific queries sent in response to leave group messages and is also the amount of time between group specific query messages Valid values are from 0 to 65535 The default value is 1000 milliseconds 10 Use Last Member Query Count to enter the number of queries to be sent on receiving a leave group report Valid values are from 1 to 20 The default value is 2 328 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Operational Mode Description The operational status of MLD on the Interface MLD Routing Interface Statistics To display the MLD Routing Interface Statistics page click Routing gt IPv6 Multicast gt MLD gt Routing Interface Statistics MLD Routing Interface Statistics MLD Routing Intertace Statistics i all intertace Querier Status Querter IP Queries Up Time Queries Expiry Time Wroeg Version Queries Received Number of boins Received Number of Groups aN Field Description Interface The interface for which data is to be displayed Querier Status Querier IP Querier Up Time Querier Expiry Time This value indicates whether the interface is a MLD querier or non querier on the subnet it is associated with The address of the MLD querier on the IP subnet to which the selected interface is attached The time in seconds since the MLD interface querier was las
359. ess in periodic MLD queries This address is used when no address is configured on Chapter Configuring Switching Information 161 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual the VLAN on which query is being sent The supported IPv6 formats are x x x x X x x x and A 3 Use MLD Version to specify the MLD protocol version used in periodic MLD queries MLD queries 4 Use Query Interval secs to specify the time interval in seconds between periodic queries sent by the snooping querier The Query Interval must be a value in the range of 1 and 1800 The default value is 60 5 Use Querier Expiry Interval secs to specify the time interval in seconds after which the last querier information is removed The Querier Expiry Interval must be a value in the range of 60 and 300 The default value is 60 Field Description VLAN Ids Enabled For MLD Snooping Querier Displays VLAN Ids enabled for MLD snooping querier MLD Snooping Querier VLAN Configuration To access the MLD Snooping Querier VLAN Configuration page click Switching gt Multicast gt MLD Snooping gt Querier VLAN Configuration MLD Snooping Querier VLAN Configuration MLD Snooping Querier VLAN Configuration Querier Operational Last Last Election Querier VLAN Operational Operational Max VLAN ID uerier uerier Participate Address State Version Q Q Response Address Version Mode Time 1 VLAN ID Specifies the
360. ess in standard IPv4 dot notation to associate with the hostname 42 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 3 Click Add The entry appears in the list below 4 Toremove an entry from the static DNS table select the check box next to the entry and click Delete 5 To change the hostname or IP address in an entry select the check box next to the entry and enter the new information in the appropriate field and then click Apply 6 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch The Dynamic Host Mapping table shows host name to IP address entries that the switch has learned The following table describes the dynamic host fields Field Description Host Lists the host name you assign to the specified IP address Total Amount of time since the dynamic entry was first added to the table Elapsed Amount of time since the dynamic entry was last updated Type The type of the dynamic entry Addresses Lists the IP address associated with the host name SDM Template Preference You can use this page to configure SDM template preferences for the switch To access this page click System gt Management gt DNS gt SDM Template Preference SDM Template Preference SOM Templete Preference SOM Current Template 10 SOM Next Template ID saj Pvt and IPS ow SOM Template
361. et is set e Clear A packet matches this ACL rule if the TCP flag in this packet is not set Src IP Address Enter an IP address using dotted decimal notation to be compared to a packet s source IP Address as a match criteria for the selected IP ACL rule e Src IP Mask Specify the IP Mask in dotted decimal notation to be used with the Source IP Address value e Src L4 Port Specify a packet s source layer 4 port as a match condition for the selected extended IP ACL rule This is an optional configuration The possible values are DOMAIN ECHO FTP FTPDATA HTTP SMTP SNMP TELNET TFTP and WWW Each of these values translates into its equivalent port number which is used as both the start and end of the port range e DstIP Address Enter an IP address using dotted decimal notation to be compared to a packet s destination IP Address as a match criteria for the selected extended IP ACL rule e DstIP Mask Specify the IP Mask in dotted decimal notation to be used with the Destination IP Address value e DstL4 Port Specify the destination layer 4 port match conditions for the selected extended IP ACL rule The possible values are DOMAIN ECHO FTP FTPDATA HTTP SMTP SNMP TELNET TFTP and WWW Each of these values translates into its equivalent port number which is used as both the start and end of the port range This is an optional configuration e Service Type Select a Service Type match condition for the extended IP
362. ether to enable or disable the administrative status of the DNS Client e Enable Allow the switch to send DNS queries to a DNS server to resolve a DNS domain name Default value is Enable e Disable Prevent the switch from sending DNS queries Enter the DNS default domain name to include in DNS queries When the system is performing a lookup on an unqualified hostname this field is provided as the domain name for example if default domain name is netgear com and the user enters test then test is changed to test netgear com to resolve the name The length of the name should not be longer than 255 characters Use Retry Number to specify the number of times to retry sending DNS queries to DNS server This number ranges from 0 to 100 The default value is 2 Use Response Timeout secs to specify the amount of time in seconds to wait for a response to a DNS query This timeout ranges from 0 to 3600 The default value is 3 To specify the DNS server to which the switch sends DNS queries enter an IP address in standard IPv4 dot notation in the DNS Server Address and click Add The server appears in the list below You can specify up to eight DNS servers The precedence is set in the order created Chapter Configuring System Information 41 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 6 To remove a DNS server from the list select the check box next to the server you want to remove and click D
363. etrieve e Image2 Specify the code image2 when you want to retrieve CLI Banner Specify CLI Banner when you want retrieve the CLI banner file Startup Configuration Specify configuration when you want to retrieve the stored configuration Text Configuration Specify configuration in text mode when you want to retrieve the stored configuration Script File Specify script file when you want to retrieve the stored configuration Error Log Specify error log to retrieve the system error persistent log sometimes referred to as the event log Buffered Log Specify buffered log to retrieve the system buffered in memory log Trap Log Specify trap log to retrieve the system trap records Tech Support Specify Tech Support to retrieve the switch information needed for trouble shooting The factory default is Archive Use Transfer Mode to specify what protocol to use to transfer the file TFTP Trivial File Transfer Protocol SFTP Secure File Transfer Program SCP Secure Copy 488 Chapter Maintenance ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 8 Use Server Address Type to specify either IPv4 or IPv6 to indicate the format of the Server Address field The factory default is IPv4 Use Server Address to enter the IP address of the server in accordance with the format indicated by the Seer Address Type The factory default is the IPv4 address 0 0 0 0 Use Remote File Na
364. ets are sent as unicasts along this adjacency Also used in router LSAs as the Link ID for the attached network if the neighboring router is selected to be designated router The Neighbor IP address is learned when Hello packets are received from the neighbor For virtual links the Neighbor IP address is learned during the routing table build process Area ID The area ID of the OSPF area associated with the interface Options An integer value that indicates the optional OSPF capabilities supported by the neighbor The neighbor s optional OSPF capabilities are also listed in its Hello packets This enables received Hello Packets to be rejected i e neighbor relationships will not even start to form if there is a mismatch in certain crucial OSPF capabilities 252 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Router Priority The OSPF priority for the specified interface The priority of an interface is a priority integer from 0 to 255 A value of 0 indicates that the router is not eligible to become the designated router on this network Neighbor Interface Index State A Unit Slot Port identifying the neighbor interface index The state of a neighbor can be the following e Down This is the initial state of a neighbor conversation It indicates that there has been no recent information received from the neighbor On NBMA networks
365. ets by specifying the number of ICMP error packets that are allowed per burst interval By Default Rate limit is 100 packets sec i e burst interval is 1000 msec To disable ICMP Ratelimiting set this field to 0 Valid Rate Interval must be in the range 0 to 2147483647 5 Use ICMPv6 Rate Limit Burst Size to control the ICMP error packets by specifying the number of ICMP error packets that are allowed per burst interval Default burst size is 100 packets When burst interval is 0 then configuring this field is not a valid operation Valid Burst Size must be in the range 1 to 200 Chapter Routing 203 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IPv6 Route Table Use the IPv6 Route Table page to display all active IPv6 routes and their settings To display the IPv6 Route Table page click Routing gt IPv6 gt Basic gt Route Table IPv6 Route Table IPv6 Route Table Routes Displayed All Routes v Number of Routes 0 Prefix Next Hop Next Hop IP Pv6 Pref Prot I Pref a suede Length S Interface Address ghateerdaaten tes 1 Use Routes Displayed to choose from e Configured Routes Shows the routes configured by the user e Best Routes Shows only the best active routes All Routes Shows all active IPv6 routes Field Description Number of Routes Displays the total number of active routes in the route table IPv6 Prefix Displays the Network Prefix for the Active Route
366. eue for transmission As queues become full packets have no place to be held for transmission and get dropped by the switch QoS is a means of providing consistent predictable data delivery by distinguishing between packets that have strict timing requirements from those that are more tolerant of delay Packets with strict timing requirements are given special treatment in a QoS capable network With this in mind all elements of the network must be QoS capable The presence of at least one node which is not QoS capable creates a deficiency in the network path and the performance of the entire packet flow is compromised Chapter Configuring Quality of Service 334 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Class of Service The Class of Service CoS queueing feature lets you directly configure certain aspects of switch queueing This provides the desired QoS behavior for different types of network traffic when the complexities of DiffServ are not required The priority of a packet arriving at an interface can be used to steer the packet to the appropriate outbound CoS queue through a mapping table CoS queue characteristics that affect queue mapping such as minimum guaranteed bandwidth or transmission rate shaping are user configurable at the queue or port level Eight queues per port are supported From the Class of Service link under the QoS tab you can access the following pages e Ba
367. face Configuration page to configure an OSPF interface To display the Interface Configuration page click Routing gt OSPF gt Advanced gt Interface Configuration HEEE EHES f i j t 1 Interface The interface for which data is to be displayed or configured 2 Use Area ID to enter the 32 bit integer in dotted decimal format that uniquely identifies the OSPF area to which the selected router interface connects If you assign an Area ID which does not exist the area will be created with default values 3 Use Admin Mode to select enable or disable The default value is disable You can configure OSPF parameters without enabling OSPF Admin Mode but they will have no effect until you enable Admin Mode The following information will be displayed only if the Admin Mode is enabled State Designated Router Backup Designated Router Number of Link Events LSA ACK Interval and Metric Cost For OSPF to be fully functional you must enter a valid IP Address and Subnet Mask via the Interface IP Configuration page or through the CLI command ip address lt ipaddr gt lt subnet mask gt Note Once OSPF is initialized on the router it will remain initialized until the router is reset 4 Use Router Priority to enter the OSPF priority for the selected interface The priority of an interface is specified as an integer from 0 to 255 The default is 1 which is the highest router priority A value of 0 indicates that the router is no
368. face in seconds This parameter must be the same for all routers attached to a network Valid values range from 1 to 65 535 The default is 10 seconds 7 Use Dead Interval to enter the OSPF v3 dead interval for the specified interface in seconds This specifies how long a router will wait to see a neighbor router s Hello packets before Chapter Routing 269 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual declaring that the router is down This parameter must be the same for all routers attached to a network This value should a multiple of the Hello Interval e g 4 Valid values range from 1 to 65535 The default is 40 8 Use Iftransit Delay Interval to enter the OSPF v3 Transit Delay for the specified interface This specifies the estimated number of seconds it takes to transmit a link state update packet over the selected interface Valid values range from 1 to 3600 seconds 1 hour The default value is 1 second 9 Use MTU Ignore to disable OSPFv3 MTU mismatch detection on receiving packets Default value is Disable 10 Use Passive Mode to make an interface passive to prevent OSPF from forming an adjacency on an interface OSPF advertises networks attached to passive interfaces as stub networks Interfaces are not passive by default 11 Use Interface Type to set the interface type to broadcast mode or point to point mode The default interface type is broadcast 12 Use Metric Cost to enter th
369. figuration OSPF Common Area Configuration External Routing Area Area Import Summary Border Area LSA Router a Checksum 1 Use Area ID to enter the OSPF area ID An Area ID is a 32 bit integer in dotted decimal format that uniquely identifies the area to which a router interface connects Field Description Aging Interval The Link State Advertisement LSA aging timer interval External Routing A definition of the router s capabilities for the area including whether or not AS external LSAs are flooded into throughout the area If the area is a stub area then these are the possible options for which you may configure the external routing capability otherwise the only option is Import External LSAs e Import External LSAs Import and propagate external LSAs Import No LSAs Do not import and propagate external LSAs Chapter Routing 239 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Feis escrito O O SPF Runs Area Border Router Count Area LSA Count Area LSA Checksum The number of times that the intra area route table has been calculated using this area s link state database This is typically done using Dijkstra s algorithm The total number of area border routers reachable within this area This is initially zero and is calculated in each SPF Pass The total number of link state advertisements in this area s link state d
370. figuring System Information 27 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Supported Cards The following table displays Supported Cards information Fig escrito O O Card Model Displays the list of models of all cards that can be supported Card Index Displays the index assigned to the selected card type Card Type Displays the hardware type of this supported card This is a 32 bit data field Card Descriptor Displays a data field used to identify the supported card Supported Switch The following table displays Supported Switch information Field Description Switch Model ID Displays the model of the switch selected Switch Index Displays the index assigned to the selected switch type Management Preference Indicates the order in which the current switch could become Master of the stack Code Type Hardware type of supported code This is a 32 bit data field 28 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Loopback Interface Use this page to create configure and remove Loopback interfaces To display the Loopback Interface page click System gt Management gt Loopback Interface A screen similar to the following displays Loopback Interface Configuration Loopback Interface Type Loopback Interface Type IPvs i IPv4 Loopback Interface Configuration L
371. forwarded to all ports in the VLAN plus the internal bridge router interface if it was received on a routed VLAN Since a port can be configured to belong to more than one VLAN VLAN routing might be enabled for all of the VLANs on the port or for a subset VLAN Routing can be used to allow more than one physical port to reside on the same subnet It could also be used when a VLAN spans multiple physical networks or when additional segmentation or security is required This section shows how to configure the NETGEAR switch to support VLAN routing A port can be either a VLAN port or a router port but not both However a VLAN port may be part of a VLAN that is itself a router port From the VLAN link you can access the following pages e VLAN Routing Wizard on page 220 e VLAN Routing Configuration on page 221 Chapter Routing 219 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual VLAN Routing Wizard The VLAN Routing Wizard creates a VLAN adds selected ports to the VLAN The VLAN Wizard gives the user the option to add the selected ports as a Link Aggregation LAG The Wizard will Create a VLAN and generate a unique name for VLAN Add selected ports to the newly created VLAN and remove selected ports from the default VLAN Create a LAG add selected ports to a LAG then add LAG to the newly created VLAN Enable tagging on selected ports if the port is in another VLAN Disable tagging if a se
372. from the list for the binding rule The range of the VLAN ID is 1 to 4093 4 Use IP Address to specify valid IP Address for the binding rule Click ADD to add DHCP snooping binding entry into the database 6 Click DELETE to delete selected static entries from the database on Dynamic Binding Configuration 1 Interface Displays the interface to which a binding entry in the DHCP snooping database 2 Use MAC Address to display the MAC address for the binding in the binding database 3 Use VLAN ID to display the VLAN for the binding entry in the binding database The range of the VLAN ID is 1 to 4093 4 IP Address Displays IP Address for the binding entry in the binding database Chapter Managing Device Security 417 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 5 Lease Time Displays the remaining Lease time for the Dynamic entries 6 Click CLEAR to delete all DHCP Snooping binding entries DHCP Snooping Persistent Configuration To display the DHCP Snooping Persistent Configuration page click Security gt Control gt DHCP Snooping gt Persistent Configuration DHCP Snooping Persistent Configuration DHCP Snooping Persistent Configuration Store Local Remote Remote IP Address 0 0 0 0 Remote File Name Write Delay 300 1 Use Store to select the local store or remote store Local selection disable the Remote objects like Remote File Name and Remote IP address
373. ftware Administration Manual 6 Use DR Priority to enter the DR priority for the selected interface The valid values are from 0 to 2147483647 The default value is 1 Field Description Protocol State The operational state of the PIM DM protocol on this interface IPv6 Prefix Length The IPv6 Address Prefix and the Length of the selected interface Designated Router The designated router on the selected PIM interface For point to point interfaces this will be 0 0 0 0 Neighbor Count The number of PIM neighbors on the selected interface PIM Neighbor To display the IPv6 PIM Neighbor page click Routing gt IPv6 Multicast gt PIM gt PIM Neighbor PIM Neighbor PIM Neighbor Search By Interface v GO Neighbor Up Expiry Interface IP Time hh mm ss Time hh mm ss Field Description Interface The physical interface on which neighbor is displayed Neighbor IP The IP address of the PIM neighbor for this entry Up Time The time since this PIM neighbor last became a neighbor of the local router Expiry Time The minimum time remaining before this PIM neighbor will be aged out Click REFRESH to refresh the data on the screen with the latest PIM neighbor information Chapter Routing 323 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Candidate RP Configuration Use this page to configure the candidate rendezvous point R
374. g domain that is being described by the advertisement The value of the LS ID depends on the advertisement s LS type Age The time since the link state advertisement was first originated in seconds Sequence The sequence number field is a signed 32 bit integer It is used to detect old and duplicate link state advertisements The larger the sequence number the more recent the advertisement Checksum Options The checksum is used to detect data corruption of an advertisement This corruption can occur while an advertisement is being flooded or while it is being held in a router s memory This field is the checksum of the complete contents of the advertisement except the LS age field The Options field in the link state advertisement header indicates which optional capabilities are associated with the advertisement The options are e Q This enables support for QoS Traffic Engineering e E This describes the way AS external LSAs are flooded e MC This describes the way IP multicast datagrams are forwarded according to the standard specifications e O This describes whether Opaque LSAs are supported e V This describes whether OSPF extensions for VPN COS are supported Click REFRESH to show the latest OSPF Link State information Chapter Routing 255 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Virtual Link Configuration Use the OSPF Virtua
375. g reassembly at this entity IpReasmReqds The number of IP fragments received which needed to be reassembled at this entity IpReasmOKs The number of IP datagrams successfully re assembled IpReasmFails The number of failures detected by the IP re assembly algorithm for whatever reason timed out errors etc Note that this is not necessarily a count of discarded IP fragments since some algorithms can lose track of the number of fragments by combining them as they are received lpFragOKs The number of IP datagrams that have been successfully fragmented at this entity lpFragFails The number of IP datagrams that have been discarded because they needed to be fragmented at this entity but could not be e g because their Don t Fragment flag was set lpFragCreates The number of IP datagram fragments that have been generated as a result of fragmentation at this entity IpRoutingDiscards The number of routing entries which were chosen to be discarded even though they are valid One possible reason for discarding such an entry could be to free up buffer space for other routing entries IcmpInMsgs The total number of ICMP messages which the entity received Note that this counter includes all those counted by icmpInErrors 190 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description IcmpInErrors The number of ICMP messages which the en
376. g and above Disabled DNS Enabled No servers configured SNMP Enabled SNMPv1 SNMPv2 SNMPv3 SNMP Traps Enabled Auto Install Enabled Auto Save Disabled Stacking Enabled Appendix Default Settings 505 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Table 3 Default Settings Continued Feature sFlow ISDP RMON TACACS RADIUS SSH SSL Telnet Denial of Service Protection Captive Portal Dot1x Authentication IEEE 802 1X MAC Based Port Security Access Control Lists ACL IP Source Guard IPSG DHCP Snooping Dynamic ARP Inspection Protected Ports Private Groups Flow Control Support IEEE 802 3x Head of Line Blocking Prevention Maximum Frame Size Auto MDI MDIX Support Auto Negotiation Advertised Port Speed Broadcast Storm Control Port Mirroring LLDP LLDP MED MAC Table Address Aging Default Enabled Enabled Versions 1 and 2 Enabled Not configured Not configured Disabled Enabled Disabled Disabled Disabled All ports are unlocked None configured Disabled Disabled Disabled None None Enabled Disabled 1518 bytes Enabled Enabled Maximum Capacity Enabled Disabled Enabled Disabled 300 seconds Dynamic Addresses 506 Appendix Default Settings ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Table 3 Default Settings Continued Feature Default DHCP Layer 2 Re
377. g characters Packets Transmitted Without Errors The total number of packets transmitted out of the interface Unicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Multicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a Multicast address including those that were discarded or not sent Broadcast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to the Broadcast address including those that were discarded or not sent Transmit Packets Discarded The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol A possible reason for discarding a packet could be to free up buffer space Most Address Entries Ever Used The highest number of Forwarding Database Address Table entries that have been learned by this switch since the most recent reboot Address Entries in Use The number of Learned and static entries in the Forwarding Database Address Table for this switch 24 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Maximum VLAN Entries Most VLAN Entries Ever Used
378. g servers on the network To access the RADIUS Accounting Server Configuration page click Security gt Management Security gt RADIUS gt Accounting Server Configuration Accounting Server Configuration Accounting Server Configuration Lt Accounting Server IP sd Accounting Server Name Port Secret Configured Secret Accounting Mode Address Statistics Round Malformed Accounting Accounting Accounting Accounting Bad Pending Unknown Packets Trip Accounting Timeouts Server Requests Retransmissions Responses Authenticators Requests Types Dropped Time Responses To configure the RADIUS accounting server 1 In the Accounting Server IP Address field specify the IP address of the RADIUS accounting server to add 2 Inthe Accounting Server Name field enter the Name of the accounting server to add 370 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 3 In the Port field specify the UDP port number the server uses to verify the RADIUS accounting server authentication The valid range is 0 65535 If the user has READONLY access the value is displayed but cannot be changed 4 From the Secret Configured menu select Yes to add a RADIUS secret in the next field You must select Yes before you can configure the RADIUS secret After you add the RADIUS accounting server this field indicates whether the shared secret for this server has been configured
379. g two conditions e This device may not cause harmful interference and e This device must accept any interference received including interference that may cause undesired operation FCC Radio Frequency Interference Warnings amp Instructions This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following methods e Reorient or relocate the receiving antenna e Increase the separation between the equipment and the receiver Connect the equipment into an electrical outlet on a circuit different from that which the radio receiver is connected e Consult the dealer or an experienced radio TV technician for help 530 Appendix Notification of Compliance ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual FCC Caution e A
380. ge 355 Displays the number of configured policy class instances out of the total allowed on the switch Displays the number of configured policy attributes attached to the policy class instances out of the total allowed on the switch Displays the number of configured services attached to the policies on specified interfaces out of the total allowed on the switch e Service Interface Configuration on page 359 e Service Statistics on page 360 Diffserv Configuration Packets are filtered and processed based on defined criteria The filtering criteria is defined by aclass The processing is defined by a policy s attributes Policy attributes may be defined on a per class instance basis and it is these attributes that are applied when a match occurs The configuration process begins with defining one or more match criteria for a class Then one or more classes are added to a policy Policies are then added to interfaces Packet processing begins by testing the match criteria for a packet The all class type option defines that each match criteria within a class must evaluate to true for a packet to match that class The any class type option defines that at least one match criteria must evaluate to true 348 Chapter Configuring Quality of Service ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual for a packet to match that class Classes are tested in the order in which they were added
381. ged Stackable Switch Software Administration Manual DHCPv 6 Relay To display the DHCPv6 Relay page click System gt Services gt DHCPv6 Relay A screen similar to the following displays DHCPv6 Relay Configuration DHCPv6 Relay Configuration D 1 All Go To Interface SOJ Admir Rela Destinati IP Interface eee y Peis se Remote ID Mode Interface Address o d O 10 1 Disable O 1 0 2 Disable O 1 073 Disable O 10 4 Disable O os Disable O o6 Disable O 10 7 Disable O 1 0 38 Disable O 1 0 9 Disable O 1 0 10 Disable O 1 0 11 Disable C 1 0 12 Disable O 1 0 13 Disable O 1 0 14 Disable O 1 0 15 Disable O 1 0 16 Disable O 1 0 17 Disable O 1 0 18 Disable O 1 0 19 Disable CO 1 0 20 Disable O 1 0 21 Disable CJ 1 0 22 Disable C 1 0 23 Disable O 1 0 24 Disable i All Go To Interface SO 1 Use Interface to specify interface configured for DHCPv6 Relay functionality 2 Use Admin Mode to specify DHCPv6 mode to configure DHCPV6 Relay functionality DHCPVv6 server and DHCPV6 relay functions are mutually exclusive 3 Use Relay Interface to specify an interface to reach a relay server Chapter Configuring System Information 71 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 4 Use Destination IP Address to specify an IPv6 Address to reach a relay server 5 Use Remote ID to specify the relay agent information option Remote ID needs to be derived from the DHCPV6 server DUID an
382. ged for the CST Topology change The value of the topology change parameter for the switch indicating if a topology change is in progress on any port assigned to the CST It takes a value if True or False Designated root The bridge identifier of the root bridge It is made up from the bridge priority and the base MAC address of the bridge Root Path Cost Path Cost to the Designated Root for the CST Root Port Identifier Port to access the Designated Root for the CST Max Age secs Path Cost to the Designated Root for the CST Forward Delay secs Derived value of the Root Port Bridge Forward Delay parameter Chapter Configuring Switching Information 135 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fes escrito O OSO Hold Time secs Minimum time between transmission of Configuration BPDUs CST Regional Root Priority and base MAC address of the CST Regional Root CST Path Cost Path Cost to the CST tree Regional Root CST Port Configuration Use the Spanning Tree CST Port Configuration page to configure Common Spanning Tree CST and Internal Spanning Tree on a specific port on the switch To display the Spanning Tree CST Port Configuration page click Switching gt STP gt Advanced gt CST Port Configuration CST Por Configeration CST Pert Cont igne ties sacs al IEN Geer aS Ss eO e O trate transes trees estre sase sated Deote cs seire sane theme ete
383. ghbor is Click REFRESH to show the latest DHCP bindings information Click CLEAR to clear all the neighbors in the table Link State Database Use the OSPF Link State Database page to display OSPF link state information To display the Link State Database page click Routing gt OSPF gt Advanced gt Link State Database Link State Database OSPF Link State Database Router Age ID 9 Sequence Checksum Options Field Description Router ID LSA Type The 32 bit integer in dotted decimal format that uniquely identifies the router within the autonomous system AS The Router ID is set on the IP Configuration page If you want to change the Router ID you must first disable OSPF After you set the new Router ID you must re enable OSPF to have the change take effect The default value is 0 0 0 0 although this is not a valid Router ID The ID of an OSPF area to which one of the router interfaces is connected An Area ID is a 32 bit integer in dotted decimal format that uniquely identifies the area to which an interface is connected The format and function of the link state advertisement One of the following e Router Links e Network Links e Network Summary e ASBR Summary e AS external 254 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description LS ID The Link State ID identifies the piece of the routin
384. gned to selected interface and direction VLAN Binding Table Use the VLAN Binding Table page to view or delete the VLAN ACL bindings To display the VLAN Binding Table click Security gt ACL gt Advanced gt VLAN Binding Table ACL Vlan Binding VLAN Binding Configuration a VLAN ID Direction Sequence Number ACL Type ACL ID The following table describes the information displayed in the ACL VLAN Binding Table To delete a VLAN ACL to interface binding select the check box next to the interface and click Delete 1 Use Direction to specify the packet filtering direction for ACL Valid directions are Inbound and Outbound 2 Use ACL Type to specify the type of ACL Valid ACL Types include IP ACL MAC ACL and IPv6 ACL 3 Use ACL ID to display all the ACLs configured depending on the ACL Type selected 452 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description VLAN ID Specifies VLAN ID for ACL mapping Sequence Number An optional sequence number may be specified to indicate the order of this access list relative to other access lists already assigned to this VLAN and direction A lower number indicates higher precedence order If a sequence number is already in use for this VLAN and direction the specified access list replaces the currently attached access list using that sequence number If the sequence number is no
385. group prefix length Click ADD to add a new source specific group Click DELETE to delete an extant source specific group a gt a oP Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch Chapter Routing 321 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Interface Configuration Use this page to configure the administrative mode of the PIM protocol on an interface and to set the interval between PIM DM messages To display the PIM Interface Configuration page click Routing gt IPv6 Multicast PIM gt Interface Configuration PIM Interface Configuration igoooad IWooooo0oo00 IO ono PIM Interface Configuration p all Go To Interface GQ Interface amin IPv6 Hello Intervel secs Join Prune BSR DR Priority Designated Neighbor Mode Prefix Length jl Interval secs Border l ji Router Cownt a 1 0 23 Disable Non Operanona 30 60 Disable woz Drsable Non Operatonal X a Orseble t 1 0 73 Disable Non Operavonsi 30 60 Disabile oye Disable Non Operatonal x Cs Orseble i 1 0 75 Disable Non Operanona 30 60 Disable 1 0 6 Disable Non Operatonal 3 6 Disable t 1 077 Disable Non Operatons 30 0 Disabile 1s Disable Non Operational 30 s Disable t vos Desable Non Operavona 30 sO Disable wore Disable Non Operational 30 60 Disable t 1 0 21 Disable Non Operatons 30 60 Disable 1 0 12 Disable Non Operatonal
386. gth etc IcmpInDestUnreachs IcmpInTimeExcds IcmpInParmProbs IcmpInSrcQuenchs The number of ICMP Destination Unreachable messages received The number of ICMP Time Exceeded messages received The number of ICMP Parameter Problem messages received The number of ICMP Source Quench messages received IcmpInRedirects The number of ICMP Redirect messages received IcmpInEchos IcmpInEchoReps IcmpInTimestamps IcmpInTimestampReps The number of ICMP Echo request messages received The number of ICMP Echo Reply messages received The number of ICMP Timestamp request messages received The number of ICMP Timestamp Reply messages received IcmpInAddrMasks The number of ICMP Address Mask Request messages received IcmpInAddrMaskReps The number of ICMP Address Mask Reply messages received IcmpOutMsgs The total number of ICMP messages which this entity attempted to send Note that this counter includes all those counted by icmpOutErrors IcmpOutErrors IcmpOutDestUnreachs IcmpOutTimeExcds IcmpOutParmProbs The number of ICMP messages which this entity did not send due to problems discovered within ICMP such as a lack of buffers This value should not include errors discovered outside the ICMP layer such as the inability of IP to route the resultant datagram In some implementations there may be no types of error which contribute to this counter s value
387. guration Interface Configuration Interface Configuration Interface 1 0 1 Send Version RIP 2 Receive Version Both x RIP Admin Mode Disable Enable Authentication Type None Bad Packets Received Bad Routes Received Updates Sent Status Send Receive Admin Link Interface Version Version Mode State RIP Interface Configuration 1 Use Interface to select the interface for which data is to be configured 2 Use Send Version to select the version of RIP control packets the interface should send from the pull down menu The value is one of the following e RIP 1 Send RIP version 1 formatted packets via broadcast e RIP 1c RIP version 1 compatibility mode Send RIP version 2 formatted packets via broadcast e RIP 2 Send RIP version 2 packets using multicast The default is RIP 2 e None No RIP control packets will be sent 3 Use Receive Version to select what RIP control packets the interface will accept from the pull down menu The value is one of the following e RIP 1 Accept only RIP version 1 formatted packets e RIP 2 Accept only RIP version 2 formatted packets The default is RIP 2 Both Accept packets in either format e None No RIP control packets will be accepted 4 Use RIP admin mode to enable RIP for an interface The default is Disable 230 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 5 Use Authentication Ty
388. guration OSPFv3 Area Range Configuration w E Area ID IPv6 Prefix LSDB Type Advertise oO 1 Use Area ID to specify the area for which data is to be configured 2 Use IPv6 Prefix to enter the IPv6 Prefix Prefix Length for the address range for the selected area 3 Use LSDB Type to select the type of Link Advertisement associated with the specified area and address range The default type is Network Summary 4 Use Advertise to select Enable or Disable If you select Enable the address range will be advertised outside the area via a Network Summary LSA The default is Enable 5 Click ADD to add the new address range to the switch 6 Click DELETE to remove the specified address range from the area configuration Interface Configuration Use the OSPF v3 Interface Configuration page to create and configure OSPF v3 interfaces 268 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual To display the Interface Configuration page click Routing gt OSPFv3 gt Advanced gt Interface Configuration PI PUEUEU EVRY EVES ES ESE 1 Interface The interface for which data is to be displayed or configured 2 Use Area ID to enter the 32 bit integer in dotted decimal format that uniquely identifies the OSPF v3 area to which the selected router interface connects If you assign an Area ID which does not exist the area will be created with default values 3 Use Admi
389. gure the BPDU Flood which floods the BPDU traffic arriving on this port when STP is disabled on this port The possible values are Enable or Disable 8 Use Auto Edge to configure the auto edge mode of a port which allows the port to become an edge port if it does not see BPDUs for some duration The possible values are Enable or Disable 9 Use Root Guard to configure the root guard mode which sets a port to discard any superior information received by the port and thus protect against root of the device from changing The port gets put into discarding state and does not forward any packets The possible values are Enable or Disable 10 Use Loop Guard to configure the loop guard on the port to protect layer 2 forwarding loops If loop guard is enabled the port moves into the STP loop inconsistent blocking state instead of the listening learning forwarding state 11 Use TCN Guard to configure the TCN guard for a port restricting the port from propagating any topology change information received through that port The possible values are Enable or Disable 12 Use Port Mode to enable disable Spanning Tree Protocol Administrative Mode associated with the port or port channel The possible values are Enable or Disable Field Description Auto Calculated Port Path Cost Displays whether the path cost is automatically calculated Enabled or not Disabled Path cost will be calculated based on the link speed of the port if the configured value for
390. h Readius MIB RADIUS Accounting Chent MIS RADIUS Authenbcabon Chert MIB FastPath Captive Portal MIB The Srosdcom Private MIB for FastPath Mgnt Security The MIB module defines the AddressFamilyNumbers textus convention RIP Version 2 MIS Extension OSPF Version 2 Management Information Base The MIS module to describe traps for the OSPF Vernon 2 Protocol Oefinibons of Managed Objects for the Virtual Ravter Redundancy Protocol FASTPATH Route Layer J FASTPATH Plex QOS Support FASTPATH Fiex QOS ACL FASTPATH Flex QOS COS FASTPATH Flex QOS VOIP Management Information Base for the Textual Conventions used in DIFFSERV MIB Managemert Informaten Base for the Otferertiated Services Archtecture FASTPATH Flex QOS DiffServ Private MISs definitions FASTPATH Plex QOS OeffServ Private MiGs defintions 1Pv4 Multicast Routing MIS MGMOD MIB includes IGMPv3 and MLOw2 Protocol Independent Multicast MIB Bootstrap Router mechanism for PIM routers Distance Vector Mulicast Routing Protocol MIB IANA IP Route Protocol and IP MRoute Protocol Textual Conventions The MIB module defines objects to configure Non Stop Forwarding Chapter Configuring System Information 87 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual The following table describes the SNMP Supported MIBs Status fields Field Description Name The RFC number if applicable and the name of the MIB Description The RFC title or MIB description
391. h the Designated Router and the Backup Designated Router The state of the Virtual Neighbor Relationship Chapter Routing 257 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Route Redistribution This screen can be used to configure the OSPF Route Redistribution parameters The allowable values for each fields are displayed next to the field If any invalid values are entered an alert message will be displayed with the list of all the valid values To display the Route Redistribution page click Routing gt OSPF gt Advanced gt Route Redistribution Route Redistribution OSPF Route Redistribution Redistribute Subnets Distribute List Option C Static Disable 0 External Type 2 0 Disable Owsadle 0 External Type 2 o Disable 1 Use Source to list available source routes that have not previously been configured for redistribution by OSPF The valid values are Static Connected and RIP 2 Use Redistribute Option to enable or disable the redistribution for the selected source protocol 3 Use Metric to set the metric value to be used as the metric of redistributed routes This field displays the metric if the source was pre configured and can be modified The valid values are 0 to 16777214 4 Use Metric Type to set the OSPF metric type of redistributed routes 5 Use Tag to set the tag field in routes redistributed This field displays the tag if the
392. h the switch s network interface do not affect the configuration of the front panel ports through which traffic is switched or routed To access the switch over a network you must first configure it with IP information IP address subnet mask and default gateway You can configure the IP information using any of the following lt BOOTP lt DHCP e Terminal interface via the EIA 232 port 30 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Once you have established in band connectivity you can change the IP information using any of the following e Terminal interface via the EIA 232 port e Terminal interface via telnet e SNMP based management e Web based management 1 Use IP Address to specify the IP address of the interface The factory default value is 169 254 100 100 2 Use Subnet Mask to enter the IP subnet mask for the interface The factory default value is 255 255 0 0 3 Use Default Gateway to specify the default gateway for the IP interface The factory default value is 0 0 0 0 4 Use Locally Administered MAC Address to configure a locally administered MAC address for in band connectivity instead of using the burned in universally administered MAC address In addition to entering an address in this field you must also set the MAC address type to locally administered Enter the address as twelve hexadecimal digits 6 bytes with a colo
393. h to a source specific shortest path tree The valid values are from 0 to 2000 The default value is 0 8 Use Register Threshold Rate kbps to enter the rate in K bits second above which the Rendezvous Point router will switch to a source specific shortest path tree The valid values are from 0 to 2000 The default value is 0 Chapter Routing 309 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual SSM Configuration While PIM employs a specially configured RP router that serves as a meeting junction for multicast senders and listeners Protocol Independent Multicast Source Specific Multicast PIM SSM does not use an RP It supports only source route deliver trees It is used between routers so that they can track which multicast packets to forward to each other and to their directly connected LANs The SSM service model can be implemented with a strict subset of the PIM protocol mechanisms Both regular IP Multicast and SSM semantics can coexist on a single router and both can be implemented using the PIM protocol A range of multicast addresses currently 232 0 0 0 8 in IPv4 and FF3x 32 in IPv6 is reserved for SSM Use this page to display or remove the Source Specific Multicast SSM group IP address and group mask for the PIM router To display the PIM SSM Configuration page click Routing gt Multicast PIM gt SSM Configuration PIM SSM Configuration SSM Configuration E SSM nena Address SSM
394. he ASBR mode is enabled or disabled Enable implies that the router is an autonomous system border router Router automatically becomes an ASBR when it is configured to redistribute routes learnt from other protocol ABR Status The values of this are enabled or disabled Enabled implies that the router is an area border router Disabled implies that it is not an area border router External LSA Count The number of external LS type 5 LSAs link state advertisements in the link state database External LSA Checksum The sum of the LS checksums of the external LSAs link state advertisements contained in the link state database This sum can be used to determine if there has been a change in a router s link state database and to compare the link state databases of two routers New LSAs Originated In any given OSPF v3 area a router will originate several LSAs Each router originates a router LSA If the router is also the Designated Router for any of the area s networks it will originate network LSAs for those networks This value represents the number of LSAs originated by this router LSAs Received The number of LSAs link state advertisements received that were determined to be new instantiations This number does not include newer instantiations of self originated LSAs 264 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Common Area Configuration Use the Common Ar
