Home

Web Browser Interface User's Guide

Contents

1. Figure 126 STP Settings Port s Page 8 Configure the following parameters as necessary Port Priority This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge The range is 0 to 240 in increments of 16 The default value is 8 priority value 128 For a list of the increments refer to Table 7 Table 7 Port Priority Value Increments Increment Sia Increment aed 0 0 8 128 1 16 9 144 2 32 10 160 3 48 11 176 4 64 12 192 5 80 13 208 Section IV Spanning Tree Protocols 307 Chapter 19 Spanning Tree and Rapid Spanning Tree Protocols Table 7 Port Priority Value Increments Continued Bridge Bridge Increment on Increment ie Priority Priority 6 96 14 224 7 112 15 240 Port Cost The spanning tree algorithm uses the cost parameter to decide which port provides the lowest cost path to the root bridge for that LAN The range is 0 to 65 535 The default setting is Auto detect which sets port cost depending on the speed of the port If you select Auto Detect the management software assigns a value of 100 if the port is operating at 10 Mbps 10 for 100 Mbps and 4 for one gigabit 9 After you have configured the parameters click Apply 10 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to sa
2. Copyright 2005 Allied Telesyn Inc All rights reserved Figure 2 AT S63 Login Page 3 Enter a user name and password For manager access enter manager as the user name The default password is friend For operator access enter operator as the user name The default password is operator Login names and passwords are case sensitive For information about the two access levels refer to Management Access in Chapter 1 Overview of the AT S63 Management Software Menus Interface User s Guide You cannot change the default user names To change a password refer to Configuring the Manager and Operator Passwords on page 44 The home page is shown in Figure 3 AT 9424T SP opyright 2005 Allied Telesyn Inc All rights reserved Figure 3 Home page Section Basic Operations 29 Chapter 1 Starting a Web Browser Management Session 30 The main menu is on the left side of the home page It consists of the following selections Enhanced Stacking Configuration Monitoring QOQOQ0Q0 0 Logout Note The Enhanced Stacking selection is included in the menu only if the switch you accessed is a master switch A web browser management session remains active even if you link to other sites You can return to the management web pages anytime as long as you do not quit the browser You should always log out from a web browser management sess
3. Figure 39 System Utilities Tab Configuration Note You use the top portion of the System Utilities tab to return the switch to its factory default settings For instructions refer to Returning the AT S63 Management Software to the Factory Default Values on page 52 Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide 3 Inthe TFTP File Uploads and Downloads section use the TFTP Server IP Address field to enter the IP address of the network node that contains the TFTP server software 4 For TFTP Operation parameter click Download 5 Inthe TFTP Remote Filename field enter the filename of the file on the TFTP server to be downloaded to the switch 6 Inthe TFTP Local Filename field enter a name for the file This is the name that the switch uses to store the file in its file system If you are downloading the AT S63 image file into the switch s application block enter APPBLOCK as the filename 7 For the TFTP File Type select one of the following Image Select this option when downloading a new AT S63 image file This option loads the image file directly into the application block portion of flash memory so that the switch uses it as its active image file Config Select this option when downloading a configuration file that you want the switch to use as its active boot configuration file File Select this option to download a file to
4. mD Description Active Traffic Class List Ingress Port List Services Figure 75 Policies Tab Configuration 206 Section II Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide The Policies tab displays the existing policies in a table that contains the following columns of information ID The ID of the policy Description A description of the policy Active Whether or not this policy is active on the switch Traffic Class List The traffic classes assigned to the policy Ingress Port List The ingress ports to which the policy is assigned Click Create The Create Policy page opens as shown in Figure 76 aeran Ci ID Description 0 255 Remark DSCP DSCP Value NONE 0 63 Traffic Class List Ingress Port List 11 lia 3 ja lv Egress Port Redirect Port 1 24 1 24 Figure 76 Create Policy Page 5 Configure the following parameters as necessary ID Specifies the ID number for this policy The range is 0 to 255 Description Specifies the policy description A description can be up to 15 alphanumeric characters including spaces Remark DSCP Specifies the conditions under which the ingress DSCP value is overwritten Select one of the following options from the list 207 Chapter 15 Quality of Service 208 Modifying a Policy None Disables this function All
5. cccesseeeeeeeeeeeeeeeeeeeeeeeeeeaaeeeeeeaaeneeseeeaaueeeseqeaaneesesequensesesuenseseneeeeaeesess 217 Figure 83 DoS Monitor for Ports Page eccecccecceeeeeee settee eii eee e e E r 218 Chapter 17 IGMP SHOO NO a a ea es ceuetecustenteeasavensuetucniterbeteacasanvesuaccuscussvesentensvadeseetaneddeer 219 Figure 84 IGMP Tab Configuration cccccceceecneeeeeeeenneee ee eenneee EE REEE EAEEREN 220 Figure 35 IGMP Tab MOnItOring issc2ciecessecezecmeusd tnd aaa chan REEE AR EEE ENEA EEEE R EEA EEA 223 Figure 86 View Multicast Hosts List Page seasssseeseesriessssrnesenrnneesrinnnesttenneetnnaaecentanaettnnnestnennesnnaneeettnnnant 224 Figure 87 View Multicast Routers List Page aessssessesirseessrnnesrrnsnassrennesstennnennnnanesttnanantninneddeennneaananettenanne 226 Figure 88 View Static Multicast Routers List Page 0 ceeeeeeenecee eee eeneeeeeeeicieeeeeetaeeeeeetaeeeeessneeeeenee 227 Ghapter 182SNMPV3 i iani rasana e aa a aan sa a A A aa ceveddeuse aa a a a aa ra a aaa a aea Ea aaa aa aaa aai 231 Figure 89 SNMP Tab Config rati n ei eieaa aeaii E da adaa eda aeaa 234 Figure 90 SNMPv3 User Table Tab Configuration eseeeeeeeeseeeeeeeereeseeerrssttrrsstttnrestttnresstttnnnstetnnsstnnnnnnt 237 Figure 91 Add New SNMPv3 User Page aaaesssnsssssseesssrnesessnnestrinnessiinnnesttinnesttenaectttanaantinnaattanaestteaeentanneane 237 Figure 92 Modify SNMPv3 User Page sinesdrn aans irei e i AA RE Ee S
6. AT 9424T SP em Name dr 00 3 Event Log Status O Disabled Enabled Clear Log C clear Log O Permanent Temporary Page iof 1 Configure Log Outputs ID Type Status Details 0 Permanent Enabled Wrap on Full O 1 Temporary Enabled Wrap on Full O 3 Syslog Enabled 149 35 8 45 o s Syslog Disabled 0 0 0 0 Display Filter Settings Log Location Temporary RAM O Permanent Nvs Severity Selections D Debug E Error 3 W Warning Hnformation v Display Order Chronological O Reverse Chronological Save Filename 3 5 Section Il Advanced Operations Figure 40 Event Log Tab Configuration In the Log Settings section for the Status click Enabled to enable the event logs or Disabled to disable the event logs The event log feature is enabled by default Click Apply to activate the settings on the switch If you enabled the logs the switch immediately begins to add events to the logs and send events to defined syslog servers Select the General tab 143 Chapter 11 Event Logs and Syslog Servers 6 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Displaying Events Each time that you want to view the event log you must choose how and what you want displayed The settings for viewing an event log are not saved To specify the type of ev
7. Figure 42 Event Log Example Displayed in Normal Mode 148 Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide The events are displayed in a table The columns in the table shown in normal display mode are described below S Severity The event s severity The severity codes and their corresponding severity level and description are shown in Table 2 Table 2 Event Severity Levels Severity s n Code Severity Level Description E Error Switch operation is severely impaired W Warning An issue that may require network manager attention Information Useful information that can be ignored during normal operation D Debug Messages intended for technical support and software development Date and Time The date and time the event occurred Event This item contains two parts The first part is the name of the module within the AT S63 management software that generated the event The second part is a description of the event When you display the events in full mode more information is included Figure 43 shows the same portion of the event log in Figure 42 on page 148 but displayed in full mode Date and Time Filename Line 04 20 04 06 56 54 04 20 04 06 56 54 04 20 04 06 56 54 04 20 04 06 56 55 04 20 04 06 56 55 04 20 04 06 56 55 04 20 04 06 56 55 04 20 04 06 56 56 04 20 04 06 56 56 04 20 04 06 56 56 Event fi
8. AT 9424T SP System Name Marketing MAC Addr 00 30 84 AB EF CD Cl Enable SNMP Access Enable Authentication Failure Trap Mgmt Protocols SNMPv1 amp SNMPv2c Configure SNMPv1 amp SNMPv2c Communities SNMPv3 SNMP Engine ID 80 00 00 CF 03 00 30 84 AB EF CD Configure User Table O Configure View Table O Configure Access Table O Configure SecurityToGroup Table O Configure Notify Table O Configure Target Address Table O Configure Target Parameters Table O Configure Community Table Figure 89 SNMP Tab Configuration 4 Click the Enable SNMP Access checkbox to enable or disable SNMP management A check in the box indicates that the feature is enabled meaning that the switch can be managed from an SNMP management station No check indicates that the feature is disabled The default is disabled Use this parameter to enable the switch to be remotely managed with an SNMP application program Note If the Enable SNMP Access check box is not checked the switch cannot be managed through SNMP This is the default 5 If you want the switch to send authentication failure traps click the Enable Authentication Failure Traps checkbox A check in the box indicates that the switch sends the trap 6 Click Apply Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide 7 From the Configuration menu select the Save Config option to permanently save yo
9. Port Control The possible settings are Auto Enables 802 1x port based authentication and causes the port to begin in the unauthorized state allowing only EAPOL frames to be sent and received through the port The authentication process begins when the link state of the port changes or the port receives an EAPOL Start packet from a supplicant The switch requests the identity of the client and begins relaying authentication messages between the client Section VI Port Security Section VI Port Security AT S63 Management Software Web Browser Interface User s Guide and the authentication server Each client that attempts to access the network is uniquely identified by the switch using the client s MAC address This is the default setting Force authorized Disables IEEE 802 1X port based authentication and causes the port to transition to the authorized state without any authentication exchange required The port transmits and receives normal traffic without 802 1x based authentication of the client Force unauthorized Causes the port to remain in the unauthorized state ignoring all attempts by the client to authenticate The switch cannot provide authentication services to the client through the interface Max Requests Specifies the maximum number of times that the switch retransmits an EAP Request packet to the client before it times out the authentication session The default value for this parameter is 2 retransmission
10. Toupload the file to your management station for viewing or sending with an email refer to Uploading a File on page 139 151 Chapter 11 Event Logs and Syslog Servers Working with Log Outputs Configuring a Log Output Definition 152 Instead of checking the log files on each individual switch you can create an output definition that defines the events that are sent to a syslog server From this central point you can monitor all the AT 9400 Series switches in your network This is called a log output file For more information about log output files refer to Chapter 13 Event Logs and Syslog Servers in the AT S63 Management Software Menus Interface User s Guide This section contains the following topics 02 a 0 To configure a log output perform the following procedure 1 Configuring a Log Output Definition next Viewing a Log Output Definition on page 154 Modifying a Log Output Definition on page 156 Deleting a Log Output Definition on page 158 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Select the Event Log tab The Event log tab is shown in Figure 40 on page 143 In the Configure Log Outputs section click Create The Create Log Output page is shown in Figure 44 Output ID 0 2 201 0 1 Reserved Output Status Enabled x Message F
11. 2 From the Monitoring menu select Services The Services page is displayed with the CoS tab selected by default as shown in Figure 62 Figure 62 CoS Tab Monitoring 3 Click the port where you want to view the settings You can select more than one port at a time A selected port turns white To deselect a port click it again 4 Click View 188 Section II Advanced Operations AT S63 Management Software Web Browser Interface User s Guide The CoS Setting for Port page is shown in Figure 63 FT cos seting torpor O o o Port VLAN ID Default Priority Override Priority 3 0 No Figure 63 CoS Setting for Port Page The CoS Setting for Port page displays a table that contains the following columns of information Port The port number VLAN ID The VLAN of which the port is a member Default Priority The default priority level for this port Override Priority Whether or not the priority level in tagged ports should be overridden 5 Click Close Section Il Advanced Operations 189 Chapter 14 Class of Service Displaying the QoS Schedule To display the QoS schedule perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 From the Monitoring menu select the Services option The Services page is displayed with th
12. Auto Detect O Manual Select Host Router Timeout Interval 0 to 86400 260 seconds Maximum Multicast Groups 1 to 255 64 Figure 84 IGMP Tab Configuration 3 Configure the following parameters as necessary Enable IGMP Snooping Status Enables and disables IGMP snooping on the switch A check in the box indicates that IGMP is enabled Multicast Host Topology Defines whether there is only one host node per switch port or multiple host nodes per port Possible settings are Edge Single Host Port and Intermediate Multi Host Port The Edge Single Host Port setting is appropriate when there is only one host node connected to each port on the switch This setting causes the switch to immediately stop sending multicast packets out a switch port when a host node signals its desire to leave a multicast group by sending a leave request or when the host node stops sending Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide reports and times out The switch forwards the leave request to the router and simultaneously ceases transmission of any further multicast packets out the port where the host node is connected The Intermediate Multi Host setting is appropriate if there is more than one host node connected to a switch port such as when a port is connected to an Ethernet hub to which multiple host nodes are connected With this sett
13. R RADIUS configuring 438 disabling 432 displaying settings 440 enabling 432 server timeout 441 RADIUS accounting configuring 411 settings displaying 412 RADIUS server encryption secret 439 encryption secret configuring 435 IP address configuring 439 Rapid Spanning Tree Protocol RSTP bridge forwarding delay 314 bridge hello time 314 bridge identifier 314 bridge max age 314 bridge priority 313 bridge settings configuring 312 disabling 302 320 edge port configuring 315 enabling 302 320 force version 313 point to point port configuring 315 port cost 315 port priority 315 port settings displaying 316 340 resetting to defaults 316 rate limit setting 83 reauth period configuring 403 reg registrar state machine parameter 369 RSTP See Rapid Spanning Tree Protocol RSTP 454 S Secure Shell SSH protocol configuring 426 displaying settings 428 Secure Sockets Layer SSL displaying settings 423 secured port security level 393 server authentication UDP port configuring 439 server key ID parameter 427 server timeout configuring 404 session cache timeout configuring 423 Simple Network Time Protocol SNTP configuring 47 servers 47 slave switch assigning 56 defined 56 SNMP management disabling 64 enabling 64 SNMPv1 and SNMPv2c community creating 66 deleting 72 displaying 73 modifying 69 SNMPv3 Access Table entry creating 250 deleting 253 displaying 291 modifying 254 SNMPv3 community name modifying
14. 10 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save To delete an entry SNMPv3 SecurityToGroup Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 In the SNMPv3 section click the button next to Configure SecurityToGroup Table and then click Configure at the bottom of the tab The SNMPv3 Security ToGroup Table tab is shown in Figure 99 on page 258 Click the button next to the Security ToGroup Table entry that you want to delete and then click Remove A warning message is displayed Click OK From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save To modify an entry SNMPv3 SecurityToGroup Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 In the SNMPv3 section click the button next to Configure SecurityToGroup Table and then click Configure at the bottom of the tab
15. 2 From the Configuration menu select the Mgmt Protocols option The Mgmt Protocols page is displayed with the Server based Authentication tab selected by default as shown in Figure 179 on page 436 3 Select the Secure Shell tab The Secure Shell tab is shown in Figure 176 Secure Shell Secure Shell Settings SSH Versions Supported 1 3 1 5 2 0 Status Disabled Mgmt Protocols Server Port 22 Host Keyld Not Defined Server Key ID Not Defined Server Key Expiry Time 0 Login Timeout 180 Authentication Available Password Ciphers Available 3DES 128 bit AES 192 bit AES 256 bit AES Arcfour RC4 MAC s Available hrmac sha1 hmac md5 Data Compression Available Figure 176 Secure Shell Tab Monitoring The Secure Shell tab provides the following information SSH Versions Supported The versions of SSH that the AT S63 management software supports 428 Section VII Management Security Section VII Management Security AT S63 Management Software Web Browser Interface User s Guide Status Whether or not the SSH server is enabled or disabled Server Port The well known port for SSH The default is port 22 Host Key ID The host key ID defined for SSH Server Key ID Server key ID defined for SSH Server Key Expiry Time Length of time in hours until the server key is regenerated The default is 0 hours which means the server key is not regenerated Login Timeout Time
16. 3 In the SNMPv3 section click the button next to View Community Table and then click View at the bottom of the tab Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide The SNMPv3 Community Table tab is shown in Figure 122 AT 9424T SP SNMPv3 Community Table Total Enties 5 Page 1 of 2 Community Security Transport Community Index Name Name Tag Storage Type testengtag testenginform 10555 SanJose78 ross testenginform NonVolatile swengtag swenginform hwengtag hwenginform testengtag 10456 SantaClara5 tomas Nonvolatile Mgmt Protocols 10650 Sunnyvale45 nelvid NonVolatile 10675 Fremont loan NonvVolatile 10725 Campbell98 frankk NonVolatile testenginform Figure 122 SNMPv3 Community Table Tab Monitoring Section Ill SNMPv3 297 Chapter 18 SNMPv3 298 Section Ill SNMPv3 Section IV Spanning Tree Protocols The chapters in this section contain the procedures for configuring the spanning tree protocols The chapters include O Chapter 19 Spanning Tree and Rapid Spanning Tree Protocols on page 301 O Chapter 20 Multiple Spanning Tree Protocol on page 319 Section IV Spanning Tree Protocols 299 300 Section IV Spanning Tree Protocols Chapter 19 Spanning Tree and Rapid Spanning Tree Protocols This chapter explains how to configure the STP and RSTP parameters on an AT 9400 Series switch The sections
17. 6 Click OK to delete the VLAN or Cancel to cancel the procedure If you click OK the VLAN is deleted from the switch The untagged ports in the VLAN are returned to the Default_VLAN as untagged ports 7 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 352 Secton V Virtual LANs AT S63 Management Software Web Browser Interface User s Guide Selecting a VLAN Mode The AT S63 management software features three VLAN modes m 0 Non lEEE 802 1Q compliant Multiple VLAN Mode o Port based and tagged VLAN Mode default mode IEEE 802 1Q compliant Multiple VLAN Mode For background information on port based and tagged VLANs refer to Chapter 25 Port based and Tagged VLANs in the AT S63 Management Software Menus Interface User s Guide For information on the multiple VLAN modes refer to Chapter 27 Multiple VLAN Modes in the AT S63 Management Software Menus Interface User s Guide Note Any port based or tagged VLANs that you may have created are not retained when you change the VLAN mode from the user configured mode to a multiple VLAN mode and at some point reset the switch The user configured VLAN information is lost and you must recreate the information if you later return the switch to the user configured VLAN mode To select a VLAN mode for the switch perform the procedure below 1
18. Manually Trusted You verified the certificate is from a trusted or untrusted authority Type The type of the certificate The options are EE SELF and CA Source The certificate was created on the switch Version The version number of the AT S63 management software Serial Number The certificate s serial number Signature Algorithm The signature algorithm of the certificate Public Key Algorithm The public key algorithm Not Valid Before The date the certificate became active Not Valid After The date the certificate expires Self signed certificates are valid for two years Subject The Subject distinguished name Issuer The certificate issuer s distinguished name MD5 Fingerprint The MD5 algorithm This value provides a unique sequence for each certificate consisting of 16 bytes SHA1 Fingerprint The Secure Hash Algorithm This value provides a unique sequence for each certificate consisting of 20 bytes Click Close to close the page Section VII Management Security AT S63 Management Software Web Browser Interface User s Guide Displaying the SSL Settings To configure the SSL settings you must use the AT S63 menus or command line interface For information refer to the AT S63 Management Software Menus Interface User s Guide and the AT S63 Management Software Command Line Interface User s Guide To display the SSL settings perform the following procedure 1 From the Home page select
19. Read View Context Match internet Exact Write View Storage Type private NonVolatile Notify View Row Status internet Active Figure 96 SNMPv3 Access Table Tab Configuration Section Ill SNMPv3 Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide 4 Tocreate an SNMPv3 Access Table entry click Add 5 The Add New SNMPv3 Access page is shown in Figure 97 Group Name gt swengineering Context Prefix Read View internet Write View internet Notify View internet Security Model v3 m Security Level Privacy Context Match Exact Storage Type Row Status Active Figure 97 Add New SNMPv3 Access Page In the Group Name field enter a descriptive name of the group The Group Name can consist of up to 32 alphanumeric characters You are not required to enter a unique value here because the SNMPv3 Access Table entry is indexed with the Group Name Security Model and Security Level parameter values However a unique group name makes it easier for you to tell the groups apart There are four default values for this field that are reserved for SNMPv1 and SNMPv2c implementations a defaultV1GroupReadOnly o defaultV1GroupReadWrite a defaultV2cGroupReadOnly o defaultV2cGroupReadWrite Note The Context Prefix field is a read only field The Context Prefix field is always set to null In the Read View Name field enter a value
20. The GVRP Parameters section provides the following information GVRP The GVRP status Enabled or Disabled Leave Time The range is 30 to 80 centiseconds and the default is 60 centiseconds Join Time The range is 10 to 60 centiseconds and the default is 20 centiseconds 363 Chapter 22 GARP VLAN Registration Protocol GIP The GIP status Enabled or Disabled Leave All Time The range is 500 to 300 centiseconds and the default is 1000 centiseconds 364 Section V Virtual LANs AT S63 Management Software Web Browser Interface User s Guide Displaying the GVRP Port Configuration Section V Virtual LANs To display the GVRP port configuration perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 123 on page 302 Select the GVRP tab The GVRP tab is shown in Figure 148 on page 363 In the View GVRP Parameters section click View Port Configuration Click View The GVRP Port Configuration page is shown in Figure 149 T_GvRPPortGonfiguration Page 1of3 Port Number Mode Norma Norma Norma Norma Norma Norma Norma Norma oon one wn Norma Figure 149 GVRP Port Configurati
21. You can add static addresses to a port running this security level Static addresses are not included in the count of the maximum number of dynamic addresses Secured Instructs a port to forward frames using only static MAC address The port will not learn any dynamic MAC addresses and will delete any dynamic addressees that it has already learned Only those end nodes whose MAC addresses are entered as static addresses can forward frames through the port Locked Instructs a port to immediately stop learning new dynamic MAC addresses Frames are forwarded using the dynamic MAC addresses that the port has already learned and any static MAC addresses assigned to the port Dynamic MAC addresses learned by the port prior to the activation of this security level never time out from the MAC address table even when the corresponding end nodes are inactive However the port will not learn any new dynamic addresses You can continue to add new static MAC addresses to a port operating under this security level If you select the Limited security level additional options are displayed in the window for you to configure They are defined here Intrusion Action Specifies what the switch should do if a port receives an invalid frame Options are 0 Discard Discards the invalid frame o Trap Discards the invalid frame and sends an SNMP trap o Discard Discards the invalid frame sends an SNMP trap and disables the port 393
22. sieer iaaa nia T Ra A EA A ATR REA ATETEA ATE A 360 Figure 147 GVRP Port Configuration Pagese acara E EEE AER a R EE 362 Figure 148 GVRP Tab Monitoring eeaeee AREER AEA E AEAEE REEERE ERARE A EEE 363 Figure 149 GVRP Port Configuration Page seusia eena ee EAE EEA EEEE EERE RAREN EEE 365 Figure 150 GVRP Database PAU a Ae a oa A AT EE A a O 366 Figure 151 GVRP State Machine for VLAN Page sssesssssesessssesrinrneserrnneestsnanesttnnaestinanestnennenatenanestennetnenne 367 Figure 152 GYRP Counters Pagie are niar AA EE E ON AIE A A 370 Figure 153 GIP Connected Ports Ring Page cccccccseeeeseeeeeeeeeeeeeeeeeeeseeeaaeeeeseeeeeeeeeseeeeaeeeeseeeaeeeeseeenaeeess 373 Chapter 23 Protected Ports VLANS rra oa ana a aaa sieeet aan mar aeaa a Kane e aaa ara a Ka e eevee na a anaiei 375 Figure 154 Add New VLAN Pages ccieteaphcdeciabveedecetobiceaut tied sietelatpactenadad Neues tb phveeeasladuliveelalpectteelphneateteacdes 377 Figure 155 Add New Protected VLAN Page ccccceeeeceeeeeeeneeeeeeeeeeeeeeeeeeeeeeeeeececeeeeeeeseeeeeeeeeseeeaeeeseeeaneess 379 Figure 156 Modify Protected VLAN Page 0 cceecceceeeceeeeeeeeeeeeeeeeeeeeeeeeeeeeeseeeaaeeeeseeeeeeeeeseeeeaeeeeseeeaeeeeseeenaeeess 383 Figure 157 View Protected VLAN Page cieri Area a AE E AAA A TEAT 386 Chapter 24 MAC Address based Port Security sssssnuunsennnnnnnnnnnnnnnnunnnnnnnnnnnnnnunnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn na 391 Figure 158 Port Security Tab Config
23. 1500 Retries oe Tag List swengtag hwengtag Target Parameters snmpv3manager50 Storage Type Volatile x Row Status Active Figure 107 Modify SNMPv3 Target Address Page In the IP Address field enter the IP address of the host Use the following format for an IP address XXX XXX XXX XXX Section IIl SNMPv3 Section Ill SNMPv3 7 10 11 12 AT S63 Management Software Web Browser Interface User s Guide In the UDP Port Number field enter a UDP port number You can enter a UDP port in the range of 0 to 65 535 The default UDP port is 162 In the Timeout field enter a timeout value in milliseconds When an Inform message is generated it requires a response from the switch The timeout value determines how long the switch considers the Inform message an active message This parameter applies to Inform messages only The range is from 0 to 2 147 483 647 milliseconds The default value is 1500 milliseconds In the Retries field enter the number of times the switch retries or resends an Inform message When an Inform message is generated it requires a response from the switch This parameter determines how many times the switch resends an Inform message The Retries parameter applies to Inform messages only The range is 0 to 255 retries The default is 3 retries In the Tag List field enter a list of tags that you configured with the Notify Tag parameter in a Notif
24. 8 Select the ports for the protected ports VLAN by clicking the ports in the switch image Designating group membership of the ports is performed later in the procedure Clicking repeatedly on a port toggles the port through the following possible settings Untagged port Tagged port i Port is not a member of the VLAN a 9 Click Apply Note Any untagged ports you assign to the new VLAN are automatically removed from their current untagged VLAN assignment Section V Virtual LANs Section V Virtual LANs AT S63 Management Software Web Browser Interface User s Guide The Add New Protected VLAN page is shown in Figure 155 AddNewProtectedWaN Protected VLAN Details VID Name 2 another test Type Protocol Protected None Untagged Ports Tagged Ports None None Uplink Ports VLAN Groups Group Number Port List Group Number 1 256 Available Untagged Ports Available Tagged Ports None None 10 11 12 13 14 Figure 155 Add New Protected VLAN Page Use the Uplinks Port menu to select an uplink port for the groups of this protected ports VLAN The menu lists all of the ports you selected as members of this VLAN You can select more than one uplink port To select multiple ports hold down the Ctrl key when selecting the ports Click Apply In the Group Number field enter a group number for one of the groups you want to create in the VL