395. he PAUSE operation This counter does not increment when the interface is operating in half duplex mode GVRP PDUs Received GVRP PDUs Transmitted GVRP Failed Registrations The count of GVRP PDUs received in the GARP layer The count of GVRP PDUs transmitted from the GARP layer The number of times attempted GVRP registrations could not be completed GMRP PDUs Received GMRP PDUs Transmitted GMRP Failed Registrations The count of GMRP PDUs received from the GARP layer The count of GMRP PDUs transmitted from the GARP layer The number of times attempted GMRP registrations could not be completed EAPOL Frames Received The number of valid EAPOL frames of any type that have been received by this authenticator EAPOL Frames Transmitted Time Since Counters Last Cleared EAP Statistics The number of EAPOL frames of any type that have been transmitted by this authenticator The elapsed time in days hours minutes and seconds since the statistics for this port were last cleared Use the EAP Statistics page to display information about EAP packets received on a specific port To display the EAP Statistics page click Monitoring gt Ports gt EAP Statistics Chapter Monitoring the System 463 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual EAP Statistics LAP Statistics 1 an tar Response ID Response Request 1ID Autherbcateor 8 WOR Awthertica
396. he last querier from which a query was snooped on the VLAN Displays the IGMP protocol version of the last querier from which a query was snooped on the VLAN Displays maximum response time to be used in the queries that are sent by the Snooping Querier 156 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual MLD Snooping From the MLD Snooping link you can access the following pages e MLD Snooping Configuration on page 157 e MLD Snooping Interface Configuration on page 158 e MLD VLAN Configuration on page 159 e Multicast Router Configuration on page 160 e Multicast Router VLAN Configuration on page 161 e MLD Snooping Querier Configuration on page 161 e MLD Snooping Querier VLAN Configuration on page 162 MLD Snooping Configuration Use this menu to configure the parameters for MLD Snooping which is used to build forwarding lists for multicast traffic Note that only a user with Read Write access privileges may change the data on this screen To access the MLD Snooping Configuration page click Switching gt Multicast gt MLD Snooping gt Configuration MLD Snooping Configuration MLD Snooping Configuration MLD Snooping Admin Mode Disable Enable Multicast Control Frame Count 0 Interfaces Enabled for MLD Snooping Data Frames Forwarded by the CPU 0 VLAN IDs Enabled for MLD Snooping 1 Use MLD Snooping Admin Mode to
397. he maximum time that user passwords are valid in days from the time the password is set Once a password expires the user will be required to enter a new password following the first login after password expiration A value of 0 indicates that passwords never expire 3 Use Password History to specify the number of previous passwords to store for prevention of password reuse This ensures that each user does not reuse passwords often A value of 0 indicates that no previous passwords will be stored 4 Use Lockout Attempts to specify the number of allowable failed local authentication attempts before the user s account is locked A value of 0 indicates that user accounts will never be locked 364 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Enable Password Configuration This page prompts you to change the Privileged EXEC password Passwords are a maximum of 64 alphanumeric characters The password is case sensitive To display the Enable Password Configuration page click Security gt Management Security gt Enable Password Enable Password Configuration Enable Password Configuration Password eeecccee Confirm Password eeccccee 1 Use Password to specify a password Passwords are a maximum of 64 alphanumeric characters 2 Use Confirm Password to enter the password again to confirm that you entered it correctly Line Password Configuration T
398. he number of EAP response identity frames that have been received by this authenticator EAP Response Frames Received EAP Request ID Frames Transmitted EAP Request Frames Transmitted This displays the number of valid EAP response frames other than resp id frames that have been received by this authenticator This displays the number of EAP request identity frames that have been transmitted by this authenticator This displays the number of EAP request frames other than request identity frames that have been transmitted by this authenticator Chapter Monitoring the System 465 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Cable Test To display the Cable Test page click Monitoring gt Ports gt Cable Test Cable Test Cable Test 1 All Go To Interface GO O Interface Cable Status Cable Length Failure Location O 1 0 1 Invalid cable type C 170 2 Invalid cable type E 1 0 3 Invalid cable type C 10 4 Invalid cable type O 1 0 5 Invalid cable type 1 0 6 Invalid cable type C 1 0 7 Invalid cable type O 10 8 Invalid cable type C 1 0 9 invalid cable type C 1 0 10 Invalid cable type C 1 0 11 Invalid cable type 1 0 12 Invalid cable type O 1 0 13 Invalid cable type O 1 0 14 Invalid cable type O 1 0 15 Invalid cable type O 1 0 16 Invalid cable type O 1 0 17 Invalid cable type 0 1 0 18 Invalid cable type 1 0 19 Invalid cable type 1 0 20 I
399. he port 1 0 6 of Switch_2 is connected to a Multicast Host Receiver station and the port 1 0 4 of Switch_1 is connected to a Multicast Source station The switches 1 and 2 are connected back to back through the port 1 0 6 of Switch_1 and 1 0 4 of Switch_2 Multicast Receiver Configuration of Switch_1 Global Configuration 1 Enable IP Routing Use the IP Configuration page P Configuration on page 186 and enable the Routing Mode 2 Enable IP Multicast Use the Multicast Global Configuration page Multicast Global Configuration on page 293 and enable the Admin Mode 3 Enable a Unicast Routing protocol RIP OSPF Refer to the respective help of this item 4 To use Dense mode PIM DM a Enable Dense Mode Use the PIM Global Configuration page Global Configuration on page 309 select the PIM Protocol Type as PIM DM and enable the Admin Mode 5 To use Sparse mode PIM SM a Enable Sparse Mode Use the PIM Global Configuration page G obal Configuration on page 309 select the PIM Protocol Type as PIM SM and enable the Admin Mode b For multicast data to route with Sparse Mode a Rendezvous point RP is required To configure an RP either of the following can be done Static 1 Configure Static RP Use PIM Static RP Configuration page Static RP Configuration on page 314 set the following parameters e RP Address 1 1 1 2 e Group Address 224 1 2 0 e Group Mask 225 255 255 0 e Override Disable Appendix
400. he remote systems because the information timeliness interval has expired Specifies the unit slot port for the interfaces Transmit Total Specifies the number of LLDP frames transmitted by the LLDP agent on the corresponding port Receive Total Specifies the number of valid LLDP frames received by this LLDP agent on the corresponding port while the LLDP agent is enabled Discards Specifies the number of LLDP TLVs discarded for any reason by the LLDP agent on the corresponding port Errors Specifies the number of invalid LLDP frames received by the LLDP agent on the corresponding port while the LLDP agent is enabled Age outs TLV Discards Specifies the number of age outs that occurred on a given port An age out is the number of times the complete set of information advertised by a particular MAC Service Access Point MSAP has been deleted from tables associated with the remote entries because information timeliness interval had expired Specifies the number of LLDP TLVs discarded for any reason by the LLDP agent on the corresponding port Chapter Configuring System Information 93 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fes escrito O O TLV Unknowns Specifies the number of LLDP TLVs received on the local ports which were not recognized by the LLDP agent on the corresponding port TLV MED Specifies the total number of LLDP MED T
401. hentication list to use when you login through telnet The default value is networkList 2 Use Enable Authentication List to specify which authentication list you are using when going into the privileged EXEC mode The default value is enableList Inbound Telnet Configuration This page regulates new telnet sessions If Allow New Telnet Sessions are enabled new inbound telnet sessions can be established until there are no more sessions available If Allow New Telnet Sessions are disabled no new inbound telnet sessions are established An established session remains active until the session is ended or an abnormal network error ends the session 1 Use Allow New Telnet Sessions to specify whether the new Inbound Telnet session is Enabled or Disabled Default value is Enabled 2 Use Session Timeout to specify how many minutes of inactivity should occur on a telnet session before the session is logged off You may enter any number from 1 to 160 The factory default is 5 3 Use Maximum Number of Sessions to select how many simultaneous telnet sessions will be allowed The maximum is 5 which is also the factory default 4 Current Number of Sessions Displays the number of current sessions Outbound Telnet Client Configuration This page regulates new outbound telnet connections If Allow New Telnet Sessions are enabled new outbound telnet sessions can be established until there are no more sessions available If Allow New Telnet Sessio
402. her If this option is selected the UDP Port Other Value is enabled This option permits a user to enter their own UDP port in UDP Port Other Value 4 Use UDP Port Other Value to specify a UDP Destination Port that lies between 0 and 65535 5 Click ADD to create an entry in UDP Relay Table with the specified configuration 6 Click DELETE to remove all entries or a specified one from UDP Relay Table The following table describes the UDP Relay Global Configuration fields Field Description Hit Count Show the number of UDP packets hitting the UDP port UDP Relay Interface Configuration To display the UDP Relay Interface Configuration page click System gt Services gt UDP Relay gt UDP Relay Interface Configuration A screen similar to the following displays UDP Relay Interface Configuration UDP Relay Interface Configuration Server UDP Port Hit UDP Port Di d Address gt Other Value Count 1 Use Interface to select an Interface to be enabled for the UDP Relay 2 Use Server Address to specify the UDP Relay Server Address in x x x x format 3 Use UDP Port to specify UDP Destination Port The following ports are supported e DefaultSet Relay UDP port 0 packets This is specified if no UDP port is selected when creating a Relay server e dhcp Relay DHCP UDP port 67 packets e domain Relay DNS UDP port 53 packets e isakmp Relay ISAKMP UDP port 500 packets Chapter Configuring Sys
403. hich an interface is connected 276 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description LSA Type The format and function of the link state advertisement One of the following e Router LSA A router may originate one or more router Isas for a given area Each router lsa originated in an area describes the collected states of all the router s interfaces to the area Network LSA A network Isa is originated for every link having two or more attached routers by the designated router It lists all the routers attached to the link Inter Area Router LSA This type describes a prefix external to the area yet internal to the autonomous system It is originated by an Area Border Router AS External LSA This LSA type describes a path to a prefix external to the autonomous system and is originated by an Autonomous System Border Router Link LSA A router originates a separate Link Isa for each attached link It provides router s link local address to routers attached to the link and also inform them of a list of IPv6 prefixes to associate with the link Intra Area Prefix LSA A link s designated router originates one or more intra areaprefix Isas to advertise the link s prefixes throughout the area A router may originate multiple intra area prefix Isas for a given area to advertise its own prefixes and those of its attached stub links LS ID
404. icant the system that requests authentication as well as between the authenticator and the authentication server The NETGEAR switches support a guest VLAN which allows unauthenticated users to have limited access to the network resources Note You can use QoS features to provide rate limiting on the guest VLAN to limit the network resources the guest VLAN provides Another 802 1X feature is the ability to configure a port to Enable Disable EAPoL packet forwarding support You can disable or enable the forwarding of EAPoL when 802 1X is disabled on the device The ports of an 802 1X authenticator switch provide the means in which it can offer services to other systems reachable via the LAN Port based network access control allows the operation of a switch s ports to be controlled in order to ensure that access to its services is only permitted by systems that are authorized to do so Port access control provides a means of preventing unauthorized access by supplicants to the services offered by a system Control over the access to a switch and the LAN to which it 518 Appendix Configuration Examples ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual is connected can be desirable in order to restrict access to publicly accessible bridge ports or to restrict access to departmental LANs Access control is achieved by enforcing authentication of supplicants that are attached to an authenticator s con
405. ication list which is used by 802 1X Advanced From the Advanced link you can access the following pages 802 1X Configuration on page 393 Port Authentication on page 394 Port Summary on page 398 Client Summary on page 401 802 1X Configuration Use the 802 1X Configuration page to enable or disable port access control on the system To display the 802 1X Configuration page click Security gt Port Authentication gt Advanced gt 802 1X Configuration 802 1X Configuration 802 1X Configuration G Administrative Mode Disable Enable VLAN Assignment Mode Disable Enable Dynamic VLAN Creation Mode Disable Monitor Mode Disable Users admin v Login defaultList Authentication List dotixList Use Administrative Mode to select one of the options for administrative mode enable and disable The default value is disable Use VLAN Assignment Mode to select one of the options for VLAN Assignment mode enable and disable The default value is disable Use Users to select the user name that will use the selected login list for 802 1x port security Chapter Managing Device Security 393 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 4 Use Login to select the login to apply to the specified user All configured logins are displayed Field Description OOOO O Authentication List Displays the authentication list which is used by 802 1X Port Authentication Use the Po
406. ice ID format capability Device ID format Displays the device ID format Advanced From the Advanced link you can access the following pages e Global Configuration on page 106 e interface Configuration on page 108 e ISDP Neighbor on page 109 e ISDP Statistics on page 110 Global Configuration To display this page click System gt ISDP gt Advanced gt Global Configuration A screen similar to the following displays Global Configuration Global Configuration 2 Admin Mode Disable Enable Timer 30 Hold Time 180 Version 2 Advertisements Disable Enable Neighbors table last time changed 2 Days 01 15 37 Device ID 2ER1084000005 Device ID Format Capability Serial Number Host Name Device ID Format Serial Number 106 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 Use Admin Mode to specify whether the ISDP Service is to be Enabled or Disabled The default value is Enabled 2 Use Timer to specify the period of time between sending new ISDP packets The range is 5 to 254 seconds Default value is 30 seconds 3 Use Hold Time to specify the hold time for ISDP packets that the switch transmits The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it The range 10 to 255 seconds Default value is 180 seconds 4 Use Version 2 Advertisements to enable or disable the s
407. ick Switching gt STP gt Advanced gt MST Configuration MST Configuration MST Configuration vano Topol Root opok oo Simce porouy Topology Root Port MST ID Priority Bridge Identifier Vian Id Change Designated Root Path Topology gt 7 Change Cont Hiontifier oun osi Change 32768 80 00700 06 06 02 04 07 3 Oday Oh ISmmasec 3 Faise 60 00 00 00 00 01 03 B59 60000 80 16 To configure an MST instance 1 To add an MST instance configure the MST values and click Add e MST ID Specify the ID of the MST to create Valid values for this are between 1 and 4094 This is only visible when the select option of the MST ID select box is selected e Priority Specifies the bridge priority value for the MST When switches or bridges are running STP each is assigned a priority After exchanging BPDUs the switch with the lowest priority value becomes the root bridge The bridge priority is a multiple of Chapter Configuring Switching Information 139 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 4096 If you specify a priority that is not a multiple of 4096 the priority is automatically set to the next lowest priority that is a multiple of 4096 For example if the priority is attempted to be set to any value between 0 and 4095 it will be set to 0 The default priority is 32768 The valid range is 0O 61440 e VLAN ID This gives a combo box of each VLAN on the switch These can be sele
408. ification TCS and the Service Level Specification SLS operation respectively Traffic Conditioning Policy Traffic conditioning pertains to actions performed on incoming traffic There are several distinct QoS actions associated with traffic conditioning Appendix Configuration Examples 515 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Dropping Drop a packet upon arrival This is useful for emulating access control list operation using DiffServ especially when DiffServ and ACL cannot co exist on the same interface Marking IP DSCP or IP Precedence Marking re marking the DiffServ code point ina packet with the DSCP value representing the service level associated with a particular DiffServ traffic class Alternatively the IP Precedence value of the packet can be marked re marked e Marking CoS 802 1p Sets the three bit priority field in the first only 802 1p header to a specified value when packets are transmitted for the traffic class An 802 1p header is inserted if it does not already exist This is useful for assigning a layer 2 priority level based on a DiffServ forwarding class i e DSCP or IP Precedence value definition to convey some QoS characteristics to downstream switches which do not routinely look at the DSCP value in the IP header e Policing A method of constraining incoming traffic associated with a particular class so that it conforms to the terms of the TCS
409. ing Quality of Service 335 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual ingress of an untrusted port are directed to a specific CoS queue on the appropriate egress port s in accordance with the configured default priority of the ingress port This process is also used for cases where a trusted port mapping is unable to be honored such as when a non IP packet arrives at a port configured to trust the IP DSCP value To configure global CoS settings 1 Use Global to specify all CoS configurable interfaces The option Global represents the most recent global configuration settings 2 Use Interface to specify CoS configuration settings based per interface Use Global Trust Mode to specify whether to trust a particular packet marking at ingress Global Trust Mode can only be one of the following Default value is trust dot1p e untrusted e trust dotip e trust ip dscp 4 Use Interface Trust Mode to specify whether to trust a particular packet marking at ingress Interface Trust Mode can only be one of the following Default value is untrusted e untrusted e trust dotip e trust ip dscp 5 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 6 If you change any of the settings on the page click Apply to send the updated configuration to the switch 336 Chapter Configuring Quality of Service ProSafe XSM7224S 10
410. ing packet initial value is default value The Size you enter is not retained across a power cycle PING displays the result after the switch sends a Ping request to the specified address Click Cancel to cancel the operation on the screen and reset the data on the screen to the latest value of the switch Click Apply to send the ping The switch sends the number of pings specified in the Count field and the results are displayed below the configurable data in the Ping area Ping IPv This screen is used to send a Ping request to a specified Hostname or IPv6 address You can use this to check whether the switch can communicate with a particular IPv6 station Once you click the Apply button the switch will send three pings and the results will be displayed below the configurable data The output will be Send count 3 Receive count n from IPv6 Address Average round trip time n ms To access the Ping IPv6 page click Maintenance gt Troubleshooting gt Ping IPv6 Ping IPv6 Ping IPv6 Ping Global v IPv6 Address Host Name Datagram Size 64 Ping 1 Use Ping to select either global IPv6 Address Hostname or Link Local Address to ping 2 Use IPv6 Address Hostname to enter the IPv6 address or Hostname of the station you want the switch to ping The initial value is blank The IPv6 Address or Hostname you enter is not retained across a power cycle 3 Use Datagram Size to enter the datagram size The valid range is 48 to 2048
411. ink is up or down Configured Ports Indicate the ports that are members of this port channel Active Ports Indicates the ports that are actively participating in the port channel LAG Membership Use the LAG Membership page to select two or more full duplex Ethernet links to be aggregated together to form a link aggregation group LAG which is also known as a port channel The switch can treat the port channel as if it were a single link To access the LAG Membership page click Switching gt LAG gt LAG Membership LAG Membership LAG Membership LAG ID LAG Description Admin Mode Link Trap STP Mode Static Mode Hash Mode Src Dest MAC VLAN EType incoming port v Port Selection Table 1 Use LAG ID to select the identification of the LAG 2 Use LAG Name to enter the name you want assigned to the LAG You may enter any string of up to 15 alphanumeric characters A valid name has to be specified in order to create the LAG 3 Use LAG Description to enter the Description string to be attached to a LAG It can be up to 64 characters in length 4 Use Admin Mode to select enable or disable from the pull down menu When the LAG is disabled no traffic will flow and LACPDUs will be dropped but the links that form the LAG will not be released The factory default is enable 5 Use Link Trap to specify whether you want to have a trap sent when link status changes The factory default is enable which will c
412. ion Agent Version 1 3 Netgear Inc 3 21 13 28 Agent Address 10 27 34 52 Field Description Agent Version Uniquely identifies the version and implementation of this MIB The version string must have the following structure MIB Version Organization Software Revision where MIB Version 1 3 the version of this MIB e Organization NETGEAR Inc e Revision 1 0 Agent Address The IP address associated with this agent Click REFRESH to refresh the web page to show the latest sFlow agent information Advanced From the Advanced link you can access the following pages e sFlow Agent on page 479 e sFlow Receiver Configuration on page 480 e sFlow Interface Configuration on page 481 sFlow Agent To display the sFlow Agent page click Monitoring gt sFlow gt Advanced gt sFlow Agent sFlow Agent Information sFlow Agent Information O Agent Version 1 3 Netgear Inc 3 21 13 28 Agent Address 10 27 34 52 Chapter Monitoring the System 479 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Agent Version Uniquely identifies the version and implementation of this MIB The version string must have the following structure MIB Version Organization Software Revision where MIB Version 1 3 the version of this MIB e Organization NETGEAR Inc e Revision 1 0 Agent Address The IP address associated with this agent Click REFRESH to refr
413. ion ACL ID Direction Inbound v Sequence Number ios 1 to 4294967295 Port Selection Table Interface Binding Status ACL Type ACLID Sequence Number Chapter Managing Device Security 439 4 5 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Select an existing MAC ACL from the ACL ID menu You can select one and bind it to the interfaces you wanted The packet filtering direction for ACL is Inbound which means the MAC ACL rules are applied to traffic entering the port Specify an optional sequence number to indicate the order of this access list relative to other access lists already assigned to this interface and direction A low number indicates high precedence order If a sequence number is already in use for this interface and direction the specified access list replaces the currently attached access list using that sequence number If the sequence number is not specified by the user a Sequence number that is one greater than the highest sequence number currently in use for this interface and direction will be used The valid range is 14294967295 Click the appropriate orange bar to expose the available ports or LAGs The Port Selection Table provides a list of all available valid interfaces for ACL binding All non routing physical interfaces vlan interface and interfaces participating in LAGs are listed e To add the selected ACL to a port or LAG click the box dir
414. ion By default the switch has one captive portal You can change the settings for that captive portal and you can also create and configure up to nine additional portals To display the Captive Portal Configuration page click Security gt Control gt Captive Portal gt CP Configuration Captive Portal Conligurates Captive Portal Configuration 430 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 10 11 12 13 14 15 16 17 Use the CP ID pull down menu to select the CP ID for which to create or update Use CP Name to enter the name of the configuration Name can contain 1 to 31 alphanumeric characters Use Admin Mode to enable or disable this CP instance Use Protocol to choose whether to use HTTP or HTTPs as the protocol for the portal to use during the verification process HTTP Does not use encryption during verification e HTTPS Uses the Secure Sockets Layer SSL which requires a certificate to provide encryption The certificate is presented to the user at connection time Use Verification to select the mode for the CP to use to verify clients Guest The user does not need to be authenticated by a database e Local The switch uses a local database to authenticated users e RADIUS The switch uses a database on a remote RADIUS server to authenticate users Use Block to control the blocked status If the CP
415. ion List Shows the authentication list which HTTP are using 380 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual HTTPS From the HTTPS link you can access the following pages e HTTPS Configuration on page 381 e Certificate Management on page 382 e Certificate Download on page 383 HTTPS Configuration Secure HTTP enables the transmission of HTTP over an encrypted Secure Sockets Layer SSL or Transport Layer Security TLS connection When you manage the switch by using a Web interface secure HTTP can help ensure that communication between the management system and the switch is protected from eavesdroppers and man in the middle attacks Use the Secure HTTP Configuration page to configure the settings for HTTPS communication between the management station and the switch To display the Secure HTTP Configuration page click Security gt Access gt HTTPS gt HTTPS Configuration HTTPS Configuration HTTPS Configuration G HTTPS Admin Mode Disable Enable SSL Version 3 Disable Enable TLS Version 1 Disable Enable HTTPS Port 443 HTTPS Session Soft Timeout Minutes 60 HTTPS Session Hard Timeout Hours 24 Maximum Number of HTTPS Sessions 16 Authentication List HttpsListName To configure HTTPS settings 1 Use HTTPS Admin Mode to Enable or Disable the Administrative Mode of Secure HTTP The currently configured value is shown when the we
416. ion Manual OSPFv3 Configuration Use the OSPF v3 Configuration page to activate and configure OSPF v3 for a switch To display the OSPFv3 Configuration page click Routing gt OSPFv3 gt Basic gt OSPFv3 Configuration 1 OSPFv3 Configuration OSPFv3 Configuration Admin Mode Disable Enable Router ID 0 0 0 0 Use Admin Mode to select enable or disable If you select enable OSPF v3 will be activated for the switch The default value is disable You must configure a Router ID before OSPFv3 can become operational This can also be done by issuing the CLI command router id in the IPv6 router OSPF mode Use Router ID to specify the 32 bit integer in dotted decimal format that uniquely identifies the router within the autonomous system AS If you want to change the Router ID you must first disable OSPFv3 After you set the new Router ID you must re enable OSPFv3 to have the change take effect The default value is 0 0 0 0 although this is not a valid Router ID Note Once OSPFv3 is initialized on the router it will remain initialized until the router is reset Advanced From the Advanced link you can access the following pages OSPFv3 Configuration on page 262 Common Area Configuration on page 265 Stub Area Configuration on page 266 NSSA Area Configuration on page 267 Area Range Configuration on page 268 Interface Configuration on page 268 Interface Statistics on page 272 Neighbor Table on page 275 Link St
417. is incremented at the interface to which these datagrams were addressed which might not be necessarily the input interface for some of the datagrams The number of input datagrams discarded because the IPv6 address in their IPv6 header s destination field was not a valid address to be received at this entity This count includes invalid addresses e g 0 and unsupported addresses e g addresses with unallocated prefixes For entities which are not IPv6 routers and therefore do not forward datagrams this counter includes datagrams discarded because the destination address was not a local address The number of input datagrams discarded because datagram frame didn t carry enough data 210 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Received Datagrams Discarded Other Received Datagrams Reassembly Required The number of input IPv6 datagrams for which no problems were encountered to prevent their continued processing but which were discarded e g for lack of buffer space Note that this counter does not include any datagrams discarded while awaiting re assembly The number of IPv6 fragments received which needed to be reassembled at this interface Note that this counter is incremented at the interface to which these fragments were addressed which might not be necessarily the input interface for some of the fragments Datagram
418. is 1 30 Consideration to maximum delay time should be given when configuring RADIUS maxretransmit and RADIUS time out If multiple RADIUS servers are configured the max retransmit value on each will be exhausted before the next server is attempted A Chapter Managing Device Security 367 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual retransmit will not occur until the configured time out value on that server has passed without a response from the RADIUS server Therefore the maximum delay in receiving a response from the RADIUS application equals the sum of retransmit times time out for all configured servers If the RADIUS request was generated by a user login attempt all user interfaces will be blocked until the RADIUS application returns a response 3 From the Accounting Mode menu select whether the RADIUS accounting mode is enabled or disabled on the current server 4 Use RADIUS Attribute 4 to enable or disable RADIUS attribute 4 Default value is Disable This is an optional field and can be seen only when RADIUS attribute 4 is enabled It takes IP address value in the format xx xx xx Xx Field Description Current Server Address The Address of the current server This field is blank if no servers are configured Number of Configured Servers The number of RADIUS servers that have been configured This value will be in the range of 0 and 3 RADIUS Server Configuration
419. is blocked users cannot gain access to the network through the CP Use this function to temporarily protect the network during unexpected events such as denial of service attacks If the Verification Mode is Local or RADIUS use Group to assign an existing User Group to the captive portal All users who belong to the group are permitted to access the network through this portal The User Group list is the same for all CP configurations on the switch Use Idle Timeout to enter the number of seconds to wait before terminating a session A user is logged out once the idle time out is reached If the value is set to 0 then the time out is not enforced The valid range is 0 to 86400 seconds and the default value is 0 Use User Logout to allow the authenticated client to deauthenticate from the network Use Radius Auth Server to enter the IP address of the RADIUS server used for client authentications The switch acts as the RADIUS client and performs all RADIUS transactions on behalf of the clients Use Redirect URL to specify the URL to which the newly authenticated client is redirected The max length for the URL is 512 alphanumeric characters Use Background Color to specify the value of the background color Example BFBFBF Use Foreground Color to specify the value of the foreground color Example 999999 Use Separator Color to specify the value of the separator color Example 46008F Use Max Bandwidth Down to specify the maximum rate R
420. is field can be either default or static If creating a default route all that needs to be specified is the next hop IP address otherwise each field needs to be specified Network Address The IP route prefix for the destination Subnet Mask Also referred to as the subnet network mask this indicates the portion of the IP interface address that identifies the attached network Protocol This field tells which protocol created the specified route The possibilities are one of the following e Local e Static OSPF e RIP Next Hop IP Address The outgoing router IP address to use when forwarding traffic to the next router if any in the path towards the destination The next router will always be one of the adjacent neighbors or the IP address of the local interface for a directly attached network Next Hop Interface The outgoing router interface to use when forwarding traffic to the destination Administrative cost of the path to the destination If no value is entered default is 1 The range is 0 255 Preference The preference is an integer value from 0 to 255 The user can specify the preference value sometimes called administrative distance of an individual static route Among routes to the same destination the route with the lowest preference value is the route entered into the forwarding database By specifying the preference of a static route the user controls whether a static route is more or le
421. is page displays the allocation base and the allocation mode of internal VLAN The internal VLAN is reserved by port based routing interface and invisible to the end user Once these internal VLANs are allocated by port based routing interface they are cannot be assigned to a routing VLAN interface 1 Use Internal VLAN Allocation Base to specify the VLAN Allocation Base for the routing interface The default base of the internal VLAN is 1 to 4093 2 Use the optional Internal VLAN Allocation Policy field to specify a policy for the internal VLAN allocation There are two policies supported ascending and descending VLAN Membership To display the VLAN Membership page click Switching gt VLAN gt Advanced gt VLAN Membership VLAN Membership VLAN Membership VLAN ID Group Operation Untag All v VLANName default UNTAGGED PORT MEMBERS Hoe VLAN Type Default TAGGED PORT MEMBERS To configure VLAN membership 1 Use VLAN ID to select the VLAN ID for which you want to display or configure data 2 Use Group Operation to select all the ports and configure them e Untag All Select all the ports on which all frames transmitted for this VLAN will be untagged All the ports will be included in the VLAN e Tag All Select the ports on which all frames transmitted for this VLAN will be tagged All the ports will be included in the VLAN e Remove All All the ports that may be dynamically registered in this VLAN via GVRP This
422. isable O 1 0 3 Disable C 1 074 Disable O 1 0 s Disable O 10 6 Disable O 170 7 Disable O 10 8 Disable O 10 9 Disable O 1 0 10 Disable O 1 0 11 Disable O 1 0 12 Disable O 1 0 13 Disable CI 1 0 14 Disable 1 0 15 Disable O 1 0 16 Disable O 1 0 17 Disable O 1 0 18 Disable C 1 0 19 Disable C 1 0 20 Disable C 1 0 21 Disable C 1 0 22 Disable O 1 0 23 Disable C 1 0 24 Disable 1 all Go To Interface GO 1 Use Interface to specify the interface configured for DHCPv6 server functionality 2 Use Admin Mode to specify DHCPv6 mode to configure server functionality DHCPv6 server and DHCPV6 relay functions are mutually exclusive Chapter Configuring System Information 67 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 3 Use Pool Name to specify the DHCPV6 pool containing stateless and or prefix delegation parameters 4 Use the optional Rapid Commit parameter to allow abbreviated exchange between the client and server 5 Use Preference to specify the preference value used by clients to determine preference between multiple DHCPv6 servers The values allowed are between 0 to 4294967295 The default value is 0 DHCPv 6 Bindings Information Use the DHCPV6 Bindings Information page to display all DHCPv6 server bindings To display the DHCPV6 Bindings Information page click System gt Services gt DHCPv6 Server gt DHCPv6 Bindings Information A screen similar to the following displays
423. isable Disable C 10 6 Disable Disable C 1 0 7 Disable Disable CO wos Disable Disable E 1 o 9 Disable Disable O 1 0 10 Disable Disable O 1 0 11 Disable Disable O 1 0 12 Disable Disable O 1 0 13 Disable Disable O 1 0 14 Disable Disable O 1 0 15 Disable Disable O 10 16 Disable Disable C 1 0 17 Disable Disable O 1 0 18 Disable Disable 1 0 19 Disable Disable C 10 20 Disable Disable CO 1 0 21 Disable Disable C 1 0 22 Disable Disable C 1 0 23 Disable Disable C 1 0 24 Disable Disable 1 LAGS All Go To Interface Vaga 1 Use Admin Mode to enable or disable the DHCP L2 Relay on the selected interface Default is disable 2 Use 82 Option Trust Mode to enable or disable an interface to be trusted for DHCP L2 Relay Option 82 received 58 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DHCP L2 Relay Interface Statistics To display the DHCP L2 Relay Interface Statistics page click System gt Services gt DHCP L2 Relay gt DHCP L2 Relay Interface Statistics A screen similar to the following displays DHCP L2 Relay Interface Statistics DHCP L2 Relay Interface Statistics 1 LAGS All Untrusted Server Interface Untrusted Client Trusted Server Trusted Client Messages With Opts 1 0 1 0 1 0 2 o 1 0 3 0 1 0 4 0 1 0 5 0 1 0 6 0 1 0 7 0 1 0 8 0 1 0 9 0 1 0 10 0 1 0 23 0 1 0 12 0 1 0 13 0 1 0 14 i 1 0 15 0 1 0
424. iver configuration to its default values Use Maximum Datagram Size to specify the maximum number of data bytes that can be sent in a single sample datagram The manager should set this value to avoid fragmentation of the sFlow datagrams Default Value 1400 Allowed range is 200 to 9116 480 Chapter Monitoring the System ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 5 Use Receiver Address to specify the IP address of the sFlow collector If set to 0 0 0 0 no sFlow datagrams will be sent 6 Use Receiver Port to specify the destination port for sFlow datagrams Allowed range is 1 to 65535 Field Description Receiver Datagram Version The version of sFlow datagrams that should be sent sFlow Interface Configuration sFlow agent collects statistical packet based sampling of switched flows and sends them to the configured receivers A data source configured to collect flow samples is called a sampler sFlow agent also collects time based sampling of network interface statistics and sends them to the configured sFlow receivers A data source configured to collect counter samples is called a poller To display the sFlow Interface Configuration page click Monitoring gt sFlow gt Advanced gt sFlow Interface Configuration sFlow Interface Configuration sFlow Interface Configuration Ui 1 al Go To Interface Se Poller Sampler Receiver Poller Receiver Sampling Maximum
425. ize is 100 packets When burst interval is 0 then configuring this field is not a valid operation Valid Burst Size must be in the range 1 to 200 Chapter Routing 193 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O Default Time to Live The default value inserted into the Time To Live field of the IP header of datagrams originated by the switch if a TTL value is not supplied by the transport layer protocol Maximum Next Hops The maximum number of hops supported by the switch This is a compile time constant IP Statistics The statistics reported on this screen are as specified in RFC 1213 To display the IP Statistics page click Routing gt IP gt Advanced gt IP Statistics IP Statistics IP Statistics IpInReceives IpInHdrErrors IpInAddrErrors IpForwDatagrams IpInUnknownProtos IpInDiscards IpInDelivers IpOutRequests IpOutDiscards IpOutNoRoutes IpReasmTimeout IpReasmReqds IpReasmOKs IpReasmFails IpFragOKs IpFragFails IpFragCreates IpRoutingDiscards IcmpInMsgs IcmpInErrors IcmpInDestUnreachs IcmpInTimeExcds IcmpInParmProbs IempInSrcQuenchs IcmpInRedirects w 9884 O O OO O OO O QOQ 08 e0 8 ee 868 8068 8 28 OC 08 QO 194 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field IpInReceives IpInHdrErrors IpInAddrErrors lpForwDatagrams IpInUnknownProtos
426. k if no servers are configured see lt pdf gt RADIUS Server Configuration on page 6 368 The switch supports up to three configured RADIUS servers If more than one RADIUS servers are configured the current server is the server configured as the primary server If no servers are configured as the primary server the current server is the most recently added RADIUS server To configure global RADIUS server settings 1 In the Max Number of Retransmits field specify the value of the maximum number of times a request packet is retransmitted to the RADIUS server The value of the maximum number of times a request packet is retransmitted The valid range is 1 15 Consideration to maximum delay time should be given when configuring RADIUS maxretransmit and RADIUS time out If multiple RADIUS servers are configured the max retransmit value on each will be exhausted before the next server is attempted A retransmit will not occur until the configured time out value on that server has passed without a response from the RADIUS server Therefore the maximum delay in receiving a response from the RADIUS application equals the sum of retransmit times time out for all configured servers If the RADIUS request was generated by a user login attempt all user interfaces will be blocked until the RADIUS application returns a response 2 In the Timeout Duration field specify the time out value in seconds for request retransmissions The valid range
427. kable Switch Software Administration Manual Fes escrito O O Bad Dest MAC Number of ARP packets that were dropped by DAI as the target MAC address in ARP reply packet didn t match the destination MAC in ethernet header Invalid IP Number of ARP packets that were dropped by DAI as the sender IP address in ARP packet or target IP address in ARP reply packet is invalid Invalid addresses include 0 0 0 0 255 255 255 255 IP multicast addresses class E addresses 240 0 0 0 4 loopback addresses 127 0 0 0 8 Forwarded Number of valid ARP packets forwarded by DAI Dropped Number of invalid ARP packets dropped by DAI Click CLEAR to clear the DAI statistics Click REFRESH to refresh the data on the screen with the latest DAI statistics Captive Portal The Captive Portal folder contains links to the following features Captive Portal Global Configuration on page 429 Captive Portal Configuration on page 430 Captive Portal Binding Configuration on page 432 Captive Portal Binding Table on page 432 Captive Portal Group Configuration on page 433 Captive Portal User Configuration on page 434 Captive Portal Trap Flags on page 435 Captive Portal Client on page 435 428 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Captive Portal Global Configuration Using the Captive Portal Global Configuration page you can control the administrative state of th
428. ket DestIP and Dest TCP UDP Port fields Destination IP and Destination TCP UDP Port fields of the packet e Src Dest IP and TCP UDP Port fields Source Destination IP and source destination TCP UDP Port fields of the packet e Enhanced Hashing mode Features MODULO N operation based on the number of ports in the LAG non Unicast traffic and unicast traffic hashing using a common hash algorithm excellent load balancing performance and packet attributes selection based on the packet type For L2 packets source and destination MAC address are used for hash computation ForL3 packets source IP destination IP address TCP UDP ports are used 9 Use the Port Selection Table to select the ports as members of the LAG 176 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual PFC The Priority based Flow Control PFC feature allows the user to pause inhibit transmission of individual priorities within a single physical link By configuring PFC to independently pause congested priorities protocols that are highly loss sensitive can share the same link with traffic with different loss tolerances Priorities are differentiated by the priority field of the 802 1Q VLAN header Note The PFC solution works only on a standalone switch If the user tries to configure PFC on a switch with stacking ports configured an error will be thrown From the PFC link
429. l Link Configuration page to create or configure virtual interface information for a specific area and neighbor A valid OSPF area must be configured before this page can be displayed To display the Virtual Link Configuration page click Routing gt OSPF gt Advanced gt Virtual Link Configuration Virtual Link Confiquration ONFA Vieteal i ink Contgner ation Use Area ID to enter the area ID of the OSPF area Virtual links may be configured between any pair of area border routers having interfaces to a common non backbone area Use Neighbor Router ID to enter the neighbor portion of a Virtual Link specification Virtual links may be configured between any pair of area border routers having interfaces to a common non backbone area Use Hello Interval to enter the OSPF hello interval for the specified interface in seconds This parameter must be the same for all routers attached to a network Valid values range from 1 to 65 535 The default is 10 seconds Use Dead Interval to enter the OSPF dead interval for the specified interface in seconds This specifies how long a router will wait to see a neighbor router s Hello packets before declaring that the router is down This parameter must be the same for all routers attached to a network This value should a multiple of the Hello Interval e g 4 Valid values range from 1 to 2147483647 The default is 40 Use Iftransit Delay Interval to enter the OSPF Transit Delay for the specified
430. l limit Range 0 4294967295 12 Use Max Input to specify the number of octets the user is allowed to receive After this limit has been reached the user will be disconnected 0 indicates to use the global limit Range 0 4294967295 13 Use Max Total to specify the number of bytes the user is allowed to transmit and receive The maximum number of octets is the sum of octets transmitted and received After this limit 434 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual has been reached the user will be disconnected O indicates to use the global limit Range 0 4294967295 Captive Portal Trap Flags Use this page to configure whether or not SNMP traps are sent from the Captive Portal and to specify captive portal events that will generate a trap All CP SNMP traps are disabled by default To display the Captive Portal Trap Flags page click Security gt Control gt Captive Portal gt CP Trap Flags CP Trap Flags Trap Flags CP Trap Mode Disable Enable Client Auth Failure Disable Enable Client Connect Disable Enable Client DB Full Disable Enable Client Disconnect Disable Enable 1 CP Trap Mode Displays the captive portal trap mode status To enable or disable the mode use the System gt SNMP gt SNMPv1 v2 gt Trap Flags page 2 If you enable the Client Auth Failure field the SNMP agent sends a trap when a client at
431. l router with a priority of O 290 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Zero Priority Packets Sent Invalid Type Packets Received Address List Errors Invalid Authentication Type Authentication Type Mismatch Packet Length Errors The total number of VRRP packets sent by the virtual router with a priority of 0 The number of VRRP packets received by the virtual router with an invalid value in the type field The total number of packets received for which the address list does not match the locally configured list for the virtual router The total number of packets received with an unknown authentication type The total number of packets received with an authentication type different to the locally configured authentication method The total number of packets received with a packet length less than the length of the VRRP header Click REFRESH to show the latest VRRP information Chapter Routing 291 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Multicast From the Multicast link you can access the following pages e Mroute Table on page 292 Multicast Global Configuration on page 293 e Interface Configuration on page 294 e DVMRP on page 295 e IGMP on page 300 e PIM on page 309 e Static Routes Configuration on page 316 e Admin Boundary Configuratio
432. lay Disabled Default VLAN ID 1 Default VLAN Name Default GVRP Disabled GARP Timers Leave 60 centiseconds Leave All 1000 centiseconds Join 20 centiseconds Voice VLAN Disabled Guest VLAN Disabled RADIUS assigned VLANs Disabled Double VLANs Disabled Spanning Tree Protocol STP Enabled STP Operation Mode Optional STP Features STP Bridge Priority Multiple Spanning Tree Link Aggregation LACP System Priority Routing Mode OSPF Admin Mode OSPF Router ID IP Helper and UDP Relay RIP VRRP Tunnel and Loopback Interfaces IPv6 Routing DHCPv6 OSPFv3 DiffServ Auto VoIP IEEE 802 1s Multiple Spanning Tree Disabled 32768 Enabled No Link Aggregation Groups LAGs configured 1 Disabled Enabled 0 0 0 0 Enabled Enabled Disabled None Disabled Disabled Enabled Enabled Enabled Appendix Default Settings 507 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Table 3 Default Settings Continued Feature Default Auto VoIP Traffic Class 6 Bridge Multicast Filtering Disabled MLD Snooping Disabled IGMP Snooping Disabled IGMP Snooping Querier Disabled GMRP Disabled IPv4 Multicast Disabled IPv6 Multicast Disabled Licensing Support These features need license e RIP e OSPFv2 v3 e VRRP IPv4 Multicast e IPv6 Multicast 508 Appendix Default Settings Contiguration Examples This appendix contains information about how to configure the foll
433. le Ossabie Enable Enable Enable Enable Enable Cl sore Down Enable Disable Enable Enable Enable Enable Enable DO 10 7 Down Enable Crsable Enable Enable Enable Enable Enable O sors Down Enable Oisable Enable Enable Enable Enable Enable O o9 Down Enable Oxsable Enable Enable Enable Enable Enable O 1 0 10 Down Enable Disable Enable Enable Enable Enable Enable O aoti Down Enable Crsable Enable Enable Enable Enable Enable O won2 Down Enable Disable Enable Enable Enable Enable Enable O 10 13 Down Enable Orsable Enable Enable Enable Enable Enable O sof Down Enable Oisable Enable Enable Enable Enable Enable O 0 5 Down Enable Ossabie Enable Enable Enable Enable Enable O 10 16 Down Enable Disable Enable Enable Enable Enable Enable O 1 0 17 Down Enable Orsabie Enable Enable Enable Enable Enable O swore Down Enable Disable Enable Enable Enable Enable Enable O 10 9 Down Enable Oxsable Enable Enable Enable Enable Enable O o 20 Down Enable Disable Enable Enable Enable Enable Enable D 10 21 Down Enable Cusable Enable Enable Enable Enable Enable O wo 2z up Enable Disable Enable Enable Enable Enable Enable O 10 23 Down Enable Oxsable Enable Enable Enable Enable Enable C 170 24 Down Enable Disable Enable Enable Enable Enable Enable i All Go To Port co 98 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 Use Interface to specify the list of ports on which LLDP MED 802 1AB can be configur
434. lected port does NOT exist in another VLAN Exclude ports NOT selected from the VLAN Enable routing on the VLAN using the IP address and subnet mask entered To display the VLAN Routing Wizard page click Routing gt VLAN gt VLAN Routing Wizard 1 VLAN Routing Wizard VLAN Routing Wizard Vian ID IP Address Network Mask Use VLAN ID to specify the VLAN Identifier VID associated with this VLAN The range of the VLAN ID is 1 to 4093 Use Ports to display selectable physical ports and LAGs if any Selected ports will be added to the Routing VLAN Each port has three modes Tagged Select the ports on which all frames transmitted for this VLAN will be tagged The ports that are selected will be included in the VLAN e U Untagged Select the ports on which all frames transmitted for this VLAN will be untagged The ports that are selected will be included in the VLAN e BLANK Autodetect Select the ports that may be dynamically registered in this VLAN via GVRP This selection has the effect of excluding a port from the selected VLAN Use the LAG Enabled option to add selected ports to VLAN as a LAG The default is No Use IP Address to define the IP address of the VLAN interface Use Network Mask to define the subnet mask of the VLAN interface 220 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual VLAN Routing Configuration Use the VLAN Routing C
435. lerance and provides load sharing You assign the LAG VLAN membership after you create a LAG The LAG by default becomes a member of the management VLAN A LAG interface can be either static or dynamic but not both All members of a LAG must participate in the same protocols A static port channel interface does not require a partner system to be able to aggregate its member ports Static LAGs are supported When a port is added to a LAG as a static member it neither transmits nor receives LACPDUs ProSafe Managed Switches support up to 64 LAGs From the LAGs link you can access the following pages e LAG Configuration on page 173 e LAG Membership on page 175 172 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual LAG Configuration Use the LAG Port Channel Configuration page to group one or more full duplex Ethernet links to be aggregated together to form a link aggregation group which is also known as a port channel The switch treats the LAG as if it were a single link To access the LAG Configuration page click Switching gt LAG gt LAG Configuration LAG Configuration Chapter Configuring Switching Information 173 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual To configure LAG settings 1 Use LAG Name to enter the name you want assigned to the LAG You may enter any string of up to 15 alph
436. lick Apply See Port Security Configuration on page 494 This example uses the default values for the port authentication settings but there are several additional settings that you can configure For example the EAPOL Flood Mode field allows you to enable the forwarding of EAPoL frames when 802 1X is disabled on the device 6 From the RADIUS Server Configuration screen configure a RADIUS server with the following settings e Server Address 192 168 10 23 e Secret Configured Yes e Secret secret123 e Active Primary For more information see RADIUS on page 443 7 Click Add 8 From the Authentication List screen configure the default List to use RADIUS as the first authentication method See Authentication List Configuration on page 453 This example enables 802 1X based port security on ProSafe Managed Switches and prompts the hosts connected on ports g5 g8 for an 802 1X based authentication The switch passes the authentication information to the configured RADIUS server MSTP Spanning Tree Protocol STP runs on bridged networks to help eliminate loops If a bridge loop occurs the network can become flooded with traffic IEEE 802 1s Multiple Spanning Tree Protocol MSTP supports multiple instances of Spanning Tree to efficiently channel VLAN traffic over different interfaces Each instance of the Spanning Tree behaves in the manner specified in IEEE 802 1w Rapid Spanning Tree with slight modifications in the 5
437. links to the following features e Port Security Configuration on page 405 Port Security Interface Configuration on page 406 e Dynamic MAC Address on page 407 e Static MAC Address on page 408 404 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Port Security Configuration Use the Port Security feature to lock one or more ports on the system When a port is locked only packets with an allowable source MAC addresses can be forwarded All other packets are discarded To display the Port Security Configuration page click Security gt Traffic Control gt Port Security gt Port Administration Port Security Configuration Port Security Settings Port Security Mode Disable Enable Port Security Violations Port Last Violation MAC VLAN ID To configure the global port security mode 1 Inthe Port Security Mode field select the appropriate radio button to enable or disable port security on the switch The Port Security Violation table shows information about violations that occurred on ports that are enabled for port security The following table describes the fields in the Port Security Violation table Field Description Port Displays the physical interface for which you want to display data Last Violation MAC Displays the source MAC address of the last packet that was discarded at a locked port VLAN ID Displays the VLAN ID correspon
438. ll not be retained across a power cycle unless a save is performed 3 Click DELETE to remove the selected server from the configuration This button is only available to READWRITE users These changes will not be retained across a power cycle unless a save is performed Field Description Current Indicates if this server is currently in use as the authentication server The following table describes the RADIUS server statistics available on the page Use the buttons at the bottom of the page to perform the following actions e Click Clear Counters to clear the authentication server and RADIUS statistics to their default values Field Description Radius Server Round Trip Time Display the address of the RADIUS server or the name of the RADIUS server for which to display statistics The time interval in hundredths of a second between the most recent Access Reply Access Challenge and the Access Request that matched it from this RADIUS authentication server Access Requests The number of RADIUS Access Request packets sent to this server This number does not include retransmissions Access Retransmissions The number of RADIUS Access Request packets retransmitted to this server Access Accepts The number of RADIUS Access Accept packets including both valid and invalid packets that were received from this server Access Rejects The number of RADIUS Access Rejec
439. lowed into and out of specified ports on the system To display the MAC Filter Configuration page click Security gt Traffic Control gt MAC Filter gt MAC Filter Configuration MAC Filter Configuration MAC Filter Config ic MAC Filter Create Filter v VLAN ID MAC Address Source Port Members Destination Port Members To configure MAC filter settings 1 Select Create Filter from the MAC Filter menu a This is the list of MAC address and VLAN ID pairings for all configured filters To change the port mask s for an existing filter select the entry you want to change To add a new filter select Create Filter from the top of the list From the VLAN ID menu select the VLAN to use with the MAC address to fully identify packets you want filtered You can change this field only when the Create Filter option is selected from the MAC Filter menu In the MAC Address field specify the MAC address of the filter in the format 00 01 1A B2 53 4D You can change this field when you have selected the Create Filter option You cannot define filters for the following MAC addresses e 00 00 00 00 00 00 e 01 80 C2 00 00 00 to 01 80 C2 00 00 0F e 01 80 C2 00 00 20 to 01 80 C2 00 00 21 e FF FF FF FF FF FF Click the orange bar to display the available ports and select the port s to include in the inbound filter If a packet with the MAC address and VLAN ID you specify is received on a port that is not in the list i
440. lt 15 gt Aug 24 05 34 05 STKO MSTP 2110 mspt_api c 318 237 Interface 12 transitioned to root state on message age timer expiry The above example indicates a user level message 1 with severity 7 debug ona system that is not stack and generated by component MSTP running in thread id 2110 on Aug 24 05 34 05 by line 318 of file mstp_api c This is the 237th message logged Messages logged to a collector or relay via syslog have an identical format to the above message Port Mirroring The page under the Mirroring link allows you to view and configure port mirroring on the system Multiple Port Mirroring Port mirroring selects the network traffic for analysis by a network analyzer This is done for specific ports of the switch As such many switch ports are configured as source ports and one switch port is configured as a destination port You have the ability to configure how traffic is mirrored on a source port Packets that are received on the source port that are transmitted on a port or are both received and transmitted can be mirrored to the destination port The packet that is copied to the destination port is in the same format as the original packet on the wire This means that if the mirror is copying a received packet the copied packet is VLAN tagged or untagged as it was received on the source port If the mirror is copying a transmitted packet the copied packet is VLAN tagged or untagged as it is being transmitted on the
441. lt Information Originate to advertise a default route into the NSSA when Import Summary LSAs is disabled This can also be applied by the CLI command area lt areaid gt nssa default info originate in the IPv6 router OSPF config mode 4 Use Admin Mode to enable or disable the default information originate Valid values are True or False 5 Use Metric Value to set the Default Metric value for default information originate The valid range of values is 1 to 16777214 6 Use Metric Type to select the type of metric specified in the Metric Value field e Comparable Cost External Type 1 metrics that are comparable to the OSPFv3 metric e Non comparable Cost External Type 2 metrics that are assumed to be larger than the cost of the OSPFv3 metric 7 Use Translator Role to specify the NSSA Border router s ability to perform NSSA translation of type 7 LSAs into type 5 LSAs The valid values are Always and Candidate 8 Use Translator Stability Interval to specify the number of seconds after an elected translator determines its services are no longer required that it should continue to perform its translation duties The valid range of values is 0 to 3600 9 Use No Redistribute Mode to enable or disable the No Redistribute Mode 10 Click ADD to configure the area as a NSSA area 11 Click DELETE to delete the NSSA area designation The area will be returned to normal state Field Description SPF Runs The number of times that the intr
442. lt is send e For each of the above Action Selectors one of the following actions can be taken e Drop These packets are immediately dropped e Mark IP DSCP These packets are marked by DiffServ with the specified DSCP value before being presented to the system forwarding element This selection requires that the DSCP value field be set e Mark CoS These packets are marked by DiffServ with the specified CoS value before being presented to the system forwarding element This selection requires that the Mark CoS value field be set e Send These packets are presented unmodified by DiffServ to the system forwarding element e Mark IP Precedence These packets are marked by DiffServ with the specified IP Precedence value before being presented to the system forwarding element This selection requires that the Mark IP Precedence value field be set 5 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 6 If you change any of the settings on the page click Apply to send the updated configuration to the switch Configuration changes take effect immediately Field Description Policy Type Displays type of the policy as In Member Class Name Displays name of each class instance within the policy 358 Chapter Configuring Quality of Service ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Service Interface Configu
443. lt value of managed flag is disable 14 Use Adv Other Config Flag To specify router advertisement for other Stateful configuration flag Default value of other config flag is disable 15 Use Adv Suppress Flag to specify router advertisement suppression on an interface Default value of suppress flag is disable 16 Use Destination Unreachables to specify the Mode of Sending ICMPv6 Destination Unreachables on this interface If Disabled then this interface will not send ICMPv6 Destination Unreachables By default IPv6 Destination Unreachables mode is enable Field Description Operational Mode Specifies operational state of an interface Default value is disable IPv6 Prefix Configuration To display the IPv6 Prefix Configuration page click Routing gt IPv6 gt Advanced gt Prefix Configuration IPv6 Prefix Configuration IPv6 Interface Selection Interlece O k i IPv6 Interface Configuration Valid Life Preferred i Autonomous Current lpv6 Prefix Prefix Length EUIG4 Time a Flag State 1 Use Interface to select the interface to be configured When the selection is changed a screen refresh will occur causing all fields to be updated for the newly selected port All physical interfaces are valid 2 Use IPv6 Prefix Prefix Length to specify the IPv6 prefix with prefix length for an interface 3 Use EUI 64 to specify 64 bit unicast prefix Chapter Routing 207 ProSafe XSM7224S 10G Managed Stack
444. m CPU Status The following table describes CPU Memory Status information Fes escrito O O Total System Memory The total memory of the switch in KBytes Available Memory The available memory space for the switch in KBytes CPU Utilization Information This page displays the CPU Utilization information which contains the memory information task related information and percentage of CPU utilization per task 26 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Slot Information Use this page to display slot information and supported cards To display the Slot Information page click System gt Management gt Slot Information A screen similar to the following displays Slot Information Shot Sermemary Slot Summary This screen displays details of the different slots in the different units in the stack The following table displays Slot Summary information Administrative State Power State Field Description Slot Identifies the slot using the format unit slot Status Displays whether the slot is empty or full Displays whether the slot is administratively enabled or disabled Displays whether the slot is powered on of off Card Model ID Displays the model ID of the card configured for the slot Card Description Displays the description of the card configured for the slot Chapter Con
445. m Switch To access the Trap Logs page click Monitoring gt Logs gt Trap Logs Trap Logs Trap Logs Number of Traps Since Last Reset 376 Trap Log Capacity 256 Number of Traps Since Log Last Viewed 376 Trap Logs Log System Up Time Trap 0 2 days 23 19 51 Spanning Tree Topology Change 0 Unit 1 1 2 days 23 19 51 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 2 2 days 23 19 50 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 3 2 days 23 19 49 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 lt 2 days 23 19 48 Spanning Tree Topology Change 0 Unit 1 5 2 days 23 19 48 Spanning Tree Topology Change Received MSTID O Unit 1 Slot 0 Port 22 6 2 days 22 35 50 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 7 2 days 22 35 49 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 8 2 days 22 35 48 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 9 2 days 22 35 47 Spanning Tree Topology Change Received MSTID O Unit 1 Slot 0 Port 22 10 2 days 22 35 47 Spanning Tree Topology Change 0 Unit 1 11 2days 22 35 47 Spanning Tree Topology Change Received MSTID O Unit 1 Slot 0 Port 22 12 2 days 19 15 17 Spanning Tree Topology Change 0 Unit 1 13 2days 19 15 17 Spanning Tree Topology Change Received MSTID O Unit 1 Slot 0 Port 22 14 2 days 19 15 16 Spanning Tree Topology Change Rec
446. m a particular port An MST Region comprises of one or more MSTP Bridges with the same MST Configuration Identifier using the same MSTIs and which have no Bridges attached that cannot receive and transmit MSTP BPDUs The MST Configuration Identifier has the following components 1 Configuration Identifier Format Selector 2 Configuration Name 3 Configuration Revision Level Appendix ConfigurationExamples 521 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 4 Configuration Digest 16 byte signature of type HMAC MD5 created from the MST Configuration Table a VLAN ID to MSTID mapping As there are Multiple Instances of Spanning Tree there is a MSTP state maintained on a per port per instance basis or on a per port per VLAN basis as any VLAN can be in one and only one MSTI or CIST For example port A can be forwarding for instance 1 while discarding for instance 2 The port states have changed since IEEE 802 1D specification To support multiple spanning trees a MSTP bridge has to be configured with an unambiguous assignment of VLAN IDs VIDs to spanning trees This is achieved by 1 Ensuring that the allocation of VIDs to FIDs is unambiguous 2 Ensuring that each FID supported by the Bridge is allocated to exactly one Spanning Tree Instance The combination of VID to FID and then FID to MSTI allocation defines a mapping of VIDs to spanning tree instances represented by the MST Configura
447. mber of configured MAC ACLs The maximum size is 100 To configure an IP ACL 1 In the IP ACL ID field specify the ACL ID or IP ACL name The ID is an integer in the following range e 1 99 Creates an IP Basic ACL which allows you to permit or deny traffic from a source IP address e 100 199 Creates an IP Extended ACL which allows you to permit or deny specific types of layer 3 or layer 4 traffic from a source IP address to a destination IP address This type of ACL provides more granularity and filtering capabilities than the standard IP ACL e IP ACL Name Create a Named IP ACL which provides alternate to configure the IP Extended ACL IP ACL Name string which includes alphanumeric characters only and must start with an alphabetic character Each configured ACL displays the following information e Rules Displays the number of rules currently configured for the IP ACL e Type Identifies the ACL as a basic IP ACL extended IP ACL and named IP ACL 442 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 2 To delete an IP ACL select the check box next to the IP ACL ID field then click Delete 3 Click ADD to add a new IP ACL to the switch configuration IP Rules Use these screens to configure the rules for the IP Access Control Lists created using the IP Access Control List Configuration screen What is shown on this screen varies depending on the current ste
448. me 1 Use Domain Name to specify a DNS domain server name It may be up to 255 alphanumeric characters 2 Use DNS Server Address to specify the IPv6 address of a DNS server DHCPv6 Prefix Delegation Configuration Use the Prefix Delegation Configuration page to configure a delegated prefix for a pool At least one pool must be created before a delegated prefix can be configured To display the DHCPv6 Prefix Delegation Configuration page click System gt Services gt DHCPv6 Server gt DHCPv6 Prefix Delegation Configuration A screen similar to the following displays Chapter Configuring System Information 65 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DHCPVv6 Prefix Delegation Configuration DHCPV6 Prefix Delegation Coafiguration Valid Lifetime Prefer Ltetime 1 Use Pool Name to select one DHCPV6 pool to be configured 2 Use Prefix Prefix Length to specify the delegated IPv6 prefix 3 Use DUID to identify the client s unique duid value The format is XX XX XX XX XX XX RFC3315 defines three types a Link layer address plus time 00 01 hardware type time link layer address hardware type 16 bit hardware type reserved by IANA 1 means an Ethernet device time 32 bit unsigned integer The time in seconds when this DUID was generated since 00 00 00 1 1 2000 link layer address The link layer address of a device generating the DUID b Vendor assigned unique ID
449. me to enter the name of the file you want to download from the server You may enter up to 32 characters The factory default is blank Use User Name to enter the username for remote login to SFTP SCP server where the file will be sent This field is visible only when SFTP or SCP transfer modes are selected Use Password to enter the password for remote login to SFTP SCP server where the file will be sent This field is visible only when SFTP or SCP transfer modes are selected The last row of the table is used to display information about the progress of the file transfer HTTP File Upload To display the HTTP File Upload page click Maintenance gt Upload gt HTTP File Upload 1 HTTP File Upload HTTP File Upload File Type Archive Image Name imagel Use File Type to specify what type of file you want to upload e Archive Specify archive STK code when you want to retrieve from the operational flash e Image Specify the code image1 when you want to retrieve e Image2 Specify the code image2 when you want to retrieve e CLI Banner Specify CLI Banner when you want retrieve the CLI banner file Startup Configuration Specify configuration when you want to retrieve the stored configuration e Text Configuration Specify configuration in text mode when you want to retrieve the stored configuration Script File Specify script file when you want to retrieve the stored configuration e Error Log S
450. ment Security gt TACACS gt TACACS Server Configuration TACACS Server Configuration TACACS Server Configuration G Connection TACACS Server Priority 0 to 65535 Port 0 to 65535 Key String Timeout 1 30 OT a O To configure TACACS server settings 1 Use TACACS Server to enter the configured TACACS server IP address 2 Use Priority to specify the order in which the TACACS servers are used It should be within the range 0 65535 3 Use Port to specify the authentication port It should be within the range 0 65535 4 Use Key String to specify the authentication and encryption key for TACACS communications between the device and the TACACS server The valid range is 0 128 characters The key must match the encryption used on the TACACS server 5 Use Connection Timeout to specify the amount of time that passes before the connection between the device and the TACACS server time out The range is between 1 30 6 Click ADD to add a new server to the switch This button is only available to READWRITE users These changes will not be retained across a power cycle unless a save is performed 7 Click DELETE to delete the selected server from the configuration Chapter Managing Device Security 373 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Authentication List Configuration The Authentication List folder contains links to the following features Login Authen
451. mit Burst Size 100 Use IPv6 Unicast Routing to globally enable or disable IPv6 unicast routing on the entity Use IPv6 Forwarding to enable or disable forwarding of IPv6 frames on the router Use the Hop Limit option to define the unicast hop count used in IPv6 packets originated by the node The value is also included in router advertisements Valid values for lt hops gt are 1 64 inclusive The default not configured means that a value of zero is sent in router advertisements and a value of 64 is sent in packets originated by the node Note that this is not the same as configuring a value of 64 Use ICMPv6 Rate Limit Error Interval to control the ICMPv 6 error packets by specifying the number of ICMP error packets that are allowed per burst interval By default Rate limit is 100 packets sec i e burst interval is 1000 msec To disable ICMP Rate limiting set this field to 0 Valid Rate Interval must be in the range 0 to 2147483647 Chapter Routing 205 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 5 Use ICMPv6 Rate Limit Burst Size to control the ICMP error packets by specifying the number of ICMP error packets that are allowed per burst interval Default burst size is 100 packets When burst interval is 0 then configuring this field is not a valid operation Valid Burst Size must be in the range 1 to 200 IPv6 Interface Configuration Use the Interface Configuration page to configure IPv
452. mitted that were between 1519 and 2047 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received or transmitted that were between 2048 and 4095 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received or transmitted that were between 4096 and 9216 octets in length inclusive excluding framing bits but including FCS octets The total number of octets of data including those in bad packets received on the network excluding framing bits but including FCS octets This object can be used as a reasonable estimate of ethernet utilization If greater precision is desired the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval Packets Received 64 Octets Packets Received 65 127 Octets Packets Received 128 255 Octets The total number of packets including bad packets received that were 64 octets in length excluding framing bits but including FCS octets The total number of packets including bad packets received that were between 65 and 127 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received that were between 128 and 255 octets in length inclusive excluding framing bits but including FCS octets Chapter Monitoring the System
453. mplementations there may be no types of error which contribute to this counter s value The number of ICMP Destination Unreachable messages sent The number of ICMP Time Exceeded messages sent The number of ICMP Parameter Problem messages sent Chapter Routing 191 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Feis escrito O O IcmpOutSrcQuenchs The number of ICMP Source Quench messages sent IcmpOutRedirects The number of ICMP Redirect messages sent For a host this object will always be zero since hosts do not send redirects IcmpOutEchos The number of ICMP Echo request messages sent IcmpOutTimestamps IcmpOutEchoReps IcmpOutTimestampReps The number of ICMP Echo Reply messages sent The number of ICMP Timestamp request messages The number of ICMP Timestamp Reply messages sent IcmpOutAddrMasks The number of ICMP Address Mask Request messages sent IcmpOutAddrMaskReps The number of ICMP Address Mask Reply messages sent 192 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Advanced From the Advanced link you can access the following pages IP Configuration on page 193 IP Statistics on page 194 IP Interface Configuration on page 198 Secondary IP Address on page 201 IP Configuration Use this menu to configure routing parameters for the switch as oppos
454. mum Number of HTTP Sessions 1 Authentication List HttpListName To configure the HTTP server settings 1 Use HTTP Access to specify whether the switch may be accessed from a web browser If you choose to enable web mode you will be able to manage the switch from a web browser The factory default is enabled Use Java Mode to enable or disable the java applet that displays a picture of the switch at the top right of the screen If you run the applet you will be able to click on the picture of the switch to select configuration screens instead of using the navigation tree at the left side of the screen The factory default is disabled Use HTTP Session Soft Timeout Minutes to set the inactivity time out for HTTP sessions The value must be in the range of 1 to 60 minutes The default value is 5 minutes The currently configured value is shown when the web page is displayed Use HTTP Session Hard Timeout Hours to set the hard time out for HTTP sessions This time out is unaffected by the activity level of the session The value must be in the range of 1 to 168 hours The default value is 24 hours The currently configured value is shown when the web page is displayed Use Maximum Number of HTTP Sessions to set the maximum allowable number of HTTP sessions The value must be in the range of 0 to 16 The default value is 16 The currently configured value is shown when the web page is displayed Field Description Authenticat
455. mum Wait Time in seconds This value will be compared to the time stamp in the client s request packets which should represent the time since the client was powered up Packets will only be forwarded when the time stamp exceeds the minimum wait time The range is 0 to 100 Use Circuit ID Option Mode to enable or disable Circuit ID Option mode If you select enable Relay Agent options will be added to requests before they are forwarded to the server and removed from replies before they are forwarded to clients DHCP Relay Status The following table describes the DHCP Relay Status fields Fig escrito O O Requests Received The total number of DHCP requests received from all clients since the last time the switch was reset 56 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Requests Relayed The total number of DHCP requests forwarded to the server since the last time the switch was reset Packets Discarded The total number of DHCP packets discarded by this Relay Agent since the last time the switch was reset DHCP L2 Relay From the DHCP L2 Relay link you can access the following pages e DHCP L2 Relay Global Configuration on page 57 e DHCP L2 Relay Interface Configuration on page 58 e DHCP L2 Relay Interface Statistics on page 59 DHCP L2 Relay Global Configuration To display the DHCP L2 Relay Global
456. n VLAN ID Multicast Router ee ae 1 Use Interface to select the interface for which you want Multicast Router to be enabled or to be displayed 2 Use VLAN ID to select the VLAN ID for which the Multicast Router Mode is to be Enabled or Disabled 3 Use Multicast Router to enable or disable multicast router for the Vlan ID IGMP Snooping Querier IGMP snooping requires that one central switch or router periodically query all end devices on the network to announce their multicast memberships This central device is the IGMP querier The IGMP query responses known as IGMP reports keep the switch updated with the current multicast group membership on a port by port basis If the switch does not receive updated membership information in a timely fashion it will stop forwarding multicasts to the port where the end device is located These pages enable you to configure and display information on IGMP snooping queriers on the network and separately on VLANs Chapter Configuring Switching Information 153 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IGMP Snooping Querier Configuration Use this menu to configure the parameters for IGMP Snooping Querier Note that only a user with Read Write access privileges may change the data on this screen To access this page click Switching gt Multicast gt IGMP Snooping gt Querier Configuration IGMP Snooping Querier Configuration
457. n all ports by clicking the corresponding radio button When you specify Enable for Broadcast Storm Recovery and the broadcast traffic on any Ethernet port exceeds the configured threshold the switch blocks discards the broadcast traffic The factory default is enabled e Multicast Storm Control All Enable or disable the Multicast Storm Recovery mode on all ports by clicking the corresponding radio button When you specify Enable for Multicast Storm Recovery and the multicast traffic on any Ethernet port exceeds the configured threshold the switch blocks discards the multicast traffic The factory default is disabled e Unknown Unicast Storm Control All Enable or disable the Unicast Storm Recovery mode on all ports by clicking the corresponding radio button When you specify Enable for Unicast Storm Recovery and the Unicast traffic on any Ethernet port exceeds the 412 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual configured threshold the switch blocks discards the unicast traffic The factory default is disabled Storm Control Interface Configuration To display the Storm Control Interface Configuration page click Security gt Traffic Control gt Storm Control gt Storm Control Interface Configuration Port Configuration Port Costiguratics 4 1 an Ge Vo Port Mult ast Stores hada ant Betuvery Level Revevery Meade Brcevery level type B
458. n o 005 2 004244d 2 beeen tae a 411 SOM CONIO ais 54 8 a nein ean ae Tobe Ree a AGA a Ra ee ae 412 COMM 2i 0a2tcacde transects e a ee eaa e 414 DHCP SNOOP jaja dicing nn Gidea ees Baal dine acs eal Gin a Madde EASA 414 IP Source Guat xs atiecete oouen Getto eee Sebo PARES 421 Dynamic ARP Inspection 2 5 4 02 0 505 ca6 50d dew aaie ahd DRAGER bdo 423 Captive POnal srir 344 0 2 0 64 9 9 264 9844 pOSH Se ROSE OSS 428 Configuring Access Control Lists 522404 6004 haaee eas ene dan wee 436 BaS ss lt 08a Seon e dao S ewes Here ew so tenes Seabee gadan 437 Advanced oegi iien hea GRA Aa Pee EN SO 441 POMS 3 ps5 rre ror EEEE rO EARO E as 2 A a 454 Pon Silale ace dace d ins deh ha a a a EA 455 Port Detailed Statistics 1 1214 g0ctex patie sete ieddd tan aadeaaeee 457 EAP Stausics sae ddantos perei ate Ghee ome tO we eS 463 Cable Vesl anwccccledsose taba daa rates aed to ehes oder 466 OGG hse a pease Ah RAR SA ue Sawa t t SONG a Sg Al AG ce AEDS 467 BuileredtLogss i2 sccm aacleeaoaaeaeu Gad oF areas bt was eee ted 468 Command Log Configuration icici lo Ratiiaia swale Rawle s Fahae aE 4 470 Console Log Configuration c4ccstacut tas aebdiveses etek ahead 470 SYSLOG COMmGUIAHOM 145 200 cte a a4 wes Maan dad sal a RWS A bed 471 Tap Logs seriearen Geneshia dette paral hae eld Sere ard ee rian 472 Eve LOS eosar ered iare eE tei E Aone tae eee 474 Persistent Logsss14i4ecodter idee eee N e eeka a eee 475 POR MCO eie EN O a O 2 Gon ace carat 2 Gd
459. n Mode to select enable or disable The default value is disable You can configure OSPF v3 parameters without enabling OSPFv3 Admin Mode but they will have no effect until you enable Admin Mode The following information will be displayed only if the Admin Mode is enabled State Designated Router Backup Designated Router Number of Link Events LSA ACK Interval and Metric Cost For OSPF v3 to be fully functional the interface must have a valid IPv6 Prefix Prefix Length This can be done through the CLI using the IPv6 address command in the interface configuration mode Note Once OSPFv3 is initialized on the router it will remain initialized until the router is reset 4 Use Router Priority to enter the OSPFv3 priority for the selected interface The priority of an interface is specified as an integer from 0 to 255 The default is 1 which is the highest router priority A value of 0 indicates that the router is not eligible to become the designated router on this network 5 Use Retransmit Interval to enter the OSPFv3 retransmit interval for the specified interface This is the number of seconds between link state advertisements for adjacencies belonging to this router interface This value is also used when retransmitting database descriptions and link state request packets Valid values range from 0 to 3600 seconds 1 hour The default is 5 seconds 6 Use Hello Interval to enter the OSPF v3 hello interval for the specified inter
460. n between each byte Bit 1 of byte 0 must be set to a 1 and bit 0 to a 0 in other words byte 0 must have a value between x 40 and x 7F 5 Use MAC Address type to specify whether the burned in or the locally administered MAC address should be used for in band connectivity The factory default is to use the burned in MAC address 6 Use Current Network Configuration Protocol to specify what the switch should do following power up transmit a Bootp request transmit a DHCP request or do nothing none The factory default is DHCP 7 Use DHCP Vendor Class Identifier to enable DHCP Vendorld option on the client 8 Use DHCP Vendor Class Identifier String to specify DHCP Vendorld option string on the client 9 Use Management VLAN ID to specify the management VLAN ID of the switch It may be configured to any value in the range of 1 4093 The management VLAN is used for management of the switch This field is configurable for administrative users and read only for other users The following table describes IPv4 Network Configuration information Fea escrito O O Burned In MAC Address The burned in MAC address used for in band connectivity if you choose not to configure a locally administered address Chapter Configuring System Information 31 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IPv6 Network Interface Configuration To display the IPv6 Network Configuration page click System
461. n continues to perform its duties after it determines that its translator status has been deposed by another router Use No Redistribute Mode to configure the NSSA ABR so that learned external routes will not be redistributed to the NSSA Click ADD to configure the area as a NSSA area Click DELETE to delete the NSSA area designation The area will be returned to normal state 242 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description SPF Runs The number of times that the intra area route table has been calculated using this area s link state database This is typically done using Dijkstra s algorithm Area Border Router Count The total number of area border routers reachable within this area This is initially zero and is calculated in each SPF Pass Area LSA Count The total number of link state advertisements in this area s link state database excluding AS External LSAs Area LSA Checksum The 32 bit unsigned sum of the link state advertisements LS checksums contained in this area s link state database This sum excludes external LS type 5 link state advertisements The sum can be used to determine if there has been a change in a router s link state database and to compare the link state database of two routers Translator State The field tells you if and how the NSSA border router translates type 7 into type 5 e enabled The NSSA border r
462. n for the remaining values Simple Policy Use this attribute to establish the traffic policing style for the specified class This command uses single data rate and burst size resulting in two outcomes conform and violate 4 If you select the Simple Policy attribute you can configure the following fields e Color Mode This lists the color mode The default is Color Blind e Color Blind e Color Aware Color Aware mode requires the existence of one or more color classes that are valid for use with this policy instance A valid color class contains a single non excluded Chapter Configuring Quality of Service 357 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual match criterion for one of the following fields provided the field does not conflict with the classifier of the policy instance itself e CoS IP DSCP IP Precedence e Committed Rate This value is specified in the range 1 to 4294967295 kilobits per second Kbps e Committed Burst Size This value is specified in the range 1 to 128 KBytes The committed burst size is used to determine the amount of conforming traffic allowed e Conform Action This lists the actions to be taken on conforming packets per the policing metrics from which one can be selected The default is send e Violate Action This lists the actions to be taken on violating packets per the policing metrics from which one can be selected The defau
463. n how the IT manager has set up the VLANs VLANs have a number of advantages e Itis easy to do network segmentation Users that communicate most frequently with each other can be grouped into common VLANs regardless of physical location Each group s traffic is contained largely within the VLAN reducing extraneous traffic and improving the efficiency of the whole network Appendix Configuration Examples 509 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual They are easy to manage The addition of nodes as well as moves and other changes can be dealt with quickly and conveniently from a management interface rather than from the wiring closet They provide increased performance VLANs free up bandwidth by limiting node to node and broadcast traffic throughout the network They ensure enhanced network security VLANs create virtual boundaries that can be crossed only through a router So standard router based security measures can be used to restrict access to each VLAN Packets received by the switch are treated in the following way When an untagged packet enters a port it is automatically tagged with the port s default VLAN ID tag number Each port has a default VLAN ID setting that is user configurable the default setting is 1 The default VLAN ID setting for each port can be changed in the Port PVID Configuration screen See Port PV D Configuration on page 144 When a tagged packet enters
464. n on page 316 Mroute Table This screen displays contents of the Mroute Table in tabular form To display the Mroute Table page click Routing gt Multicast Mroute Table Mroute Table Mroute Table D Group Source Incoming Outgoing Up Expiry RPF Protocol Flags IP IP Interface Interfaces Time hh mm ss Time hh mm ss Neighbor 9 Field Description Source IP The IP address of the multicast packet source to be combined with the Group IP to fully identify a single route whose Mroute table entry Group IP The destination group IP address Incoming Interface The incoming interface on which multicast packets for this source group arrive Outgoing Interface s The list of outgoing interfaces on which multicast packets for this source group are forwarded Up Time hh mm ss The time in seconds since the entry was created Expiry Time hh mm ss The time in seconds before this entry will age out and be removed from the table RPF Neighbor The IP address of the Reverse Path Forwarding neighbor 292 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Protocol The multicast routing protocol which created this entry The possibilities are e PIM DM e PIM SM e DVMRP Flags The value displayed in this field is valid if the multicast routing protocol running is PIMSM The possible values are RPT or
465. n order to support licensing features The factory default is Archive 2 If you are downloading a GSM7352Sv1 or GSM7352Sv2 image Archive select the image on the switch to overwrite This field is only visible when Archive is selected as the File Type Note It is recommended that you not overwrite the active image The system will display a warning that you are trying to overwrite the active image 3 Click Browse to open a file upload window to locate the file you want to download 4 Click Cancel to cancel the operation on the screen and reset the data on the screen to the latest value of the switch 5 Click the Apply button to initiate the file download Chapter Maintenance 493 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Note After a file transfer is started please wait until the page refreshes When the page refreshes the Select File option will be blanked out This indicates that the file transfer is done Note To download SSH key files SSH must be administratively disabled and there can be no active SSH sessions Note To download SSL PEM files SSL must be administratively disabled and there can be no active SSH sessions 6 Use Select File to browse give name along with path for the file you want to download You may enter up to 80 characters The factory default is blank 7 Download Status Displays the status during transfer file to the switch USB File Download
466. n the following order intra lt inter lt type 1 lt type 2 4 Use OSPF Inter to specify the OSPF inter route preference value in the router The default value is 110 The range is 1 to 255 The OSPF specification RFC 2328 requires that preferences must be given to the routes learned via OSPF in the following order intra lt inter lt type 1 lt type 2 5 Use OSPF External to specify the OSPF external route preference value in the router The default value is 110 The range is 1 to 255 The OSPF specification RFC 2328 requires that preference value must be the same for all the OSPF external route types like type1 type2 nssa1 nssa2 Field Description Local This field displays the local route preference value Chapter Routing 185 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IP The IP folder contains links to the following web pages that configure and display IP routing data e Basic on page 186 e Advanced on page 193 Basic From the Basic link you can access the following pages e IP Configuration on page 186 e Statistics on page 188 IP Configuration Use this menu to configure routing parameters for the switch as opposed to an interface To display the IP Configuration page click Routing gt IP gt Basic gt IP Configuration IP Configuration IP Configuration D Default Time to Live 64 Routing Mode O Enable Disable ICMP Echo Replies Enable