25. ACL The default setting is disabled Click Apply A change to the status of the management ACL is immediately activated on the switch Note If you activate the feature before entering an access control entry that specifies your management workstation either by its IP address or subnet your web browser management session will end and you will not be able to reestablish it From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 445 Chapter 29 Management Access Control List Creating an ACE To add a new ACE to the management ACL perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Mgmt Security option The Mgmt Security page is displayed with the Mgmt ACL tab selected by default as shown in Figure 183 on page 444 Any ACEs already existing in the management ACL are listed in the middle section of the tab 3 To add anew ACE configure the following parameters in the Mgmt ACT tab Mgmt ACL IP Address Enter the IP address of a management workstation that you want to be able to manage the switch for example 149 11 11 11 Alternatively you can specify a subnet You must enter an IP address If you enter an IP address of a specific management
26. Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Or proceed to the next procedure to configure the CIST priority To configure the CIST priority perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 on page 94 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 124 on page 303 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 136 on page 323 In the Configure CIST Parameters section set the CIST Priority the priority number for the bridge This number is used to determine the root bridge of the bridged network This number is analogous to the RSTP bridge priority value The bridge in the network with the lowest priority number is selected as the root bridge If two or more bridges have the same bridge or CIST priority values the bridge with the numerically lowest MAC address becomes the root bridge Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to sav
27. Click Modify The GVRP Port Configuration page is shown in Figure 147 Port Mode Normal None Figure 147 GVRP Port Configuration Page 6 Click Normal to have the port propagate GVRP information or None to prevent processing GVRP information and transmitting PDUs 7 Click Apply to save the change or Cancel to cancel 362 Section V Virtual LANs AT S63 Management Software Web Browser Interface User s Guide Displaying the GVRP Configuration Section V Virtual LANs To display the GVRP configuration perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 123 on page 302 Select the GVRP tab The GVRP tab is shown in Figure 148 System Name Marketing MAC Addr 00 30 84 AB EF CD GREE VP Parameters GVRP is Disabled GIP is Enabled ___Momt Security Leave Time Leave All Time 60 CentiSeconds 1000 CentiSeconds __Mgmt Protocols Join Time Multicast View GVRP Parameters Utilities View Port Configuration View GVRP Counters Help O View GVRP Database O View GIP Connected Ports Ring a O View GVRP State Machine for VLAN Figure 148 GVRP Tab Monitoring
28. O Section V Virtual LANs The chapters in this section cover port based and tagged VLANs GVRP multiple VLAN modes and protected ports VLANs O Section VI Port Security This section includes chapters on MAC address based port security and 802 1x port based network access control O Section VII Management Security This section contains chapters about encryption keys PKI Secure Shell TACACS and RADIUS and the management access control list Note The web browser interface supports a subset of the management functions of the switch For a list of the management tasks that are not available from this interface refer to Web Browser Interface Restrictions on page 35 Those management tasks that cannot be performed from the web browser interface can be performed from the menus and command line interfaces AT S63 Management Software Web Browser Interface User s Guide Document Conventions This document uses the following conventions Note Notes provide additional information Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data AN Warning Warnings inform you that performing or omitting a specific action may result in bodily injury Preface Where to Find Web based Guides 20 The installation and user guides for all Allied Telesyn products are available in portable document format PDF on our web site at w
29. PSH Push SYN Synchronization o FIN Finish OdQ0Q00Q00 UDP Source Port Defines a traffic flow by source UDP port To set this parameter IP Protocol must be set to UDP UDP Destination Port Defines a traffic flow by a destination UDP port To set this parameter IP Protocol must be set to UDP User Specified Protocol Defines a traffic flow by a protocol other than one of those listed in the Protocol or IP Protocol list To set this parameter Protocol must be set to User Specified Alternatively you can set this parameter if IP Protocol is set to User Specified Click Apply The new classifier is created on the switch From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 165 Chapter 12 Classifiers Modifying a Classifier This procedure explains how to modify a classifier If the classifier you want to modify is currently assigned to an active ACL or QoS policy you must first remove the port assignments from the ACL or policy before you can modify the classifier Once you have finished modifying the classifier you can reassign the ports again to the ACL or QoS policy To modify a classifier perform the following procedure 1 166 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Note You can a
30. Quality of Service in the AT S63 Management Software Menus Interface User s Guide 191 Chapter 15 Quality of Service Managing Flow Groups Configuring Flow Groups Flow groups are groups of classifiers that group together similar traffic flows This section contains the following procedures QOaga0 Configuring Flow Groups next Modifying a Flow Group on page 194 Deleting a Flow Group on page 195 Displaying Flow Groups on page 195 To configure a flow group perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Services option The Services page is displayed with the CoS tab selected by default as shown in Figure 59 on page 182 Select the Flow Group tab The Flow Group tab is shown in Figure 65 Services AT 9424T SP Current Flow Groups Parent Traffic Class Classifier List Description Active 192 Figure 65 Flow Group Tab Configuration Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide 4 Click Create The Create Flow Group page opens as shown in Figure 66 GreateFowGroup ID Description 0 1023 DSCP Priority 802 1p 0 63 0 7 Remark Priority Classifie
31. SNMPv3 This chapter provides the following procedures for configuring SNMPv3 parameters using a web browser management session Configuring the SNMPv3 Protocol on page 232 Enabling or Disabling SNMP Management on page 233 Configuring the SNMPv3 User Table on page 236 Configuring the SNMPv3 View Table on page 244 Configuring the SNMPv3 Access Table on page 250 Configuring the SNMPv3 SecurityToGroup Table on page 257 Configuring the SNMPv3 Notify Table on page 263 Configuring the SNMPv3 Target Address Table on page 268 Configuring the SNMPv3 Target Parameters Table on page 275 Configuring the SNMPv3 Community Table on page 282 Displaying SNMPv3 Tables on page 288 Oaogoagoaqgqdadgaddadyu Note For background information on SNMPv3 refer to Chapter 22 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide Section Ill SNMPv3 231 Chapter 18 SNMPv3 Configuring the SNMPv3 Protocol 232 To configure the SNMPv3 protocol you need to first enable SNMP access on the switch Then you configure the SNMPv3 tables See the following procedures Oagoauadd ad n Enabling or Disabling SNMP Management on page 233 Configuring the SNMPv3 User Table on page 236 Configuring the SNMPv3 View Table on page 244 Configuring the SNMPv3 Access Table on page 250 Configuring the SNMPv3 SecurityToGroup Table on p
32. SNTP or NTP server The default is 600 seconds The range is from 60 to 1200 seconds When you finish configuring the parameters click the Apply buttons Note If you enabled the SNTP client the switch immediately polls the SNTP or NTP server for the current date and time The switch automatically polls the server whenever a change is made to any of the parameters in this menu so long as SNTP is enabled To permanently save your changes to the SNTP client click Save Config 49 Chapter 2 Basic Switch Parameters Pinging a Remote System You can instruct the switch to ping a node on your network This procedure is useful in determining whether a valid link exists between the switch and another device To ping a network device perform the following procedure 1 From the home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 From the Monitoring menu select the Utilities option The Utilities tab is displayed with the File System tab selected by default as shown in Figure 8 System Name Marketing MAC Addr 00 30 84 4B EF CD lees Flash SRS oot orci boot cfg Exists Page 1of1 S Current Fites C Services File Name Modified Attributes 01 20 2005 Utilities Figure 8 File System Tab Monitoring 3 Select the Ping Client tab 50 Section Basic Operations Secti
33. The SNMPv3 Security ToGroup Table tab is shown in Figure 99 on page 258 Section IIl SNMPv3 Section Ill SNMPv3 4 5 AT S63 Management Software Web Browser Interface User s Guide Click the button next to the SecurityToGroup Table entry that you want to change and then click Modify The Modify SNMPv3 SecurityToGroup page is shown in Figure 101 T Modify SNMPVSSeauriyToGrouy Security Model 3 Security Name hoa Group Name swengineering Storage Type NonVolatile Row Status Active Figure 101 Modify SNMPv3 SecurityToGroup Page In the Group Name field enter a Group Name that you configured in the SNMPv3 Access Table See Creating an Access Table on page 250 There are four default values for this field that are reserved for SNMPv1 and SNMPv2c implementations a defaultV1GroupReadOnly o defaultV1GroupReadWrite a defaultV2cGroupReadOnly o defaultV2cGroupReadWrite In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the SecurityToGroup Table After making changes to a SecurityToGroup Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonvVolatile Select this storage type if you want the ability to save an entry in the SecurityToGroup Table After making changes to a Security
34. Very Anxious Observer Ao Anxious Observer Qo Quiet Observer Lo Leaving Observer Vp Very Anxious Passive Member Ap Anxious Passive Member Qp Quiet Passive Member Va Very Anxious Active Member Aa Anxious Active Member Qa Quiet Active Member La Leaving Active Member App Continued Non Participant Management state Von Very Anxious Observer Aon Anxious Observer Qon Quiet Observer Lon Leaving Observer Vpn Very Anxious Passive Member Apn Anxious Passive Member Qpn Quiet Passive Member Van Very Anxious Active Member Aan Anxious Active Member Qan Quiet Active Member Lan Leaving Active Member The initialized state for the Applicant is Vo 368 Section V Virtual LANs Section V Virtual LANs AT S63 Management Software Web Browser Interface User s Guide Table 12 GVRP State Machine Parameters Continued Parameter Meaning Reg Registrar state machine for the GID index on that particular port One of Mt Empty Lv3 Leaving substate 3 final Leaving substate Lv2 Leaving substate 2 Lv1 Leaving substate 1 Lv Leaving substate initial Leaving substate In In Fix Registration Fixed For Registration Fo
35. as shown in Figure 179 on page 436 Select the Mgmt Protocols option The Mgmt Protocols tab is displayed with the Server based Authentication tab selected by default as shown in Figure 179 on page 436 The upper part of the page shows if server based authentication is enabled or disabled and the authentication method The lower part of the page allows you to view either the settings for the current authentication method In the lower portion of the page click RADIUS Settings Click View The RADIUS Client Configuration page is shown in Figure 180 Global Encryption Key Global Server Timeout 1 60 ATI 30 second s Port IP Address 1 65535 Encryption Key 149 11 11 11 1812 s24aa 149 22 22 22 1812 s45nnn 0 0 0 0 1812 Not Defined Figure 182 RADIUS Client Configuration Page The upper portion of the page displays the following information Section VII Management Security Section VII Management Security AT S63 Management Software Web Browser Interface User s Guide Global Encryption Key The global encryption secret Global Server Timeout The maximum amount of time the switch waits for a response from a RADIUS server before assuming the server cannot respond The lower portion of the page displays a table that contains the following columns of information Server The server number one of three IP Address IP address of the RADIUS server Port Port of the RADIUS
36. as shown in Figure 5 on page 38 2 From the Configuration menu select the Network Security option The Network Security page opens with the Port Security tab selected by default as shown in Figure 158 on page 392 3 Select the 802 1x Port Access tab The 802 1x Port Access tab is shown in Figure 162 Authentication Method RADIUS EAP iv Trigger Type Start Stop v Type Network Update Interval Port Number 1813 Enable Update 398 Figure 162 802 1x Port Access Tab Configuration Section VI Port Security Section VI Port Security AT S63 Management Software Web Browser Interface User s Guide The graphical image of the switch shows which ports have already been assigned port roles An A indicates that a port is functioning as an authenticator while an S indicates the port is functioning as a supplicant A black port has not been assigned a port role and is not participating in port based access control This is the default setting for a port To set a port s role click on the port The selected port turns white You can select more than one port at a time Click Port Role The Port Role Configuration page is shown in Figure 163 Port Role None OAuthenticator Supplicant Figure 163 Port Role Configuration Page Select the desired role for the port A port can have only one port role at a time T
37. multicast host topology configuring 220 displaying 223 multicast MAC address adding 94 deleting 96 displaying 98 multicast router ports configuring 221 224 multicast routers displaying 226 Multiple Spanning Tree Instance MSTI associating to VLANs 330 disassociating from VLANs 330 modifying association to VLANs 331 MSTIID creating 326 deleting 327 modifying 328 removing a VLAN association 330 Multiple Spanning Tree Protocol MSTP associating VLANs to MSTI IDs 330 bridge forwarding delay 324 bridge hello time 324 bridge max age 324 bridge settings configuring 322 configuration name 324 configuring 322 connecting to VLANs 330 disabling 320 edge port 336 enabling 320 force version 324 max hops 324 MSTIID creating 326 deleting 327 modifying 328 parameters configuring 322 point to point port 335 port external path cost 335 port internal path cost 334 port parameters configuring 333 displaying 337 port priority 334 port settings displaying 340 port status displaying 340 resetting to defaults 342 O operator access 44 operator password configuring 44 P password changing 44 default 29 AT S63 Management Software Web Browser Interface User s Guide piggyback mode 404 pinging 50 PKI certificates displaying 420 PKI certificates displaying 420 PKI See Public Key Infrastructure PKI point to point port Multiple Spanning Tree Protocol MSTP 335 Rapid Spanning Tree Protocol RSTP 315 policy configuring