467. n un trusted port Click REFRESH to refresh the data on the screen with the latest statistics 420 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IP Source Guard The IP Source Guard folder contains links to the following features e IP Source Guard Interface Configuration on page 421 e IP Source Guard Binding Configuration on page 422 IP Source Guard Interface Configuration To display the IP Source Guard Interface Configuration page click Security gt Control gt IP Source Guard gt Interface Configuration IP Source Guard Interface Configuration IP Source Guard Interface Configuration 1 LAGS All Go To Interface 62 Interface IPSG Mode IPSG Port Security C o _ O 1 0 11 Disable Disable O woz Disable Disable C 1 0 3 Disable Disable O wos Disable Disable C 1 0 5 Disable Disable O 1 0 6 Disable Disable O 1 0 7 Disable Disable O 10 8 Disable Disable C 1 0 9 Disable Disable O 10 10 Disable Disable O 1 0 11 Disable Disable O 0 12 Disable Disable O 1 0 13 Disable Disable O 10 14 Disable Disable O 1 0 15 Disable Disable CO 1 0 16 Disable Disable C 1 0 17 Disable Disable O 10 18 Disable Disable O 1 0 19 Disable Disable O 1 0 20 Disable Disable O 1 0 21 Disable Disable O 1 0 22 Disable Disable O 10 23 Disable Disable C 1 0 24 Disable Disable i LAGS All Go To Interface co Chapter Managing Device Security 421 ProSafe XSM72
468. nd WWW Each of these values translates into its equivalent port number which is used as both the start and end of the port range Use Destination Prefix PrefixLength to enter up to 128 bit prefix combined with prefix length to be compared to a packet s destination IP Address as a match criteria for the selected IPv6 ACL rule Prefix length can be in the range 0 to 128 Use Destination L4 Port to specify a packet s destination layer 4 port as a match condition for the selected IPv6 ACL rule Destination port information is optional Destination port information can be specified in two ways a Select keyword other from the drop down menu and specify the number of the port in the range from 0 to 65535 b Select one of the keyword from the list DOMAIN ECHO FTP FTPDATA HTTP SMTP SNMP TELNET TFTP and WWW Each of these values translates into Chapter Managing Device Security 449 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual its equivalent port number which is used as both the start and end of the port range 14 Flow label is 20 bit number that is unique to an IPv6 packet used by end stations to signify quality of service handling in routers Flow label can specified within the range 0 to 1048575 15 Use IPv6 DSCP Service to specify the IP DiffServ Code Point DSCP field The DSCP is defined as the high order six bits of the Service Type octet in the IPv6 header This is an opti
469. nd an authentication ID Encryption uses the MD5 Message Digest algorithm All routers on the network must be configured with the same key and ID 8 Use Authentication Key to enter the OSPF Authentication Key for the specified interface If you do not choose to use authentication you will not be prompted to enter a key If you choose simple authentication you cannot use a key of more than eight octets If you choose encrypt the key may be up to 16 octets long The key value will only be displayed if you are logged on with Read Write privileges otherwise it will be displayed as asterisks 9 Use Authentication ID to enter the ID to be used for authentication You will only be prompted to enter an ID when you select Encrypt as the authentication type The ID is a number between 0 ad 255 inclusive 10 Click ADD to add a new virtual link to the switch 11 Click DELETE to remove the specified virtual link from the switch configuration Field Description Neighbor State Neighbor State The OSPF interface state it can be these values e Down This is the initial interface state In this state the lower level protocols have indicated that the interface is unusable In this state interface parameters will be set to their initial values All interface timers will be disabled and there will be no adjacencies associated with the interface Waiting The router is trying to determine the identity of the Backup De
470. nd reset the data on the screen to the latest value of the switch 7 Click Refresh to refresh the page with the most current data from the switch SNTP Server Status The SNTP Server Status table displays status information about the SNTP servers configured on your switch The following table describes the SNTP Global Status fields The following table displays SNTP Server Status information Field Description Address Specifies all the existing Server Addresses If no Server configuration exists a message saying No SNTP server exists flashes on the screen Last Update Time Specifies the local date and time UTC that the response from this server was used to update the system clock Last Attempt Time Specifies the local date and time UTC that this SNTP server was last queried Chapter Configuring System Information 39 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Last Attempt Status Specifies the status of the last SNTP request to this server If no packet has been received from this server a status of Other is displayed e Other None of the following enumeration values e Success The SNTP operation was successful and the system time was updated e Request Timed Out A directed SNTP request timed out without receiving a response from the SNTP server Bad Date Encoded The time provided by the SNTP server is not valid e Version
471. nds to specify the time to wait after receiving an unregister request for a VLAN or multicast group before deleting the associated entry in centiseconds This allows time for another station to assert registration for the same attribute in order to maintain uninterrupted service Enter a number between 20 and 600 0 2 to 6 0 seconds The factory default is 60 centiseconds 0 6 seconds An instance of this timer exists for each GARP participant for each port 6 Use Leave All Time centiseconds to control how frequently LeaveAll PDUs are generated A LeaveAll PDU indicates that all registrations will shortly be deregistered Participants will need to rejoin in order to maintain registration The Leave All Period Timer is set to a random value in the range of LeaveAllTime to 1 5 LeaveAllTime The timer is specified in centiseconds Enter a number between 200 and 6000 2 to 60 seconds The factory default is 1000 centiseconds 10 seconds An instance of this timer exists for each GARP participant for each port Spanning Tree Protocol The Spanning Tree Protocol STP provides a tree topology for any arrangement of bridges STP also provides one path between end stations on a network eliminating loops Spanning tree versions supported include Common STP Multiple STP and Rapid STP Classic STP provides a single path between end stations avoiding and eliminating loops For information on configuring Common STP see lt pdf gt CST Port Configur
472. ng the UDP port 62 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DHCPv 6 Server DHCP is generally used between clients e g hosts and servers e g routers for the purpose of assigning IP addresses gateways and other networking definitions such as DNS NTP and or SIP parameters However IPv6 natively provides for auto configuration of IP addresses through IPv6 Neighbor Discovery Protocol NDP and the use of Router Advertisement messages Thus the role of DHCPv6 within the network is different than that of DHCPv4 in that it is less relied upon for IP address assignment From the DHCPv6 Server link you can access the following pages e DHCPv6 Server Configuration on page 63 e DHCPv6 Pool Configuration on page 64 e DHCPVv6 Prefix Delegation Configuration on page 65 e DHCPv6 Interface Configuration on page 67 e DHCPv6 Bindings Information on page 68 e DHCPv6 Server Statistics on page 69 DHCPv 6 Server Configuration To display the DHCPv6 Server Configuration page click System gt Services gt DHCPv6 Server gt DHCPv6 Server Configuration A screen similar to the following displays DHCPv6 Server Configuration DHCPv6 Server Configuration Admin Mode Disable Enable DHCPv6 Server DUID 1 Use Admin Mode to specify DHCPv6 operation on the switch Value is enabled or disabled Field Description DHCPVv6 Server DUID S
473. nge is automatically applied to all ports in the system To display the Interface Queue Configuration page click the QoS gt CoS gt Advanced gt Interface Queue Configuration Interface Queue Configuration Interface Queue Configuration 1 LAGS All Go To Interface GO e Interface eoue Te Scheduler Type Queue Management Type Bandwidth ee a C 1 o 1 0 0 Weighted TailDrop C 170 2 o o Weighted TailDrop Ol 1 0 3 0 0 Weighted TailDrop C 10 4 0 0 Weighted TailDrop CO 170 5 0 0 Weighted TailDrop C 1 0 6 0 0 Weighted TailDrop O 1 0 7 0 0 Weighted TailDrop CI 10 8 0 0 Weighted TailDrop O 170 9 0 0 Weighted TailDrop C 1 0 10 0 0 Weighted TailDrop CO 1 0 11 0 0 Weighted TailDrop O 1 0 12 0 0 Weighted TailOrop Ol 1 0 13 0 0 Weighted TailDrop O 1 0 14 0 0 Weighted TailDrop Ol 1 0 15 0 0 Weighted TailDrop CI 1 0 16 0 o Weighted TailDrop C 1 0 17 0 0 Weighted TailDrop CO 1 0 18 0 0 Weighted TailDrop O 1 0 19 0 0 Weighted TailDrop C 1 0 20 0 0 Weighted TailDrop O 1 0 21 0 0 Weighted TailDrop C 1 0 22 0 0 Weighted TailDrop CJ 1 0 23 0 0 Weighted TailDrop MI anma a a ee et 342 Chapter Configuring Quality of Service ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual To configure CoS queue settings for an interface 1 Select the check box next to the port or LAG to configure You can select multiple ports and LAGs to apply the same setting to the selected interfaces Select the check box
474. ning tree operation is enabled on the switch Value is enabled or disabled Use Force Protocol Version to specify the Force Protocol Version parameter for the switch The options are IEEE 802 1d IEEE 802 1w and IEEE 802 1s Use Configuration Name to specify the identifier used to identify the configuration currently being used It may be up to 32 alphanumeric characters 132 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Use Configuration Revision Level to specify the identifier used to identify the configuration currently being used The values allowed are between 0 and 65535 The default value is 0 Use Forward BPDU while STP Disabled to specify whether spanning tree BPDUs should be forwarded while spanning tree is disabled on the switch Value is enabled or disabled Use BPDU Guard to specify whether the BPDU guard feature is enabled The STP BPDU guard allows a network administrator to enforce the STP domain borders and keep the active topology be consistent and predictable The switches behind the edge ports that have STP BPDU guard enabled will not be able to influence the overall STP topology At the reception of BPDUs the BPDU guard operation disables the port that is configured with this option and transitions the port into disable state This would lead to administrative disable of the port Use BPDU Filter to specify whether the BPDU Filter feat
475. nk state databases of two routers This value is in hexadecimal AS_OPAQUE LSA Count The number of opaque LSAs with domain wide flooding scope AS_OPAQUE LSA Checksum The sum of the LS checksums of the opaque LSAs with domain wide flooding scope This sum can be used to determine if there has been a change ina router s link state database and to compare the link state databases of two routers This value is in hexadecimal Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description New LSAs Originated LSAs Received Common Area Configuration In any given OSPF area a router will originate several LSAs Each router originates a router LSA If the router is also the Designated Router for any of the area s networks it will originate network LSAs for those networks This value represents the number of LSAs originated by this router The number of LSAs link state advertisements received that were determined to be new instantiations This number does not include newer instantiations of self originated LSAs The OSPF Common Area Configuration page lets you create a Common Area Configuration once you have enabled OSPF on an interface At least one router must have OSPF enabled for this web page to display To display the Common Area Configuration page click Routing gt OSPF gt Advanced gt Common Area Configuration Common Area Con
476. ns are disabled no new outbound telnet sessions are established An established session remains active until the session is ended or an abnormal network error ends the session 1 Use Allow New Telnet Sessions to specify whether the new Outbound Telnet Session is Enabled or Disabled Default value is Enabled 2 Use Maximum Number of Sessions to specify the maximum number of Outbound Telnet Sessions allowed Default value is 5 Valid Range is 0 to 5 3 Use Session Timeout to specify the Outbound Telnet login inactivity time out Default value is 5 Valid Range is 1 to 160 4 Current Number of Sessions Displays the number of current sessions 388 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Console Port To display the Console Port page click Security gt Access gt Console Port Console Port Console Port Serial Port Login Timeout minutes Baud Rate bps Character Size bits Flow Control Stop Bits Parity Login Authentication List Enable Authentication List 1 Use Serial Port Login Timeout minutes to specify how many minutes of inactivity 5 9600 i 8 Disable 1 None defaultList enablelist v should occur on a serial port connection before the switch closes the connection Enter a number between 0 and 160 the factory default is 5 Entering 0 disables the time out 2 Use Baud Rate bps to select the default baud rate f
477. nstalled in the IPv4 and IPv6 unicast forwarding tables IPv4 Multicast Routes The maximum number of IPv4 multicast forwarding table entries IPv6 Multicast Routes The maximum number of IPv6 multicast forwarding table entries 44 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual License The License link is available only for models XSM7224S GSM7328Sv1 GSM7352Sv1 GSM7328FS GSM7228PS and GSM7252PS From the License link you can access the following pages e License Key on page 45 e License Features on page 46 License Key To display the License Key page click System gt License gt License Key A screen similar to the following displays License Key License Key g License Date Sept 27 2010 License Copy 1 License Status Active Description License key is active This page provides information about available License Keys for various features By default those License Keys are not available If License Key for feature is not available user will not be allowed to configure this functionality Available License Key allows user to configure functionality The following table describes the License Key fields Field Description License date The date the license is purchased License copy The information about the number of license License Status Show whether License is Active Inactive Inactive means that user should downl
478. nterface Captive Portal Group Configuration When you click Add from the CP Group Configuration page the screen refreshes and you can add a new group to the User Group database To display the Captive Portal Group Configuration page click Security gt Control gt Captive Portal gt CP Group Configuration CP Group Configuration CP Group Configuration E Group ID Group Name Eia Default 1 Use the Group ID pull down menu to select the Group ID for which to create or update a group 2 Use Group Name to enter the name of the user group Name can contain 1 to 31 alphanumeric characters 3 Click ADD to add a new group 4 Click DELETE to remove the currently selected group Chapter Managing Device Security 433 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Captive Portal User Configuration When you click Add from the CP User Configuration page the screen refreshes and you can add a new user to the Local User database To display the Captive Portal User Configuration page click Security gt Control gt Captive Portal gt CP User Configuration CP Uwer Contiger ation en oy 1 User ID identifies the name of the user 2 Use User Name to enter the name of the user Name can contain 1 to 31 alphanumeric characters User names once created cannot be changed modified 3 Set Edit Password to Enable only when you want to change the password The defaul
479. nterface This parameter shows the interface on which multicast packets are forwarded This parameter shows group compatibility mode v1 v2 and v3 for this group on the specified interface Source Filter Mode The source filter mode Include Exclude NA for the specified group on this interface Source Hosts This parameter shows source addresses which are members of this multicast address Expiry Time This parameter shows expiry time interval against each source address which are members of this multicast group This is the amount of time after which the specified source entry is aged out Click REFRESH to refresh the data on the screen with latest IGMP member information Chapter Routing 305 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IGMP Proxy Interface Configuration To display the IGMP Proxy Interface Configuration page click Routing gt Multicast IGMP gt Proxy Interface Configuration IGMP Proxy Interface Configuration IGMP Proxy Interface Configuration Interface 1 0 1 iv Admin Mode Disable Unsolicited Report Interval 1 IP Address 0 0 0 0 Subnet Mask 0 0 0 0 Operational Mode Disable Querier Address on Proxy Interface Number of Groups Version 3 Version 1 Querier Timeout Version 2 Querier Timeout Proxy Start Frequency 1 Use Interface to select the port for which data is to be configured You must have configured at least
480. ntry followed by the remaining greater mac addresses Field Description Total MAC Address Displaying the number of total MAC addresses learned or configured MAC Address A unicast MAC address for which the switch has forwarding and or filtering information The format is a 6 byte MAC Address that is separated by colons for example 01 23 45 67 89 AB VLAN ID The VLAN ID associated with the MAC Address Port The port upon which this address was learned Status The status of this entry The meanings of the values are Static the value of the corresponding instance was added by the system or a user and cannot be relearned e Learned the value of the corresponding instance was learned and is being used e Management the value of the corresponding instance is also the value of an existing instance of dotidStaticAddress Chapter Configuring Switching Information 165 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Advanced From the Advanced link you can access the following pages e Dynamic Addresses on page 166 e Address Table on page 167 Dynamic Addresses This page allows the user to set the Address Aging Interval for the specified forwarding database To display the Address Table page click Switching gt Address Table gt Advanced gt Dynamic Addresses Dynamic Address Table Dynamic Address Table Address Aging Timeout seconds
481. nual Field Description Interface The interface on which the IGMP is enabled IP Address The IP address of the selected interface Subnet Mask The subnet mask for the IP address of the selected interface Protocol State The operational state of IGMP on the selected interface Querier IP The address of the IGMP querier on the IP subnet to which the selected interface is attached Querier Status Indicates whether the selected interface is in querier or non querier mode Querier Up Time The time in seconds since the IGMP interface querier was last changed Querier Expiry Time The time in seconds remaining before the other querier present timer expires If the local system is the querier this will be zero Wrong Version Queries Received The number of queries that have been received on the selected interface with an IGMP version that does not match the IGMP version configured for the interface over the lifetime of the entry IGMP requires that all routers on a LAN be configured to run the same version of IGMP Therefore a configuration error is indicated if any queries are received with the wrong version number Number of Joins Received The number of times a group membership has been added on the selected interface that is the number of times an entry for this interface has been added to the cache table This gives an indication of the amount of IGMP activity on the interface Number of Groups The cu
482. nvalid cable type C 1 0 21 untested C 1 0 22 untested O 1 0 23 untested O 1 0 24 untested 13 all Go To Interface GO 1 Interface Indicates the interface to which the cable to be tested is connected 2 Click Apply to perform a cable test on the selected interface The cable test may take up to 2 seconds to complete If the port has an active link then the link is not taken down and the cable status is always Normal The command returns a cable length estimate if this feature is supported by the PHY for the current link speed Note that if the link is down and a cable is attached to a 10 100 Ethernet adapter then the cable status may be Open or Short because some Ethernet adapters leave unused wire pairs unterminated or grounded 466 Chapter Monitoring the System ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Cable Status Cable Length Description This displays the cable status as Normal Open or Short e Normal the cable is working correctly e Open the cable is disconnected or there is a faulty connector e Short there is an electrical short in the cable Cable Test Failed The cable status could not be determined The cable may in fact be working The estimated length of the cable in meters The length is displayed as a range between the shortest estimated length and the longest estimated length Unknown is displayed if the cable length could no
483. ny changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment e This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation For product available in the USA market only channel 1 11 can be operated Selection of other channels is not possible e This device and its antenna s must not be co located or operation in conjunction with any other antenna or transmitter Industry Canada This device complies with RSS 210 of the Industry Canada Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation IMPORTANT NOTE Radiation Exposure Statement This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with minimum distance 20cm between the radiator amp your body Caution The device for the band 5150 5250 MHz is only for indoor usage to reduce po tential for harmful interference to co channel mobile satellite systems High power radars are allocated as primary users meaning they ha
484. o Configuration Mode to set the IPv6 address for the IPv6 network interface in auto configuration mode if this option is enabled The default value is disable 32 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 8 9 Auto configuration can be enabled only when IPv6 Auto config or DHCPv6 are not enabled on any of the management interfaces Use Current Network Configuration Protocol to configure the IPv6 address for the IPv6 network interface by DHCPV 6 protocol if this option is enabled The default value is None DHCPVv 6 can be enabled only when IPv6 Auto config or DHCPv6 are not enabled on any of the management interfaces Use DHCPv6 Client DUID to specify an Identifier used to identify the client s unique DUID value This option only displays when DHCPV6 is enabled Use IPv6 Gateway to specify the gateway for the IPv6 network interface The gateway address is in IPv6 global or link local address format Use IPv6 Prefix Prefix Length to add the IPv 6 prefix and prefix length to the IPv6 network interface The address is in global address format Use EUI64 to specify whether to format the IPv6 address in EUI 64 format Default value is false Click ADD to add a new IPv6 address in global format Click DELETE to delete a selected IPv6 address IPv Network Interface Neighbor Table Use this page to display IPv6 Network Port Neighbor entries To displ
485. o To Port Go Operational TLV s Transmit Link System System System Port Transmit Receive Notify Management Status Name Description Capabilities Description Information a E S eee eee eee O wo Down Enable Enable Disable Enable Enable Enable Enable Enable O No2 Down Enable Enable Disable Enable Enable Enable Enable Enable O 1 03 Down Enable Enable Disable Enable Enable Enadle Enable Enable O uas Down Enable Enable Disable Enable Enable Enable Enable Enable C O05 Down Enable Enable Disable Enable Enable Enable Enable Enable 1 w0 6 Down Enable Enable Disable Enable Enable Enable Enable Enable O uva Oown Enable Enable Disable Enable Enable Enable Enable Enable O 10 8 own Enable Enable Disable Enable Enable Enable Enable Enable O 1 09 Down Enable Enable Disable Enable Enable Enable Enable Enable O 0 10 Down Enable Enable Disable Enable Enable Enable Enable Enable C 12 0 11 Oown Enable Enable Disable Enable Enable Enable Enable Enable O 1 0 12 Down Enable Enable Disable Enable Enable Enable Enable Enable O wWo 23 up Enable Enable Orsable Enable Enable Enable Enable Enable O nois Down Enable Enable Disable Enable Enable Enable Enable Enable O wots Down Enable Enable Disable Enable Enable Enable Enable Enable O w0 16 Oown Enable Enable Disable Enable Enable Enable Enable Enable O 12 0 17 Down Enable Enable Disable Enable Enable Enable Enable Enable O 0 18 Down Enable Enable Disable Enable Enable Enable Enable Enable O 0 29 Down Enable Enable Disa
486. o be applied to the Source IPv6 address 3 Use RPF Neighbor to enter the IP address of the neighbor router on the path to the source 4 Use Metric to enter the link state cost of the path to the multicast source The range is 0 255 and the default is 1 You can change the metric for a configured route by selecting the static route and editing this field 5 Use RPF Interface to select the interface number from the drop dead menu This is the interface that connects to the neighbor router for the given source IP address 6 Click ADD to add a new static route to the switch 7 Click DELETE to delete the multicast static routes selected Chapter Routing 335 Configuring Quality of Service Use the features in the QoS tab to configure Quality of Service QoS settings on the switch The QoS tab contains links to the following features e Class of Service on page 335 e Differentiated Services on page 343 In a typical switch each physical port consists of one or more queues for transmitting packets on the attached network Multiple queues per port are often provided to give preference to certain packets over others based on user defined criteria When a packet is queued for transmission in a port the rate at which it is serviced depends on how the queue is configured and possibly the amount of traffic present in the other queues of the port If a delay is necessary packets get held in the queue until the scheduler authorizes the qu
487. o display the Line Password Configuration page click Security gt Management Security gt Line Password Line Password Configuration Line Password Configuration Console Password eececece Confirm Console Password eeeeceee Telnet Password eeecceee Confirm Telnet Password eeccecees SSH Password eeeccece Confirm SSH Password TITTI 1 Use Console Password to enter the Console password Passwords are a maximum of 64 alphanumeric characters 2 Use Confirm Console Password to enter the password again to confirm that you entered it correctly 3 Use Telnet Password to enter the Telnet password Passwords are a maximum of 64 alphanumeric characters 4 Use Confirm Telnet Password to enter the password again to confirm that you entered it correctly Chapter Managing Device Security 365 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e The Encrypted option allows the administrator to transfer the privileged EXEC password between devices without having to know the password The Password field must be exactly 128 hexidecimal characters 5 Use SSH Password to enter the SSH password Passwords are a maximum of 64 alphanumeric characters 6 Use Confirm SSH Password to enter the password again to confirm that you entered it correctly e The Encrypted option allows the administrator to transfer the privileged EXEC password between devices without having to know the password The Password field
488. o select the VLAN from the list for the binding rule Use IP Address to specify valid IP Address for the binding rule Click ADD to add IPSG static binding entry into the database Click DELETE to delete selected static entries from the database oo e0 P 422 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Dynamic Binding Configuration Field Description Interface Displays the interface to add a binding into the IPSG database MAC Address Displays the MAC address for the binding entry VLAN ID Displays the VLAN from the list for the binding entry IP Address Displays valid IP Address for the binding entry Filter Type Filter Type using on the interface one is source IP address filter type the other is source IP address and MAC address filter type Click CLEAR to clear all the dynamic binding entries Dynamic ARP Inspection The Dynamic ARP Inspection DAI folder contains links to the following features e DAI Configuration on page 423 e DAI VLAN Configuration on page 424 e DAI Interface Configuration on page 425 e DAI ACL Configuration on page 426 e DAI ACL Rule Configuration on page 426 e DAI Statistics on page 427 DAI Configuration To display the DAI Configuration page click Security gt Control gt Dynamic ARP Inspection gt DAI Configuration Dynamic ARP Inspection Configuration lw Dynamic ARP Inspection
489. o select the link layer encapsulation type for packets transmitted from the specified interface from the pull down menu The possible values are Ethernet and SNAP The default is Ethernet 10 Use Proxy Arp to disable or enable proxy Arp for the specified interface from the pull down menu 11 Use Local Proxy Arp to disable or enable Local Proxy ARP for the specified interface from the pull down menu 12 Use Bandwidth to specify the configured bandwidth on this interface This parameter communicates the speed of the interface to higher level protocols OSPF uses bandwidth to compute link cost Valid range is 1 to 10000000 13 Use ICMP Destination Unreachables to specify the Mode of Sending ICMP Destination Unreachables on this interface If this is Disabled then this interface will not send ICMP Destination Unreachables By default Destination Unreachables mode is enable 14 Use ICMP Redirects to enable disable ICMP Redirects Mode The router sends an ICMP Redirect on an interface only if Redirects are enabled both globally and on the interface By default ICMP Redirects Mode is enable 15 Use IP MTU to specify the maximum size of IP packets sent on an interface Valid range is 68 bytes to the link MTU Default value is 0 A value of O indicates that the IP MTU is unconfigured When the IP MTU is unconfigured the router uses the link MTU as the IP MTU The link MTU is the maximum frame size minus the length of the layer 2 header Field Descrip
490. o solve this problem The switch uses the information in the IGMP packets as they are being forwarded throughout the network to determine which segments should receive packets directed to the group address From the IGMP Snooping link you can access the following pages e IGMP Snooping Configuration on page 147 e IGMP Snooping Interface Configuration on page 149 e IGMP VLAN Configuration on page 150 e Multicast Router Configuration on page 152 Multicast Router VLAN Configuration on page 153 e IGMP Snooping Querier on page 153 e IGMP Snooping Querier Configuration on page 154 e IGMP Snooping Querier VLAN Configuration on page 155 IGMP Snooping Configuration Use the IGMP Snooping Configuration page to configure the parameters for IGMP snooping which is used to build forwarding lists for multicast traffic Note that only a user with Read Write access privileges may change the data on this screen To access the IGMP Snooping Configuration page click Switching gt Multicast gt IGMP Snooping gt Configuration IGMP Snooping Configuration IGMP Snooping Configuration Admin Mode Disable Enable Unknown Multicast Filtering Disable Enable Multicast Control Frame Count 0 IGMP Router Alert check Disable Enable Interfaces Enabled for IGMP Snooping Data Frames Forwarded by the CPU 0 i VLAN IDs Enabled for IGMP Snooping To configure IGMP Snooping 1 Use the Admin Mode Enable Disable radio button to selec
491. o track on an ingress interface You can define simple BA classifiers DSCP and a wide variety of multi field MF classifiers e Layer 2 Layers 3 4 IP only e Protocol based e Address based You can combine these classifiers with logical AND or OR operations to build complex MF classifiers by specifying a class type of all or any respectively That is within a single class multiple match criteria are grouped together as an AND expression or a sequential OR expression depending on the defined class type Only classes of the same type can be nested class nesting does not allow for the negation i e exclude option of the referenced class To configure DiffServ you must define service levels namely the forwarding classes PHBs identified by a given DSCP value on the egress interface These service levels are defined by configuring BA classes for each Creating Policies Use DiffServ policies to associate a collection of classes that you configure with one or more QoS policy statements The result of this association is referred to as a policy From a DiffServ perspective there are two types of policies e Traffic Conditioning Policy a policy applied to a DiffServ traffic class e Service Provisioning Policy a policy applied to a DiffServ service level You must manually configure the various statements and rules used in the traffic conditioning and service provisioning policies to achieve the desired Traffic Conditioning Spec
492. oad a license file and reboot a system Description Show status of License Key Chapter Configuring System Information 45 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual License Features To display the License Features page click System gt License gt License Features A screen similar to the following displays License Features License Features RTR_DISC OSPF RIP IGMP MCAST PIMOM DVMRP PIMSM VRRP OSPFV3 IPV6 Feature Desertion O O O Features Displays list of features that require licensing 46 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Services From the Services link you can access the following pages e DHCP Server on page 47 e DHCP Relay on page 56 e DHCP L2 Relay on page 57 e UDP Relay on page 60 e DHCPv6 Server on page 63 e DHCPv6 Relay on page 71 DHCP Server From the DHCP Server link you can access the following pages e DHCP Server Configuration on page 47 e DHCP Pool Configuration on page 49 e DHCP Pool Options on page 52 e DHCP Server Statistics on page 53 e DHCP Bindings Information on page 54 e DHCP Conflicts Information on page 55 DHCP Server Configuration To display the DHCP Server Configuration page click System gt Services gt DHCP Server gt DHCP Server Configuration A screen similar to the following displays DHCP Ser
493. of the product s or circuit layout s described herein Revision History Publication Part Number Version Publish Date Comments 202 10893 01 v1 0 May 18 2011 First publication Contents Chapter 1 Getting Started switch Management Interface 66 ce de eee eee 10 Web ACCESS 6 66 errore ek kin ee beohew sb REI EEE eee 10 Understanding the User Interfaces auaa 11 Using the Web Interface ic sicssccrrireiccreresrerirerreu 11 Using SNMP 2 062 224 pnnt rataa eA aN eA 16 Interface Naming Convention 3 00 00 6 aaaea 16 Chapter 2 Configuring System Information Monge MoM Ss arr israa r rake cana awed daha eavdid EAEEREN ER AAAA 18 System INTONMAUON 2 esnereesrresrrr eaaa 2440 neria DERRE EAS 19 Switch Statisties seccare ae aed dae E ai EA E a A EA 23 System CPU SAWS 2244 dts tose EEEE EE RE 26 Slot Informatio x 5 as asec seem aig Goh Rak Sun E A RA Ba RRE Reo 27 Loopback Menace osu rannta a a e a ait 29 Network Inteiface as lt 4 d 2 hs tok aed cavers i ai neers eee s 30 E E EE EE E aera E E AE VE oe eee 34 DNS aii aee a aa ar a aera On e a a ee er eee 41 SDM Template Preference nanan annaa aa 43 LICENSE sesnrrasa teon tpo iine e AE E Aches E Gn ee 45 Lcon e KC 5 she dd ede ahd ears E A RESE 45 License Features me cuia aa a ethane d tebe eee a ae ee add 46 DEIVICES 3 5 seg greg ede kick OG yea WEAR Dam E eR Rel ae Ra RRA 47 DHCP SNG ic4 0 20 54092d4 o2405045 d5080o240d6 Sas ameEra 47 D
494. of Solicits DHCPv6 Request Packets Received Specifies the number of Requests DHCPv6 Confirm Packets Received Specifies the number of Confirms DHCPv6 Renew Packets Received Specifies the number of Renews DHCPv6 Rebind Packets Received Specifies the number of Rebinds DHCPv6 Release Packets Received Specifies the number of Releases DHCPv 6 Decline Packets Received Specifies the number of Declines DHCPv 6 Inform Packets Received Specifies the number of Informs DHCPv6 Relay forward Packets Received Specifies the number of Relay forwards DHCPV6 Relay reply Packets Received Specifies the number of Relay Replies DHCPv6 Malformed Packets Received Specifies the number of Malformed Packets Received DHCPV6 Packets Discarded Specifies the number of Packets Discarded Messages Sent Specifies the aggregate of all interface level statistics for messages sent Total DHCPv6 Packets Sent Specifies the total number of Packets Transmitted DHCPv6 Advertisement Packets Transmitted Specifies the number of Advertisements DHCPV6 Reply Packets Transmitted Specifies the number of Replies DHCPv6 Reconfig Packets Transmitted Specifies the number of Reconfigurations DHCPv6 Relay forward Packets Transmitted Specifies the number of Relay forwards DHCPVv6 Relay reply Packets Transmitted Specifies the number of Relay Replies 70 Chapter Configuring System Information ProSafe XSM7224S 10G Mana
495. of opaque LSAs whose flooding scope is the link on this interface Local Link LSA Checksum The sum of the checksums of local link LSAs for this link Chapter Routing 247 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual OSPF Interface Statistics This screen displays statistics for the selected interface The information will be displayed only if OSPF is enabled To display the OSPF Interface Statistics page click Routing gt OSPF gt Advanced gt OSPF Interface Statistics 248 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual OSPF Interface Statistics OSPF Interface Selection Interface 1 0 1 OSPF Interface Statistics OSPF Area ID Area Border Router Count AS Border Router Count Area LSA Count IP Address 0 0 0 0 Interface Events Virtual Events Neighbor Events External LSA Count Sent Packets Received Packets Discards Bad Version Source Not On Local Subnet Virtual Link Not Found Area Mismatch Invalid Destination Address Wrong Authentication Type Authentication Failure No Neighbor at Source Address Invalid OSPF Packet Type Hellos Ignored Hellos Sent Hellos Received DD Packets Sent DD Packets Received LS Requests Sent LS Requests Received LS Updates Sent LS Updates Received LS Acknowledaements Sent Interface Selects the interface for which data is to be displayed Chapter Routing
496. ol e SFTP Secure File Transfer Program e SCP Secure Copy 3 Use Server Address Type to specify either IPv4 or IPv6 to indicate the format of the TFTP SFTP SCP Server Address field The factory default is IPv4 4 Use Server Address to enter the IP address of the server in accordance with the format indicated by the Server Address Type The factory default is the IPv4 address 0 0 0 0 5 Use Remote File Name to enter the name on the TFTP server of the file you want to download You may enter up to 32 characters The factory default is blank SSH From the SSH link you can access the following pages e SSH Configuration on page 384 e Host Keys Management on page 385 e Host Keys Download on page 386 SSH Configuration To display the SSH Configuration page click Security gt Access gt SSH gt SSH Configuration SSH Configuration SSH Configuration SSH Admin Mode Disable Enable SSH Version 1 Disable Enable SSH Version 2 Disable Enable SSH Session Timeout 5 Maximum Number of SSH Sessions 5 Current Number of SSH Sessions 0 Keys Present Yes Login Authentication List networkList Enable Authentication List enableList v 1 Use SSH Admin Mode to Enable or Disable the administrative mode of SSH The currently configured value is shown when the web page is displayed The default value is Disable 2 Use SSH Version 1 to Enable or Disable Protocol Level 1 for SSH The currently configured value is shown when
497. ol mode is only set if the link status of the port is link up The options are e force unauthorized The authenticator port access entity PAE unconditionally sets the controlled port to unauthorized e force authorized The authenticator PAE unconditionally sets the controlled port to authorized e auto The authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant authenticator and the authentication server e mac based The authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant authenticator and the authentication server on a per supplicant basis Quiet Period This input field allows the user to configure the quiet period for the selected port This command sets the value in seconds of the timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant The quiet period is the period for which the authenticator does not attempt to acquire a supplicant after a failed authentication exchange with the supplicant The quiet period must be a number in the range of 0 Chapter Managing Device Security 395 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual and 65535 A quiet period value of 0 means that the authenticator state machine will never acquire a supplicant The default value is 6
498. on Traps Enables or disables the sending of new violation traps designating when a packet with a disallowed MAC address is received on a locked port Dynamic MAC Address Use the Dynamic MAC Address page to convert a dynamically learned MAC address to a statically locked address To display the Dynamic MAC Address page click Security gt Traffic Control gt Port Security gt Dynamic MAC Address Dynamic MAC Address Table Port Security Settings g Convert Dynamic Address to Static Number Of Dynamic MAC Addresses Learned 0 Dynamic MAC Address Table Port List 1 0 1 VLAN ID MAC Address To convert learned MAC addresses 1 Port List Select the physical interface for which you want to display data 2 Use Convert Dynamic Address to Static to convert a dynamically learned MAC address to a statically locked address The Dynamic MAC address entries are converted to Static MAC address entries in a numerically ascending order until the Static limit is reached 3 Click REFRESH to refresh the web page to show the latest MAC address learned on a specific port Chapter Managing Device Security 407 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual The Dynamic MAC Address Table shows the MAC addresses and their associated VLANs learned on the selected port Use the Port List menu to select the interface for which you want to display data Feis escrito O O Number of Dyn
499. onal configuration Enter an integer from 0 to 63 The IPv6 DSCP is selected by possibly selection one of the DSCP keyword from a dropdown box If a value is to be selected by specifying its numeric value then select the Other option in the dropdown box and a text box will appear where the numeric value of the DSCP can be entered 16 Click ADD to add an IPV6 rule 17 Use DELETE to select the checkbox of the rule you want to delete and click DELETE IP Binding Configuration When an ACL is bound to an interface all the rules that have been defined are applied to the selected interface Use the IP Binding Configuration page to assign ACL lists to ACL Priorities and Interfaces To display the IP Binding Configuration page click Security gt ACL gt Advanced gt IP Binding Configuration IP Binding Configuration Binding Configuration Sequence Number ios 1 to 4294967295 Port Selection Table Interface Binding Status ACL Type ACLID Name Sequence Number To configure IP ACL interface bindings 1 Select an existing IP ACL from the ACL ID menu The packet filtering direction for ACL is Inbound which means the IP ACL rules are applied to traffic entering the port 2 Specify an optional sequence number to indicate the order of this access list relative to other access lists already assigned to this interface and direction 450 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Soft
500. one router interface before configuring or displaying data for an IGMP Proxy interface and it should not be a IGMP routing interface 2 Use Admin Mode to set the administrative status of IGMP Proxy on the selected interface The default is disable Routing IGMP and Multicast global admin modes should be enabled to enable IGMP Proxy interface mode 3 Use Version to enter the version of IGMP you want to configure on the selected interface Valid values are 1 to 3 and the default value is 3 This field is configurable only when IGMP Proxy interface mode is enabled 4 Use Unsolicited Report Interval to enter the unsolicited time interval value in seconds The Unsolicited Report Interval is the time between repetitions of a host s initial report of membership in a group Valid values are from 1 to 260 The default value is 1 Field Description IP Address The IP address of the IGMP Proxy interface Subnet Mask The subnet mask for the IP address of the IGMP Proxy interface Operational Mode The operational state of IGMP Proxy interface Number of Groups The current number of multicast group entries for the IGMP Proxy interface in the cache table 306 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Version 1 Querier Timeout Version 2 Querier Timeout Proxy Start Frequency The older IGMP version 1 querier timeout value in
501. oned to root state on message age timer expiry The above example indicates a message with severity 7 15 mod 8 debug on a system that is not stack and generated by component MSTP running in thread id 2110 on Aug 24 05 34 05 by line 318 of file mstp_api c This is the 237th message logged If the system is stacked e lt 15 gt Aug 24 05 34 05 0 0 0 0 1 MSTP 2110 mspt_api c 318 237 Interface 12 transitioned to root state on message age timer expiry The above example indicates a message with severity 7 15 mod 8 debug on a system that is stacked and generated by component MSTP running in thread id 2110 on Aug 24 05 34 05 by line 318 of file mstp_api c This is the 237th message logged with system IP 0 0 0 0 and task id 1 Format of the messages e lt 15 gt Aug 24 05 34 05 STKO MSTP 2110 mspt_api c 318 237 Interface 12 transitioned to root state on message age timer expiry The above example indicates a user level message 1 with severity 7 debug ona system that is not stack and generated by component MSTP running in thread id 2110 on Aug 24 05 34 05 by line 318 of file mstp_api c This is the 237th message logged Messages logged to a collector or relay via syslog have an identical format to the above message e Total number of Messages For the message log only the latest 200 entries are displayed on the webpage Chapter Monitoring the System 469 ProSafe XSM7224S 10G Managed Stackable Switch Software Administ
502. onfiguration OSPF v3 Neighbor Table Pon Access Control Configuration Port Access Control Statistics OVMRP interface Configuration IGMP Interface Configuration MCAST Interface Configuraton Help Page Access Every page contains a link to the online help configuring and managing the switch The online help pages are context sensitive For Full Stack View eaten ProSara X5M72245 Which contains information to assist in example if the IP Addressing page is open the help topic for that page displays if you click Help Chapter Getting Started 15 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual User Defined Fields User defined fields can contain 1 to 159 characters unless otherwise noted on the configuration Web page All characters may be used except for the following unless specifically noted in for that feature lt gt i Using SNMP The ProSafe Managed Switches software supports the configuration of SNMP groups and users that can manage traps that the SNMP agent generates ProSafe Managed Switches use both standard public MIBs for standard functionality and private MIBs that support additional switch functionality All private MIBs begin with a prefix The main object for interface configuration is in SWITCHING MIB which is a private MIB Some interface configurations also involve objects in the public MIB IF MIB SNMP is enabled by default The S
503. onfiguration page to configure VLAN Routing interfaces on the system To display the VLAN Routing Configuration page click Routing gt VLAN gt VLAN Routing VLAN Routing Configuration VLAN Routing Configuration E VLAN ID Port MAC Address IP Address Subnet Mask mA ti tt 1 Use VLAN ID to enter the ID of a VLAN you want to configure for VLAN Routing The field will display the all IDs of the VLAN configured on this switch 2 Use IP Address to enter the IP Address to be configured for the VLAN Routing Interface 3 Use Subnet Mask to enter the Subnet Mask to be configured for the VLAN Routing Interface 4 Click ADD to add the VLAN Routing Interface specified in the VLAN ID field to the switch configuration 5 Click DELETE to remove the VLAN Routing Interface specified in the VLAN ID field from the switch configuration Field Description Port The interface assigned to the VLAN for routing MAC Address The MAC Address assigned to the VLAN Routing Interface Chapter Routing 221 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual ARP The ARP protocol associates a layer 2 MAC address with a layer 3 IPv4 address ProSafe Managed Switches software features both dynamic and manual ARP configuration With manual ARP configuration you can statically add entries into the ARP table ARP is a necessary part of the internet protocol IP and is used to translate an IP
504. oopback Primary IP Primary IP Subnet Loopback Interface ID Address Mask Status oO a CCC E 1 Use the Loopback Interface Type field to select IPv4 or IPv6 loopback interface to configure the corresponding attributes 2 Use the Loopback ID field to select list of currently configured loopback interfaces 3 Use the Primary Address field to input the primary IPv4 address for this interface in dotted decimal notation This option only visible when IPv4 loopback is selected 4 Use the Primary Mask field to input the primary IPv4 subnet mask for this interface in dotted decimal notation This option only visible when IPv4 loopback is selected 5 Use the Secondary IP Address field to input the secondary IP address for this interface in dotted decimal notation This input field is visible only when Add Secondary is selected This option only visible when IPv4 loopback is selected 6 Use the Secondary Subnet Mask field to input the secondary subnet mask for this interface in dotted decimal notation This input field is visible only when Add Secondary is selected This option only visible when IPv4 loopback is selected 7 Use the IPv6 Mode field to enable IPv6 on this interface using the IPv6 address This option is only configurable prior to specifying an explicit IPv6 address This option only visible when IPv6 loopback is selected 8 Use the IPv6 Address field to enter the IPv6 address in the format prefix length This option onl
505. oose encrypt the key ID may be in range from 0 to 255 The key ID value will be displayed only if you are logged on with Read Write privileges 8 Click CANCEL to display a new screen where you can select the authentication method for the virtual link RIP Status Field Description Interface Displays the interface for which data is configured IP Address Displays the IP Address of the router interface Send Version Displays the version of RIP control packets the interface should send from the pull down menu The value is one of the following RIP 1 send RIP version 1 formatted packets via broadcast e RIP 1c RIP version 1 compatibility mode Send RIP version 2 formatted packets via broadcast e RIP 2 send RIP version 2 packets using multicast The default is RIP 2 e None no RIP control packets will be sent Chapter Routing 231 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fes escrito O O Receive Version Displays what RIP control packets the interface will accept from the pull down menu The value is one of the following e RIP 1 accept only RIP version 1 formatted packets e RIP 2 accept only RIP version 2 formatted packets The default is RIP 2 e Both accept packets in either format e None no RIP control packets will be accepted Admin Mode Link State Bad Packets Received Bad Routes Received Updates Sent
506. opology Change Topology Change Count Topology Change Designated Root Root Path Cost Root Port Identifier Max Age secs Forward Delay secs Hold Time secs CST Regional Root CST Path Cost Port Triggered TC To configure CST settings 80 00 00 04 06 02 04 07 0 day 0 hr 30 min 22 sec 3 False 80 00 00 00 00 01 03 58 60000 80 16 20 15 6 80 00 00 04 06 02 04 07 0 1 0 13 1 Specify values for CST in the appropriate fields Bridge Priority When switches or bridges are running STP each is assigned a priority After exchanging BPDUs the switch with the lowest priority value becomes the root bridge Specifies the bridge priority value for the Common and Internal Spanning Tree CST The valid range is O 61440 The bridge priority is a multiple of 4096 If you specify a priority that is not a multiple of 4096 the priority is automatically set to the next lowest priority that is a multiple of 4096 For example if the priority is 134 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual attempted to be set to any value between 0 and 4095 it will be set to 0 The default priority is 32768 Bridge Max Age secs Specifies the bridge maximum age time for the Common and Internal Spanning Tree CST which indicates the amount of time in seconds a bridge waits before implementing a topological change The valid range is 6 40 and the value must b
507. or the serial port connection from the pull down menu You may choose from 1200 2400 4800 9600 19200 38400 57600 and 115200 baud The factory default is 9600 baud 3 Use Login Authentication List to specify which authentication list to use when you login through Telnet The default value is defaultList 4 Use Enable Authentication List to specify which authentication list you are using when going into the privileged EXEC mode The default value is enableList Field Description Character Size bits The number of bits in a character This is always 8 Flow Control Whether hardware flow control is enabled or disabled It is always disabled Stop Bits The number of stop bits per character Its is always 1 Parity The parity method used on the serial port It is always None Chapter Managing Device Security 389 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Denial of Service To display the Denial of Service page click Security gt Access gt Denial of Service Denial of Service Denial of Service Denial of Service Min TCP Header Size 20 Denial of Service ICMPv4 Disable Enable Denial of Service Max ICMPv4 Packet Size 12 Denial of Service ICMPv6 Disable Enable Denial of Service Max ICMPv6 Packet Size 512 0 to 16376 Denial of Service First Fragment Disable Enable Denial of Service ICMP Fragment Disable Enable Denial of Ser
508. orL3 packets source IP destination IP address TCP UDP ports are used Use Link Trap to specify whether you want to have a trap sent when link status changes The factory default is enable which will cause the trap to be sent Use Admin Mode to select enable or disable from the pull down menu When the LAG is disabled no traffic will flow and LACPDUs will be dropped but the links that form the LAG will not be released The factory default is enable Use STP Mode to enable or disable the Spanning Tree Protocol Administrative Mode associated with the LAG The possible values are e Disable Spanning tree is disabled for this LAG e Enable Spanning tree is enabled for this LAG Use Static Mode to select enable or disable from the pull down menu When the LAG is enabled it does not transmit or process received LACPDUs i e the member ports do not transmit LACPDUs and all the LACPDUs it may receive are dropped The factory default is disable Click DELETE to remove the currently selected configured LAG All ports that were members of this LAG are removed from the LAG and included in the default VLAN 174 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description LAG Description Enter the Description string to be attached to a LAG It can be up to 64 characters in length LAG ID Identification of the LAG LAG State Indicates whether the L
509. ort and will receive all the traffic from configured mirrored port s Default value is blank 4 From the Session Mode menu select the mode for port mirroring on the selected port e Enable Multiple Port Mirroring is active on the selected port e Disable Port mirroring is not active on the selected port but the mirroring information is retained 5 Direction Specifies the direction of the Traffic to be mirrored from the configured mirrored port s Default value is Tx and Rx 6 Click Apply to apply the settings to the system If the port is configured as a source port the Mirroring Port field value is Mirrored 7 To delete a mirrored port select the check box next to the mirrored port and then click Delete 8 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch Field Description Mirroring Port Indicates the port to be in a mirrored state sFlow From the sFlow link under the Monitoring tab you can access the following pages e Basic on page 478 e Advanced on page 479 Basic From the Basic link you can access the following pages e sFlow Agent on page 478 sFlow Agent To display the sFlow Agent page click Monitoring gt sFlow gt Basic gt sFlow Agent 478 Chapter Monitoring the System ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual sFlow Agent Information sFlow Agent Informat
510. ory default is disable 2 Use GMRP Mode to choose the GARP Multicast Registration Protocol administrative mode for the switch by selecting enable or disable from the radio button The factory default is disable Chapter Configuring Switching Information 127 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual GARP Port Configuration Note It can take up to 10 seconds for GARP configuration changes to take effect To display the GARP Port Configuration page click Switching gt VLAN gt Advanced gt GARP Port Configuration GARP Port Configuration _ GARP Port Configuration E 1 LAGS All Go To Interface GO n Leave Port GVRP Port GMRP Join Timer Leave All Interface Timer Mode centisecs Timer centisecs centisecs ud O 10 1 Disable Disable 20 60 1000 C 1 0 72 Disable Disable 20 60 1000 O vos Disable Disable 20 60 1000 O 10 4 Disable Disable 20 60 1000 O 10 5 Disable Disable 20 60 1000 O wore Disable Disable 20 60 1000 O 10 7 Disable Disable 20 60 1000 C 1 0 8 Disable Disable 20 60 1000 O wos Disable Disable 20 60 1000 J 1 0 10 Disable Disable 20 60 1000 O 1 0 11 Disable Disable 20 60 1000 O 1 0 12 Disable Disable 20 60 1000 O 1 0 13 Disable Disable 20 60 1000 C 1 0 14 Disable Disable 20 60 1000 O 015 Disable Disable 20 60 1000 O 1 0 16 Disable Disable 20 60 1000 O 1 0 17 Disable Disable 20 60 1000 O 1 0 18 Disable Disable 20 60 1000 O 10 19 Disable Disable 20 60
511. ot the switch 1 Use Reboot Unit No to select the unit to reset Select all to run reset for all units 2 Select the Save prior to reboot radio button and click the APPLY button to reboot the switch Prior to reboot the unit the current configuration will be saved first 3 Select the Don t save prior to reboot radio button and click the APPLY button to reboot the switch This option permits the user to reboot the unit without saving the current configuration Factory Default Use the Factory Default page to reset the system configuration to the factory default values Note If you reset the switch to the default configuration the IP address is reset to 169 254 100 100 and the DHCP client is enabled If you lose network connectivity after you reset the switch to the factory defaults see Web Access on page 11 To access the Factory Defaults page click Maintenance gt Reset gt Factory Default Factory Default Factory Default Check this box and click APPLY below to return all configuration settings to default values g To reset the switch to the factory default settings 486 Chapter Maintenance ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 Select the check box and click the APPLY button to have all configuration parameters reset to their factory default values All changes you have made will be lost even if you have issued a save You will be shown a confirmation screen after y
512. ou select the button Password Reset Use the Password Reset page to reset all user passwords to defaults To access the Password Reset page click Maintenance gt Reset gt Password Reset Password Reset Password Reset Check this box and click APPLY below to reset all user passwords O 1 Select the check box and click the APPLY button to have all user passwords reset to their factory default values All changes you have made will be lost even if you have issued a save Upload File From Switch Use the File Upload page to upload configuration ASCII log ASCII and image binary files from the switch to the TFTP server The Upload menu contains links to the following options e File Upload on page 488 e HTTP File Upload on page 489 e USB File Upload on page 490 Chapter Maintenance 487 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual File Upload To display the File Upload page click Maintenance gt Upload gt File Upload File Upload File Upload 7 File Type Archive v Image Name imagel Transfer Mode TFTP Server Address Type IPv4 i Server Address 0 0 0 0 Remote File Path Remote File Name To upload a file from the switch to the TFTP server 1 Use File Type to specify what type of file you want to upload Archive Specify archive STK code when you want to retrieve from the operational flash e Image1 Specify the code image1 when you want to r
513. ource IP Address Source MAC Address Description This indicates Sender IP address match value for the DAI ARP ACL This indicates Sender MAC address match value for the DAI ARP ACL DAI Statistics This screen shows the Statistics per VLAN To display the DAI Statistics page click Security gt Control gt Dynamic ARP Inspection gt DAI Statistics Dynamic ARP Inspection Statistics DAI Statistics DHCP DHCP ACL ACL Drops Permits Drops Permits VLAN Bad Bad Source Dest MAC Invalid IP MAC Forwarded Dropped 1 0 0 0 0 0 0 0 0 Field Description VLAN The enabled VLAN ID for which statistics to be displayed DHCP Drops Number of ARP packets that were dropped by DAI DHCP Permits ACL Drops ACL Permits Bad Source MAC as there is no matching DHCP Snooping binding entry found Number of ARP packets that were forwarded by DAI as there is a matching DHCP Snooping binding entry found Number of ARP packets that were dropped by DAI as there is no matching ARP ACL rule found for this VLAN and the static flag is set on this VLAN Number of ARP packets that were permitted by DAI as there is a matching ARP ACL rule found for this VLAN Number of ARP packets that were dropped by DAI as the sender MAC address in ARP packet didn t match the source MAC in ethernet header Chapter Managing Device Security 427 ProSafe XSM7224S 10G Managed Stac
514. outer s translator role has been set to always e elected The candidate NSSA border router is translating type 7 LSAs into type 5 e disabled The candidate NSSA border router is NOT translating type 7 LSAs into type 5 Area Range Configuration Use the OSPF Area Range Configuration page to configure and display an area range for a specified NSSA To display the Area Range Configuration page click Routing gt OSPF gt Advanced gt Area Range Configuration Area Range Configuration OSPF Area Range Configuration 7 Area ID IP Address Subnet Mask LSDB Type Advertise 1 Use Area ID to specify the area for which data is to be configured 2 Use IP address to enter the IP Address for the address range for the selected area 3 Use Subnet Mask to enter the Subnet Mask for the address range for the selected area Chapter Routing 243 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 4 Use LSDB Type to select the type of Link Advertisement associated with the specified area and address range The default type is Network Summary 5 Use Advertise to select Enable or Disable If you select Enable the address range will be advertised outside the area via a Network Summary LSA The default is Enable 6 Click ADD to add the new address range to the switch 7 Click DELETE to remove the specified address range from the area configuration Interface Configuration Use the OSPF Inter
515. outers on the network must be configured with the same key and ID Use Authentication Key to enter the OSPF Authentication Key for the specified interface If you do not choose to use authentication you will not be prompted to enter a key If you choose simple authentication you cannot use a key of more than eight octets If you choose encrypt the key may be up to 16 octets long The key value will only be displayed if you are logged on with Read Write privileges otherwise it will be displayed as asterisks Use Authentication Key ID to enter the ID to be used for authentication You will only be prompted to enter an ID when you select Encrypt as the authentication type The ID is a number between 0 ad 255 inclusive Use Metric Cost to enter the link cost OSPF uses this value in computing shortest paths The range is from 1 to 65 535 Chapter Routing 245 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field espion SCs IP Address The IP address of the interface Subnet Mask The network mask indicating the portion of the IP address that identifies the attached network LSA Ack Intervilan secs The number of seconds to wait before sending a delayed acknowledgement State The current state of the selected router interface One of e Down This is the initial interface state In this state the lower level protocols have indicated that the interface is unusable In this state interfac
516. owing features e Virtual Local Area Networks VLANs on page 509 e Access Control Lists ACLs on page 511 e Differentiated Services DiffServ on page 514 e 802 1X on page 518 e MSTP on page 520 PIM Dense Sparse Configuration Examples on page 525 Virtual Local Area Networks VLANs A local area network LAN can generally be defined as a broadcast domain Hubs bridges or switches in the same physical segment or segments connect all end node devices End nodes can communicate with each other without the need for a router Routers connect LANs together routing the traffic to the appropriate port A virtual LAN VLAN is a local area network with a definition that maps workstations on some basis other than geographic location for example by department type of user or primary application To enable traffic to flow between VLANs traffic must go through a router just as if the VLANs were on two separate LANs A VLAN is a group of PCs servers and other network resources that behave as if they were connected to a single network segment even though they might not be For example all marketing personnel might be spread throughout a building Yet if they are all assigned to a single VLAN they can share resources and bandwidth as if they were connected to the same segment The resources of other departments can be invisible to the marketing VLAN members accessible to all or accessible only to specified individuals depending o
517. p in the rule configuration process Note There is an implicit deny all rule at the end of an ACL list This means that if an ACL is applied to a packet and if none of the explicit rules match then the final implicit deny all rule applies and the packet is dropped To display the IP Rules page click Security gt ACL gt Advanced gt IP Rules IP Rules IP Rules ACL ID NAME 2 Basic ACL Rule Table Logging Queue Assign Source g Match Mirror Redirect Source IP Id Every Interface Interface dieis Mask O 10 Permit Disable 0 False C 1022 Permit Disable 0 False To configure rules for an IP ACL 1 To add an IP ACL rule select the ACL ID to add the rule to complete the fields described in the following list and click Add Only displays ACL IDs from 1 to 99 e Rule ID Specify a number from 1 12 to identify the IP ACL rule You can create up to 12 rules for each ACL e Action Selects the ACL forwarding action which is one of the following e Permit Forwards packets which meet the ACL criteria e Deny Drops packets which meet the ACL criteria Logging When set to Enable logging is enabled for this ACL rule subject to resource availability in the device If the Access List Trap Flag is also enabled this will cause periodic traps to be generated indicating the number of times this rule was hit during the current report interval A fixed 5 minute report interval is used for
518. password will be authenticated using the TACACS server None The user will not be authenticated 3 Use the dropdown menu to select the method if any that should appear second in the selected authentication login list This is the method that will be used if the first method times out If you select a method that does not time out as the second method the third method will not be tried Note that this parameter will not appear when you first create a new login list 4 Use the dropdown menu to select the method if any that should appear third in the selected authentication login list HTTPS Authentication List You use this page to configure HTTPS lists A login list specifies the authentication method s you want used to validate switch or port access through HTTPS for the users associated with the list To display the HTTPS Authentication List page click Security gt Management Security gt Authentication List gt HTTPS Authentication List HTTPS Authentication List HTTPS Authentication List List Name 1 2 3 g httpsList Local 1 List Name Select the HTTPS list name for which you want to configure data Chapter Managing Device Security 377 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 2 Use the dropdown menu to select the method that should appear first in the selected authentication login list If you select a method that does not time out as the first method such
519. pe to select an authentication type other than none by clicking on the Configure Authentication button You will then see a new screen where you can select the authentication type from the pull down menu The choices are e None This is the initial interface state If you select this option from the pull down menu on the second screen you will be returned to the first screen and no authentication protocols will be run Simple If you select Simple you will be prompted to enter an authentication key This key will be included in the clear in the RIP header of all packets sent on the network All routers on the network must be configured with the same key Encrypt If you select Encrypt you will be prompted to enter both an authentication key and an authentication ID Encryption uses the MD5 Message Digest algorithm All routers on the network must be configured with the same key and ID 6 Use Authentication Key to enter the RIP Authentication Key for the specified interface If you do not choose to use authentication you will not be prompted to enter a key If you choose simple or encrypt the key may be up to 16 octets long The key value will only be displayed if you are logged on with Read Write privileges 7 Use Authentication Key ID to enter the RIP Authentication Key ID for the specified interface If you choose not to use authentication or to use simple you will not be prompted to enter the key ID If you ch
520. pe to specify what type of file you want to transfer Archive Specify archive STK code when you want to upgrade the operational flash e Image1 Specify the code image1 you want to download e Image2 Specify the code image2 you want to download CLI Banner Specify CLI Banner when you want a banner to be displayed before the login prompt Configuration Specify configuration when you want to update the switch s configuration If the file has errors the update will be stopped Text Configuration Specify configuration in text mode when you want to update the switch s configuration If the file has errors the update will be stopped Use Config Script to specify script configuration file Use SSH 1 RSA Key File to specify SSH 1 Rivest Shamir Adleman RSA Key File Use SSH 2 RSA Key PEM File to specify SSH 2 Rivest Shamir Adleman RSA Key File PEM Encoded Use SSH 2 DSA Key PEM File to specify SSH 2 Digital Signature Algorithm DSA Key File PEM Encoded Use SSL Trusted Root Certificate PEM File to specify SSL Trusted Root Certificate File PEM Encoded Use SSL Server Certificate PEM File to specify SSL Server Certificate File PEM Encoded Use SSL DH Weak Encryption Parameter PEM File to specify SSL Diffie Hellman Weak Encryption Parameter File PEM Encoded Use SSL DH Strong Encryption Parameter PEM File to specify SSL Diffie Hellman Strong Encryption Parameter File PEM Encoded License Key Specify license key i
521. pecifies the DHCPv6 Server DUID Chapter Configuring System Information 63 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DHCPv6 Pool Configuration DHCP for IPv6 clients are connected to a server which is configured to use parameters from a pool that you set up The pool is identified with a pool name and contains IPv6 addresses and domain names of DNS servers Use the Pool Configuration page to create a pool and or configure pool parameters To display the DHCPv6 Pool Configuration page click System gt Services gt DHCPv6 Server gt DHCPv6 Pool Configuration A screen similar to the following displays DHCPv6 Pool Configuration DHCPv6 Pool Configuration Pool Name Create v Pool Name 1 Pool Name For a user with read write permission this field would show names of all the existing pools along with an additional option Create When the user selects Create another text box Pool Name appears where the user may enter name for the Pool to be created For a user with read only permission this field would show names of the existing pools only 2 Use Pool Name to specify a unique name for DHCPv6 pool It may be up to 31 alphanumeric characters 64 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DHCPv6 Pool Configuration DHCPv6 Pool Configuration Pool Name 1 v Pool Na
522. pecify error log to retrieve the system error persistent log sometimes referred to as the event log e Trap Log Specify trap log to retrieve the system trap records Buffered Log Specify buffered log to retrieve the system buffered in memory log e Tech Support Specify Tech Support to retrieve the switch information needed for troubleshooting The factory default is Archive Chapter Maintenance 489 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 2 Use Local File Name to specify the local script file name you want to upload USB File Upload Use this menu to upload a file from the switch to USB device To display the Upload File to USB page click Maintenance gt Upload gt USB File Upload Upload File To USB Upload File To USB File Type Archive vi Image Name imagel USB File 1 Use File Type to specify what type of file you want to upload a Use Archive to specify archive STK code when you want to retrieve from the operational flash e Image Specify the code image1 when you want to retrieve e Image2 Specify the code image2 when you want to retrieve b Use Text Configuration to specify configuration in text mode when you want to retrieve the stored configuration The factory default is image 2 Use USB File to specify a name along with path for the file you want to upload You may enter up to 32 characters The factory default is blank 3 The las
523. port To access the Port PVID Configuration page click Switching gt VLAN gt Advanced gt Port PVID Configuration Port PVID Configuration PVID Configuration LAGS All Jobooo0000000000000000000o 0 Interface 1 0 21 1 0 2 1 0 3 1 0 4 1 0 5 1 0 6 1 0 7 1 0 8 1 0 9 1 0 10 1 0 11 1 0 12 1 0 13 1 0 14 1 0 15 1 0 16 1 0 17 1 0 18 1 0 19 1 0 20 1 0 21 1 0 22 1 0 23 1 0124 Configured Current no ee PVID ee a Go To Interface GO Acceptable Configured Current Frame Ingress Ingress Types Filtering Filtering Oom l Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Nieahle Nieahla Port Priority So Glo G o G o O o G o G no O no OG no G no O o G o Chapter Configuring Switching Information 119 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual To configure PVID information 1 Click A
524. ports and possibly affecting network performance A traditional Ethernet network may be separated into different network segments to prevent placing too many devices onto the same shared media Bridges and switches connect these segments When a packet with a broadcast or multicast destination address is received the switch will forward a copy into each of the remaining network segments in accordance with the IEEE MAC Bridge standard Eventually the packet is made accessible to all nodes connected to the network This approach works well for broadcast packets that are intended to be seen or processed by all connected nodes In the case of multicast packets however this approach could lead to less efficient use of network bandwidth particularly when the packet is intended for only a small number of nodes Packets will be flooded into network segments where no node has any interest in receiving the packet While nodes will rarely incur any processing overhead to filter packets addressed to unrequested group addresses they are unable to transmit new 146 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual packets onto the shared media for the period of time that the multicast packet is flooded The problem of wasting bandwidth is even worse when the LAN segment is not shared for example in full duplex links Allowing switches to snoop IGMP packets is a creative effort t
525. product name of this switch The IPv4 address and mask assigned to the network interface IPv6 Network Interface The IPv6 prefix and prefix length assigned to the network interface IPv4 Loopback Interface The IPv4 address and mask assigned to the loopback interface IPv6 Loopback Interface System Date System Up time The IPv6 prefix and prefix length assigned to the loopback interface The current date The time in days hours and minutes since the last switch reboot System SNMP OID The base object ID for the switch s enterprise MIB System Mac Address Supported Java Plugin Version Universally assigned network address The supported version of Java plugin 20 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual FAN Status The screen shows the status of the fans in all units These fans remove the heat generated by the power CPU and other chipsets make chipsets work normally Fan status has three possible values OK Failure Not Applicable NA The following table describes the Fan Status information Field Description UNIT ID The unit identifier is assigned to the switch which the fan belongs to FAN The working status of the fan in each unit Click REFRESH to refresh the system information of the switch Temperature Status The screen shows the current temperature of the C
526. protocol independent multicast routing protocol It uses existing Unicast routing table and join prune graft mechanism to build a tree PIM DM creates source based shortest path distribution trees making use of Reverse Path Forwarding RPF PIM DM cannot be used to build a shared distribution tree as PIM SM can PIM DM assumes that when a sender starts sending data all downstream routers and hosts want to receive a multicast datagram PIM DM initially floods multicast traffic throughout the network Routers that do not have any downstream neighbors prune back the unwanted traffic Apart from the prune messages PIM DM makes use of two more messages graft and assert Graft messages are used whenever a new host wants to join the group Assert messages are used to shut off duplicate flows onto the same multi access network To minimize the repeated flooding of datagrams and subsequent pruning associated with a particular S G pair PIM DM uses a State Refresh message This message is sent by the 318 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual router s directly connected to the source and is propagated throughout the network When received by a router on its RPF interface the State Refresh message causes an existing prune state to be refreshed State Refresh messages are generated periodically by the router directly attached to the source There are two versions of PIM DM Version 2 does
527. r Current Entries Specifies the number of current valid unicast server entries configured for this client Broadcast Count Specifies the number of unsolicited broadcast SNTP messages that have been received and processed by the SNTP client since last reboot SNTP Server Configuration Use the SNTP Server Configuration page to view and modify information for adding and modifying Simple Network Time Protocol SNTP servers To display the SNTP Server Configuration page click System gt Management gt Time gt SNTP Server Configuration SNTP Server Configuration SNTP Server Configuration Server Type L E O M SNTP Server Status Address Port Priority Version Last Last Last e Failed Requests Update Attempt Attempt Requests Time Time Status To configure a new SNTP Server 1 Enter the appropriate SNTP server information in the available fields e Server Type Specifies whether the address for the SNTP server is an IP address IPv4 or hostname DNS Default value is IPv4 e Address Specify the address of the SNTP server This is a text string of up to 64 characters containing the encoded unicast IP address or hostname of a SNTP server Unicast SNTP requests will be sent to this address If this address is a DNS hostname then that hostname should be resolved into an IP address each time a SNTP request is sent to it Port Enter a port number on the SNTP server to which SNTP requests a
528. r equal to Init The number of times this neighbor relationship has changed state or an error has occurred Retransmission Queue Length Length of the selected neighbor s retransmit queue 1 Click REFRESH to refresh the page with the latest OSPFv3 neighbor information for the selected interface 2 Click CLEAR to clear all the neighbor in the table Chapter Routing 275 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Link State Database Use the OSPF v3 Link State Database page to display the link state database To display the Link State Database page click Routing gt OSPFv3 gt Advanced gt Link State Database Link State Database e OSPFv3 Link State Database Router Area LSA LS Router A Seq Check Opt ID ID ee ID ge uence ecksum ptions Options Field Description Router ID The 32 bit integer in dotted decimal format that uniquely identifies the router within the autonomous system AS The Router ID is set on the OSPFv3 Configuration page If you want to change the Router ID you must first disable OSPFv3 After you set the new Router ID you must re enable OSPFv3 to have the change take effect The default value is 0 0 0 0 although this is not a valid Router ID Area ID The ID of an OSPFv3 area to which one of the router interfaces is connected An Area ID is a 32 bit integer in dotted decimal format that uniquely identifies the area to w
529. r space Note that this counter does not include any datagrams discarded while awaiting re assembly IpInDelivers The total number of input datagrams successfully delivered to IP user protocols including ICMP IpOutRequests The total number of IP datagrams which local IP user protocols including ICMP supplied to IP in requests for transmission Note that this counter does not include any datagrams counted in ipForwDatagrams Chapter Routing 195 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O IpOutDiscards The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination but which were discarded e g for lack of buffer space Note that this counter would include datagrams counted in ipForwDatagrams if any such packets met this discretionary discard criterion IpOutNoRoutes The number of IP datagrams discarded because no route could be found to transmit them to their destination Note that this counter includes any packets counted in ipForwDatagrams which meet this no route criterion Note that this includes any datagrams which a host cannot route because all of its default gateways are down IpReasmTimeout The maximum number of seconds which received fragments are held while they are awaiting reassembly at this entity IpReasmReqds The number of IP fragments received which ne
530. rames discarded A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by exactly one collision A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by more than one collision A count of frames for which transmission on a particular interface fails due to excessive collisions 462 Chapter Monitoring the System ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Port Membership Discards Dropped Transmit Frames Dropped Receive Frames The number of frames discarded on egress for this port due to egress filtering being enabled Number of transmit frames discarded at the selected port Number of Receive frames discarded at the selected port STP BPDUs Received STP BPDUs Transmitted RSTP BPDUs Received Number of STP BPDUs received at the selected port Number of STP BPDUs transmitted from the selected port Number of RSTP BPDUs received at the selected port RSTP BPDUs Transmitted MSTP BPDUs Received MSTP BPDUs Transmitted Number of RSTP BPDUs transmitted from the selected port Number of MSTP BPDUs received at the selected port Number of MSTP BPDUs transmitted from the selected port 802 3x Pause Frames Transmitted A count of MAC Control frames transmitted on this interface with an opcode indicating t
531. rate on the stacking port Displays the total number of errors in receive packets since boot The counter may wrap Chapter Configuring System Information 77 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Stack Port Diagnostics This page displays the diagnostics for all the stackable interfaces in the given stack To display the Stack Port Diagnostics page click System gt Stacking gt Advanced gt Stack Port Diagnostics A screen similar to the following displays Stack Port aia Port Diagnostics Info 0 01 0 03 0 05 e we ee j l yii g The following table describes the Stack Port Diagnostics fields 78 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Port Definition Displays the stackable interface on the given unit Port Diagnostics Info Displays three text fields 80 character strings populated by the driver containing debug and status information NSF From the Advanced link you can access the following pages e NSF Summary on page 79 e Checkpoint Statistics on page 81 NSF Summary This page displays the NSF Summary To display the NSF Summary page click System gt Stacking gt NSF gt NSF Summary A screen similar to the following displays NSF Summary NSF Summary Admin Status Enable Operational Status Enable La
532. ration Use the Service Interface Configuration page to activate a policy on an interface To display the page click QoS gt DiffServ gt Advanced gt Service Interface Configuration Service Interface Configuration Service Interface Configuration 1 LAGS All Go To Interface GO Interface 1 0 6 1 0 7 1 0 8 1 0 9 1 0 10 1 0 11 1 0 12 1 0 13 1 0 14 1 0 15 1 0 16 1 0 17 1 0 18 1 0 19 1 0 20 1 0 21 1 0 22 1 0 23 1 0 24 LAGS All Go To Interface aco z E ejE Eja B E B E ufa mje E ja B s B e Eja E To configure DiffServ policy settings on an interface 1 Use Interface to select the interface on which you will configure the DiffServer service Chapter Configuring Quality of Service 359 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 2 Policy Name Lists all the policy names from which one can be selected This field is not shown for Read Write users where inbound service policy attachment is not supported by the platform Fig escrito O O Direction Shows that the traffic direction of this service interface is In Operational Status Shows the operational status of this service interface either Up or Down Service Statistics This screen displays class oriented statistical information for the policy which is specified by the interface and direction The Member Classes drop down list is populated on the basis of the specified interface
533. ration Manual Command Log Configuration To access the Command Log Configuration page click Monitoring gt Logs gt Command Log Configuration Command Log Configuration Command Log Configuration IN Admin Status Disable Enable 1 Use Admin Mode to enable disable the operation of the CLI Command logging by selecting the corresponding radio button Console Log Configuration This allows logging to any serial device attached to the host To access the Console Log Configuration page click Monitoring gt Logs gt Console Log Configuration Console Log Configuration Console Log Configuration 2 Admin Status Disable Enable Severity Filter Error v 1 A log that is Disabled shall not log messages A log that is Enabled shall log messages Enable or Disable logging by selecting the corresponding radio button 2 Severity Filter A log records messages equal to or above a configured severity threshold Select the severity option by selecting the corresponding line on the pull down entry field These severity levels have been enumerated below e Emergency 0 system is unusable e Alert 1 action must be taken immediately e Critical 2 critical conditions e Error 3 error conditions e Warning 4 warning conditions Notice 5 normal but significant conditions e Informational 6 informational messages e Debug 7 debug level messages 470 Chapter Monitoring the
534. rational 0 0 0 0 30 6 Disabile i vos Oreable Non Operational 0 0 0 0 39 6 Owable C mo Disable Non Operational 0 0 0 0 30 3 Disable 1 370 7 Crsable Non Operational 0 0 0 0 30 60 Drsabie C se Ovsable Non Operstional 0 0 0 0 30 Ce Orsabie 3 O vos Disabile Non Operational 0 0 0 0 30 60 Disable O soio Orsable Non Operational 0 0 0 0 30 amp Disabie 2 O oi Desable Non Operational 9 0 0 0 30 4 Disable O yon Dsable Non Operational 0 0 0 0 30 60 Disable 3 Cj aoi Crusable Non Operational 0 0 0 0 3 Oisabie C woe Disable Non Operstional 0 0 0 0 30 s Disable i 0 35 Ovsable Non Operational 0 0 0 0 3 60 Disadie C voie Disable Non Operational 0 0 0 0 30 6 Disable i O 1017 Disable Non Operational 0 0 0 0 30 s Disable O sone Orsable Non Operational 0 0 0 0 30 6 Orsable i O o9 Disable Non Operational 9 0 0 0 39 2 Disable O uozo Osable Non Operational 0 0 0 0 30 ED Disabile O son Orsadle Non Operational 0 0 0 0 39 Disable C soaz Disable Non Operations 0 0 0 0 30 5 Disable i O sov23 Crsable Non Operational 0 0 0 0 39 60 Orsabie C sofas Disable Non Operatonal 0 0 0 0 3 Disable a al Ge To Interface co 1 Interface The interface for which data is to be displayed or configured You must have configured at least one router interface before configuring or displaying data for a PIM interface Use Admin Mode to set the administrative status of PIM for the selected interface The default is disable Use Hello Interval to enter the num
535. re sent The valid range is 1 65535 The default is 123 38 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e Priority Specify the priority of this server entry in determining the sequence of servers to which SNTP requests will be sent The client continues sending requests to different servers until a successful response is received or all servers are exhausted This object indicates the order in which to query the servers A server entry with a precedence of 1 will be queried before a server with a priority of 2 and so forth If more than one server has the same priority then the requesting order will follow the lexicographical ordering of the entries in this table Allowed range is 1 to 3 Default value is 1 e Version Enter the NTP version running on the server The range is 1 4 The default is 4 2 Click Add 3 Repeat the previous steps to add additional SNTP servers You can configure up to three SNTP servers 4 To removing an SNTP server select the check box next to the configured server to remove and then click Delete The entry is removed and the device is updated 5 To change the settings for an existing SNTP server select the check box next to the configured server and enter new values in the available fields and then click Apply Configuration changes take effect immediately 6 Click Cancel to cancel the configuration on the screen a
536. red on the selected interface PFC Statistics Use the PFC Statistics page to access PFC statistics To access the PFC Statistics page click Switching gt PFC gt PFC Statistics 178 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual PFC Statistics PFC Statistics Interface 1 0 1 Received PFC Frames 0 Transmitted PFC Frames 0 0 0 1 0 2 0 3 0 4 0 5 0 6 0 7 Lt 1 Use Interface to select the interface for which data is to be displayed 2 Click Clear to clear all the counters resetting all statistics for this interface to default values 3 Click Clear All to clear all the counters for all ports resetting all statistics for all interfaces to default values 4 Click Refresh to refresh the data on the screen with the present state of the data in the switch Field Description Received PFC Frames This displays the total number of PFC frames that have been received by this interface Transmitted PFC Frames This displays the total number of PFC frames that have been transmitted by this interface Priority This displays the priority value of which the PFC statistics of the selected interface are being shown Received PFC Frames This displays the number of PFC frames that have been received by this interface for this priority Chapter Configuring Switching Information 179 Routing The Routing t
537. rface mode 3 Use Version to enter the version of MLD you want to configure on the selected interface Valid values are 1 to 2 and the default value is 3 This field is configurable only when MLD Proxy interface mode is enabled 4 Use Unsolicited Report Interval to enter the unsolicited time interval value in seconds The Unsolicited Report Interval is the time between repetitions of a host s initial report of membership in a group Valid values are from 1 to 260 The default value is 1 Field Description IPv6 Prefix The IPv6 address of the MLD Proxy interface Proxy interface Operational Mode The operational state of MLD Proxy interface Number of Groups The current number of multicast group entries for the MLD Proxy interface in the cache table 332 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Version 1 Querier Timeout Proxy Start Frequency The older MLD version 1 querier timeout value in seconds The Older Version Querier Interval is the time out for transitioning a host back to MLDv2 mode once an older version query is heard When an older version query is received hosts set their Older Version Querier Present Timer to Older Version Querier Interval The number of times the proxy was brought up MLD Proxy Interface Statistics To display the MLD Proxy Interface Statistics page click Routing gt IPv6 M
538. ridges and LANs with a single Common and Internal Spanning Tree CIST The CIST supports the automatic determination of each MST region choosing its maximum possible extent The connectivity calculated for the CIST provides the CST for interconnecting these Regions and an Internal Spanning Tree IST within each Region MSTP ensures that frames with a given VLAN ID are assigned to one and only one of the MSTIs or the IST within the Region that the assignment is consistent among all the networking devices in the Region and that the stable connectivity of each MSTI and IST at the boundary of the Region matches that of the CST The stable active topology of the Bridged LAN with respect to frames consistently classified as belonging to any given VLAN thus simply and fully connects all LANs and networking devices throughout the network though frames belonging to different VLANs can take different paths within any Region per IEEE DRAFT P802 1s D13 All bridges whether they use STP RSTP or MSTP send information in configuration messages via Bridge Protocol Data Units BPDUs to assign port roles that determine each port s participation in a fully and simply connected active topology based on one or more spanning trees The information communicated is known as the spanning tree priority vector The BPDU structure for each of these different protocols is different A MSTP bridge will transmit the appropriate BPDU depending on the received type of BPDU fro
539. ring System Information ISDP Neighbor ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual To display this page click System gt ISDP gt Advanced gt Neighbor A screen similar to the following displays ISDP Neighbor ISOP Neighbor Search By Device ID Interface 2ER1084000005 1 0 13 10 27 34 57 049 1 0 22 10 27 15 7 2B8W1044U00035 1 0 22 10 27 34 55 2ER1094H0000F 1 0 22 10 27 34 58 GSM7352Sv2 1 0 22 10 27 34 62 Address Device Id v Capability Platform Router f Router f Router Entry Hold Advertisement Last Software Time Version Changed Version Time XSM7224S 1 0 21 150 2 2 Days 01 17 07 3 23 15 39 PCTE 248 30 9 144 2 2 Days 01 17 04 3 2 0 7 GSM7252PS 1 0 41 166 2 2 Days 01 17 15 2 1 15 44 XSM7224S 2 0 22 180 2 2 Oasys 01 17 23 3 16 16 32 GSM7352Sv2 1 0 23 174 2 2 Days 01 17 20 1 24 19 31 The following table describes the ISDP Neighbor fields Field Description Device ID The device ID of the ISDP neighbor Interface The interface on which the neighbor is discovered Address Displays the address of the neighbor Capability Displays the capability of the neighbor These are supported e Router e Trans Bridge e Source Route e Switch e Host e IGMP e Repeater Platform Display the model type of the neighbor 0 to 32 Port ID Display the port ID on the neighbor Hold Time Displays the hold time for ISDP packets that the neighbor transmits