38. select the Layer 1 option The Layer 1 page opens with the Port Settings tab displayed by default as shown in Figure 20 on page 78 3 Select the Port Mirroring tab The Port Mirroring tab is shown in Figure 33 with any configured mirror Port Mirroring Total Mirrors 1 Page 1 of 1 1 Layer Mirror to Port 14 7 8 11 Enabled Ingress Port s Egress Port s Status Figure 33 Port Mirroring Tab Configuration This tab displays any port mirror already existing on the switch If the Mirror to Port column contains a 0 zero there is no port mirror 4 Click Modify 114 Section Basic Features AT S63 Management Software Web Browser Interface User s Guide The Modify Mirror page is shown in Figure 34 C Enable Mirror Mirror Ingress Port Mirror Egress Port Mirror Ingress Egress Port Mirror To Port TL MediyMiror Sesesscseees n n Figure 34 Modify Mirror Page 5 Click the ports of the port mirror Clicking a port toggles it through the possible BEEBOD settings which are as follows The destination mirror port There can be only one destination port A source port The port s ingress traffic is mirrored to the destination port A source port The port s egress traffic is mirrored to the destination port A source port The port s ingress and egress traffic is mirrored to the destination port Not part of a por
39. settings are appropriate prior to adding it If you are adding a port and the port will not be the lowest numbered port in the trunk its settings will be changed to match the settings of the existing ports in the trunk If you are adding a port to a trunk check to be sure that the new port is an untagged member of the same VLAN as the other trunk ports A trunk cannot contain ports that are untagged members of different VLANs You cannot change the load distribution method of a static port trunk from the web browser manager interface but you can from the menus or command line interface To modify a port trunk perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 1 option The Layer 1 page opens with the Port Settings tab displayed by default as shown in Figure 20 on page 78 107 Chapter 7 Static Port Trunks 108 3 Select the Port Trunking tab The Port Trunking tab is shown in Figure 29 on page 105 Click the button next to the port trunk you want to modify and click Modify The Modify Trunk page is shown in Figure 31 1 Trunk Name Marketing Trunk Method SADA Source amp Dest L2 Address Trunk Port Regular Port Figure 31 Modify Trunk Page Note You cannot change the Trunk ID number or the loa
40. withthe Event Logs cc2 ssc cceeeieadiceaengsatcdedesstanZenapnesuncenenesend landasusedcemensseuelenaysehncedesdheuenansuanddedaseindens 142 Enabling or Disabling the Event LOgS ceceeeeeeceeeeeeeeeeeeenneeeeeeeeaeeeeeeeeaeeeeeeeeaaeeeeeeeiaeeeeseeeieeeeenenaees 142 DisplayinG E vent orara a cacti AE E ak aaad und T tinea setae 144 Clearing am Event LOT ienee EAEE ccecueesdad cgda daddy cece shane AE EENES 150 Saving anr Event Log a Filey sirarsa A ATA AT 150 Working with Log OUPUS ir r E EEEE E TER AE Er EST 152 Configuring a Log Output Definition reisini ar ET T ET TA AEN T N 152 Viewing a Log Output Detinithon errira ara EE E Ea 154 Modifying a Log Output Definition crina A EE A EA 156 Deleting a Log Output Definitio arean a a R EEE 158 Chapter 127 ClassifiefS ndir knea a ar ata a a ae alee aad 159 Configuring a Classifier sinas cee couiest ioedewned ands i i AA SE heddueael ai 160 Modifying a Classer an Aarna ar A AERA cate L RE S TERA RA E RA eters 166 Deleting a Classifier mernoria a A E E ES AG N aa 168 Displaying ihe Classes osuan a a er a e e a teerivelareenad 169 AT S63 Management Software Web Browser Interface User s Guide Chapter 13 Access Control Lists alunan ieie etree iohanni eii arii anada eiee ia 171 Configuring an Access Control Listesi eiiiai aA eE a a aa arana ARA AEE iea 172 Modifying an Access Control List aeseensiieciaiii aiiin a iaiia a NEEE AAE a ANAA 175 Deleting an Access Control List cccc
41. 1 3 6 1 4 ff Included Volatile internet 1 3 6 1 Included NonvVolatile O directory 1 3 6 1 1 Included NonvVolatile O experimental a EE A Ii e Excluded NonVolatile Figure 116 SNMPv3 View Table Tab Monitoring Displaying Access To display entries in the SNMPv3 Access Table perform the following Table Entries Procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 Select the SNMP tab The SNMP tab is shown in Figure 114 on page 289 3 Inthe SNMPv3 section click the button next to View Access Table and then click View at the bottom of the tab Section Ill SNMPv3 291 Chapter 18 SNMPv3 The SNMPv3 Access Table tab is shown in Figure 117 System Name Marketing MAC Addr 00 30 84 4B EF CD SNMPv3 Access Table Group Name Security Model techpubs v3 Security Level Context Prefix AuthPriv Mgmt Protocols Read View Context Match internett Exact Write View Storage Type internett NonvVolatile Notify View Row Status internett Active Figure 117 SNMPv3 Access Table Tab Monitoring Displaying To display entries in the SNMPv3 SecurityToGroup Table perform the SecurityToGroup following procedure Table Entries 4 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Fig
42. 2 x ForwardingDelay 1 Bridge Identifier The MAC address of the bridge The bridge identifier is used as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority value This value cannot be changed After you have made your changes click Apply To configure RSTP port settings click on the port in the switch image and click Modify You can select more than one port at a time Section IV Spanning Tree Protocols Section IV Spanning Tree Protocols AT S63 Management Software Web Browser Interface User s Guide The RSTP Settings Port s page is shown in Figure 132 Port Priority 0 15 Point To Point 8 16 128 Auto Detect Port Cost 0 200000000 Edge Port Oo 0 Auto Update Yes Figure 132 RSTP Settings Port s Page 8 Configure the following parameters as necessary Port Priority This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge The range is 0 to 240 in increments of 16 The default value is 8 priority value 128 For a list of the increments refer to Table 7 on page 307 Port Cost The spanning tree algorithm uses the cost parameter to decide which port provides the lowest cost path to the root bridge for that LAN The range is 0 to 20 000 000 The default setting is Automatic detect which sets port cost depending on the speed of the port Default values are 2 00
43. 206 deleting 210 displaying 210 modifying 208 port configuring parameters basic 78 disabling 79 enabling 79 link status 86 resetting to defaults 92 statistics displaying 89 status displaying 85 port control 802 1x port based access control 402 force authorized 403 force unauthorized 403 port cost Multiple Spanning Tree Protocol MSTP 334 Rapid Spanning Tree Protocol RSTP 315 Spanning Tree Protocol STP 308 port mirror creating 114 deleting 119 disabling 118 displaying 120 modifying 117 port parameters configuring basic 78 Multiple Spanning Tree Protocol MSTP 322 Rapid Spanning Tree Protocol RSTP 312 Spanning Tree Protocol STP 304 port participating parameter 394 port priority Multiple Spanning Tree Protocol MSTP 334 Rapid Spanning Tree Protocol RSTP 315 Spanning Tree Protocol STP 307 port security displaying 395 intrusion action 396 port security levels MAC 393 port speed configuring 80 port trunk creating 104 deleting 109 displaying 110 modifying 107 453 Index port based access control See 802 1x Port based Network Access Control port based VLAN creating 346 deleting 352 385 displaying 355 386 modifying 350 protected ports VLAN creating 376 deleting 385 displaying 386 modifying 381 Public Key Infrastructure PKI settings displaying 420 Q QoS See Quality of Service QoS Quality of Service QoS See also traffic class flow group and policy 191 quiet period configuring 403
44. 330 AT S63 software resetting to factory defaults 52 auth period 406 authentication protocols enabling or disabling 432 automatic port security level 393 autonegotiation configuring 80 B back pressure configuring 82 boot configuration file 130 Boot Protocol BootP activating 41 bridge forwarding delay Multiple Spanning Tree Protocol MSTP 324 Rapid Spanning Tree Protocol RSTP 314 Spanning Tree Protocol STP 306 bridge hello time Multiple Spanning Tree Protocol MSTP 324 Rapid Spanning Tree Protocol RSTP 314 Spanning Tree Protocol STP 306 bridge identifier Rapid Spanning Tree Protocol RSTP 314 Spanning Tree Protocol STP 307 bridge max age Multiple Spanning Tree Protocol MSTP 324 Rapid Spanning Tree Protocol RSTP 314 Spanning Tree Protocol STP 306 bridge priority Rapid Spanning Tree Protocol RSTP 313 Spanning Tree Protocol STP 305 bridge protocol data unit BPDU 314 browser tools 31 Cc ciphers available parameter 429 CIST priority parameter 325 Class of Service CoS configuring 182 mapping to egress queues 184 schedule displaying 190 scheduling configuring 186 settings displaying 188 Common and Internal Spanning Tree CIST configuring 325 community name SNMPv1 and SNMPv2c 67 SNMPv3 protocol 283 286 CoS See Class of Service CoS D data compression parameter 429 daylight savings time DST 49 Denial of Service DoS defense configuring 214 enabling or disabling 216 mirror
45. Age The length of time after which stored bridge protocol data units BPDUs are deleted by the bridge This parameter applies only if the bridged network contains an STP or RSTP single instance spanning tree Otherwise the bridges use the Max Hop counter to delete BPDUs All bridges in a single instance bridged LAN use this aging time to test the age of stored configuration messages called bridge protocol data units BPDUs For example if you use the default of 20 all bridges delete current configuration messages after 20 seconds The range of this parameter is from 6 to 40 seconds The default is 20 seconds In selecting a value for maximum age the following must be observed MaxAge must be greater than 2 x HelloTime 1 MaxAge must be less than 2 x ForwardingDelay 1 Bridge Max Hops MSTP regions use this parameter to discard BPDUs The Max Hop counter in a BPDU is decremented every time the BPDU crosses an MSTP region boundary After the counter reaches zero the BPDU is deleted Section IV Spanning Tree Protocols Configuring the CIST Priority Section IV Spanning Tree Protocols AT S63 Management Software Web Browser Interface User s Guide Revision Level The revision level of an MSTP region This is an arbitrary number that you assign to a region The revision level must be the same on all bridges in a region Different regions can have the same revision level without conflict The range is 0 zero to 255
46. An action of Permit means the port accepts the packets that meet the criteria of the classifiers assigned to the ACL An action of Deny means the port discards the packets unless the packets also match the criteria of a Permit ACL in which 178 Section II Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide case the packets are accepted by the port because a Permit ACL overrides a Deny ACL Active Whether or not the ACL is active A status of Yes means that the ACL is assigned to at least one port on the switch A status of No means the ACL is not assigned to any ports and therefore is inactive Classifier List The classifiers assigned to the ACL Port List The port assignments of the ACL To view the same information for each ACL select the ACL and click View The View ACLs page opens as shown in Figure 58 L_ i O ID Description 237 Local Classifier List Port List 1 3 4 Action Deny Figure 58 View ACLs Page The View ACLs page displays the following information ID The ID number for the ACL Description The description of the ACL Classifier List The classifiers assigned to this ACL Port List The ports where the ACL is assigned Action The ACL action of Permit or Deny An action of Permit means the port accepts the packets that meet the criteria of the classifiers assigned to the ACL An action of Den
47. BOOTP or DHCP client software on the switch from a web browser management session perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 In the Configuration section for the BOOTP DHCP parameter click one of the following Enable DHCP Enables DHCP Enable BOOTP Enables BOOTP Disable Disables both DHCP and BOOTP This is the correct setting if you want to enter a static IP address for the switch or do not want to assign the switch an IP address The default is disabled Click Apply to activate your change on the switch Note If you enabled BOOTP or DHCP the switch immediately begins to query the network for a BOOTP or DHCP server The switch continues to query the network for its IP configuration until it receives a response If you manually assigned an IP address to the switch that address is deleted and replaced by the IP address received from the BOOTP or DHCP server 4 From the Configuration menu select the Save Config option to Section Basic Operations permanently save your changes This option is not displayed if there are no changes to save 41 Chapter 2 Basic Switch Parameters Displaying System Information To view basic information about the switch perform the following procedure 1 From the Home page select Monitoring The Monitoring System page
48. Chapter 24 MAC Address based Port Security 394 Threshold Specifies the maximum number of dynamic MAC addresses you want the port to be able to learn The range is 1 to 256 The default is 100 Port Participating Applies only when the intrusion action is set to trap or disable This option does not apply when intrusion action is set to discard If this option is set to No when intrusion action is set to trap or disable the port discards invalid packets but it does not send the SNMP trap or disable the port If you want the switch to send a trap and or disable the port you must sent this option to Yes Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section VI Port Security AT S63 Management Software Web Browser Interface User s Guide Displaying the Port Security Level To display the MAC address security level of a port perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 From the Monitoring menu select Network Security The Network Security page is displayed with the Port Security tab selected by default as shown in Figure 160 AT 9424T SP Network Security Figure 160 Port Security Tab Monitoring 3 Click the port whose port
49. ID Description 1 test Destination MAC Source MAC Not defined Not defined Ethernet Format NA Priority VLAN ID None None Protocol User Specified Protocol User Specified None Figure 53 View Classifier Page For descriptions of the variables refer to Configuring a Classifier on page 160 5 Click Close to close the page Section Il Advanced Operations Chapter 13 Access Control Lists Section Il Advanced Operations An access control list ACL is a tool for managing network traffic This chapter contains the following sections Configuring an Access Control List on page 172 Modifying an Access Control List on page 175 Deleting an Access Control List on page 177 QO QQ 0 Displaying the Access Control Lists on page 178 Note For background information about access control lists refer to Chapter 15 Access Control Lists in the AT S63 Management Software Menus Interface User s Guide 171 Chapter 13 Access Control Lists Configuring an Access Control List This procedure explains how to create an ACL Before starting this procedure jot down on paper the ID number s of the classifier s you want to assign to the ACL and the action of the ACL which is either Permit or Deny An action of Permit instructs the port to accept packets from the defined traffic flow of the classifier while an action of Deny discards the packets Having
50. IP address must be entered in the format xxx xxx xxx xxx The default value is 0 0 0 0 Subnet Mask This parameter specifies the subnet mask for the switch You must specify a subnet mask if you assigned an IP address to the switch The subnet mask must be entered in the format xxx xxx xxx xxx The default value is 255 255 0 0 Default Gateway This parameter specifies the default router s IP address This address is required if you intend to remotely manage the switch from a management station that is separated from the switch by a router The address must be entered in the format xxx xxx xxx xxx The default value is 0 0 0 0 3 Click Apply to activate your changes on the switch Note A change to any of the above parameters is immediately activated on the switch A change to the IP address of the switch results in the loss of a remote management session You can restart the management session using the switch s new IP address 4 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section l Basic Operations AT S63 Management Software Web Browser Interface User s Guide Activating the BOOTP or DHCP Client Software For background information on BOOTP and DHCP refer to Chapter 3 Basic Switch Parameters in the AT S63 Management Software Menus Interface User s Guide To activate or deactivate the
51. Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 on page 94 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 124 on page 303 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 136 on page 323 In the CIST MSTI Table section of the tab the VLAN Associations field modify the VIDs of the VLANS that you no longer want to be associated with this MSTI You can specify more than one VID at a time e g 2 4 7 Click Apply 331 Chapter 20 Multiple Spanning Tree Protocol 7 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 332 Section IV Spanning Tree Protocols AT S63 Management Software Web Browser Interface User s Guide Configuring MSTP Port Parameters To configure MSTP port parameters perform the following procedure 1 Section IV Spanning Tree Protocols From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 on page 94 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 135 on page 320 Click Configure The expanded MSTP Spanning Tree
52. Machine 0 cceceeeeeeeneeee erste tees ee ttie tees ee taeeeeeeetaeeeeeeeeaaeeeeeeeaaeeeeesieeeeeeeeaas 367 Displaying the GVRP COUMES oreraa a a ara a eA a A a A 370 Displaying the GIP Connected Ports RINg aaaesssssssssssrseessrressisrnnsesnnnandansnnnesttannaeatinnnnnenudadadiananeaatanaaaeannnnaeaan 373 Chapter 23 Protected Ports VLANS ae a e Ta r aa a aa E aa aa a E 375 Creating a New Protected Ports VLAN c ccceccccceteeecceeeeseeccaeeeeseeneaneeseaeacaaeeeneeacaneeeseeaaasanenseaaaeaeteeaaeeaeetses 376 Moditying a Protected Ports VLAN bi iccccssisdeccccesthae cat ceixacencocevanad gavecs EAEE A REAA EAER VRE ARA EAEAN E 381 Deleting a Protected Ports VLAN asesan iee A Taa EEA A AAA EAEEREN AEAEE i 385 Displaying a Protected Ports VLAN c cccccesseeccceeseeceeceeeeseaceeeetenececeeenseaaaeeeeeseaceeceessnececeeeeseaaeceteneanaeeeeesenas 386 Section VI Port Security ssjsaasiicivssesnsicsdenssedetoandessadevubanasinecedesaspessantensaatiosetgastecdecsees JDI Chapter 24 MAC Address based Port Security 00 cccceeccceeeeeeeee eee eeeeeeeeeeeeeaeeeeeseeeaeeeeseeeaeeeeeeeeaeees 391 Configuring Por Secur 2255 es sectes ch carte ee scan csi dees ade EDTA EESE A A o RAAE 392 Displaying the Port Security LOVel cc ccc ccccceeceececeeeeeeeeceeeeeeeaceeedeessaaaeetessaaaeedeeseaaeeeeeeeeaaaceeteeeaaeeteeeeaadeeteeeeaea 395 Chapter 25 802 1x Port based Network Access Control ccccccccceeeeeeeeeece
53. Manager IP Addresses Trap Receiver IP Address 1 through Trap Receiver IP Address 8 Use the above selections to specify the IP addresses of up to eight trap receivers on your network that can receive traps from the switch 7 Click Apply 8 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 68 Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Modifying an SNMPv1 and SNMPv2c Community Section I Basic Operations To modify an SNMPv1 and SNMPv2c community perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Mgmt Protocols option The Mgmt Protocols page is displayed with the Server based Authentication tab selected by default as shown in Figure 177 on page 432 Select the SNMP tab The SNMP tab is shown in Figure 14 on page 64 In the SNMPv1 amp SNMPv2c section click Configure The SNMPv1 amp SNMPv2c Communities tab is shown in Figure 15 on page 66 Click the button next to the community name and click Modify The Modify SNMPv1 amp SNMPv2c Community page is shown in Figure 17 69 Chapter 4 SNMPv1 and SNMPv2c 70 Community Name first one Status Enable Disable
54. Mbps MDI MDIX Crossover The wiring configuration of a twisted pair port This setting does not apply to fiber optic ports The possible settings are Auto The port automatically configures itself as MDI or MDIX depending upon the end node This is the default This setting is only available when a port s speed and duplex mode are set through Auto Negotiation MDI The port uses straight through cable MDIX The port uses a crossover cable Ingress Broadcast Filter Use this parameter to configure a port to forward or discard ingress broadcast packets The possible settings are Enabled The port discards ingress broadcast packets Disabled The port forwards ingress broadcast packets This is the default setting Egress Broadcast Filter Use this parameter to configure a port to forward or discard broadcast packets The possible settings are Enabled The port discards egress broadcast packets Disabled The port forwards egress broadcast packets This is the default setting For further information about filters refer to Chapter 6 Port Parameters in the AT S63 Management Software Menus Interface User s Guide Ingress Unknown Unicast Filter Use this parameter to configure a port to forward or discard ingress unknown unicast packets The possible settings are Enabled The port discards ingress unknown unicast packets Disabled The port forwards ingress unknown unicast packets This is the def
55. SNMPv3 10 AT S63 Management Software Web Browser Interface User s Guide Enter a name of up to 32 alphanumeric characters In the Notify Type field enter one of the following message types Trap Indicates this notify table is used to send traps With this message type the switch does not expects a response from the host Inform Indicates this notify table is used to send inform messages With this message type the switch expects a response from the host In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Notify Table After making changes to a Notify Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonVolatile Select this storage type if you want the ability to save an entry in the Notify Table After making changes to a Notify Table entry with a NonVolatile storage type the Save Config option is not displayed on the Configuration menu The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Notify Table entry takes effect immediately Click Apply to update the SNMPv3 Notify Table From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save To delete an entry in the SNMPv3 Not
56. SNMPv3 Notify page is shown in Figure 104 __Moditysnmpvsneuy o Notify Name swenginform Notify Tag swenginformtag Notify Type H Inform w Storage Type NonVolatile Row Status Active Figure 104 Modify SNMPv3 Notify Page In the Notify Tag field enter a description name of the Notify Tag Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide Enter a name of up to 32 alphanumeric characters 6 Inthe Notify Type field enter one of the following message types Trap Indicates this notify table is used to send traps With this message type the switch does not expects a response from the host Inform Indicates this notify table is used to send inform messages With this message type the switch expects a response from the host 7 Inthe Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Notify Table After making changes to an Notify Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonVolatile Select this storage type if you want the ability to save an entry in the Notify Table After making changes to an Notify Table entry with a NonVolatile storage type the Save Config option is not displayed on the Configuration menu The Row Status parameter is a read only field in th
57. Section Il Advanced Operations The chapters in this section contain the procedures for advanced switch setup using the AT S63 management software The chapters include Chapter 9 File System on page 125 Chapter 10 File Downloads and Uploads on page 133 Chapter 11 Event Logs and Syslog Servers on page 141 Chapter 12 Classifiers on page 159 Chapter 13 Access Control Lists on page 171 Chapter 14 Class of Service on page 181 Chapter 15 Quality of Service on page 191 Chapter 16 Denial of Service Defense on page 213 Oagaaqgdaaa a Chapter 17 IGMP Snooping on page 219 123 124 Section Il Advanced Operations Chapter 9 File System This chapter contains procedures for working with the file system and contains the following sections 0 Listing the Files in Flash Memory or on a Compact Flash Card on page 126 o Selecting an Active Boot Configuration File on page 130 Note For background information on the file system refer to Chapter 11 File System in the AT S63 Management Software Menus Interface User s Guide Section Il Advanced Operations 125 Chapter 9 File System Listing the Files in Flash Memory or on a Compact Flash Card This procedure displays the files stored in flash memory as well as ona compact flash card for those AT 9400 Series switches that feature a flash card slot Note You cannot copy renam
58. Secton V Virtual LANs From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 on page 94 Select the VLAN tab The VLAN tab is shown in Figure 143 on page 346 In the VLAN Mode section select a VLAN mode Only one mode can be active on the switch at a time The modes are User Configured Port based and tagged VLAN Mode Multiple Non IEEE 802 1Q compliant Multiple VLAN Mode Multiple 802 1Q IEEE 802 1Q compliant Multiple VLAN Mode 353 Chapter 21 Port based and Tagged VLANs 5 If you select one of the multiple VLAN modes specify an uplink port in the Uplink Port field This port functions as the uplink port for the VLANs The default is port 1 6 Click Apply The new mode is automatically activated on the switch 7 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 354 Secton V Virtual LANs Displaying VLANs AT S63 Management Software Web Browser Interface User s Guide To display the current VLANs on a switch perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected
59. Session Ports 23R and 24R on the AT 9424T GB AT 9424T SP and AT 9424Ti SP Series Switches 34 This section applies to the twisted pair ports 23R and 24R and the SFP and GBIC slots on the AT 9424T GB AT 9424T SP and AT 9424Ti SP Series switches Note the following when configuring these ports 0 Twisted pair ports 23R and 24R change to the redundant status mode o when an SFP or GBIC module is installed and establishes a link with its end node An SFP or GBIC port is only active while it has a valid link At all other times the corresponding twisted pair port 23R or 24R is the active port A twisted pair port and its corresponding SFP or GBIC module share the same configuration settings including port settings VLAN assignments access control lists and spanning tree When an SFP or GBIC module becomes active it operates with the same settings as its corresponding twisted pair port An exception is port speed If you disable Auto Negotiation on twisted pair port 23R or 24R and set the speed and duplex mode manually the speed reverts to Auto Negotiation when you install an SFP or GBIC module and the module establishes a link with an end node Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Web Browser Interface Restrictions Section Basic Operations The following management tasks of the AT S63 management software are not support in the web browser interface These fun
60. TACACS and RADIUS Protocols 2 0 cccceseeeseeeeeee eee cence ee eens een eeaseaanenseeeeeeeeeeeeseeeeseesneeeeeeees 431 Figure 177 Server based Authentication Tab Configuration ccccccccceeeeeeneeeeeeeteneeeeeeetieeeeeeetieeeeenenea 432 Figure 178 TACACS Client Configuration Page eecececcneceeeeeeiteee eee eiieeeeeeniieeeeeeenieeeeeeeaeeeeeesieeeene 434 Figure 179 Server Based Authentication Tab Monitoring 0 ccceceeeeeeeeeeeeeneeeeeeetiieeeeeeeteeeeeetiaeeeeerend 436 Figure 180 TACACS Client Configuration Page ceeccecieceeeeeeiieeeeeeeiieeeeeetiieeeeeeetieeeeeetaeeeesetieeeenee 437 Figure 181 RADIUS Client Configuration Page ccccccceeeeeeneceeeeeineeeeeeeenneeeeeesneeeeeeeeaaeeeeeeetieeeeeesieeeeere 438 Figure 182 RADIUS Client Configuration Page ccccccceeeeesteeeee eter eeeeeeenneeeeeesnieeeeeeetieeeeeeetaeeesersieeeeenen 440 Chapter 29 Management Access Control List c cceeeeceeseeeeeeeeeeeeeeeeeeeeeeeeeneeeeeeeseeeeesneeseesesseeeesnneesenens 443 Figure 183 Mgmt ACL Tab Configuration eccccceeeeeeeeeeeeeeeeeeeeeneeeeeeeseeeeeeeeeeeneaeeeeseneaeeeeeseeeaeesenenaneeees 444 Figure 184 Mgmt ACL Tab Monitoring ccccceeceeeeeteeee eee ne eee eee tie eee eeeeeeeeeeeeeeeeeeteeeeeeeteeeseneeeeeeee 449 Figures Tables Table 1 New Features in AT S63 Version 1 2 0 oo eeecccecseeseeeeeeneeeeee cesses tniva davana eae atinae iCare EA EKETA VR
61. Tab Configuration ccccceeeeceeceeeeeeeneeeeeeeeceeeeeeeaeeeeeesnaeeeeeeead 305 Figure 126 STP Settings Port S Page oered arra nn EA E RE RAAE AEA AAEE EAA AERA 307 Figure 127 MAC Address Tab Monitoring seseeessseseeessssrrsssesrrsssttrrssstttntsstttntsstttnrassttntunstttnnasttnesattnn tnnt 309 Figure 128 Spanning Tree Tab Monitoring eeesssseeesssseessssrresrrrrrsesrrnnneserrnneesrinnesettnnnenutinnessnnennesnninaetteananat 309 Figure 129 Monitor STP Parameters Tab Monitoring seesssssssssrrssseserrsssrirrssstttrrsstttnnsssttnrnnsttnnnsssensnnnt 310 Figures Figure 130 STP Settings Page viousissieii siniri keid Ea EAA P AA E i AE AT PE ENTES 310 Figure 131 Configure RSTP Parameters Tab Configuration ccccceceeeeeeeeeeeeeeeeeeeseeeeeeeeeeeeaaeeeeseeenaeees 313 Figure 132 RSTP Settings Port S PAQe c cccceececeeeeeseeeeeeeeeeeeeeeeeeceeeeeeeeeseeeaeeeeseeeeeeeeeteeeeeeeeeteeeeeeeseeenaeeees 315 Figure 133 Monitor RSTP Parameters Tab Monitoring ccccceeeeceeeeeeeeeeeeee eee eeneee sere taeeeeeeeaeeeeeeeaeeeees 317 Figure 134 RSTP Settings Page omies meern e E e AE ASE aN E E EE E red EEA AS EEN 317 Chapter 20 Multiple Spanning Tree Protocol ccecceee eee eeeeeeeeeeeeeeeeeeeeeeeeeeeeeseaneaeeeseeeeeeeseseeeseeeneeenes 319 Figure 135 Spanning Tree Tab Configuration ssseeessseeeesersneesesrneseennnnnsssnnnesnntannenninanesnennnnenenaneeeneannenenna