540. riod This field appears only if the user has specified Specified Duration as the Lease time Default Value is 1 Valid Range is 0 to 59 Specifies the Number of Hours of Lease Period This field appears only if the user has specified Specified Duration as the Lease time Valid Range is 0 to 22 Specifies the Number of Minutes of Lease Period This field appears only if the user has specified Specified Duration as the Lease time Valid Range is 0 to 86399 Default Router Addresses Specifies the list of Default Router Addresses for the pool The user may specify up to 8 Default Router Addresses in order of preference DNS Server Addresses Specifies the list of DNS Server Addresses for the pool The user may specify up to 8 DNS Server Addresses in order of preference NetBIOS Name Server Addresses Specifies the list of NetBIOS Name Server Addresses for the pool The user may specify up to 8 NetBIOS Name Server Addresses in order of preference NetBIOS Node Type Specifies the NetBIOS node type for DHCP clients b node Broadcast p node Peer to Peer m node Mixed e h node Hybrid Next Server Address Domain Name Bootfile Specifies the Next Server Address for the pool Specifies the domain name for a DHCP client Domain Name can be up to 255 characters in length Specifies the name of the default boot image for a DHCP client File Name can be up to 128 characters in
541. rmation To display the DHCP Bindings Information page click System gt Services gt DHCP Server gt DHCP Bindings Information A screen similar to the following displays DHCP Bindings Information Reset All Dynamic Bindings Specific Dynamic Binding DHCP Bindings Information Search By Binding IP GO IP Address Hardware Address Seer enna Type 1 Choose All Dynamic Bindings to specify all dynamic bindings to be deleted Specific Dynamic Binding to specify specific dynamic binding to be deleted The following table describes the DHCP Bindings Information fields Fes escrito O O IP Address Specifies the Client s IP Address Hardware Address Specifies the Client s Hardware Address Lease Time Left Specifies the Lease time left in Days Hours and Minutes dd hh mm format Type Specifies the Type of Binding Dynamic Manual 54 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DHCP Conflicts Information To display the DHCP Conflicts Information page click System gt Services gt DHCP Server gt DHCP Conflicts Information A screen similar to the following displays DHCP Conflicts Information Reset All Address Conflicts Specific Address Conflict DHCP Conflicts Information Search By Conflict IP Address GO IP Address Detection Method Detection Time 1 Choose All Address Conflicts to sp
542. roadcast domains so that broadcast packets are not sent to all the ports on a single switch When you use a VLAN users can be grouped by logical function instead of physical location Each VLAN in a network has an associated VLAN ID which appears in the IEEE 802 1Q tag in the Layer 2 header of packets transmitted on a VLAN An end station may omit the tag or the VLAN portion of the tag in which case the first switch port to receive the packet may either reject it or insert a tag using its default VLAN ID A given port may handle traffic for more than one VLAN but it can only support one default VLAN ID From the VLAN link you can access the following pages Basic on page 113 Advanced on page 115 Chapter Configuring Switching Information 112 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Basic From the Basic link you can access the following pages e VLAN Configuration on page 113 VLAN Configuration Use the VLAN Configuration page to define VLAN groups stored in the VLAN membership table Each switch in the ProSafe Managed Switches family supports up to 1024 VLANs Only one VLAN is created by default VLAN 1 is the only one created e VLAN 1 is the default VLAN of which all ports are members To display the VLAN Configuration page click Switching gt VLAN gt Basic gt VLAN Configuration VLAN Configuration Reset Reset Configuration g Internal VLAN Configuration In
543. rotocol Based VLAN Group Configuration Protocol Based VLAN Group Configuration A Protocol Based VLAN Group Configuration Group ID Group Name Protocol VLAN ID Ports eS 1 Use Group Name to assign a name to a new group You may enter up to 16 characters 2 Use Protocol s to select the protocols you want to be associated with the group There are three configurable protocols IP IPX ARP e IP IP is a network layer protocol that provides a connectionless service for the delivery of data e ARP Address Resolution Protocol ARP is a low level protocol that dynamically maps network layer addresses to physical medium access control MAC addresses e IPX The Internetwork Packet Exchange IPX is a connectionless datagram Network layer protocol that forwards data over a network 124 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 3 Use VLAN ID to select the VLAN ID It can be any number in the range of 1 to 4093 All the ports in the group will assign this VLAN ID to untagged packets received for the protocols you included in this group 4 Click ADD to add a new Protocol Based VLAN group to the switch 5 Click DELETE to remove the Protocol Based VLAN group identified by the value in the Group ID field Field Description Group ID A number used to identify the group created by the user Group IDs are automatically assigned when a gro
544. rrent number of entries for the selected interface in the cache table Click REFRESH to refresh the data on the screen with the latest IGMP interface statistics Chapter Routing 303 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IGMP Groups To display the IGMP Groups page click Routing gt Multicast IGMP gt IGMP Groups IGMP Groups IGMP Groups 2 Search By Interface a GO Version Version Multicast Last Up Expiry Filter Interface 1 Host 2 Host Compatibilti Group IP Reporter Time Time p y Mode Timer Timer Field Description Interface The interface which data is to be displayed Multicast Group IP The IP multicast group address for which data is to be displayed Last Reporter The IP address of the source of the last membership report received for the IP Multicast group address on the selected interface Up Time The time elapsed since this entry was created Expiry Time The minimum amount of time remaining before this entry will be aged out Version 1 Host Timer The time remaining until the local router will assume that there are no longer any IGMP version 1 members on the IP subnet attached to this interface When an IGMPv1 membership report is received this timer is reset to the group membership timer While this timer is non zero the local router ignores any IGMPv2 leave messages for this group that it receives on the sele
545. rt Authentication page to enable and configure port access control on one or more ports To access the Port Authentication page click Security gt Port Authentication gt Advanced gt Port Authentication Note Use the horizontal scroll bar at the bottom of the browser to view all the fields on the Port Authentication page E sas aw 5 z 5 naen a aen en a m ae a s eos e m mom ras Sai Ea a E a 5 J iniii oar nis ranam see ae mm insna oe met eo pores cme a imois tae omi 8 wu rne nals os i br n PE ie suid renan eid a sa 8 gt mie ta xu conan i eee a eo sama waoni i wu aa E E u Me J prend amens Semet jam aai w lt anome se smesan ren ae i 7 2 enem e oee wie ee paa w cen a m s E E peme pa me bep aw Siis E L n e jaa e Sis a nin m f z i 394 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual To configure 802 1X settings for the port 1 Select the check box next to the port to configure You can also select multiple check boxes to apply the same settings to the select ports or select the check box in the heading row to apply the same settings to all ports 2 For the selected port s specify the following settings Control Mode This selector lists the options for control mode The contr
546. rust a particular packet marking at ingress Interface Trust Mode can only be one of the following Default value is trust dot1p e untrusted e trust dot1p e trust ip dscp 3 Use Interface Shaping Rate to specify the maximum bandwidth allowed typically used to shape the outbound transmission rate This value is controlled independently of any per queue maximum bandwidth configuration It is effectively a second level shaping mechanism Default value is 0 Valid Range is 0 to 100 in increments of 1 The value 0 means maximum is unlimited 4 Click CANCEL to cancel the configuration on the screen Resets the data on the screen to the latest value of the switch 5 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Chapter Configuring Quality of Service 341 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Interface Queue Configuration Use the Interface Queue Configuration page to define what a particular queue does by configuring switch egress queues User configurable parameters control the amount of bandwidth used by the queue the queue depth during times of congestion and the scheduling of packet transmission from the set of all queues on a port Each port has its own CoS queue related configuration The configuration process is simplified by allowing each CoS queue parameter to be configured globally or per port A global configuration cha
547. rver Configuration on page 373 TACACS Configuration The TACACS Configuration page contains the TACACS settings for communication between the switch and the TACACS server you configure via the inband management port To display the TACACS Configuration page click Security gt Management Security gt TACACS gt TACACS Configuration TACACS Configuration TACACS Configuration 7 Key String Connection Timeout 5 To configure global TACACS settings 1 In the Key String field specify the authentication and encryption key for TACACS communications between the Managed Switch and the TACACS server The valid 372 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual range is 0 128 characters The key must match the key configured on the TACACS server 2 In the Connection Timeout field specify the maximum number of seconds allowed to establish a TCP connection between the Managed Switch and the TACACS server 3 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 4 If you make any changes to the page click Apply to apply the new settings to the system TACACS Server Configuration Use the TACACS Server Configuration page to configure up to five TACACS servers with which the switch can communicate To display the TACACS Server Configuration page click Security gt Manage
548. s The number of times this neighbor relationship has changed state or an error has occurred External LSA Count Sent packets Received packets Discards Bad Version Virtual Link Not Found The number of external LS type 5 link state advertisements in the link state database The number of OSPFv3 packets transmitted on the interface The number of valid OSPFv3 packets received on the interface The number of received OSPF v3 packets discarded because of an error in the packet or an error in processing the packet The number of received OSPF v3 packets whose version field in the OSPFv3 header does not match the version of the OSPFv3 process handling the packet The number of received OSPF v3 packets discarded where the ingress interface is in a non backbone area and the OSPF v3 header identifies the packet as belonging to the backbone but OSPF v3 does not have a virtual link to the packet s sender Chapter Routing 273 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Feis escrito O O Area Mismatch The number of OSPFv3 packets discarded because the area ID in the OSPFv3 header is not the area ID configured on the ingress interface Invalid Destination Address The number of OSPFv3 packets discarded because the packet s destination IP address is not the address of the ingress interface and is not the AllDrRouters or AllSpfRouters multicast addresses
549. s designated as a best effort queue Also the confirmed action on this flow is to send the packets with a committed rate of 1000000 Kbps and burst size of 128 KB Packets that violate the committed rate and burst size are dropped 802 1X Local Area Networks LANs are often deployed in environments that permit unauthorized devices to be physically attached to the LAN infrastructure or permit unauthorized users to attempt to access the LAN through equipment already attached In such environments it may be desirable to restrict access to the services offered by the LAN to those users and devices that are permitted to use those services Port based network access control makes use of the physical characteristics of LAN infrastructures in order to provide a means of authenticating and authorizing devices attached to a LAN port that has point to point connection characteristics and of preventing access to that port in cases in which the authentication and authorization process fails In this context a port is a single point of attachment to the LAN such as ports of MAC bridges and associations between stations or access points in IEEE 802 11 Wireless LANs The IEEE 802 11 standard describes an architectural framework within which authentication and consequent actions take place It also establishes the requirements for a protocol between the authenticator the system that passes an authentication request to the authentication server and the suppl
550. s Packet counters with without Frames without received Errors last Errors Errors Errors cleared g 1 0 12 0 0 0 it o 0 2 day 23 hr 26 min 39 sec O o2 a 0 0 0 o 0 2 day 23 hr 26 min 39 sec E wos 0 0 0 0 0 0 2 day 23 hr 26 min 39 sec C s o 4 0 0 0 0 0 0 2 day 23 hr 26 min 39 sec O os 0 0 0 0 0 0 2 day 23 hr 26 min 39 sec O soe 0 0 0 0 o 0 2 day 23 hr 26 min 39 sec O 1o 0 0 0 0 0 0 2 day 23 hr 26 min 39 sec O woe 0 o 0 0 o 0 2 day 23 hr 26 min 39 sec oO 1 0 9 0 0 0 0 0 0 2 day 23 hr 26 min 39 sec C 1 0 10 0 o o 0 o 0 2 day 23 hr 26 min 39 sec DO 1 0 11 0 0 0 0 0 0 2 day 23 hr 26 min 39 sec O 10 12 0 0 0 0 0 0 2 day 23 hr 26 min 39 sec g 1 0 13 61900 0 45 282515 0 0 2 day 23 hr 26 min 39 sec O wos o 0 o 0 o 0 2 day 23 hr 26 min 39 sec O 1 0 25 0 0 0 0 o fr 2 day 23 hr 26 min 39 sec C s o 16 o 0 o o o 2 day 23 hr 26 min 39 sec O 10 17 0 0 0 0 0 0 2 day 23 hr 26 min 39 sec O o 18 0 o o 0 2 day 23 hr 26 min 39 sec O 1 0 29 0 0 0 0 0 0 2 day 23 hr 26 min 39 sec C 1 0 20 0 o o o o o 2 day 23 hr 26 min 39 sec C 1 0 21 0 0 0 0 0 fr 2 day 23 hr 26 min 39 sec J s o 22 557020 0 51122 94867 0 2 day 23 hr 26 min 39 sec O 1 0 23 0 0 0 0 0 0 2 day 23 hr 26 min 39 sec CJ s o 24 0 o o 0 0 0 2 day 23 hr 26 min 39 sec 1 LAGS All Go To Interface ae The following table describes the per port statistics displayed on the screen Use the buttons at the bottom of the page to perform the following actions e To clear all the counters for
551. s Successfully Reassembled The number of IPv6 datagrams successfully reassembled Note that this counter is incremented at the interface to which these datagrams were addressed which might not be necessarily the input interface for some of the fragments Datagrams Failed To Reassemble Datagrams Forwarded Datagrams Locally Transmitted The number of failures detected by the IPv6 reassembly algorithm for whatever reason timed out errors etc Note that this is not necessarily a count of discarded IPv6 fragments since some algorithms notably the algorithm in RFC 815 can lose track of the number of fragments by combining them as they are received This counter is incremented at the interface to which these fragments were addressed which might not be necessarily the input interface for some of the fragments The number of output datagrams which this entity received and forwarded to their final destinations In entities which do not act as IPv6 routers this counter will include only those packets which were Source Routed via this entity and the Source Route processing was successful Note that for a successfully forwarded datagram the counter of the outgoing interface is incremented The number of datagrams which this entity has successfully transmitted from this output interface Datagrams Transmit Failed The number of datagrams which this entity failed to transmit successfully Datagrams Successfully Fragmented
552. s by any method terminal interface display Web display upload file from switch etc will cause this counter to be cleared to 0 Log The sequence number of this trap System Up Time Trap The time at which this trap occurred expressed in days hours minutes and seconds since the last reboot of the switch Information identifying the trap Chapter Monitoring the System 473 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Event Logs This panel displays the event log which contains error messages from the system Event log is not cleared on a system reset To access the Event Log page click Monitoring gt Logs gt Event Logs Event Logs Event Logs Filename 1 EVENT gt bootos c 220 0 AAAAAAAA 00031 2 EVENT gt unitmgr c 5806 0 00000000 00327 3 EVENT gt bootos c 220 0 AAAAAAAA 00031 E EVENT gt bootos c 220 0 AAAAAAAA 00031 5 EVENT gt unitmgr c 5806 0 00000000 003142 6 EVENT gt bootos c 220 0 AAAAAAAA 00031 7 EVENT gt unitmgr c 5806 0 00000000 001334 8 EVENT gt bootos c 220 0 AAAAAAAA 00031 9 EVENT gt unitmor c 5806 0 00000000 0024 10 EVENT gt bootos c 220 0 AAAAAAAA 00031 11 EVENT gt unitmgr c 5806 0 00000000 00239 12 EVENT gt bootos c 220 0 AAAAAALA 00031 13 EVENT gt unitmgr c 5806 0 00000000 00536 14 EVENT gt bootos c 220 0 AAAAAAAA 00031 15 EVENT gt unitmgr c 5806 0 00000000 0060 16 EVENT gt bootos c 220 0 AAAAAAAA 00031 17 EVENT gt unitmgr c
553. s of the source or source network which has been pruned Source Mask The subnet mask to be combined with the source IP address to identify the source or source network which has been pruned Expiry Time The amount of time remaining before this prune should expire at the upstream neighbor If no prune messages have been received from downstream neighbors this is set to value of the default prune lifetime timer otherwise it is set to the smallest received value or the default timer whichever is less DVMRP Route To display the DVMRP Route page click Routing gt Multicast DVMRP gt DVMRP Route DVMRP Route DVMRP Route Source Source Upstream Address Mask Neighbor Expiry Interface Metric Time Up Time Field Description Source Address The network address that is combined with the source mask to identify the sources for this entry Source Mask The subnet mask to be combined with the source address to identify the sources for this entry Chapter Routing 299 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O Upstream Neighbor The address of the upstream neighbor e g RPF neighbor from which IP datagrams from these sources are received Interface The interface on which IP datagrams sent by these sources are received A value of 0 typically means the route is an aggregate for which no next hop interface exi
554. s page to configure IGMP queriers for use with VLANs on the network To access this page click Switching gt Multicast gt IGMP Snooping gt Querier VLAN Configuration IGMP Snooping Querier VLAN Configuration IGMP Snooping Querier VLAN Configuration Querier Operational Election Querier VLAN Operational Operational Last nass M gt C gt erie era x VLAN ID toe oot Querier Querier x Participate Address State Version Response Address Version Mode Time To configure Querier VLAN settings 1 To create a new VLAN ID for IGMP Snooping select New Entry from the VLAN ID field and complete the following fields User can also set pre configurable Snooping Querier parameters e VLAN ID Specifies the VLAN ID for which the IGMP Snooping Querier is to be enabled e Querier Election Participate Mode Enable or disable Querier Participate Mode e Disabled Upon seeing another querier of the same version in the VLAN the snooping querier moves to the non querier state Enabled The snooping querier participates in querier election in which the least IP address operates as the querier in that VLAN The other querier moves to non querier state Snooping Querier VLAN Address Specify the Snooping Querier IP Address to be used as the source address in periodic IGMP queries sent on the specified VLAN 2 Click Apply to apply the new settings to the switch Configuration changes take effect immediately 3
555. s to set the number of paths that OSPF can report for a given destination The range of valid values is 1 to 4 Use AutoCost Reference Bandwidth to configure the auto cost reference bandwidth to control how OSPF calculates link cost Specify the reference bandwidth in megabits per second Unless a link cost is configured the link cost is computed by dividing the reference bandwidth by the interface bandwidth The range is 1 to 4294967 Use Default Passive Setting to configure the global passive mode setting for all OSPF interfaces Configuring this field overwrites any present interface level passive mode setting OSPF does not form adjacencies on passive interfaces but does advertise attached networks as stub networks Field Description ASBR Mode The router is an Autonomous System Boundary Router if it is configured to redistribute routes from another protocol or if it is configured to originate an external LSA advertising the default route ABR Status The router is an Area Border Router if it has active non virtual interfaces in two or more OSPF areas External LSA Count The number of external LS type 5 LSAs link state advertisements in the link state database External LSA Checksum The sum of the LS checksums of the external LSAs link state advertisements contained in the link state database This sum can be used to determine if there has been a change in a router s link state database and to compare the li
556. s to the neighbor In this state Link State Request Packets may also be sent asking for the neighbor s more recent LSAs All adjacencies in Exchange state or greater are used by the flooding procedure These adjacencies are fully capable of transmitting and receiving all types of OSPF routing protocol packets e Loading In this state Link State Request packets are sent to the neighbor asking for the more recent LSAs that have been discovered but not yet received in the Exchange state e Full In this state the neighboring routers are fully adjacent These adjacencies will now appear in router LSAs and network LSAs Events The number of times this neighbor relationship has changed state or an error has occurred Permanence This variable displays the status of the entry dynamic and permanent refer to how the neighbor became known Hellos Suppressed Retransmission Queue Length This indicates whether Hellos are being suppressed to the neighbor An integer representing the current length of the retransmission queue of the specified neighbor router Id of the specified interface Chapter Routing 253 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description S O Up Time Neighbor uptime how long since the adjacency last reached the Full state Dead Time unreachable The amount of time in seconds to wait before the router assumes the nei
557. sage responses can overload network resources and or cause the network to time out The switch measures the incoming broadcast multicast unknown unicast packet rate per port and discards packets when the rate exceeds the defined value Storm control is enabled per interface by defining the packet type and the rate at which the packets are transmitted The Storm Control folder contains links to the following features e Storm Control Global Configuration on page 412 e Storm Control Interface Configuration on page 413 Storm Control Global Configuration To display the Storm Control Global Configuration page click Security gt Traffic Control gt Storm Control gt Storm Control Global Configuration Storm Control Port Settings Global Flow Control IEEE 802 3x Mode Disable Enable Broadcast Storm Control All Disable Enable Multicast Storm Control All Disable Enable Unknown Unicast Storm Control All Disable Enable The following four control radio buttons provide an easy way to enable or disable each type of packets be rate limited on every port in a global fashion The effective storm control state of each port can be viewed by going to the port configuration page e Global Flow Control IEEE 802 3x Mode Enable or disable this option by selecting the corresponding line on the radio button The factory default is disabled Broadcast Storm Control All Enable or disable the Broadcast Storm Recovery mode o
558. se Interface Mode to select the Voice VLAN mode for selected interface 126 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Disable Default value None Allow the IP phone to use its own configuration to send untagged voice traffic VLAN ID Configure the phone to send tagged voice traffic dot1p Configure Voice Vlan 802 1p priority tagging for voice traffic When this is selected please enter the dotip value in the Value field Untagged Configure the phone to send untagged voice traffic 4 Use Value to enter the VLAN ID or dot1p value This is enable only when VLAN ID or dot1p is selected as Interface Mode 5 Use CoS Override Mode to select the Cos Override mode for selected interface The default is disable Field Description Operational State This is the operational status of the voice vlan on the given interface GARP Switch Configuration Note It can take up to 10 seconds for GARP configuration changes to take effect To display the GARP Switch Configuration page click Switching gt VLAN gt Advanced gt GARP Switch Configuration GARP Switch Configuration GARP Switch Configuration G GVRP Mode Disable Enable GMRP Mode Disable Enable 1 Use GVRP Mode to choose the GARP VLAN Registration Protocol administrative mode for the switch by selecting enable or disable from the radio button The fact
559. se Port Priority to specify the default 802 1p priority assigned to untagged packets arriving at the port The possible value is from 0 to 7 120 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual MAC Based VLAN The MAC Based VLAN feature allows incoming untagged packets to be assigned to a VLAN and thus classify traffic based on the source MAC address of the packet A MAC to VLAN mapping is defined by configuring an entry in the MAC to VLAN table An entry is specified via a source MAC address and the desired VLAN ID The MAC to VLAN configurations are shared across all ports of the device i e there is a system wide table that has MAC address to VLAN ID mappings When untagged or priority tagged packets arrive at the switch and entries exist in the MAC to VLAN table the source MAC address of the packet is looked up If an entry is found the corresponding VLAN ID is assigned to the packet If the packet is already priority tagged it will maintain this value otherwise the priority will be set to zero The assigned VLAN ID is verified against the VLAN table if the VLAN is valid ingress processing on the packet continues otherwise the packet is dropped This implies that the user is allowed to configure a MAC address mapping to a VLAN that has not been created on the system To display the MAC Based VLAN page click Switching gt VLAN gt Advanced gt MAC Based
560. select the administrative mode for MLD Snooping for the switch The default is disable Field Definition Multicast Control Frame Count The number of multicast control frames that are processed by the CPU Interfaces Enabled for MLD Snooping A list of all the interfaces currently enabled for MLD Snooping Data Frames Forwarded by the CPU The number of data frames forwarded by the CPU VLAN Ids Enabled For MLD Snooping Displays VLAN Ids enabled for MLD snooping Chapter Configuring Switching Information 157 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual MLD Snooping Interface Configuration To access the MLD Snooping Interface Configuration page click Switching gt Multicast gt MLD Snooping gt Interface Configuration MLD Snooping Interface Configuration MLD Snooping Interface Configuration 1 LAGS All Go To Interface coj Fast Group Present Max Response Leave t Expiration Time secs Admin Interval secs Time secs Admin Interfac M b h e e Mode embership a O 1 0 12 Disable 260 10 0 Disable O 10 2 Disable 260 10 o Disable O 10 3 Disable 260 10 0 Disable C 1 0 4 Disable 260 10 o Disable O 1 0 5 Disable 260 10 0 Disable CL 10 6 Disable 260 10 i Disable O 1 0 7 Disable 260 10 0 Disable C sors Disable 260 10 o Disable O 170 9 Disable 260 10 0 Disable OO 1 0 10 Disable 260 10 o Disable O 1 0 11 Disable 260 10 0 Disable C 1 0 12 Disable 260
561. settings e MST ID 1 e Priority Use the default 32768 e VLAN ID 300 For more information see MST Configuration on page 168 10 Click Add 11 Create a second MST instance with the following settings e MST ID 2 e Priority 49152 e VLAN ID 500 12 Click Add In this example assume that Switch 1 has become the Root bridge for the MST instance 1 and Switch 2 has become the Root bridge for MST instance 2 Switch 3 has hosts in the Sales department ports 1 0 1 1 0 2 and 1 0 3 and in the HR department ports 1 0 4 and 1 0 5 Switches 1 and 2 also have hosts in the Sales and Human Resources departments The hosts connected from Switch 2 use VLAN 500 MST instance 2 to communicate with the hosts on Switch 3 directly Likewise hosts of Switch 1 use VLAN 300 MST instance 1 to communicate with the hosts on Switch 3 directly The hosts use different instances of MSTP to effectively use the links across the switch The same concept can be extended to other switches and more instances of MSTP 524 Appendix Configuration Examples ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual PIM Dense Sparse Configuration Examples This example shows how to create a Multicast network using the PIM protocol either Dense or Sparse mode from the GSM7224S switch The example network has two different GSM7224S Managed Switches that lie between a multicast host receiver and a multicast source In this example t
562. sic on page 335 e Advanced on page 337 Basic From the Basic link you can access the following pages e CoS Configuration on page 335 CoS Configuration To display the CoS Configuration page click QoS gt CoS gt Basic gt CoS Configuration CoS Configuration CoS Configuration Global All Global Trust Mode trust dotip Interface 1 0 1 Interface Trust Mode trust dotip Use the CoS Configuration page to set the class of service trust mode of an interface Each port in the switch can be configured to trust one of the packet fields 802 1p or IP DSCP or to not trust any packet s priority designation untrusted mode If the port is set to a trusted mode it uses a mapping table appropriate for the trusted field being used This mapping table indicates the CoS queue to which the packet should be forwarded on the appropriate egress port s Of course the trusted field must exist in the packet for the mapping table to be of any use so there are default actions performed when this is not the case These actions involve directing the packet to a specific CoS level configured for the ingress port as a whole based on the existing port default priority as mapped to a traffic class by the current 802 1p mapping table Alternatively when a port is configured as untrusted it does not trust any incoming packet priority designation and uses the port default priority value instead All packets arriving at the Chapter Configur
563. signated Router by monitoring received Hello Packets The router is not allowed to elect a Backup Designated Router or a Designated Router until it transitions out of Waiting state This prevents unnecessary changes of Backup Designated Router Point to Point The interface is operational and is connected either to the virtual link On entering this state the router attempts to form an adjacency with the neighboring router Hello Packets are sent to the neighbor every Hellolnterval seconds Designated Router This router is itself the Designated Router on the attached network Adjacencies are established to all other routers attached to the network The router must also originate a network LSA for the network node The network LSA will contain links to all routers including the Designated Router itself attached to the network Backup Designated Router This router is itself the Backup Designated Router on the attached network It will be promoted to Designated Router if the present Designated Router fails The router establishes adjacencies to all other routers attached to the network The Backup Designated Router performs slightly different functions during the Flooding Procedure as compared to the Designated Router Other Designated Router The interface is connected to a broadcast or NBMA network on which other routers have been selected to be the Designated Router and Backup Designated Router either The router attempts to form adjacencies to bot
564. source was pre configured otherwise 0 and can be modified The valid values are 0 to 4294967295 6 Use Subnets to set whether the subnetted routes should be redistributed 7 Use Distribute List to set the Access List that filters the routes to be redistributed by the destination protocol Only permitted routes are redistributed If this command refers to a non existent access list all routes are permitted The valid values for Access List IDs are 1 to 199 When used for route filtering the only fields in an access list that get used are e Source IP Address and netmask e Destination IP Address and netmask e Action permit or deny All other fields source and destination port precedence tos and so on are ignored The source IP address is compared to the destination IP address of the route The source IP netmask in the access list rule is treated as a wildcard mask indicating which bits in the source IP address must match the destination address of the route Note that a 1 in the mask indicates a don t care in the corresponding address bit 258 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual When an access list rule includes a destination IP address and netmask an extended access list the destination IP address is compared to the network mask of the destination of the route The destination netmask in the access list serves as a wildcard mask indicating which bits in
565. ss preferred than routes from dynamic routing protocols The preference also controls whether a static route is more or less preferred than other static routes to the same destination Click REFRESH to refresh the web page to show the latest learned routes 182 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Advanced From the Advanced link you can access the following pages Route Configuration on page 183 Route Preferences on page 185 Route Configuration To display the Route Configuration page click Routing gt Routing Table gt Advanced gt Route Configuration Route Configuration Next Hop IP p Preference Identifier Network Next Hop Subnet Mask Protocol Hop IP Preference Address Interface Address Route Configuration q N Use the Route Type field to specify default or static If creating a default route all that needs to be specified is the next hop IP address otherwise each field needs to be specified Network Address displays the IP route prefix for the destination Subnet Mask indicates the portion of the IP interface address that identifies the attached network This is also referred to as the subnet network mask Next Hop IP Address displays the outgoing router IP address to use when forwarding traffic to the next router if any in the path towards the destination The next router will always be one of the adjacent neighbors or the
566. st Startup Reason Power On Time Since Last Restart 1 days 23 hrs 58 mins 32 secs Restart In Progress No Warm Restart Ready No Copy of Running Configuration to Backup Unit Status No Backup Unit Backup Configuration Age Not yet copied NSF Support on Unit Unit ID NSF Support 1 Enable Chapter Configuring System Information 79 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 2 Use Admin Status to enable or disable the NSF feature on the stack When this command is invoked the stack selects a backup unit Applications on the management unit copy data to the backup unit 3 Click INITIATE FAILOVER to cause the master unit to fail over to the backup unit 4 Click REFRESH to refresh the data on the page 5 Click APPLY to update the switch with the values on the screen It is saved persistently as soon as submit the change The following table describes the NSF Summary fields Field Description Operational Status Last Startup Reason Indicates whether NSF is enabled on the stack The type of activation that caused the software to start the last time The possible values are e Power On This means that the switch re booted This could have been caused by a power cycle or an administrative Reload command Cold Admin Move This means that the system resets all hardware tables without a reboot and the application begins from a pre initialized state but no data is re
567. st value of the switch 5 If you make changes to the page click Apply to apply the changes to the system Differentiated Services The QoS feature contains Differentiated Services DiffServ support that allows traffic to be classified into streams and given certain QoS treatment in accordance with defined per hop behaviors Standard IP based networks are designed to provide best effort data delivery service Best effort service implies that the network delivers the data in a timely fashion although there is no guarantee that it will During times of congestion packets may be delayed sent sporadically or dropped For typical Internet applications such as e mail and file transfer a slight degradation in service is acceptable and in many cases unnoticeable Conversely any degradation of service has undesirable effects on applications with strict timing requirements such as voice or multimedia Defining DiffServ To use DiffServ for QoS the Web pages accessible from the Differentiated Services menu page must first be used to define the following categories and their criteria Chapter Configuring Quality of Service 343 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 Class Create classes and define class criteria 2 Policy Create policies associate classes with policies and define policy statements 3 Service Add a policy to an inbound interface Packets are classified
568. sted in the order in which they were added to the policy A policy is applied to a packet when a class match within that policy is found To display the DiffServ Configuration page click QoS gt DiffServ gt Basic gt DiffServ Configuration Diffserv Configuration Diffserv Config DiffServ Admin Mode Disable Enable Status mre Tabie current Size Maxste Class Table 0 32 Class Rule table 0 416 Policy table 0 64 Policy Instance table 0 1792 Policy Attributes table 0 5376 Service table 0 160 Chapter Configuring Quality of Service 347 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O DiffServ Admin Mode Class table The options mode for DiffServ The default value is enable While disabled the DiffServ configuration is retained when saved and can be changed but it is not activated When enabled Diffserv services are activated Displays the number of configured DiffServ classes out of the total allowed on the switch Class Rule table Displays the number of configured class rules out of the total allowed on the switch Policy table Displays the number of configured policies out of the total allowed on the switch Policy Instance table Policy Attributes table Service table Advanced e Diffserv Configuration on page 348 e Class Configuration on page 350 e IPv6 Class Configuration on page 353 e Policy Configuration on pa
569. sting community or to create a new one Use this pull down menu to select one of the existing community names or select Create to add a new one A valid entry is a case sensitive string of up to 16 characters 2 Client Address Taken together the Client Address and Client IP Mask denote a range of IP addresses from which SNMP clients may use that community to access this device If either Client Address or IP Mask value is 0 0 0 0 access is allowed from any IP address Otherwise every client s address is ANDed with the mask as is the Client Address and if the values are equal access is allowed For example if the Client Address and Client IP Mask parameters are 192 168 1 0 255 255 255 0 then any client whose address is 192 168 1 0 through 192 168 1 255 inclusive will be allowed access To allow access from only one station use a Client IP Mask value of 255 255 255 255 and use that machine s IP address for Client Address 3 Client IP Mask Taken together the Client Address and Client IP Mask denote a range of IP addresses from which SNMP clients may use that community to access this device If either Client Address or IP Mask value is 0 0 0 0 access is allowed from any IP address Otherwise every client s address is ANDed with the mask as is the Client Address and if the values are equal access is allowed For example if the Client Address and Client IP Mask parameters are 192 168 1 0 255 255 255 0 then any client whose IP
570. sts Metric The distance in hops to the source subnet Expiry Time The minimum amount of time remaining before this entry will be aged out Up Time The time since the route represented by this entry was learned by the router IGMP From the IGMP link you can access the following pages IGMP Global Configuration on page 300 e IGMP Routing Interface Configuration on page 301 e IGMP Routing Interface Statistics on page 302 e IGMP Groups on page 304 e IGMP Membership on page 305 IGMP Proxy Interface Configuration on page 306 e IGMP Proxy Interface Statistics on page 307 e IGMP Proxy Membership on page 308 IGMP Global Configuration To display the IGMP Global Configuration page click Routing gt Multicast gt IGMP gt Global Configuration IGMP Global Configuration IGMP Global Configuration Admin Mode Disable Enable 1 Use Admin Mode to set the administrative status of IGMP in the router to active or inactive The default is disable 300 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IGMP Routing Interface Configuration To display the IGMP Routing Interface Configuration page click Routing gt Multicast gt IGMP gt Routing Interface Configuration IGMP Routing Interface Configuration popogogogdog gogog IGMP Routing Interface Configuration All Interface Orsable Orsable Orsable Disable Orsable Dis
571. system 338 Chapter Configuring Quality of Service ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IP DSCP to Queue Mapping Use the IP DSCP to Queue Mapping page to specify which internal traffic class to map the corresponding DSCP value To display the IP DSCP Queue Mapping page click QoS gt CoS gt Advanced gt IP DSCP to Queue Mapping IP DSCP to Queue Mapping Interface Selection Interface 1 0 1 i IP DSCP to Queue Mapping f Queue x Queue z Queue s Queue DSCP DSCP DSCP DSCP 0 1w 16 ol 32 2 48 3 m 1 1 17 ol 33 2 49 3 2 liv 18 o 34 2 50 3M 3 i 19 0 lw 35 2 51 3 iv 4 1i 20 0 36 2 52 3 5 1 a 21 0 v 37 2 e 53 3m ly 22 ov 8 2 a 54 3m 7 1 23 o 39 2 a 55 3 im 8 o 24 1 40 2 x 56 3i 9 0 25 1 e 41 2 a 57 3m 10 olx 26 liv 42 2 v 58 3M 11 Ov 27 1 43 2 la 59 3 12 oix 28 liv 44 2 60 3 la 13 o 29 1 45 2 a 61 3 la 14 o 30 1 46 2 62 3M 15 Ov 31 1 47 2 m 63 3 S To map DSCP values to queues 1 Use Interface to specify CoS configuration settings based per interface or specify all CoS configurable interfaces The IP DSCP field displays an IP DSCP value from 0 to 63 For each DSCP value specify which internal traffic class to map the corresponding IP DSCP value The queue number depends on specific hardware Click Cancel to cancel the configuration on the
572. t value is Disable 4 Use Password to enter a password for the user The password length can be from 8 to 64 characters 5 Use Confirm Password to enter the password for the user again 6 Use Group to assign the user to at least one User Group To assign a user to more than one group press the Ctrl key and click each group New users are assigned to the 1 Default user group by default 7 Use Session Timeout to enter the number of seconds a user is permitted to remain connected to the network Once the Session Timeout value is reached the user is logged out automatically A value of 0 means that the user does not have a Session Timeout limit The valid range is 0 to 86400 seconds and the default value is 0 8 Use Idle Timeout to enable Logout once idle time out is reached seconds If the attribute is O or not present then use the value configured for the captive portal 9 Use Max Bandwidth Down to specify the maximum rate Rate in bits per seconds at which a client can receive data from the network 0 indicates use global configuration Range 0 536870911 bps 10 Use Max Bandwidth Up to specify the maximum rate Rate in bits per seconds at which a client can send data into the network O indicates to use the global limit Range 0 536870911 bps 11 Use Max Output to specify the number of octets the user is allowed to transmit After this limit has been reached the user will be disconnected 0 indicates to use the globa
573. t Router VLAN Configuration To access the Multicast Router VLAN Configuration page click Switching gt Multicast gt MLD Snooping gt Multicast Router VLAN Configuration Multicast Router VLAN Configuration Multicast Router VLAN Configuration Interface 1 0 1 iv Multicast Router VLAN Configuration E VLAN ID Multicast Router 1 Use Interface to select the interface for which you want Multicast Router to be enabled 2 Use VLAN ID to select the VLAN ID for which the Multicast Router Mode is to be Enabled or Disabled 3 Use Multicast Router to enable or disable the multicast router for the Vlan ID MLD Snooping Querier Configuration Use this menu to configure the parameters for MLD Snooping Querier Note that only a user with Read Write access privileges may change the data on this screen To access the MLD Snooping Querier Configuration page click Switching gt Multicast gt MLD Snooping gt Querier Configuration MLD Snooping Querier Configuration MLD Snooping Querier Configuration Querier Admin Mode Disable Enable Querier Address 4 eIxIXIXIxixixix and x MLD Version 1 Query Interval secs 60 1 to 1800 Querier Expiry Interval secs 60 60 to 300 VLAN Ids Enabled for MLD Snooping Querier 1 Use Querier Admin Mode to select the administrative mode for MLD Snooping for the switch The default is disable 2 Use Querier Address to specify the Snooping Querier Address to be used as source addr
574. t Storm Recovery CFI Discards The number of frames discarded when a lookup in the multicast tree for a VLAN occurs while that tree is being modified The number of frames discarded that are destined to an IEEE 802 1 reserved address and are not supported by the system The number of frames discarded that are destined for FF FF FF FF FF FF when Broadcast Storm Recovery is enabled The number of frames discarded that have CFI bit set and the addresses in RIF are in non canonical format Upstream Threshold The number of frames discarded due to lack of cell descriptors available for that packet s priority level Received Packets Dropped including aborted The number of packets without any errors that are dropped at the time of their receive Total Packets Transmitted Octets The total number of octets of data including those in bad packets transmitted on the network excluding framing bits but including FCS octets This object can be used as a reasonable estimate of ethernet utilization If greater precision is desired the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval Packets Transmitted 64 Octets The total number of packets including bad packets received that were 64 octets in length excluding framing bits but including FCS octets Packets Transmitted 65 127 Octets The total number of packets including bad packets received that were between 65
575. t be determined The Cable Length is only displayed if the cable status is Normal Failure Location The estimated distance in meters from the end of the cable to the failure location The failure location is only displayed if the cable status is Open or Short Logs The switch may generate messages in response to events faults or errors occurring on the platform as well as changes in configuration or other occurrences These messages are stored locally and can be forwarded to one or more centralized points of collection for monitoring purposes or long term archival storage Local and remote configuration of the logging capability includes filtering of messages logged or forwarded based on severity and generating component The Monitoring gt Logs tab contains links to the following folders e Buffered Logs on page 468 e Command Log Configuration on page 470 e Console Log Configuration on page 470 e SysLog Configuration on page 471 e Trap Logs on page 472 e Event Logs on page 474 e Persistent Logs on page 475 Chapter Monitoring the System 467 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Buffered Logs To access the Buffered Logs page click Monitoring gt Logs gt Buffered Logs Buffered Logs Buffered Logs Adroon Statws Ousabile Enable Dehewee Wrep Message Log D Total number of Messages 1292 eee lt 24 gt JAN O3 23 40 43 10 27 34 52 3 AUTO_INS