62. Table You can create delete and modify an SNMPv3 Community Table entry See the following procedures o Creating an SNMPv3 Community Table Entry on page 282 o Deleting an SNMPv3 Community Table Entry on page 285 o Modifying an SNMPv3 Community Table Entry on page 285 For reference information about the SNMPv3 Community Table see Chapter 22 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide Note Use the SNMPv3 Community Table only if you are configuring the SNMPv3 protocol with an SNMPv1 or an SNMPv2c implementation Allied Telesyn does not recommend this configuration Creating an To create an entry in the SNMPv3 Community Table perform the SNMPy3_ following procedure Community 4 From the home page select Configuration Table Entry The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 3 In the SNMPv3 section click the button next to Configure Community Table and then click Configure at the bottom of the tab 282 Section Ill SNMPv3 Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide The SNMPv3 Community Table tab is shown in Figure 111 AT 9424T SP em Na Addr 00 SNMPv3 Community Table Total Entries 4 Page lof 1 Community Security Transport Name Name T
63. To delete a log output perform the following procedure Output Definition 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the Event Log tab The Event log tab is shown in Figure 40 on page 143 3 In the Configure Log Outputs section Select the log output file that you want to modify and click Delete The log output definition is deleted from the list 158 Section Il Advanced Operations Chapter 12 Classifiers A classifier defines a traffic flow You use classifiers with access control lists to filter ingress traffic on a port and with Quality of Service policies to regulate different traffic flows that pass through a switch This chapter contains the following sections Configuring a Classifier on page 160 Modifying a Classifier on page 166 Deleting a Classifier on page 168 Oo ua n Displaying the Classifiers on page 169 Note For background information about classifiers refer to Chapter 14 Classifiers in the AT S63 Management Software Menus Interface User s Guide Section Il Advanced Operations 159 Chapter 12 Classifiers Configuring a Classifier This procedure explains how to create an ACL It is a good idea before performing this procedure to jot down on paper the ID number s of the classifier s you want to assign to the ACL and the action of the A
64. Where to Find Web based Guides iaae ae ae aaa lad a aa ai iad aE aeaa aa aaa a oa aA 20 Contacting Allied Teles yi aema T E T A aantadaeaseal sy 21 OnlIMESSuUpPOMt EEE EE AEE EE E E EA E E ak et A 21 Email and Telephone Suppott ccccccccceeceeeeeeeeeceneaeeeeeeeeeeeeeeseceaaaaaeaeeaeeeeeeeeeeeseccccncicaeeeeeeeeeeeeeteneensaees 21 Returning Products esei a r E E A EEEE 21 Sales or Corporate Information ccceeeceeeceeccece cece ee ee cece ce aeaaeceeeeeeeeeeeeseseceaeaaeceeeeeeeeeeeseeseccieaeeeeeeeeeeeeees 21 Management Software Update So rererere a a TEE A AE E E AE A E R R 21 New Features in AT S63 Version 1 2 0 cccccccececcecceceeeeeeeeeceeeceaaeceeeeeeeeeeescaaaaeaeeeeeeeeeeesedseceeccieeeeeeeeereeeeees 22 Section I Basic Operations lt i occdassadeviiesssedeassdesuacsscetssncesaresetocstsesovssaasbousessseseissscevaessel D Chapter 1 Starting a Web Browser Management Session iessesseessseerrreserrrrsstrrrsstttrrrssttnrnsstrnnnnsnt 27 Establishing a Remote Connection to Use the Web Browser Interface 0 ccccceeeeeeneeeeeeeeteneeeeeeeetieeeeeeeenaaes 28 Web Browser T0olSsiscc istciee a a a tated eceieel elds take Pah Ga eesds pa etdetne nated E EOE 31 Saving Your Parameter Changes ccc ccccccccceeeeeccceeeeseeeceeeeeeueceaeesseeccetesnseeceeenenedaeeeennneeaedeceeneaceeeneeseeeeeetenseaes 32 Quitting a Web Browser Management Session 0 00 0 eceeceee settee cece eenne eee teeta eae eeeeeeaaa
65. a part of the trunk Check to be sure that the settings are correct for the end node to which the trunk will be connected When you create the trunk the AT S63 management software copies the settings of the lowest numbered port in the trunk to the other ports so that all the settings are the same You should also check to be sure that the ports are untagged members of the same VLAN You cannot create a trunk of ports that are untagged members of different VLANs To create a port trunk perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Layer 1 option The Layer 1 page opens with the Port Settings tab displayed by default as shown in Figure 20 on page 78 3 Select the Port Trunking tab 104 Section l Basic Operations AT S63 Management Software Web Browser Interface User s Guide The Port Trunking tab is shown in Figure 29 and displays any existing trunks in a table AT 9424T SP C System Total Trunks 1 Page lof 1 Figure 29 Port Trunking Tab Configuration 4 Click Add The Add New Trunk page is shown in Figure 30 TL AddNewtrnk O Trunk ID Trunk Name Trunk Method SADA Source amp Dest L2 Address x Scssssseeess o n Trunk Port Regular Port Figure 30 Add New Trunk P
66. a list of modules refer to Table 1 on page 147 5 Click Apply The switch creates the new log output server definition and immediately begins sending events to the server if you enabled the Message Generation option 6 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Viewing a Log To view an existing log output definition perform the following procedure Output Definition 1 From the home page select Monitoring The System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 Select the Event Log tab The Event Log tab is shown in Figure 41 on page 145 3 In the Configured Log Outputs section select a log output from the list and click View 154 Section II Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide The View Log Output page is shown in Figure 45 Output ID Type 3 Syslog Output Status Syslog Server IP Address Enabled 149 35 8 45 Message Format Facility Level Extended LOCAL_1 Severity Selections Module Selections D Debug E Error Warning Hnformation M Figure 45 View Event Log Output Page This page displays the following information Output ID An ID number for the log output Output Status Whether or not the output is sent to the syslog
67. a source IP mask if you are filtering on the IP address of a specific end node A mask is required however when filtering on a subnet A binary 1 indicates the switch should filter on the corresponding bit of the IP address while a 0 indicates that it should not For example the Class C subnet address 149 11 11 0 would have the mask 255 255 255 0 Destination IP Address Destination IP Mask Defines a traffic flow by its destination IP address The address can be of a specific node or a subnet You do not need to include a source IP mask if you are filtering on the IP address of a specific end node A mask is required however when filtering on a subnet A binary 1 indicates the switch should filter on Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide the corresponding bit of the IP address while a 0 indicates that it should not For example the Class C subnet address 149 11 11 0 would have the mask 255 255 255 0 TCP Source Port Defines a traffic flow by source TCP port To set this parameter IP Protocol must be set to TCP TCP Destination Port Defines a traffic flow by destination TCP port To set this parameter IP Protocol must be set to TCP TCP Flags Defines a traffic flow by TCP flag To set this parameter IP Protocol must be set to TCP Options are URG Urgent ACK Acknowledgement RST Reset
68. by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab shown by default as shown in Figure 25 on page 94 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 124 on page 303 Click Configure The Configure STP Parameters tab is shown in Figure 125 on page 305 Click Defaults The STP settings are returned to their default values From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 311 Chapter 19 Spanning Tree and Rapid Spanning Tree Protocols Configuring RSTP AN Caution The bridge provides default RSTP parameters that are adequate for most networks Changing them without prior experience and an understanding of how RSTP works might have a negative effect on your network You should consult the IEEE 802 1w standard before changing any of the RSTP parameters To configure RSTP perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab shown by default as shown in Figure 25 on page 94 3 Select the Spanning Tree tab The Spanning Tree tab is shown in
69. by default as shown in Figure 6 on page 42 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 123 on page 302 Select the VLAN tab The VLAN tab is shown in Figure 145 AT 9424T SP VLAN Configuration VLAN Mode Mgmt VLAN ID User Configured 1 Uplink Port Not Applicable Total VLANs 2 Page lof 1 VLAN List VLAN ID Client Name Uplink Port Protocol Tagged T Untagged U Ports 1 Default_ VLAN NA Port Based None U 1 24 O 2 test Port Based None T 5 6 Secton V Virtual LANs Figure 145 VLAN Tab Monitoring The upper part of the tab displays the following information Mode The VLAN mode The possible settings are User Configured This mode supports port based and tagged VLANs Multiple 802 1Q The IEEE 802 1Q compliant multiple VLAN mode 355 Chapter 21 Port based and Tagged VLANs 356 Multiple The non IEEE 802 1Q compliant multiple VLAN mode Management VLAN ID VLAN ID of the management VLAN The lower part of the tab displays a table that contains the following columns of information VLAN ID The VID number assigned to the VLAN Client Name The name of the VLAN If the switch is operating in one of the multiple VLAN modes the names of the VLANs start with Client with the exception of the VLAN containing the uplink port which starts with U
70. can select more than one port at a time to configure To deselect a port click it again Click Modify To configure all of the ports click Modify All The Port Configuration page is displayed as shown Figure 21 on page 79 Click Defaults The port s are returned to the default settings Section l Basic Operations Chapter 6 MAC Address Table Section Basic Operations This chapter contains instructions on how to add and view the dynamic and static addresses in the MAC address table of the switch This chapter contains the following procedure Adding Static Unicast and Multicast MAC Addresses on page 94 Deleting Unicast and Multicast MAC Addresses on page 96 Deleting All Dynamic MAC Addresses on page 97 Displaying the MAC Address Tables on page 98 Changing the Aging Time on page 101 Odo 0 Note For background information on MAC address tables refer to Chapter 7 MAC Address Table in the AT S63 Management Software Menus Interface User s Guide 93 Chapter 6 MAC Address Table Adding Static Unicast and Multicast MAC Addresses This section contains the procedure for assigning a static unicast or multicast address to a port on the switch You can assign up to 255 static MAC addresses per port To add a static address to the MAC address table perform the following procedure 1 From the Home page select Configuration The System page is displ
71. current classifiers on the switch The columns are defined here ID The ID number of the classifier Description A description of the classifier No of References The number of active and inactive ACLs and QoS policies to which the classifier is currently assigned An active ACL or QoS is assigned to at least one switch port while an inactive ACL or QoS policy is currently not assigned to any port If this column is O zero the classifier is not assigned to any ACLs or policies active or inactive No of Active Associations The number of active ACLs and QoS policies to which the classifier is currently assigned An active ACL or QoS policy is assigned to at least one switch 4 Click Create Section Il Advanced Operations 161 Chapter 12 Classifiers 162 The Create Classifier page is shown in Figure 49 Description 1 9999 Destination MAC Source MAC Ethernet Format Any Priority VLAN ID 0 7 1 4094 Protocol User Specified Protocol User Specified ka Figure 49 Create Classifier Page Some of the variables and settings display additional selections For example selecting IP as the Protocol displays the selections shown in Figure 50 Description 1 9999 Destination MAC Source MAC HO H Ethernet Format Any Priority VLAN ID 0 7 mso Protocol IP TOS DSCP None Source IP Address Source
72. eate cuts ates es ENAS A ANS AE RRT RS R T ieee 322 Configuring MSTP Parameters cccccceeeeeneee eee eecne eee AAE A E EE ANAA 322 Configuring the CIST Priority ansaan ar eee erent eee A a A A 325 Creating Deleting or Modifying MSTI IDS sssseesssssesessisesessrasesssnnesininnaestinnnnsnnndadatnnnaeettinnaedtannnndeanandenaaneanna 326 Greatiog anw MST Dua astia ea a aged i ATAA OR AERE A E REAT R a 326 Deleting an MSTI JD rreri enrii i EE E AEA sede eevee EA S eneeci ee 327 Modifying a MSTLID ronie a a a a a a r a att eebtlectieesetntian 328 Adding Removing or Modifying VLAN Associations to MSTIS eseeeeeeseesseesssserrsssrrrrssrtrrssrtrrrnssrennssrrennn 330 Adding a VLAN ASSOCIATION sasari sessei diae ia ria L EA TAS aa A Raa ia eiA raa aa iie eia 330 Removing a VLAN ASSOCI atION ccceceeeeee ee eeeeete eee eeeee eee eeeeeeeaeeeeeeeaaaeeeeseeaaaeeeeseeaaeeeeseeeiaeeeeseeeieeeeseenaees 330 Modifying a VLAN Association cece cece eee iraia ieia ebela e aA e aa 331 Configuring MSTP Port Paramete Sn naaa ida eia a AE A ENR AEE E A 333 AT S63 Management Software Web Browser Interface User s Guide Displaying the MSTP Port Configuration cccccceceeeece eee eecne eee eeetcne ee eee edna ee ee eeaaeeeeeeeaaeeeeeeeiaeeeeeeeenaeeeeeeeeaas 337 Displaying the MSTP Port Status 2 0000 a R en nt nn LES ARS era R ieee renee ee AAEE TA E AEA AER 340 Resetting MSTP to the Default Settings 0 ccc eee ert ee
73. file must have an IP address and subnet mask such as a master switch of an enhanced stack If the switch does not have an IP address such a slave switch you can download the file from a local management session using Xmodem or alternatively switch to switch For instructions refer to the AT S63 Management Software Menus Interface User s Guide O You cannot download a private encryption key onto a switch but you can a public key However since the switch can only use those encryption keys that it has generated itself Allied Telesyn recommends against downloading any keys onto the switch O You cannot download a file to a compact flash memory card in a switch using the web browser interface If you are downloading the AT S63 image file note these additional guidelines 0 All models of the AT 9400 Series switch use the same AT S63 image file o The AT S63 image file contains the bootloader for the switch You cannot load the image file and bootloader separately Section II Advanced Operations Section Il Advanced Operations o AT S63 Management Software Web Browser Interface User s Guide Installing a new AT S63 software image does not change the current configuration of a switch for instance IP address subnet mask and virtual LANs If you want to return a switch to its default configuration values refer to Returning the AT S63 Management Software to the Factory Default Values on page 52 This procedur