576. t changed The time in seconds remaining before the other querier present timer expires If the local system is the querier this will be zero Chapter Routing 329 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fes escrito O O Wrong Version Queries Received Number of Joins Received Indicates the number of queries received whose MLD version does not match the MLD version of the interface The number of times a group membership has been added on this interface Number of Groups The current number of membership entries for the selected interface in the cache table Click REFRESH to refresh the data on the screen with the latest MLD routing interface statistics MLD Groups To display the MLD Groups page click Routing gt IPv6 Multicast gt MLD gt MLD Groups MLD Groups MLD Grosps Search thy Group Intertace G Sow puron Last Reporter Up Time Expiry Time Filter Mode Version 1 Host Timer Group Compat Mode Source Address Expiry Time Hosts Field Description Interface Group IP Indicates the interface on which data is displayed Indicates the address of the Mgmd members Last Reporter The IP Address of the source of the last membership report received for this multicast group address on the interface Up Time Time elapsed in seconds since the multicast group has been known Expiry Time Time l
577. t eligible to become the designated router on this network 244 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 10 11 12 13 14 15 Use Retransmit Interval to enter the OSPF retransmit interval for the specified interface This is the number of seconds between link state advertisements for adjacencies belonging to this router interface This value is also used when retransmitting database descriptions and link state request packets Valid values range from 1 to 3600 seconds 1 hour The default is 5 seconds Use Hello Interval to enter the OSPF hello interval for the specified interface in seconds This parameter must be the same for all routers attached to a network Valid values range from 1 to 65 535 The default is 10 seconds Use Dead Interval to enter the OSPF dead interval for the specified interface in seconds This specifies how long a router will wait to see a neighbor router s Hello packets before declaring that the router is down This parameter must be the same for all routers attached to a network This value should a multiple of the Hello Interval e g 4 Valid values range from 1 to 2147483647 The default is 40 Use Iftransit Delay Interval to enter the OSPF Transit Delay for the specified interface This specifies the estimated number of seconds it takes to transmit a link state update packet over the selected interface Valid values range from 1 to 3
578. t number from the Interface menu Use the buttons at the bottom of the page to perform the following actions Chapter Monitoring the System 457 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e Click Clear to clear all the counters This resets all statistics for this port to the default values e Click Refresh to refresh the data on the screen and display the most current statistics Field Description iflndex This object indicates the iflndex of the interface table entry associated with this port on an adapter Port Type For normal ports this field will be normal Otherwise the possible values are e Mirrored This port is a participating in port mirroring as a mirrored port Look at the Port Mirroring screens for more information e Probe This port is a participating in port mirroring as the probe port Look at the Port Mirroring screens for more information Trunk Member The port is a member of a Link Aggregation trunk Look at the Port Channel screens for more information Port Channel ID If the port is a member of a port channel the port channel s interface ID and name are shown Otherwise Disable is shown Port Role Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree The port role will be one of the following values Root Port Designated Port Alternate Port Backup Port Master Port or Disabled Port
579. t packets including both valid and invalid packets that were received from this server Access Challenges The number of RADIUS Access Challenge packets including both valid and invalid packets that were received from this server Chapter Managing Device Security 369 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fes escrito O O Malformed Access Responses The number of malformed RADIUS Access Response packets received from this server Malformed packets include packets with an invalid length Bad authenticators or signature attributes or unknown types are not included as malformed access responses Bad Authenticators The number of RADIUS Access Response packets containing invalid authenticators or signature attributes received from this server Pending Requests The number of RADIUS Access Request packets destined for this server that have not yet timed out or received a response Timeouts The number of authentication timeouts to this server Unknown Types The number of RADIUS packets of unknown type which were received from this server on the authentication port Packets Dropped The number of RADIUS packets received from this server on the authentication port and dropped for some other reason Accounting Server Configuration Use the RADIUS Accounting Server Configuration page to view and configure various settings for one or more RADIUS accountin
580. t row of the table is used to display information about the progress of the file transfer Download File To Switch The switch supports system file downloads from a remote system to the switch by using either TFTP or HTTP The Download menu contains links to the following options e File Download on page 491 HTTP File Download on page 492 e USB File Download on page 494 490 Chapter Maintenance ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual File Download To display the File Download page click Maintenance gt Download gt File Download 1 File Download File Download File Type Archive v Image Name imagel Transfer Mode TFTP iv Server Address Type IPv4 Server Address 0 0 0 0 Remote File Path Remote File Name Use File Type to specify what type of file you want to transfer Archive Specify archive STK code when you want to upgrade the operational flash e Image Specify the code image1 you want to download e Image2 Specify the code image2 you want to download CLI Banner Specify CLI Banner when you want a banner to be displayed before the login prompt Configuration Specify configuration when you want to update the switch s configuration If the file has errors the update will be stopped Text Configuration Specify configuration in text mode when you want to update the switch s configuration If the file has errors the update will be stopped Use
581. t specified by the user i e the value is 0 a Sequence number that is one greater than the highest sequence number currently in use for this VLAN and direction will be used Valid range is 1 to 4294967295 Chapter Managing Device Security 453 Monitoring the System Use the features available from the Monitoring tab to view a variety of information about the switch and its ports and to configure how the switch monitors events The Monitoring tab contains links to the following features e Ports on page 454 e Logs on page 467 e Port Mirroring on page 476 e sFlowon page 478 Ports The pages available from the Ports link contain a variety of information about the number and type of traffic transmitted from and received on the switch From the Ports link you can access the following pages e Port Statistics on page 455 Port Detailed Statistics on page 457 e EAP Statistics on page 463 e Cable Test on page 466 Chapter Monitoringthe System 454 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Port Statistics The Port Statistics page displays a summary of per port traffic statistics on the switch To access the Port Statistics page click Monitoring gt Ports gt Port Statistics Port Statistics Status LAGS All Go To Interface sO Total Time Packets Packets Packets Broadcast Transmit since received transmitted Collision Interface received Packet
582. t the IP TOS field in a packet For example to check for an IP TOS value having bits 7 and 5 set and bit 1 clear where bit 7 is most significant use a TOS Bits value of OxAO and a TOS Mask of OxFF This is an optional configuration 3 To delete an IP ACL rule select the check box associated with the rule and then click Delete 4 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 5 To modify an existing IP Extended ACL rule click the Rule ID The number is a hyperlink to the Extended ACL Rule Configuration page IPv6 ACL An IP ACL consists of a set of rules which are matched sequentially against a packet When a packet meets the match criteria of a rule the specified rule action Permit Deny is taken and the additional rules are not checked for a match On this menu the interfaces to which an IP ACL applies must be specified as well as whether it applies to inbound or outbound traffic Rules for the IP ACL are specified created using the IP ACL Rule Configuration menu To display the IPv6 ACL page click Security gt ACL gt Advanced gt IPv6 ACL IPv6 ACL IPv6 Configuration Current Number of ACL 5 Maximum ACL 100 IPv6 ACL Table 2 IPv6 ACL Type a IPV6 ACL ipv6 acl 5 IPv6 ACL e E 0 Chapter Managing Device Security 447 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 IP ACL is the IP ACL ID or
583. t the administrative mode for IGMP Snooping for the switch The default is disable Chapter Configuring Switching Information 147 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 2 Use the Unknown Multicast Filtering Enable Disable radio button to select the unknown multicast filtering mode for the switch The default is disable The following table displays information about the global IGMP snooping status and statistics on the page Fes escrito O O Multicast Control Frame Count The number of multicast control frames that are processed by the CPU Interfaces Enabled for IGMP Snooping A list of all the interfaces currently enabled for IGMP Snooping Data Frames Forwarded by the CPU The number of data frames forwarded by the CPU VLAN Ids Enabled For IGMP Snooping Displays VLAN Ids enabled for IGMP snooping 148 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IGMP Snooping Interface Configuration Use the IGMP Snooping Interface Configuration page to configure IGMP snooping settings on specific interfaces To access the IGMP Snooping Interface Configuration page click Switching gt Multicast gt IGMP Snooping gt Interface Configuration IGMP Snooping Interface Configuration IGMP Snooping Interface Configuration 1 LAGS All Go To Interface hee GO Fast Group Present Max Response Le
584. t to the router from which it was learned e Poison reverse A route will be included in updates sent to the router from which it was learned but the metric will be set to infinity The default is simple 3 Use Auto Summary Mode to select enable or disable If you select enable groups of adjacent routes will be summarized into single entries in order to reduce the total number of entries The default is disable 4 Use Host Routes Accept Mode to select enable or disable If you select enable the router will be accept host routes The default is enable 5 Use Default Information Originate to enable or disable Default Route Advertise 6 Use Default Metric to set a default for the metric of redistributed routes This field displays the default metric if one has already been set or blank if not configured earlier The valid values are 1 to 15 Field Description Global Route Changes The number of route changes made to the IP Route Database by RIP This does not include the refresh of a route s age Global queries The number of responses sent to RIP queries from other systems Chapter Routing 229 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Interface Configuration Use the RIP Interface Configuration page to enable and configure or to disable RIP on a specific interface To display the Interface Configuration page click Routing gt RIP gt Advanced gt Interface Confi
585. t will be dropped Click the orange bar to display the available ports and select the port s you to include in the outbound filter Packets with the MAC address and VLAN ID you Chapter Managing Device Security 403 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual selected will be transmitted only out of ports that are in the list Destination ports can be included only in the Multicast filter 2 To delete a configured MAC Filter select it from the menu and then click Delete 3 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 4 If you make changes to the page click Apply to apply the changes to the system MAC Filter Summary MAC Filter Summary Use the MAC Filter Summary page to view the MAC filters that are configured on the system To display the MAC Filter Summary page click Security gt Traffic Control gt MAC Filter gt MAC Filter Summary MAC Filter Summary MAC Filter Summary MAC Address VLAN ID Source Port Members Destination Port Members The following table describes the information displayed on the page Field Description MAC Address The MAC address of the filter in the format 00 01 1A B2 53 4D VLAN ID The VLAN ID associated with the filter Source Port Members A list of ports to be used for filtering inbound packets Port Security The Port Security folder contains
586. tached to the specified interface and direction The value is either Up or Down Member Classes List of all DiffServ classes currently defined as members of the selected Policy Name Choose one member class name at a time to display its statistics If no class is associated with the chosen policy then nothing will be populated in the list Offered Packets Octets Discarded Packets Octets Sent Packets Octets A count of the total number of packets octets offered to all class instances in this service policy before their defined DiffServ treatment is applied This is the overall count per interface per direction A count of the total number of packets octets discarded for all class instances in this service policy for any reason due to DiffServ treatment This is the overall count per interface per direction A count of the total number of packets octets forwarded for all class instances in this service policy after their defined DiffServ treatments were applied In this case forwarding means the traffic stream was passed to the next functional element in the data path such as the switching or routing function of an outbound link transmission element This is the overall count per interface per direction Chapter Configuring Quality of Service 361 Managing Device Security Use the features available from the Security tab to configure management security settings for port user and server
587. tained from before the failover e Warm Admin Move This means that the administrator issued a command for the stand by manager to take over e Auto Warm This means that the primary management card restarted due to a failure and the system executed a nonstop forwarding failover e Auto Cold This means that the system switched from the active manager to the backup manager and was unable to maintain user data traffic This is usually caused by multiple failures occurring close together Time Since Last Restart Time since the current management card became the active management card For backup manager the value is set to Od 00 00 00 Restart In Progress Whether a restart is in progress A restart is not considered complete until all hardware tables have been fully reconciled Warm Restart Ready Status Backup Configuration Age Indicates whether the initial full checkpoint has finished Status of copying running configuration to backup units Indicates the time since the running configuration was last copied to the backup unit 80 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Checkpoint Statistics Field Description Unit ID Displays the switch unit number NSF Support Displays whether the switch supports Non Stop Forwarding feature NSF This page displays the Checkpoint Statistics To display the
588. ted using this area s link state database This is done using Dijkstra s algorithm Area Border Router Count The total number of area border routers reachable within this area This is initially zero and is calculated in each SPF Pass Area LSA Count The total number of link state advertisements in this area s link state database excluding AS External LSAs Area LSA Checksum The 32 bit unsigned sum of the link state advertisements LS checksums contained in this area s link state database This sum excludes external LS type 5 link state advertisements The sum can be used to determine if there has been a change in a router s link state database and to compare the link state database of two routers Type of Service This field is the normal TOS associated with the stub metric 266 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual NSSA Area Configuration To display the NSSA Area Configuration page click Routing gt OSPFv3 gt Advanced gt NSSA Area Configuration NSSA Area Conliqueation OSPF v2 NSSA Ares Configquestion 1 Use Area ID to enter the OSPF area ID An Area ID is a 32 bit integer in dotted decimal format that uniquely identifies the area to which a router interface connects 2 Use Import Summary LSAs to select enable or disable If you select enable summary LSAs will be imported into areas Defaults to Enable 3 Use Defau
589. tem Information 61 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e mobile ip Relay Mobile IP UDP port 434 packets e nameserver Relay IEN 116 Name Service UDP port 42 packets e netbios dgm Relay NetBIOS Datagram Server UDP port 138 packets e netbios ns Relay NetBIOS Name Server UDP port 137 packets e ntp Relay network time protocol UDP port 123 packets e pim auto rp Relay PIM auto RP UDP port 496 packets e rip Relay RIP UDP port 520 packets e tacacs Relay TACACS UDP port 49 packet tftp Relay TFTP UDP port 69 packets e time Relay time service UDP port 37 packets Other If this option is selected the UDP Port Other Value is enabled This option permits the user to enter their own UDP port in UDP Port Other Value 4 Use UDP Port Other Value to specify UDP Destination Port that lies between 0 and 65535 5 Use Discard to enable disable dropping of matched packets Enable can be chosen only when a user enters 0 0 0 0 IP address Discard mode can be set to Disable when user adds a new entry with a non zero IP address 6 Click ADD to create an entry in UDP Relay Table with the specified configuration 7 Click DELETE to remove all entries or a specified one from UDP Relay Interface Configuration Table The following table describes the UDP Relay Interface Configuration fields Field Description Hit Count Show the number of UDP packets hitti
590. tempts to authenticate with a captive portal but is unsuccessful 3 If you enable the Client Connect field the SNMP agent sends a trap when a client authenticates with and connects to a captive portal 4 lf you enable the Client DB Full field the SNMP agent sends a trap each time an entry cannot be added to the client database because it is full 5 If you enable the Client Disconnect field the SNMP agent sends a trap when a client disconnects from a captive portal Captive Portal Client To display the Captive Portal Client page click Security gt Control gt Captive Portal gt CP Client Captive Portal Client Captive Portal Client Search By MAC Address GO iP MAC Address Address Protocol Verification Interface Time ID Name Received Transmitted Received Transmitted Session cP User Bytes Bytes Packets Packets Drops Chapter Managing Device Security 435 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fea O iescription SCs MAC Address Identifies the MAC address of the client IP Address Drops Identifies the IP address of the client if applicable Protocol Shows the current connection protocol which is either HTTP or HTTPS Verification Shows the current account type which is Guest Local or RADIUS Session Time Shows the amount of time that has passed since the client was authorized Interface Identifies the interface the client is
591. ter c Attorticmar O ioa Auhenicsor e VOS Authernoster ODO vos ateme e wor Avthertxater J uoe Authesticater vos Authertcater O UOO Astherticater o VOII Authertxete NOII Astherticater e LOJ Asthertcstor W014 Avtherticater e 0 15 Autherticeter J D iane Asheromer 3 VOIT Avthertester J UOMO Authertcster g UOS Authertxeter O LOO Autherticater c UVOZI Astherticstor NOTI Asthertcater g VORI sther cstor VOIA Authertcater e a T SIS A A ee sum amp i E E RE A SES RIS lo te J J X D b e o a e J eS SS ASAR KO E te 3 AN WS eee SS SS T K 5 6S wen Ss is Sy FNS Sa iti TE CGE Uk Ee a L J Ee J 2 3 J J EEE E a E N gare es eee cles T s Se a e E T sni i aE SSS Ghana 12 a i i a Ge Te tetertoce The following table describes the EAP statistics displayed on the screen Use the buttons at the bottom of the page to perform the following actions e Toclear all the EAP counters for all ports on the switch select the check box in the row heading and click Clear The button resets all statistics for all ports to default values e Toclear the counters for a specific port select the check box associated with the port and click Clear e Click Refresh to refresh the data on the screen and display the most current statistics PAE Capabilities Selects the port to be displayed When the selection is changed a screen refresh will occur causing
592. ter Problem messages sent by the interface The number of ICMP Packet Too Big messages sent by the interface The number of ICMP Echo request messages sent by the interface ICMPv6 Echo Reply Messages Transmitted The number of ICMP Echo Reply messages sent by the interface ICMPv6 Router Solicit Messages Transmitted The number of ICMP Neighbor Solicitation messages sent by the interface ICMPv6 Router Advertisement Messages Transmitted ICMPv6 Neighbor Solicit Messages Transmitted The number of ICMP Router Advertisement messages sent by the interface The number of ICMP Neighbor Solicitation messages sent by the interface Chapter Routing 213 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fes escrito O O ICMPv6 Neighbor Advertisement Messages The number of ICMP Neighbor Advertisement Transmitted messages sent by the interface ICMPv6 Redirect Messages Transmitted The number of Redirect messages sent ICMPv6 Group Membership Query Messages The number of ICMPv6 Group Membership Query Transmitted messages sent ICMPv6 Group Membership Response Messages The number of ICMPv6 Group Membership Transmitted Response messages sent ICMPv6 Group Membership Reduction Messages The number of ICMPv6 Group Membership Transmitted Reduction messages sent ICMPv6 Duplicate Address Detects The number of duplicate Addresses detected by the interface IP
593. ternal VLAN Allocation Base 4093 Internal VLAN Allocation Policy Ascending Descending VLAN Configuration E VLAN ID VLAN Name VLAN Type Make Static M O default Default Disable 1 Reset Configuration If you select this checkbox and click the APPLY button all VLAN configuration parameters will be reset to their factory default values Also all VLANs except for the default VLAN will be deleted The factory default values are e All ports are assigned to the default VLAN of 1 e All ports are configured with a PVID of 1 e All ports are configured to an Acceptable Frame Types value of Admit All Frames e All ports are configured with Ingress Filtering disabled e All ports are configured to transmit only untagged frames e GVRP is disabled on all ports and all dynamic entries are cleared Chapter Configuring Switching Information 113 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Internal VLAN Configuration This section displays the allocation base and the allocation mode of internal VLAN The internal VLAN is reserved by port based routing interface and invisible to the end user Once these internal VLANs are allocated by port based routing interface they are cannot be assigned to a routing VLAN interface 1 Use Internal VLAN Allocation Base to specify the VLAN Allocation Base for the routing interface The default base of the internal VLAN is 1 to 4093 2 Use th
594. tes redistributed This field displays the tag if the source was pre configured else a default tag value of 0 is displayed The valid values are 0 to 4294967295 280 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual NSF OSPFv3 Summary Use this screen to to see the NSF OSPFv3 Summary The allowable values for each fields are displayed next to the field If any invalid values are entered an alert message will be displayed with the list of all the valid values To display the NSF OSPFv3 Summary page click Routing gt OSPFv3 gt Advanced gt NSF OSPFv3 Summary NSF OSPFv3 Summary NSF OSPFv3 Summary Support Mode Disabled v Restart Interval 120 Restart Status Restart Age secs Restart Exit Reason 1 Use Support Mode to configure how the unit will perform graceful restarts The possible values are a Disabled Disables OSPF from performing graceful restarts b Planned Indicates that OSPF should only perform a graceful restart when a restart is planned IE due to an initiate failover command c Always Indicates that OSPF should perform a graceful restart for all planned and unplanned warm restart events Field Description Restart Interval Displays the operational status of the NSF feature on stack Restart Status Displays the restart status of OSPF Helper feature The possible values are e Not Restarting e Planned Restart e Unplanned Restart
595. the Dynamic ARP Inspection is enabled on this VLAN If this object is set to Enable Dynamic ARP Inspection is enabled If this object is set to Disable Dynamic ARP Inspection is disabled 3 Use Logging invalid Packets to indicate whether the Dynamic ARP Inspection logging is enabled on this VLAN If this object is set to Enable it will log the Invalid ARP Packets information If this object is set to Disable Dynamic ARP Inspection logging is disabled 4 Use ARP ACL Name to specify a name for the ARP Access list A vlan can be configured to use this ARP ACL containing rules as the filter for ARP packet validation The name can contain up to lt 1 31 gt alphanumeric characters 5 Use Static Flag to determine whether the ARP packet needs validation using the DHCP snooping database in case ARP ACL rules don t match If the flag is enabled then the ARP Packet will be validated by the ARP ACL Rules only If the flag is disabled then the ARP Packet needs further validation by using the DHCP Snooping entries The factory default is disable 424 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual DAI Interface Configuration To display the DAI Interface Configuration page click Security gt Control gt Dynamic ARP Inspection gt DAI Interface Configuration Dynamic ARP Inspection Interface Configuration DAI Interface Configuration 1 LAGS All Go To Interface
596. the IP route prefix for the destination 3 Subnet Mask indicates the portion of the IP interface address that identifies the attached network This is also referred to as the subnet network mask 4 Next Hop IP Address displays the outgoing router IP address to use when forwarding traffic to the next router if any in the path towards the destination The next router will always be one of the adjacent neighbors or the IP address of the local interface for a directly attached network 5 Preference displays an integer value from 1 to 255 The user can specify the preference value sometimes called administrative distance of an individual static route Among routes to the same destination the route with the lowest preference value is the route entered into the forwarding database By specifying the preference of a static route the user controls whether a static route is more or less preferred than routes from dynamic routing protocols The preference also controls whether a static route is more or less preferred than other static routes to the same destination 6 Use Identifier to specify the description of this route that identifies the route 7 Click ADD to add a new static route entry to the switch 8 Click DELETE to delete a existing static route entry from the switch Chapter Routing 181 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Learned Routes Feis escrito O O Route Type Th
597. the VLAN membership as follows e For the default VLAN with VLAN ID 1 specify the following members port 7 U and port 8 U 510 Appendix Configuration Examples ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e For the VLAN with VLAN ID 10 specify the following members port 1 U port 2 U and port 3 T e For the VLAN with VLAN ID 20 specify the following members port 4 U port 5 T and port 6 U 3 In the Port PVID Configuration screen see lt pdf gt Port PVID Configuration on page 3 144 specify the PVID for ports g1 and g4 so that packets entering these ports are tagged with the port VLAN ID e Portg1 PVID 10 e Port g4 PVID 20 4 With the VLAN configuration that you set up the following situations produce results as described e Ifan untagged packet enters port 1 the switch tags it with VLAN ID 10 The packet has access to port 2 and port 3 The outgoing packet is stripped of its tag to leave port 2 as an untagged packet For port 3 the outgoing packet leaves as a tagged packet with VLAN ID 10 e Ifa tagged packet with VLAN ID 10 enters port 3 the packet has access to port 1 and port 2 If the packet leaves port 1 or port 2 it is stripped of its tag to leave the switch as an untagged packet e Ifan untagged packet enters port 4 the switch tags it with VLAN ID 20 The packet has access to port 5 and port 6 The outgoing packet is stripped of its tag to becom
598. the data on the screen to the latest value of the switch 8 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Policy Configuration Use the Policy Configuration page to associate a collection of classes with one or more policy statements After creating a Policy click the policy link to the Policy page To display the page click QoS gt DiffServ gt Advanced gt Policy Configuration Chapter Configuring Quality of Service 355 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Policy Configuration Policy Configuration Bz Policy Name Policy Type Member Class 1 Use Policy Name to uniquely identify a policy using a case sensitive alphanumeric string from 1 to 31 characters 2 Member Class This lists all existing DiffServ classes currently defined as members of the specified Policy from which one can be selected This list is automatically updated as a new class is added to or removed from the policy This field is a selector field only when an existing policy class instance is to be removed After removal of the policy class instance this becomes a non configurable field 3 Policy Type Indicates the type is specific to inbound traffic direction 4 Click ADD to add a new policy to the switch 5 Click DELETE to delete the currently selected policy from the switch To configure the policy attributes 1 Click the name of the
599. the entire system A trap Chapter Managing Device Security 443 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual is not issued if the ACL rule hit count is zero for the current interval This field is visible for a Deny Action e Assign Queue ID Specifies the hardware egress queue identifier used to handle all packets matching this ACL rule Enter an identifying number from 0 6 in the appropriate field e Match Every Select true or false from the pull down menu True signifies that all packets will match the selected IP ACL and Rule and will be either permitted or denied In this case since all packets match the rule the option of configuring other match criteria will not be offered To configure specific match criteria for the rule remove the rule and re create it or re configure Match Every to False for the other match criteria to be visible Mirror Interface Specifies the specific egress interface where the matching traffic stream is copied in addition to being forwarded normally by the device This field cannot be set if a Redirect Interface is already configured for the ACL rule This field is visible for a Permit Action e Redirect Interface Specifies the specific egress interface where the matching traffic stream is forced bypassing any forwarding decision normally performed by the device This field cannot be set if a Mirror Interface is already configured for the ACL r
600. the priority of C BSR Use Hash Mask Length to enter the C BSR hash mask length to be advertised in bootstrap messages This hash mask length will be used in the hash algorithm for selecting the RP for a particular group The valid values are from 0 to 128 Default value is 126 Field Description BSR Expiry Time IP Address Time in Hours Minutes and Seconds in which the learned elected bootstrap router BSR expires Displays the IP address of the Elected BSR Next bootstrap Message Time in hours minutes and seconds in which the next bootstrap message is due from this BSR Next Candidate RP Advertisement Time in hours minutes and seconds in which the next candidate RP advertisement will be sent Static RP Configuration This page is used to statically configure the RP address for one or more multicast groups To display the PIM Static RP Configuration page click Routing gt IPv6 Multicast gt PIM gt Static RP Configuration PIM Static RP Configuration Static RP Configuration RP Address Group Address Prefix Length Override 3 Chapter Routing 325 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 Use RP Address to specify the IP Address of the RP to be created or deleted 2 Use Group Address to specify the Group Address of the RP to be created or deleted Use Prefix Length to specify the Group IPv6 Prefix Length of the
601. the route s destination mask are significant for the filtering operation NSF OSPF Configuration Use the NSF OSPF Summary page to see the NSF OSPF Summary The allowable values for each fields are displayed next to the field If any invalid values are entered an alert message will be displayed with the list of all the valid values To display the NSF OSPF Summary page click Routing gt OSPF gt Advanced gt NSF OSPF Summary NSF OSPF Summary NSF OSPF Summary 2 Support Mode Disabled Restart Interval 120 Restart Status Restart Age secs Restart Exit Reason 1 Use Support Mode to configure how unit will perform graceful restarts The possible values are a Disabled Disables OSPF from performing graceful restarts b Planned Indicates that OSPF should only perform a graceful restart when a restart is planned IE due to an initiate failover command c Always Indicates that OSPF should perform a graceful restart for all planned and unplanned warm restart events Field Description Restart Interval Displays the operational status of the NSF feature on stack Restart Status Displays the restart status of OSPF Helper feature The possible values are e Not Restarting e Planned Restart e Unplanned Restart Chapter Routing 259 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O Restart Age secs Displays the amount of time since
602. the status of the internal power module PoE Version Version of the PoE controller FW image Indicates the status of maximum PoE power available on the switch as follows e ON Indicates less than 7W of PoE power available for another device OFF Indicates at least 7W of PoE power available for another device e N A Indicates that PoE is not supported by the unit Click REFRESH to refresh the system information of the switch 22 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Switch Statistics Use this page to display the switch statistics To display the Switch Statistics page click System gt Management gt Switch Statistics A screen similar to the following displays Switch Statistics Statistics ifindex Octets Received Packets Received Without Errors Unicast Packets Received Multicast Packets Received Broadcast Packets Received Receive Packets Discarded Octets Transmitted Packets Transmitted Without Errors Unicast Packets Transmitted Multicast Packets Transmitted Broadcast Packets Transmitted Transmit Packets Discarded Most Address Entries Ever Used Address Entries in Use Maximum VLAN Entries Most VLAN Entries Ever Used Static VLAN Entries Dynamic VLAN Entries VLAN Deletes Time Since Counters Last Cleared 2048 223544 35829 83571 5190490 21000 2754 18238 0 1 day 22 hr 22 min 42 sec The following
603. the total allowed on the switch Chapter Configuring Quality of Service 349 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fes escrito O O Policy Attributes table Displays the number of configured policy attributes attached to the policy class instances out of the total allowed on the switch Service table Displays the number of configured services attached to the policies on specified interfaces out of the total allowed on the switch Class Configuration Use the Class Configuration page to add a new DiffServ class name or to rename or delete an existing class The page also allows you to define the criteria to associate with a DiffServ class As packets are received these DiffServ classes are used to prioritize packets You can have multiple match criteria in a class The logic is a Boolean logical and for this criteria After creating a Class click the class link to the Class page To display the page click QoS gt DiffServ gt Advanced gt Class Configuration Class Name Class Name Class Name Class Type To configure a DiffServ class 1 To create a new class enter a class name select the class type and click Add This field also lists all the existing DiffServ class names from which one can be selected The switch supports only the Class Type value All which means all the various match criteria defined for the class should be satisfied for a packet match
604. thet Sonate lt seiat daste baste seir satre taera setes vei o ee b 3 7 feet ne Desie Desmi Dusi iania one wee dee Desiiet ace aa Ca da batortena To configure CST port settings 1 Interface One of the physical or port channel interfaces associated with VLANs associated with the CST 2 Use Port Priority to specify the priority for a particular port within the CST The port priority is set in multiples of 16 For example if the priority is attempted to be set to any value between 0 and 15 it will be set to O If it is tried to be set to any value between 16 and 2 16 1 it will be set to 16 and so on 3 Use Admin Edge Port to specify if the specified port is an Edge Port within the CIST It takes a value of TRUE or FALSE where the default value is FALSE 4 Use Port Path Cost to set the Path Cost to a new value for the specified port in the common and internal spanning tree It takes a value in the range of 1 to 200000000 136 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 5 Use External Port Path Cost to set the External Path Cost to a new value for the specified port in the spanning tree It takes a value in the range of 1 to 200000000 6 Use BPDU Filter to configure the BPDU Filter which filters the BPDU traffic on this port when STP is enabled on this port The possible values are Enable or Disable 7 Use BPDU Flood to confi
605. tication List on page 374 Enable Authentication List on page 375 Dot1x Authentication List on page 376 HTTP Authentication List on page 376 HTTPS Authentication List on page 377 Login Authentication List You use this page to configure login lists A login list specifies the authentication method s you want to be used to validate switch or port access for the users associated with the list The pre configured users admin and guest are assigned to a pre configured list named defaultList which you may not delete All newly created users are also assigned to the defaultList until you specifically assign them to a different list To display the Login Authentication List page click Security gt Management Security gt Authentication List gt Login Authentication List Login Authentication List Login Authentication List C defaultList Local C networkList Local List Name If you are creating a new login list enter the name you want to assign It can be up to 15 alphanumeric characters long and is not case sensitive Use the dropdown menu to select the method that should appear first in the selected authentication login list If you select a method that does not time out as the first method such as local no other method will be tried even if you have specified more than one method The options are e Local The user s locally stored ID and password will be used for authentication e Radius The user s ID and password
606. tics A screen similar to the following displays LLDP Statistics Transmit Receive TL TLV TLV TLV TLV Interface Discards Errors Ageouts Discards Unknowns MED 802 1 802 3 Total Total 1 0 11 0 1 0 13 1 0 15 1 0 19 0 1 0 21 0 1 0 23 0 The following table describes the LLDP Statistics fields 92 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Total Deletes Field Description Last Update Specifies the time when an entry was created modified or deleted in the tables associated with the remote system Total Inserts Specifies the number of times the complete set of information advertised by a particular MAC Service Access Point MSAP has been inserted into tables associated with the remote systems Specifies the number of times the complete set of information advertised by a particular MAC Service Access Point MSAP has been deleted from tables associated with the remote systems Total Drops Specifies the number of times the complete set of information advertised by a particular MAC Service Access Point MSAP could not be entered into tables associated with the remote systems because of insufficient resources Total Age outs Interface Specifies the number of times the complete set of information advertised by a particular MAC Service Access Point MSAP has been deleted from tables associated with t
607. tion C Global Configuration Transmit Interval 30 5 2766 Transmit Hold Multiplier Re Initialization Delay uN amp Notification Interval To configure global LLDP settings 1 2 Use Transmit Interval to specify the interval in seconds to transmit LLDP frames The range is from 5 to 32768 secs Default value is 30 seconds Use Transmit Hold Multiplier to specify the multiplier on Transmit Interval to assign TTL The range is from 2 to 10 secs Default value is 4 Use Re Initialization Delay to specify the delay before re initialization The range is from 1 to 10 secs Default value is 2 seconds Use Notification Interval to specify the interval in seconds for transmission of notifications The range is from 5 to 3600 secs Default value is 5 seconds Click CANCEL to cancel the configuration on the screen Resets the data on the screen to the latest value of the switch Click APPLY to send the updated configuration to the switch and cause the changes to take effect on the switch but these changes will not be retained across a power cycle unless a save is performed 90 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual LLDP Interface Configuration To display this page click System gt LLDP gt LLDP gt Interface Configuration A screen similar to the following displays LLDP Interface Configuration Interface Configuration 1 all G
608. tion VLAN ID Displays the VLAN ID for the interface Link State The state of the specified interface is either Active or Inactive An interface is considered active if it the link is up and it is in forwarding state OSPF Admin Mode Displays OSPF admin mode of the interface The default value is disable Chapter Routing 199 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Click DELETE to delete the IP Address from the selected interface Click REFRESH to refresh the web page to show the latest IP information 200 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Secondary IP Address To display the Secondary IP Address page click Routing gt IP gt Advanced gt Secondary IP Secondary IP Address Routing Interface Interface x Seconary IP Address VLAN Primary IP Secondary IP Secondary IP Address Address Subnet Mask COE O 1 Use Interface to select the interface for which data is to be displayed or configured 2 Use Secondary IP Address to add a secondary IP address to the selected interface 3 Use Secondary IP Subnet Mask to enter the subnet mask for the interface This is also referred to as the subnet network mask and defines the portion of the interface s IP Address that is used to identify the attached network This value is read only once configured 4 Click ADD to add a Secondary IP Address for the sel
609. tion Once you click the APPLY button the switch will send specified number of ping requests and the results will be displayed If a reply to the ping is not received you will see e Tx Count Rx 0 Min Max Avg RTT 0 0 0 msec If a reply to the ping is received you will see e Received response for Seq Num 0 Rtt xyz usec e Received response for Seq Num 1 Rtt abc usec e Received response for Seq Num 2 Rtt def usec e Tx Count Rx Count Min Max Avg RTT xyz abc def msec To access the Ping IPv4 page click Maintenance gt Troubleshooting gt Ping IPv4 Ping Ipv4 Details IP Address Host Name Count 1 Interval secs 3 Datagram Size 0 cary Ping To configure the settings and ping a host on the network Chapter Maintenance 497 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Use IP Address Host Name to enter the IP address or Hostname of the station you want the switch to ping The initial value is blank The IP Address or Hostname you enter is not retained across a power cycle Optionally configure the following settings e Count Enter the number of echo requests you want to send The initial value is default value The Count you enter is not retained across a power cycle e Interval secs Enter the Interval between ping packets in seconds initial value is default value The Interval you enter is not retained across a power cycle e Datagram Size Enter the Size of p
610. tion Table With this allocation we ensure that every VLAN is assigned to one and only one MSTI The CIST is also an instance of spanning tree with a MSTID of 0 An instance may occur that has no VIDs allocated to it but every VLAN must be allocated to one of the other instances of spanning tree The portion of the active topology of the network that connects any two bridges in the same MST Region traverses only MST bridges and LANs in that region and never Bridges of any kind outside the Region in other words connectivity within the region is independent of external connectivity MSTP Example Configuration This example shows how to create an MSTP instance from the GSM7352Sv1 or GSM7352Sv2 switch The example network has three different ProSafe Managed Switches that serve different locations in the network In this example ports 1 0 1 1 0 5 are connected to host stations so those links are not subject to network loops Ports 1 0 6 1 0 8 are connected across switches 1 2 and 3 522 Appendix Configuration Examples ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 6 1 0 8 d to Switch 1 and 3 Perform the following procedures on each switch to configure MSTP i 2 Use the VLAN Configuration screen to create VLANs 300 and 500 see VLAN Configuration on page 137 Use the VLAN Membership screen to include ports 1 0 1 1 0 8 as tagged T or untagged U members of VLAN 300 and VLA
611. tion should be taken if a packet matches the rule s criteria The choices are permit or deny e Assign Queue Id Specifies the hardware egress queue identifier used to handle all packets matching this ACL rule Valid range of Queue Ids is 0 to 6 e CoS Specifies the 802 1p user priority to compare against an Ethernet frame Valid range of values is 0 to 7 e Ethertype User Value Specifies the user defined customized Ethertype value to be used when the user has selected User Value as Ethertype Key to compare against an Ethernet frame Valid range of values is 0x0600 to OxFFFF e Source MAC Specifies the Source MAC address to compare against an Ethernet frame Valid format is XX XX XX XX XX XX e Source MAC Mask Specifies the Source MAC address mask specifying which bits in the Source MAC to compare against an Ethernet frame Valid format is XX XX XX XX XX XX 438 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Destination MAC Specifies the destination MAC address to compare against an Ethernet frame Valid format is xx xx xx xx xx xx The BPDU keyword may be specified using a Destination MAC address of 01 80 C2 xx xx xx e Destination MAC Mask Specifies the destination MAC address mask specifying which bits in the destination MAC to compare against an Ethernet frame Valid format iS XX XX XX XX XX XX The BPDU keyword may be specified using a
612. tion will not be allowed This displays the control direction for the specified port The control direction dictates the degree to which protocol exchanges take place between Supplicant and Authenticator This affects whether the unauthorized controlled port exerts control over communication in both directions disabling both incoming and outgoing frames or just in the incoming direction disabling only the reception of incoming frames This field is not configurable on some platforms This field displays the protocol version associated with the selected port The only possible value is 1 corresponding to the first version of the 802 1x specification This field is not configurable PAE Capabilities This field displays the port access entity PAE functionality of the selected port Possible values are Authenticator or Supplicant This field is not configurable Authenticator PAE State This field displays the current state of the authenticator PAE state machine Possible values are e Initialize e Disconnected e Connecting e Authenticating Authenticated Aborting e Held ForceAuthorized e ForceUnauthorized Chapter Managing Device Security 399 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O Backend State This field displays the current state of the backend authentication state