74. following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Services option The Services page is displayed with the CoS tab selected by default as shown in Figure 59 Services Figure 59 CoS Tab Configuration 3 Select the ports whose CoS settings you want to configure and click Modify 182 Section II Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide The CoS Setting for Port page is shown in Figure 60 Override Priority No No Priority Level 0 Override Priority Figure 60 CoS Setting for Port Page Use the Priority list to select a new Class of Service priority level for the port The default is level 0 The new priority level will apply to all ingress untagged packets If you perform Step 5 and override the priority level in tagged packets the new priority level will also apply to all ingress tagged packets If you are configuring a tagged port and you want the port to ignore the priority tag in the packets click the Override Priority option A check in the box indicates this feature is activated All tagged packets are directed to the egress queue specified in Step 4 Note The switch does not change the tagged information in a tagge
75. group description Active Whether or not the flow group is active Parent Traffic Class ID The traffic class associated with this flow group This information is for display only Classifier List The classifiers assigned to the flow group 4 To display detailed information about a flow group select the flow group and click View 196 Section II Advanced Operations AT S63 Management Software Web Browser Interface User s Guide The View Flow Group page is shown in Figure 69 S VewFowGroup O O O O O ID Description 23 Local DSCP Priority 802 1p 4 None Remark Priority Classifier List No None Figure 69 View Flow Group Page The View Flow Group page displays the following information ID The ID number for this flow group Description The flow group description DSCP The replacement value to write into the DSCP TOS field of the packets Priority The new user priority value for the packets Remark Priority Replaces the user priority value in the packets with the new value specified in the Priority parameter Classifier List The classifiers assigned to the flow group 5 Click Close Section Il Advanced Operations 197 Chapter 15 Quality of Service Managing Traffic Classes 198 Configuring Traffic Classes Traffic classes consist of a set of QoS parameters and a group of QoS flow groups This section contains the following procedures QOag0Q00 Conf
76. in seconds until a SSH server is released from an incomplete connection with a SSH client Authentication Available Authentication method available Currently password authentication is the only supported method Ciphers Available SSH ciphers that are available on the switch MAC s Available Message Authorization Code MAC that is used to validate incoming SSH messages to the server Two algorithms are supported Data Compression Whether or not data compression is available on the switch Data compression is useful for networks that have a slow throughput speed 429 Chapter 27 Secure Shell SSH 430 Section VII Management Security Chapter 28 TACACS and RADIUS Protocols Section VII Management Security This chapter contains instructions on how to configure the authentication protocols This chapter contains the following procedures m 02 a aa 0 Enabling or Disabling TACACS or RADIUS on page 432 Configuring TACACS on page 434 Displaying the TACACS Settings on page 436 Configuring RADIUS on page 438 Displaying the RADIUS Settings on page 440 Note For background information on the authentication protocols refer to Chapter 36 TACACS and RADIUS Protocols in the AT S63 Management Software Menus Interface User s Guide 431 Chapter 28 TACACS and RADIUS Protocols Enabling or Disabling TACACS or RADIUS 432 To enable or disable server ba
77. is displayed with the General tab selected by default as shown in Figure 6 AT 9424T SP ae Generat tayer2 f System Name IP Address Administrator Subnet Mask Network Security Defaut Gateway m Comments 149 35 8 1 BOOTP DHCP RS EnabieaHer Utilities MAC Address Aging Time System Up Time Hep 300 second s 55Days 3 Hours 4 Minutes 36 Seconds System Software Application Software ATS63 v1 1 0 Jan 14 2005 17 02 34 Bootloader ATS63_LOADER v1 2 0 Dec 6 2004 19 30 34 Hardware Upper Temp Temperature Fan 1 Speed Fan 2 Speed Serial Number Deg C Threshold RPMStatus RPMiStatus Deg C AT 9424T SP sossasaoz3o000 29 feo 3792 AT 9424T SP 05525A4023600001 29603792 Off 125V 120v 2 53 3 36V 5 14V 1 80V 1 30V 1 80V 12 06 Figure 6 General Tab Monitoring Voltage The General section displays the following information System Name The name of the switch Administrator The name of the network administrator responsible for managing the switch 42 Section Basic Operations Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Comments The location of the switch for example 4th Floor rm 402B BOOTP DHCP The status of the BOOTP and DHCP client software If enabled the switch is obtaining its IP information from a BOOTP or DHCP server on the network MAC Address Aging Time The time interval an ina
78. menu lists all of the ports you selected as members of this VLAN You can select more than one uplink port To select multiple ports hold down the Ctrl key when selecting the ports b When the confirmation prompt is displayed click OK c Click Apply 383 Chapter 23 Protected Ports VLANs 384 d Recreate the groups 9 To delete a group do the following a b Click the circle next to the group number and click Remove The ports of the deleted group are now listed in the Available Untagged Ports and Available Untagged Ports lists Assign the ports to another group or use the ports to create a new group All the ports in a protected ports VLAN must belong to a group 10 To modify an existing group such as to add or remove ports you must first delete the group and then recreate it with the desired changes Note To completely remove a port from a protected ports VLAN you must deselect the port in the graphical image of the switch in step 6 then delete its group and finally recreate the group without the port 11 To create a new group do the following a In the Group Number field enter a group number for the new group Each group on the switch must be given a unique group number The range is 1 to 256 In the Available Untagged Port and Available Tagged Ports lists select the port to be in the group You can assign more than one port to group To select multiple ports from a list hold down
79. node then that node will be permitted remote management access to the switch If you enter a subnet any management node in the subnet will be permitted remote management access to the switch Protocol Specify the protocol of the management packets There is only one selection TCP Mgmt ACL IP Mask Enter a mask that indicates the parts of the IP address the switch should filter on A binary 1 indicates the switch should filter on the corresponding bit of the address while a 0 indicates that it should not If you are filtering on a specific IP address use the mask 255 255 255 255 If you are filtering on a subnet the mask will depend on the address For example to allow all management workstations in the subnet 149 11 11 0 to manage the switch you would enter the mask 255 255 255 0 Interface Specify the interface you want the management station to be able to use when managing the switch The options are Telnet Allows Telnet management packets Web Allows web browser management packets 446 Section VII Management Security Section VII Management Security AT S63 Management Software Web Browser Interface User s Guide All Allows both Telnet and web browser management packets Click Add The management ACL is added to the table displayed in the middle section of the tab If desired repeat Steps 3 and 4 to add more ACEs to the Management ACL From the Configuration menu select the Save Config option to p
80. of a particular port You can specify more than one port at a time View MAC Addresses for VLAN Displays the static and dynamic addresses learned on the tagged and untagged ports of a specific VLAN You specify the VLAN by entering the VLAN ID number You can specify only one VLAN at a time View MAC Address Displays the port number on which a MAC address was assigned or learned In some situations you might want to know on which port a particular MAC address was learned You could display the MAC address table and scroll through the list looking for the MAC address But if the switch is part of a large network finding the address could prove difficult The View MAC Address option allows you to specify the MAC address and let the AT S63 management software automatically locate the port on the switch where the device is connected 3 After you select an option click View 99 Chapter 6 MAC Address Table Figure 28 shows an example of viewing all unicast MAC addresses TL MiewmaGaddresses OO OOOO Total MAC Addresses 117 Page 1 of 12 VLANID MAC ADDRESS oil ME O 00 00 CD 01 65 5D 00 00 CD 0D 40 CC 00 00 F 4 44 12 44 00 00 F 4 0D 29 31 00 02 2D 7B AA EA 00 02 2D 7C AF F9 00 02 55 81 1E 98 00 02 DD 32 3D 1C 00 04 23 56 70 6B 00 04 23 80 83 0E 5 5 5 5 5 5 5 5 5 Figure 28 View MAC Addresses Page The View MAC Addresses page displays a table that contains the following columns
81. of information VLAN ID The ID number of the VLAN where the port is a member MAC Address The static or dynamic unicast MAC address Port s The port on which the address was learned or assigned The MAC address with port CPU is the address of the switch Type The type of the address static or dynamic 100 Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Changing the Aging Time Section I Basic Operations The switch uses the aging time to delete inactive dynamic MAC addresses from the MAC address table When the switch detects that no packets have been sent to or received from a particular MAC address in the table after the period specified by the aging time the switch deletes the address This prevents the table from becoming full of addresses of nodes that are no longer active The default setting for the aging time is 300 seconds 5 minutes To configure the aging time perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Inthe Configuration section for the MAC Address Aging Time enter a new value in seconds The range is 0 to 1048575 seconds The default is 300 seconds 5 minutes The value 0 disables the aging timer If the aging timer is disabled inactive dynamic addresses are not deleted from the table and the switch stops learn
82. of the trunk Type The load distribution method The possible settings are SA Source MAC address Layer 2 Section Basic Operations Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide DA Destination MAC address Layer 2 SA DA Source MAC address destination MAC address Layer 2 SI Source IP address Layer 3 DI Destination IP address Layer 3 SI DI Source IP address destination IP address Layer 3 Ports The ports of the trunk 111 Chapter 7 Static Port Trunks 112 Section Basic Operations Chapter 8 Port Mirroring This chapter contains the procedures for creating or deleting a port mirror The sections in the chapter include Creating a Port Mirror on page 114 Modifying a Port Mirror on page 117 Disabling a Port Mirror on page 118 Deleting a Port Mirror on page 119 OdQ0Q00Q0 0 Displaying the Port Mirror on page 120 Note For background information on port mirroring refer to Chapter 9 Port Mirroring in the AT S63 Management Software Menus Interface User s Guide Section Basic Features 113 Chapter 8 Port Mirroring Creating a Port Mirror To create a port mirror perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu
83. on Full Syslog Enabled 149 35 8 45 Syslog Disabled 0 0 0 0 Figure 46 Configure Log Outputs Section The Modify Event Log Output page is shown in Figure 47 Output ID 3 Output Status Syslog Server IP Address Disabled iv 149 35 18 2 45 Message Format Facility Level Normal x LOCAL_1 x Severity Selections Module Selections D Debug E Error W Warning Hnformation v Figure 47 Modify Event Log Output Page 4 Modify the following parameters as necessary Output ID An ID number for the log output 156 Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide Output Status Specifies whether or not the output is sent to the syslog server The options are Enabled Sends the output to the syslog server Disabled The output is not sent to the syslog server even if an IP address is defined Message Format Specifies the format of the messages sent to the syslog server The options are Extended Displays the time module severity description file name line number and event ID This is the default Normal Displays the time module severity and description for each event Severity Selections Specifies the severity of events you want to send to the syslog server The possible options are ALL All messages of the following types are displayed This is the default Error
84. or RSTP is active 5 Click View The Monitor RSTP Parameters tab is shown in Figure 133 AT 9424T SP Spanning Tree Monitor RSTP Parameters Force Version Bridge Max Age RSTP 20 Bridge Priority Bridge Identifier 8 4096 32768 00 30 84 AB EF CD Bridge Hello Time 2 Layer 2 Bridge Forwarding 15 Figure 133 Monitor RSTP Parameters Tab Monitoring 6 To view port settings click a port in the switch and click Status or Settings The RSTP Settings page is shown in Figure 134 Total Ports Selected 1 Page lof 1 Edge Port Point to Point Cost Priority Auto Detect Auto Update 128 Figure 134 RSTP Settings Page Section IV Spanning Tree Protocols 317 Chapter 19 Spanning Tree and Rapid Spanning Tree Protocols 318 The RSTP Settings page displays a table that contains the following columns of information Port The port number Edge Port Whether or not the port is operating as an edge port The possible settings are Yes and No Point to Point Whether or not the port is functioning as a point to point port The possible settings are Yes No and Auto Detect Cost Port cost of the port The default is Auto Update Priority The number used as a tie breaker when two or more ports have equal costs to the root bridge 7 Click OK to close the page Section IV Spanning Tree Protocols Chapter 20 Multiple Spanning Tree Protocol Section
85. page 42 Select the IGMP tab The IGMP tab is shown in Figure 85 on page 223 To view the multicast routers click View Multicast Router List and then click View The View Multicast Routers List is shown in Figure 87 T View muticast Routers tst Total Multicast Routers 1 Page 1of1 Port VLAN ID Router IP 1 1 172 16 10 14 Figure 87 View Multicast Routers List Page The View Multicast Routers List page displays a table that contains the following columns of information Port The port on the switch where the multicast router is connected VLAN ID The VID of the VLAN in which the port is an untagged member Router IP The IP address of the port on the router If the routers are static routers specified with the Manual Select option on the Configuration IGMP page then the View Multicast Routers List page opens as shown in Figure 88 on page 227 Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide View muticast Routers tist O OO O O Static Router Ports 2 Figure 88 View Static Multicast Routers List Page Section Il Advanced Operations 227 Chapter 17 IGMP Snooping 228 Section Il Advanced Operations Section II SNMPv3 Section Ill SNMPv3 The chapter in this section contains the procedures for configuring SNMPv3 The chapter is O Chapter 18 SNMPv3 on page 231 229 230 Section Ill SNMPv3 Chapter 18