613. tity received but determined as having ICMP specific errors bad ICMP checksums bad length etc IcmpInDestUnreachs IcmpInTimeExcds IcmpInParmProbs IcmpInSrcQuenchs The number of ICMP Destination Unreachable messages received The number of ICMP Time Exceeded messages received The number of ICMP Parameter Problem messages received The number of ICMP Source Quench messages received IcmpInRedirects The number of ICMP Redirect messages received IcmpInEchos IcmpInEchoReps IcmpInTimestamps IcmpInTimestampReps The number of ICMP Echo request messages received The number of ICMP Echo Reply messages received The number of ICMP Timestamp request messages received The number of ICMP Timestamp Reply messages received IcmpInAddrMasks The number of ICMP Address Mask Request messages received IcmpInAddrMaskReps The number of ICMP Address Mask Reply messages received IcmpOutMsgs The total number of ICMP messages which this entity attempted to send Note that this counter includes all those counted by icmpOutErrors IcmpOutErrors IcmpOutDestUnreachs IcmpOutTimeExcds IcmpOutParmProbs The number of ICMP messages which this entity did not send due to problems discovered within ICMP such as a lack of buffers This value should not include errors discovered outside the ICMP layer such as the inability of IP to route the resultant datagram In some i
614. to prevent their continued processing but which were discarded e g for lack of buffer space Note that this counter does not include any datagrams discarded while awaiting re assembly IpInDelivers The total number of input datagrams successfully delivered to IP user protocols including ICMP IpOutRequests The total number of IP datagrams which local IP user protocols including ICMP supplied to IP in requests for transmission Note that this counter does not include any datagrams counted in ipForwDatagrams Chapter Routing 189 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O IpOutDiscards The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination but which were discarded e g for lack of buffer space Note that this counter would include datagrams counted in ipForwDatagrams if any such packets met this discretionary discard criterion IpOutNoRoutes The number of IP datagrams discarded because no route could be found to transmit them to their destination Note that this counter includes any packets counted in ipForwDatagrams which meet this no route criterion Note that this includes any datagrams which a host cannot route because all of its default gateways are down IpReasmTimeout The maximum number of seconds which received fragments are held while they are awaitin
615. to select the interface for which data is to be displayed or configured 2 Use Description to enter the description for the interface 3 Use IP Address Configuration Method to enter the method by which an IP address is configured on the interface There are three methods None Manual and DHCP By default the method is None Method None should be used to reset the DHCP method 198 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Note When the configuration method is changed from DHCP to None there will be a minor delay before the page refreshes 4 Use IP Address to enter the IP address for the interface 5 Use Subnet Mask to enter the subnet mask for the interface This is also referred to as the subnet network mask and defines the portion of the interface s IP address that is used to identify the attached network 6 Use Routing Mode to enable or disable routing for an interface The default value is enable 7 Use Administrative Mode to enable disable the Administrative Mode of the interface The default value is enable This mode is not supported for Logical VLAN Interfaces 8 Use Forward Net Directed Broadcasts to select how network directed broadcast packets should be handled If you select enable from the pull down menu network directed broadcasts will be forwarded If you select disable they will be dropped The default value is disable 9 Use Encapsulation Type t
616. to the millisecond Time synchronization is performed by a network SNTP server ProSafe Managed Switches software operates only as an SNTP client and cannot provide time services to other systems Time sources are established by Stratums Stratums define the accuracy of the reference clock The higher the stratum where zero is the highest the more accurate the clock The device receives time from stratum 1 and above since it is itself a stratum 2 device The following is an example of stratums Stratum 0 A real time clock is used as the time source for example a GPS system Stratum 1 A server that is directly linked to a Stratum 0 time source is used Stratum 1 time servers provide primary network time standards Stratum 2 The time source is distanced from the Stratum 1 server over a network path For example a Stratum 2 server receives the time over a network link via NTP from a Stratum 1 server Information received from SNTP servers is evaluated based on the time level and server type SNTP time definitions are assessed and determined by the following time levels e 11 Time at which the original request was sent by the client e T2 Time at which the original request was received by the server e 13 Time at which the server sent a reply e 74 Time at which the client received the server s reply The device can poll Unicast server types for the server time 34 Chapter Configuring System Information
617. trolled ports The result of the authentication process determines whether the supplicant is authorized to access services on that controlled port A Port Access Entity PAE is able to adopt one of two distinct roles within an access control interaction 1 Authenticator A Port that enforces authentication before allowing access to services available via that Port 2 Supplicant A Port that attempts to access services offered by the Authenticator Additionally there exists a third role 3 Authentication server Performs the authentication function necessary to check the credentials of the Supplicant on behalf of the Authenticator All three roles are required in order to complete an authentication exchange NETGEAR switches support the Authenticator role only in which the PAE is responsible for communicating with the Supplicant The Authenticator PAE is also responsible for submitting the information received from the Supplicant to the Authentication Server in order for the credentials to be checked which will determine the authorization state of the Port The Authenticator PAE controls the authorized unauthorized state of the controlled Port depending on the outcome of the RADIUS based authentication process Supplicant Authenticator Switch Authentication Server RADIUS 192 168 10 23 Supplicant 802 1X Example Configuration This example shows how to configure the switch so that 802 1X based authentication is requir
618. twork resources are apportioned based on traffic classification and priority giving preferential treatment to data with strict timing requirements NETGEAR switches support DiffServ The DiffServ feature contains a number of conceptual QoS building blocks you can use to construct a differentiated service network Use these same blocks in different ways to build other types of QoS architectures There are 3 key QoS building blocks needed to configure DiffServ e Class e Policy e Service i e the assignment of a policy to a directional interface Class You can classify incoming packets at layers 2 3 and 4 by inspecting the following information for a packet e Source destination MAC address e EtherType e Class of Service 802 1p priority value first only VLAN tag e VLAN ID range first only VLAN tag e Secondary 802 1p priority value second inner VLAN tag e Secondary VLAN ID range second inner VLAN tag 514 Appendix Configuration Examples ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual e IP Service Type octet also known as ToS bits Precedence value DSCP value e Layer 4 protocol TCP UDP etc e Layer 4 source destination ports e Source destination IP address From a DiffServ point of view there are two types of classes e DiffServ traffic classes e DiffServ service levels forwarding classes DiffServ Traffic Classes With DiffServ you define which traffic classes t
619. uirements and on your preference The ProSafe Managed Switch Web Management User Manual describes how to use the Web based interface to manage and monitor the system Using the Web Interface To access the switch by using a Web browser the browser must meet the following software requirements e HTML version 4 0 or later e HTTP version 1 1 or later e Java Runtime Environment 1 6 or later Use the following procedures to log on to the Web interface Chapter Getting Started 11 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 Open a Web browser and enter the IP address of the switch in the Web browser address field 2 The default username is admin default password is none no password Type the username into the field on the login screen and then click Login Usernames and passwords are case sensitive 3 After the system authenticates you the System Information page displays The figure below shows the layout of the Managed Switch Web interface Navigation Tab Feature Link Help Link Logout Button i a a Help Page wot Page Menu Configuration Status and Options Navigation Tabs Feature Links and Page Menu The navigation tabs along the top of the Web interface give you quick access to the various switch functions The tabs are always available and remain constant regardless of which feature you configure When you select a tab the features for that tab app
620. ule This field is visible for a Permit Action e Source IP Address Requires a packet s source IP address to match the address listed here Type an IP Address in the appropriate field using dotted decimal notation The address you enter is compared to a packet s source IP Address e Source IP Mask Specify the IP Mask in dotted decimal notation to be used with the Source IP Address value 2 To delete an IP ACL rule select the check box associated with the rule and then click Delete 3 To update an IP ACL rule select the check box associated with the rule update the desired fields and then click Apply You cannot modify the Rule ID of an existing IP rule 4 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 5 If you change any of the settings on the page click Apply to send the updated configuration to the switch Configuration changes take effect immediately 444 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual IP Extended Rules Use these screens to configure the rules for the IP Access Control Lists created using the IP Access Control List Configuration screen What is shown on this screen varies depending on the current step in the rule configuration process Note There is an implicit deny all rule at the end of an ACL list This means that if an ACL is applied to a pa
621. ulticast MLD gt Proxy Interface Statistics MLD Proxy Interface Statistics MLD Proxy Interface Statistics MLD Proxy non operational Field Description Proxy Interface Displays the interface on which MLD Proxy packets received Version Queries Received Report Received The version of MLD Proxy packets received The number of MLD Proxy queries received The number of MLD Proxy reports received Reports Sent Leaves Received Leaves Sent The number of MLD Proxy reports sent The number of MLD Proxy leaves received The number of MLD Proxy leaves sent Click REFRESH to refresh the data on the screen with the latest MLD Proxy interface statistics Chapter Routing 333 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual MLD Proxy Membership To display the MLD Proxy Membership page click Routing gt IPv6 Multicast MLD gt Proxy Membership MLD Proxy Membership MLD Proxy Membership J Search By Group GO Proxy Interface Group IP Source Hosts Last Reporter Up Time Expiry Time State Filter Mode Number of Sources Field Description Group IP The IPv6 multicast group address Source Hosts This parameter shows source addresses which are members of this multicast address Last Reporter The IPv6 address of the source of the last membership report received for the IPv6 Multicast group address on the MLD Proxy interfa
622. unctionality of the selected port Possible values are Authenticator or Supplicant Periodic Reauthentication This select field allows the user to enable or disable reauthentication of the supplicant for the specified port The selectable values are true and false If the value is true reauthentication will occur Otherwise 396 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 3 reauthentication will not be allowed The default value is false Changing the selection will not change the configuration until the APPLY button is pressed e Reauthentication Period This input field allows the user to enter the reauthentication period for the selected port The reauthentication period is the value in seconds of the timer used by the authenticator state machine on this port to determine when reauthentication of the supplicant takes place The reauthentication period must be a value in the range of 1 and 65535 The default value is 3600 Changing the value will not change the configuration until the APPLY button is pressed User Privileges This select field allows the user to add the specified user to the list of users with access to the specified port or all ports e Max Users This field allows the user to enter the limit to the number of supplicants on the specified interface Click INITIALIZE to begin the initialization sequence on th
623. up is created by the user Ports Display all the member ports which belong to the group Protocol Based VLAN Group Membership To display the Protocol Based VLAN Group Membership page click Switching gt VLAN gt Advanced gt Protocol Based VLAN Group Membership Protocol Based VLAN Group Membership Protocol Based VLAN Group Membership Group 1D Group Name Saha CURRENT MEMBERS 1 Use Group ID to select the protocol based VLAN Group ID for which you want to display or configure data 2 Use Port List to add the ports you selected to this Protocol Based VLAN Group Note that a given interface can only belong to one group for a given protocol If you have already added a port to a group for IP you cannot add it to another group that also includes IP although you could add it to a new group for IPX Field Description Group Name This field identifies the name for the protocol based VLAN you selected It can be up to 32 alphanumeric characters long including blanks Current Members This button can be click to show the current numbers in the selected protocol based VLAN Group Chapter Configuring Switching Information 125 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Voice VLAN Configuration Use this menu to configure the parameters for Voice VLAN Configuration Note that only a user with Read Write access privileges may change the data on this screen
624. upplicant attached to the port results in all users being able to use the port without restrictions At any given time only one supplicant is allowed to attempt authentication on a port in this mode Ports in this mode are under bidirectional control This is the default authentication mode The 802 1X network has three components Authenticators Specifies the port that is authenticated before permitting system access Supplicants Specifies the host connected to the authenticated port requesting access to the system services Authentication Server Specifies the external server for example the RADIUS server that performs the authentication on behalf of the authenticator and indicates whether the user is authorized to access system services From the Port Authentication link you can access the following pages Basic on page 392 Advanced on page 393 Chapter Managing Device Security 391 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Basic From the Basic link you can access the following pages e 802 1X Configuration on page 392 802 1X Configuration Use the 802 1X Configuration page to enable or disable port access control on the system To display the 802 1X Configuration page click Security gt Port Authentication gt Basic gt 802 1X Configuration 802 1X Configuration 802 1X Configuration Administrative Mode Disable Enable VLAN Assignment Mode Disable
625. ure is enabled STP BPDU filtering applies to all operational edge ports Edge Port in an operational state is supposed to be connected to hosts that typically drop BPDUs If an operational edge port receives a BPDU it immediately loses its operational status In that case if BPDU filtering is enabled on this port then it drops the BPDUs received on this port Field Description Configuration digest key Identifier used to identify the configuration currently being used MST ID Table consisting of the MST instances including the CST and the corresponding VLAN IDs associated with each of them VID ID Table consisting of the VLAN IDs and the FID ID Table consisting of the FIDs and the corresponding corresponding FID associated with each of them VLAN IDs associated with each of them Chapter Configuring Switching Information 133 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual CST Configuration Use the Spanning Tree CST Configuration page to configure Common Spanning Tree CST and Internal Spanning Tree on the switch To display the Spanning Tree CST Configuration page click Switching gt STP gt Advanced gt CST Configuration CST Configuration CST Configuration Bridge Priority Bridge Max Age secs Bridge Hello Time secs Bridge Forward Delay secs Spanning Tree Maximum Hops Spanning Tree Tx Hold Count CST Status Bridge Identifier Time Since T
626. ured threshold the switch blocks discards the multicast traffic The factory default is disabled Multicast Storm Recovery Level Type Specify the Multicast Storm Recovery Level as a percentage of link speed or as packages per second Multicast Storm Recovery Level Specify the threshold at which storm control activates The factory default is 5 percent of port speed for pps type Unicast Storm Recovery Mode Enable or disable this option by selecting the corresponding line on the pull down entry field When you specify Enable for Unicast Storm Recovery and the unicast traffic on the specified Ethernet port exceeds the configured threshold the switch blocks discards the unicast traffic The factory default is disabled Unicast Storm Recovery Level Type Specify the Unicast Storm Recovery Level as a percentage of link speed or as packages per second Unicast Storm Recovery Level Specify the threshold at which storm control activates The factory default is 5 percent of port speed for pps type Control To display the page click the Security gt Control tab The Control folder contains links to the following features e DHCP Snooping on page 414 e IP Source Guard on page 421 e Dynamic ARP Inspection on page 423 e Captive Portal on page 428 DHCP Snooping The DHCP Snooping folder contains links to the following features e DHCP Snooping Global Configuration on page 415 e DHCP Snooping Interface Configuration on
627. urity 375 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 3 Use the dropdown menu to select the method if any that should appear second in the selected authentication login list This is the method that will be used if the first method times out If you select a method that does not time out as the second method the third method will not be tried Note that this parameter will not appear when you first create a new login list 4 Use the dropdown menu to select the method if any that should appear third in the selected authentication login list 5 Click ADD to add a new login list to the switch 6 Click DELETE to remove the selected authentication enable list from the configuration You can only use this button if you have Read Write access The change will not be retained across a power cycle unless you perform a save Dot1x Authentication List You use this page to configure dot1x lists A dot1x list specifies the authentication method s you want to be used to validate port access for the users associated with the list Only one dot1x can be supported To display the Dot1x Authentication List page click Security gt Management Security gt Authentication List gt Dot1x Authentication List Dot1x Authentication List Dotix Authentication List 2 gog dotixList 1 List Name Select the dot1x list name for which you want to configure data 2 Use the dropdown menu to select the method th
628. used in a residential area or an adjacent area thereto and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipment and Electronic Office Machines aimed at preventing radio interference in such residential areas When used near a radio or TV receiver it may become the cause of radio interference Read instructions for correct handling GPL License Agreement GPL may be included in this product to view the GPL license agreement go to ftp downloads netgear com files GPLnotice pdf Appendix Notification of Compliance 531 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual For GNU General Public License GPL related information please visit http support netgear com app answers detail a_id 2649 Interference Reduction Table The table below shows the Recommended Minimum Distance between NETGEAR equipment and household appliances to reduce interference in feet and meters Table 4 Household Appliance Recommended Minimum Distance in feet and meters Microwave ovens 30 feet 9 meters Baby Monitor Analog 20 feet 6 meters Baby Monitor Digital 40 feet 12 meters Cordless phone Analog 20 feet 6 meters Cordless phone Digital 30 feet 9 meters Bluetooth devices 20 feet 6 meters ZigBee 20 feet 6 meters 532 Appendix Notification of Compliance Index Numerics 802 1X 366 392 393 ex
629. using CP ID The ID of the Captive Portal instance User Name Displays the user name or Guest ID of the connected client Bytes Received Total bytes the client has received Bytes Transmitted Total bytes the client has transmitted Packets Received Total packets the client has received Packets Transmitted Total packets the client has transmitted Configuring Access Control Lists Access Control Lists ACLs ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources ACLs are used to provide traffic flow control restrict contents of routing updates decide which types of traffic are forwarded or blocked and above all provide security for the network ProSafe Managed Switches software supports IPv4 and MAC ACLs You first create an IPv4 based or MAC based ACL ID Then you create a rule and assign it to a unique ACL ID Next you define the rules which can identify protocols source and destination IP and MAC addresses and other packet matching criteria Finally use the ID number to assign the ACL to a port or to a LAG The Security gt ACL folder contains links to the following features 436 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Basic The Basic folder contains links to the following features e MAC ACL on page 437 e MAC Rules on page 438 e MAC
630. v6 Neighbor Table Use the IPv6 Neighbor Table page to display IPv6 neighbor details for a specified interface To display the IPv6 Neighbor Table page click Routing gt IPv6 gt Advanced gt Neighbor Table IPv6 Neighbor Table e IPv6 Neighbor Table Search By Interface x GO Neighbor Last Interface IPv6 Address MAC Address isRtr Paes Dd 1 Use Search By to search for IPv6 routes by IPv6 address or interface e Searched by IPv6 Address Select IPv6 Address from pull down menu enter the 128 byte hexadecimal IPv6 Address in four digit groups separated by colons for example 2001 231F 1 Then click Go If the address exists that entry will be displayed An exact match is required e Searched by Interface Select Interface from pull down menu enter the interface ID in Unit Slot Port for example 2 1 1 Then click Go If the IPv6 route exists the entry will be displayed Feis escrito O O Interface Specifies the interface whose settings are displayed in the current table row IPv6 Address Specifies the IPv6 address of neighbor or interface MAC Address Specifies MAC address associated with an interface 214 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description IsRtr Indicates whether the neighbor is a router If the neighbor is a router the value is TRUE If the neighbor is not a router the value is FALSE Neighbor St
631. v6 Redirect messaged received by the interface The number of ICMPv6 Group Membership Query messages received by the interface The number of ICMPv6 Group Membership Response messages received by the interface The number of ICMPv6 Group Membership Reduction messages received by the interface Total ICMPv6 Messages Transmitted The total number of ICMP messages which this interface attempted to send Note that this counter includes all those counted by icmpOutErrors ICMPv6 Messages Not Transmitted Due To Error The number of ICMP messages which this interface did not send due to problems discovered within ICMP such as a lack of buffers This value should not include errors discovered outside the ICMP layer such as the inability of IPv6 to route the resultant datagram In some implementations there may be no types of error which contribute to this counter s value ICMPv6 Destination Unreachable Messages Transmitted The number of ICMP Destination Unreachable Messages sent by the interface ICMPv6 Messages Prohibited Administratively Transmitted Number of ICMP destination unreachable communication administratively prohibited messages sent ICMPv6 Time Exceeded Messages Transmitted ICMPv6 Parameter Problem Messages Transmitted ICMPv6 Packet Too Big Messages Transmitted ICMPv6 Echo Request Messages Transmitted The number of ICMP Time Exceeded messages sent by the interface The number of ICMP Parame
632. val 1 Its value should be less than group membership interval value 6 Use Multicast Router Expiry Time to set the value for multicast router expiry time of MLD Snooping for the specified VLAN ID Valid range is 0 to 3600 Chapter Configuring Switching Information 159 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Multicast Router Configuration To access the Multicast Router Configuration page click Switching gt Multicast gt MLD Snooping gt Multicast Router Configuration Multicast Router Configuration Multicast Router Configuration 1 LAGS All Go To Interface Sie m Interface Multicast Router O 1 0 14 Disable C 10 2 Disable OO wvo 3 Disable C 10 4 Disable O 10s Disable C 1 0 6 Disable O 170 7 Disable CO wore Disable O 170 9 Disable o o 0 o 0 o 0 o o o OJ o 0o o a 1 0 10 Disable 1 0 11 Disable 1 0 12 Disable 1 0 13 Disable 1 0 14 Disable 1 0 15 Disable 1 0 16 Disable 1 0 17 Disable 1 0 18 Disable 1 0 19 Disable 1 0 20 Disable 1 0 21 Disable 1 0 22 Disable 1 0 23 Disable 1 0 24 Disable 1 LAGS All Go To Interface acou 1 Interface Select the interface for which you want Multicast Router to be enabled 2 Use Multicast Router to enable or disable Multicast Router on the selected interface 160 Chapter Configuring Switching Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Multicas
633. ve priority of 5250 5350 MHz and 5650 5850 MHz and these radars could cause interference and or damage to LE LAN devices Ce dispositif est conforme a la norme CNR 210 d Industrie Canada applicable aux appareils radio exempts de licence Son fonctionnement est sujet aux deux conditions suivantes 1 le dispositif ne doit pas produire de brouillage pr judiciable et 2 ce dispositif doit accepter tout brouillage regu y compris un brouillage susceptible de provoquer un fonctionnement ind sirable NOTE IMPORTANTE D claration d exposition aux radiations Cet quipement est conforme aux limites d exposition aux rayonnements IC tablies pour un environnement non contr l Cet quipement doit tre install et utilis avec un minimum de 20 cm de distance entre la source de rayonnement et votre corps Avertissement Le dispositif fonctionnant dans la bande 5150 5250 MHz est r serv uniquement pour une utili sation a l int rieur afin de r duire les risques de brouillage pr judiciable aux syst mes de satellites mobiles utilisant les m mes canaux Les utilisateurs de radars de haute puissance sont d sign s utilisateurs principaux c a d qu ils ont la priorit pour les bandes 5250 5350 MHz et 5650 5850 MHz et que ces radars pourraient causer du brouillage et ou des dommages aux dispositifs LAN EL Voluntary Control Council for Interference VCCI Statement This equipment is in the Class B category information equipment to be
634. ver Configuration DHCP Server Configuration Admin Mode Disable Enable Ping Packet Count 2 2 to Conflict Logging Mode Disable Enable Bootp Automatic Mode Disable Enable Excluded Address IP Range From IP Range To To enable or disable DHCP service Chapter Configuring System Information 47 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 Use Admin Mode to specify whether the DHCP Service is to be Enabled or Disabled Default value is Disable 2 Use Ping Packet Count to specify the number of packets a server sends to a Pool address to check for duplication as part of a ping operation Default value is 2 Valid Range is 0 2 to 10 Setting the value to 0 will disable the function 3 Use Conflict Logging Mode to specify whether conflict logging on a DHCP Server is to be Enabled or Disabled Default value is Enable 4 Use Bootp Automatic Mode to specify whether Bootp for dynamic pools is to be Enabled or Disabled Default value is Disable 5 Click CANCEL to cancel the configuration on the screen Resets the data on the screen to the latest value of the switch 6 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Excluded Address Configuration 1 Use the IP Range From field to specify the low address if you want to exclude a range of addresses Specify the address to be excluded in case you want to
635. very Configuration page click Routing gt Router Discovery gt Router Discovery Configuration Router Discovery Router Discovery Configuration 1 al Interface oochi Advertise Address t 1 O wor Disable 224 0 0 1 O wer Disable 224 0 0 5 O x o3 Onable 224 0 0 1 O 1 04 Disable 224 0 0 1 O vos Dusable 224 0 0 2 O 16 Drsable 224 0 0 3 O uvo Ousable 224 0 0 1 C yos Drsable 224 0 0 1 O vos Dusable 224 0 0 1 C ioo Osabie 224 0 0 1 1 0 13 Ouwable 224 0 0 3 O uon Disable 224 0 0 1 i 0 13 Desable 224 0 0 2 J uois Onabie 224 0 0 1 0 35 Ousable 224 0 0 1 O wore Dable 224 0 0 1 1 0 37 Dusable 224 0 0 2 O sone Daabie 224 0 0 1 C iono Ovsable 224 0 0 1 C sone Disable 224 0 0 1 1 0 22 Disable 224 0 0 2 O son Ocsable 224 0 0 1 O o3 Ouwable 224 0 0 1 O sone Disable 224 0 0 1 i al 1 Go Te Interface Maximum Advertise Interval 2 pA o a a fa O Q o o O o 6 o 6 o 6 r a amp 5 y 8 a 2 D 2 o o o Go To Interface Meneneun Advertise Interval Advertise Lifetime Preference Level 1800 1800 1800 1800 1900 1800 Sono cece vc SBOsoscSBcvecsececBeo Ba Use Interface to select the router interface for which data is to be configured Chapter Routing 283 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 2 Use Advertise Mode to select enable or disable If you select enable Router Advertisements will be transmitted from the selected interface 3 Use
636. vice SIP DIP Disable Enable Denial of Service SMAC DMAC Disable Enable Denial of Service TCP FINRURG amp PSH Disable Enable Denial of Service TCP Flag amp Sequence Disable Enable Denial of Service TCP Fragment Disable Enable Denial of Service TCP Offset Disable Enable Disable Enable O Denial of Service TCP Port Denial of Service TCP SYN Disable Enable Denial of Service TCP SYN amp FIN Disable Enable Disable Enable fe Denial of Service UDP Port Use Denial of Service Min TCP Header Size to specify the Min TCP Hdr Size allowed If DoS TCP Fragment is enabled the switch will drop these packets First TCP fragments that has a TCP payload P_Payload_Length IP_Header_Size lt Min_TCP_Header_Size The factory default is disabled Use Denial of Service L4 Port to enable L4 Port DoS prevention causing the switch to drop packets having source TCP UDP port number equal to destination TCP UDP port number The factory default is disabled Use Denial of Service First Fragment to enable First Fragment DoS prevention causing the switch to check DoS options on first fragment IP packets when switch are receiving fragmented IP packets Otherwise switch ignores the first fragment IP packages The factory default is disabled Use Denial of Service ICMP to enable ICMP DoS prevention causing the switch to drop ICMP packets that have a type set to ECHO_REQ ping and a size great
637. w state the router should wait before attempting to leave overflow state This allows the router to again originate non default AS external LSAs If you enter O the router will not leave Overflow State until restarted The range is 0 to 2147483647 seconds Use External LSDB Limit to specify the maximum number of AS External LSAs that can be stored in the database A value of 1 implies there is no limit on the number that can be saved The valid range of values is 1 to 2147483647 Use Default Metric to set a default for the metric of redistributed routes This field displays the default metric if one has already been set or blank if not configured earlier The valid values are 1 to 16777214 Use Maximum Paths to configure the maximum number of paths that OSPFv3 can report to a given destination The valid values are 1 to 4 Use AutoCost Reference Bandwidth to configure the auto cost reference bandwidth to control how OSPF calculates default metrics for the interface The valid values are 1 to 4294967 Use Default Passive Setting to configure the global passive mode setting for all OSPF interfaces Configuring this field overwrites any present interface level passive mode setting OSPF does not form adjacencies on passive interfaces but does advertise attached networks as stub networks Chapter Routing 263 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O ASBR Mode Reflects whether t
638. ware Administration Manual A low number indicates high precedence order If a sequence number is already in use for this interface and direction the specified access list replaces the currently attached access list using that sequence number If the sequence number is not specified by the user a Sequence number that is one greater than the highest sequence number currently in use for this interface and direction will be used The valid range is 1 4294967295 3 Click the appropriate orange bar to expose the available ports or LAGs The Port Selection Table specifies list of all available valid interfaces for ACL mapping All non routing physical interfaces and interfaces participating in LAGs are listed e To add the selected ACL to a port or LAG click the box directly below the port or LAG number so that an X appears in the box e To remove the selected ACL from a port or LAG click the box directly below the port or LAG number to clear the selection An X in the box indicates that the ACL is applied to the interface 4 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 5 Click Apply to save any changes to the running configuration Field Description Interface Displays selected interface Direction Displays selected packet filtering direction for ACL ACL Type Displays the type of ACL assigned to selected interface and direction ACL ID Name Displa
639. xternal LSA Count Sent Packets Received Packets Discards Bad Version Virtual Link Not Found Area Mismatch Invalid Destination Address No Neighbor at Source Address Invalid OSPF Packet Type Hellos Ignored Hellos Sent 1 0 1 ma 272 Chapter Routing ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual 1 Use Interface to select the interface for which data is to be displayed Field OSPF v3 Area ID Area Border Router Count AS Border Router Count Area LSA Count IPv6 Address Interface Events eeeeseaeeaaauqeeeemeeee ee E Description The OSPF v3 area to which the selected router interface belongs An OSPFv3 Area ID is a 32 bit integer in dotted decimal format that uniquely identifies the area to which the interface connects The total number of area border routers reachable within this area This is initially zero and is calculated in each SPF Pass The total number of Autonomous System border routers reachable within this area This is initially zero and is calculated in each SPF Pass The total number of link state advertisements in this area s link state database excluding AS External LSAs The IPv6 address of the interface The number of times the specified OSPF v3 interface has changed its state or an error has occurred Virtual Events The number of state changes or errors that have occurred on this virtual link Neighbor Event
640. y asterisks will show Passwords are up to eight alpha numeric characters in length and are case sensitive 4 Use Confirm Password to enter the password again to confirm that you entered it correctly This field will not display but will show asterisks 5 Access Mode indicates the user s access mode The admin account always has Read Write access and all other accounts have Read Only access 6 Click ADD to add a user account with Read Only access 7 Click DELETE to delete the currently selected user account This button is only visible when you have selected a user account with Read Only access You cannot delete the Read Write user Chapter Managing Device Security 363 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fea escrito O O Lockout Status Indicates whether the user account is locked out TRUE or FALSE Password Expiration Date Indicates the current password expiration date in date format User Password Configuration To display the User Password Configuration page click Security gt Management Security gt Local User gt User Password Configuration Password Configuration Password Configuration Password Minimum Length Password Aging days 0 Password History 0 Lockout Attempts 0 1 Use Password Minimum Length to specify the minimum character length of all new local user passwords 2 Use Password Aging days to specify t
641. y filter id assigned by the authenticator to the supplicant device This field displays vlan id assigned by the authenticator to the supplicant device This field displays reason for the vlan id assigned by the authenticator to the supplicant device Chapter Managing Device Security 401 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Fig escrito O O Session Timeout This field displays Session Timeout set by the Radius Server to the supplicant device Termination Action This field displays Termination Action set by the Radius Server to the supplicant device Traffic Control From the Traffic Control link you can configure MAC Filters Storm Control Port Security and Protected Port settings To display the page click the Security gt Traffic Control tab The Traffic Control folder contains links to the following features e MAC Filter on page 402 e Port Security on page 404 e Private Group on page 409 Protected Ports Configuration on page 411 e Storm Control on page 412 MAC Filter The MAC Filter folder contains links to the following features e MAC Filter Configuration on page 403 e MAC Filter Summary on page 404 402 Chapter Managing Device Security ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual MAC Filter Configuration Use the MAC Filter Configuration page to create MAC filters that limit the traffic al
642. y using the software Table 2 describes the naming convention for all interfaces available on the switch Table 2 Naming Conventions for Interfaces Interface Example Physical Link Aggregation Group LAG CPU Management Interface The physical ports are gigabit 1 0 1 1 0 2 1 0 3 and so on Ethernet interfaces and are numbered sequentially starting from one LAG interfaces are logical lag 1 lag 2 lag 3 and so on interfaces that are only used for bridging functions This is the internal switch interface 0 5 1 responsible for the switch base MAC address This interface is not configurable and is always listed in the MAC Address Table Routing VLAN Interfaces This is an interface used for routing functionality Vian 1 Vian 2 Vlan 3 and so on Chapter Getting Started 17 Contiguring System Intormation Use the features in the System tab to define the switch s relationship to its environment The System tab contains links to the following features Management on page 18 Device View See Device View on page 16 License on page 45 Services on page 47 Stacking on page 72 SNMP on page 82 LLDP on page 89 ISDP on page 105 Management This section describes how to display the switch status and specify some basic switch information such as the management interface IP address system clock settings and DNS information From the Management link you can access the following pag
643. y visible when IPv6 loopback is selected 9 Use the EUI64 field to optionally specify the 64 bit extended unique identifier EUI 64 This option only visible when IPv6 loopback is selected Chapter Configuring System Information 29 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Network Interface From the Network Interface link you can access the following pages e Pv4 Network Configuration on page 30 e IPv6 Network Interface Configuration on page 32 e IPv6 Network Interface Neighbor Table on page 33 IPv4 Network Configuration To display the IPv4 Network Configuration page click System gt Management gt Network Interface gt IPv4 Network Configuration A screen similar to the following displays IPv4 Network Interface Configuration IPv4 Network Interface Configuration IP Address Subnet Mask Default Gateway Burned In MAC Address Locally Administered MAC Address MAC Address Type Current Network Configuration Protocol DHCP Vendor Class Identifier DHCP Vendor Class Identifier String Management VLAN ID Interface Status iw 10 27 34 52 255 255 255 0 10 27 34 1 00 04 06 02 04 07 00 00 00 00 00 00 Burned In Locally Administered None Bootp DHCP Disable Enable Up The network interface is the logical interface used for in band connectivity with the switch via any of the switch s front panel ports The configuration parameters associated wit
644. you want the switch to wait for a report for a particular group on a particular interface before it deletes that interface from the group Enter a value between 1 and 3600 seconds The default is 260 seconds Use Max Response Time to specify the amount of time you want the switch to wait after sending a query on an interface because it did not receive a report for a particular group on that interface Enter a value greater or equal to 1 and less than the Group Membership Interval in seconds The default is 10 seconds The configured value must be less than the Group Membership Interval Use Present Expiration Time to specify the amount of time you want the switch to wait to receive a query on an interface before removing it from the list of interfaces with multicast routers attached Enter a value between 0 and 3600 seconds The default is 0 seconds A value of zero indicates an infinite time out i e no expiration Use Fast Leave Admin mode to select the Fast Leave mode for the a particular interface from the pull down menu The default is disable Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch If you make any configuration changes click Apply to apply the new settings to the switch Configuration changes take effect immediately IGMP VLAN Configuration Use the IGMP Snooping VLAN Configuration page to configure IGMP snooping settings for VLANs on the system To ac
645. ype Specifies the protocol of the hardware platform of the DHCP client Valid types are ethernet and ieee802 Default value is ethernet Client ID Host Number Specifies the Client Identifier for DHCP manual Pool Specifies the IP address for a manual binding to a DHCP client Host can be set only if at least one among of Client Identifier or Hardware Address is specified Deleting Host would delete Client Name Client ID Hardware Address for the Manual Pool and set the Pool Type to Unallocated Host Mask Specifies the subnet mask for a manual binding to a DHCP client Either Host Mask or Prefix Length can be configured to specify the subnet mask but not both 50 Chapter Configuring System Information ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Field Description Host Prefix Length Specifies the subnet mask for a manual binding to a DHCP client Either Host Mask or Prefix Length can be configured to specify the subnet mask but not both Valid Range is 0 to 32 Lease Time Days Hours Minutes Can be selected as Infinite to specify lease time as Infinite or Specified Duration to enter a specific lease period In case of dynamic binding infinite implies a lease period of 60 days and In case of manual binding infinite implies indefinite lease period Default Value is Specified Duration Specifies the Number of Days of Lease Pe
646. ype ICMP 0 to 255 Source IP Address Mask Source L4 Port domain 0 to 65535 Destination IP Address Mask Destination L4 Port domain 0 to 65535 O IP psce afii 0 to 63 O Precedence Value 0 0 to 7 IP Tos Bit Value Bit Mask Class Summary Match Criteria Values Chapter Configuring Quality of Service 351 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual Class Name Displays the name for the configured DiffServ class Class Type Displays the DiffServ class type Options All Only when a new class is created this field is a selector field After class creation this becomes a non configurable field displaying the configured class type Define the criteria to associate with a DiffServ class Match Every This adds to the specified class definition a match condition whereby all packets are considered to belong to the class Reference Class This lists the class es that can be assigned as reference class es to the current class Class of Service This lists all the values for the class of service match criterion in the range 0 to 7 from which one can be selected VLAN This is a value in the range of 0 4095 Ethernet Type This lists the keywords for the Ethertype from which one can be selected Source MAC Address This is the source MAC address specified as six two digit hexadecimal numbers separated by colons Source MAC Mask This is a bit mask in th
647. ys the ACL Number in the case of IP ACL or ACL Name in the case of named IP ACL and IPv6 ACL identifying the ACL assigned to selected interface and direction Sequence Number Displays the Sequence Number signifying the order of specified ACL relative to other ACLs assigned to selected interface and direction IP Binding Table Use the IP Binding Table page to view or delete the IP ACL bindings To display the IP Binding Table click Security gt ACL gt Advanced gt Binding Table IP ACL Binding Table IP ACL Binding Table ACL S m Interface Direction ACL Type equence ID Name Number The following table describes the information displayed in the IP ACL Binding Table Chapter Managing Device Security 451 ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual To delete an IP ACL to interface binding select the check box next to the interface and click Delete Field Description Interface Displays selected interface Direction Displays selected packet filtering direction for ACL ACL Type Displays the type of ACL assigned to selected interface and direction ACL ID Name Displays the ACL Number in the case of IP ACL or ACL Name in the case of Named IP ACL and IPv6 ACL identifying the ACL assigned to selected interface and direction Sequence Number Displays the Sequence Number signifying the order of specified ACL relative to other ACLs assi
648. ystem gt Management gt System Information Web page which is the page that displays after a successful login displays the information you need to configure an SNMP manager to access the switch Any user can connect to the switch using the SNMPv3 protocol but for authentication and encryption the switch supports only one user which is admin therefore there is only one profile that can be created or modified To configure authentication and encryption settings for the SNMPv3 admin profile by using the Web interface 1 Navigate to the System gt SNMP gt SNMPv3 gt User Configuration page 2 To enable authentication select an Authentication Protocol option which is either MD5 or SHA 3 To enable encryption select the DES option in the Encryption Protocol field Then enter an encryption code of eight or more alphanumeric characters in the Encryption Key field 4 Click Apply To access configuration information for SNMPv1 or SNMPv2 click System gt SNMP gt SNMPv1 v2 and click the page that contains the information to configure Interface Naming Convention The ProSafe Managed Switches support physical and logical interfaces Interfaces are identified by their type and the interface number The physical ports are gigabit interfaces and 16 Chapter Getting Started ProSafe XSM7224S 10G Managed Stackable Switch Software Administration Manual are numbered on the front panel You configure the logical interfaces b
Download Pdf Manuals
Related Search