86. port 216 settings displaying 217 document conventions 19 DoS See Denial of Service DoS Defense duplex mode configuring 80 Dynamic Host Control Protocol DHCP activating 41 E edge port Multiple Spanning Tree Protocol MSTP 336 encryption keys displaying 418 enhanced stacking changing switches 58 configuring 56 setting switch status 56 event log clearing 150 disabling 142 displaying 144 451 Index enabling 142 saving to a file 150 severity codes 149 software module list 147 F factory defaults resetting switch 52 flash memory displaying files in 126 flow control configuring 82 flow group configuring 192 deleting 195 displaying 195 modifying 194 force version Multiple Spanning Tree Protocol MSTP 324 Rapid Spanning Tree Protocol RSTP 313 G GARP VLAN Registration Protocol GVRP configuration displaying 363 configuring 360 counters displaying 370 database displaying 366 disabling 362 enabling 362 GIP connected ports ring displaying 373 GVRP state machine displaying 367 port configuration displaying 365 gateway address configuring 40 displaying 43 global encryption key configuring 438 441 global secret configuring 434 437 global server timeout configuring 434 437 GVRP See GARP VLAN Registration Protocol GVRP H hardware information 42 held period 406 hello time Rapid Spanning Tree Protocol RSTP 314 Spanning Tree Protocol STP 306 host key ID parameter 427 host n
87. ports to discard packets to the oversubscribed port The possible settings are Enabled HOL blocking prevention is activated Disabled HOL blocking is inactivated on this port You also set the rate limit in number of cells A cell is 128 bytes The range is 1 to 8191 The default is 682 For more information about HOL blocking refer to Chapter 6 Port Parameters in the AT S63 Management Software Menus Interface User s Guide Broadcast Rate Limiting Use this parameter to enable or disable ingress broadcast packet limits The possible settings are Enabled Broadcast packet ingress rate limiting is enabled Disabled Broadcast packet ingress rate limiting is disabled This is the default Broadcast Rate Use this parameter to set the broadcast rate limit in packets per second The range is 0 to 262143 The default is 262143 Unknown Unicast Rate Limiting Use this parameter to enable or disable ingress unknown unicast packet limits The possible settings are Enabled Unknown unicast packet ingress rate limiting is enabled Disabled Unknown unicast packet ingress rate limiting is disabled This is the default Unknown Unicast Rate Use this parameter to set the unknown unicast rate limit in packets per second The range is 0 to 262143 The default is 262143 83 Chapter 5 Port Parameters 84 Multicast Rate Limiting Use this parameter to enable or disable ingress multicast packet limits The possible set
88. prevent unauthorized changes to a switch s parameter settings The chapters include Chapter 26 Encryption Keys PKI and SSL on page 417 Chapter 27 Secure Shell SSH on page 425 Chapter 28 TACACS and RADIUS Protocols on page 431 m m m Oo Chapter 29 Management Access Control List on page 443 415 416 Section VII Management Security Chapter 26 Encryption Keys PKI and SSL Section VII Management Security This chapter explains how to view the encryption keys PKI based certificates and SSL settings and includes the following sections o Displaying the Encryption Keys on page 418 o Displaying the PKI Settings and Certificates on page 420 0 Displaying the SSL Settings on page 423 Note To configure encryption keys PKI or SSL you must use the AT S63 menus or CLI interface For information about encryption keys refer to Chapter 33 Encryption Keys in the AT S63 Management Software Menus Interface User s Guide For information about PKI and SSL refer to Chapter 34 PKI Certificates and SSL in the AT S63 Management Software Menus Interface User s Guide 417 Chapter 26 Encryption Keys PKI and SSL Displaying the Encryption Keys 418 To configure the encryption keys you must use the AT S63 menus or command line interface For more information about encryption keys refer to the AT S63 Management Software Menus Interface
89. reestablish your management session if you want to continue managing the unit As mentioned at the start of this procedure returning a switch to is default settings does not alter the contents of the active boot configuration file To return the file to the default settings you must save the current switch settings after you reestablish your management session Otherwise the switch returns to its previous parameter settings the next time you reset or power cycle the unit Section Basic Operations Chapter 3 Enhanced Stacking Section Basic Operations This chapter contains the following procedures for setting up enhanced stacking Setting a Switch s Enhanced Stacking Status on page 56 Selecting a Switch in an Enhanced Stack on page 58 Returning to the Master Switch on page 61 QOQ0Q 0 Displaying the Enhanced Stacking Status on page 62 Note For background information on enhanced stacking refer to Chapter 4 Enhanced Stacking in the AT S63 Management Software Menus Interface User s Guide 55 Chapter 3 Enhanced Stacking Setting a Switch s Enhanced Stacking Status The enhanced stacking status of the switch can be master slave or unavailable Each status is described below O Master A master switch of a stack can be used to manage other enhanced stacking switches in a subnet After you have established a local or remote management session with the master swi
90. s Guide Displaying the DoS Settings To display the DoS settings perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select Network Security The Network Security page is displayed with the Port Security tab selected by default as shown in Figure 160 on page 395 Select the DoS tab The DoS tab is shown in Figure 82 Network Security MAC Addr 00 30 84 4B EF CD DoS LAN Subnet IP DoS LAN Subnet Mask 0 0 0 0 0 0 0 0 DoS Uplink Port 24 Syn Flood e o D Section Il Advanced Operations Figure 82 DoS Tab Monitoring Click the port whose DoS settings you want to view You can select more than one port at a time Using the DoS Type list select the type of denial of service defense whose settings you want to view Click View 217 Chapter 16 Denial of Service Defense The DoS Monitor for Port page opens as shown in Figure 83 Mirror Port Status Type Action Disable SYN_FLOOD Block Figure 83 DoS Monitor for Ports Page The page displays a table that contains the following columns of information Port The port number Status Whether DoS is enabled or disabled on the port Type The type of DoS prevention Action The action a port takes when an intr
91. security level you want to view A selected port turns white You can select more than one port at a time 4 Click View Section VI Port Security 395 Chapter 24 MAC Address based Port Security 396 The Security for Port s page is shown in Figure 161 T seny forono zaa OOOO Total Ports Selected 3 Page 1of1 Security Mode Intruder Action Participating MAC Limit 2 Limited Send Trap Only Yes 10 3 Limited Send Trap Only Yes 10 4 Limited Send Trap Only Yes 10 Figure 161 Security for Port s Page The Security for Ports page displays a table that contains the following columns of information Port The number of the port Security Mode The active security mode on the port The possible settings are Automatic Limited Secured and Locked Intruder Action The column specifies the action taken by the switch if a port receives an invalid packet The possible settings are Discard The port discards invalid packets This is the default Trap The port discards invalid packets and sends a trap This action applies only to the Limited security mode Trap Disable The port discards invalid packets sends a trap and disables the port This action applies only to the Limited security mode Participating This column applies only when the intrusion action for a port is set to trap or disable This option does not apply when intrusion action is set to No Action discard If this option is set to No wh
92. server Encryption Key Encryption key for that server This parameter is blank if all the RADIUS servers have the same encryption secret 441 Chapter 28 TACACS and RADIUS Protocols 442 Section VII Management Security Chapter 29 Management Access Control List Section VII Management Security A management access control list ACL allows you to restrict Telnet and web browser management access to the switch The sections in this chapter include Enabling or Disabling the Management ACL on page 444 Creating an ACE on page 446 Deleting an ACE on page 448 QOQ0Q0Q 0 Displaying the Management Access Control List on page 449 Note For background information about management access control lists refer to Chapter 37 Management Access Control List in the AT S63 Management Software Menus Interface User s Guide 443 Chapter 29 Management Access Control List Enabling or Disabling the Management ACL 444 This procedure enables and disables the management ACL When enabled only those management stations specified by the access control entries in the ACL are allowed to manage the switch remotely using the Telnet application protocol or a web browser When the feature is disabled any remote management workstation can access the switch Note Do not activate the management ACL until you have specified the access control entries ACEs Otherwise the switch will disca
93. server either enabled or disabled Message Format The format of the messages sent to the syslog server Severity Selections The severity of events sent to the syslog server Scroll the list to view all the selections Type The only available type is Syslog and you cannot change this Syslog Server IP Address The IP address of the syslog server Facility Level The numerical code to be added to the entries sent to the syslog server to group the entries according to the module or switch that produced them Module Selections Specifies the AT S63 management software module s whose events you want to send to the syslog server Scroll the list to view all the modules that have been selected for this log output 4 When you are done click Close 155 Chapter 11 Event Logs and Syslog Servers Modifying a Log To modify a log output definition perform the following procedure Output Definition 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the Event Log tab The Event log tab is shown in Figure 40 on page 143 3 In the Configure Log Outputs section Select the log output file that you want to modify and click Modify The Configure Log Outputs section is shown in Figure 46 Page 1of1 Configure Log Outputs Type Status Details Permanent Enabled Wrap on Full Temporary Enabled Wrap
94. software to support new manager accounts If you will be using RADIUS for 802 1x port based access control only and not for new manager accounts you should leave the check box empty The switch will still be able to access the RADIUS configuration information for 802 1x port based access control 5 Click Apply 6 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save To configure TACACS go to Configuring TACACS on page 434 To configure RADIUS go to Configuring RADIUS on page 438 Section VII Management Security 433 Chapter 28 TACACS and RADIUS Protocols Configuring TACACS 434 To configure TACACS perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Select the Server based Authentication tab The Server based Authentication tab is shown in Figure 177 on page 432 In lower section of the Server based Authentication tab click TACACS Configuration and click Configure The TACACS Client Configuration page is shown in Figure 178 Global Secret Global Server Timeout 1 300 30 second s 0 0 0 0 0 0 0 0 Figure 178 TACACS Client Configuration Page 4 Configure the following parameters as necessary G
95. the Ctrl key when selecting the ports Click Add The switch creates the group and adds it to the VLAN Groups section of the window 12 After you have made the necessary changes and assigned all of the ports to a group click Apply at the bottom of the window VLAN changes are immediately implemented on the switch 13 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section V Virtual LANs AT S63 Management Software Web Browser Interface User s Guide Deleting a Protected Ports VLAN Section V Virtual LANs To delete a protected ports VLAN from the switch perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 123 on page 302 Select the VLAN tab The VLAN tab is shown in Figure 143 on page 346 Click the button next to the name of the protected ports VLAN you want to delete You cannot delete the Default_VLAN Click Remove A confirmation prompt is displayed Click OK to delete the VLAN or Cancel to cancel the procedure If you click OK the VLAN is deleted from the switch All ports in the VLAN are returned to the Default_V
96. the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 Select the SNMP tab The SNMP tab is shown in Figure 114 on page 289 3 In the SNMPv3 section click the button next to the View Target Parameters Table and then click View at the bottom of the tab Section Ill SNMPv3 295 Chapter 18 SNMPv3 Displaying SNMPv3 Community Table Entries 296 The SNMPv3 Target Parameters Table tab is shown in Figure 121 SNMPv3 Target Parameters Table Total Entries 6 Page 1 of 2 Message Params Name Processing Model Security Model Security Security Name Level Storage Type Row Status managerS0 v3 Mgmt Protocols snmpmanager65 v3 snmpmanager 5 v3 snmpyv3manager1 20 v3 snmpyv3manager220 v3 v3 v3 v3 v3 v3 jenny murthy teresa hoa luke AuthPriv Nonvolatile AuthPriv NonvVolatile AuthPriv Nonvolatile AuthNoPriv NonVolatile AuthNoPriv NonVolatile Active Active Active Active Active Figure 121 SNMPv3 Target Parameters Table Tab Monitoring To display entries in the SNMPv3 Community Table perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 Select the SNMP tab The SNMP tab is shown in Figure 114 on page 289
97. the switch s current operating settings select Save Config 131 Chapter 9 File System 132 Section Il Advanced Operations Chapter 10 File Downloads and Uploads Section Il Advanced Operations This chapter contains the procedure for downloading a new AT S63 image file onto the switch This chapter also contains procedures for uploading and downloading system files such as a boot configuration file from the file system in the switch This chapter contains the following sections 0 Downloading a File on page 134 0 Uploading a File on page 139 133 Chapter 10 File Downloads and Uploads Downloading a File 134 Guidelines This procedure explains how to download a file from a TFTP server on your network to the switch using the web browser interface You can download any of the following files 0 AT S63 image file o Boot configuration file 0 CAcertificate Note The CA certificate is supported only on the version of AT S63 management software that features SSL PKI and SSH security Here are general guidelines to follow when performing this procedure o You must use TFTP to download a file from a web browser management session O There must be a node on your network with the TFTP server software o The file to download must be stored on the TFTP server node o You should start the TFTP server before you begin the download procedure o The switch receiving the downloaded
98. this information handy will make it easier for you to perform the procedure To view the classifier ID numbers and specifications refer to Displaying the Classifiers on page 169 To configure an access control list perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Network Security option The Network Security page is displayed with the Port Security tab selected by default as shown in Figure 158 on page 392 3 Select the ACL tab The ACL tab is shown in Figure 54 Current ACL s ID Description Action Active Classifier List Port List 237 Local Deny ves 1 3 4 Network Security Figure 54 ACL Tab Configuration 172 Section II Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide 4 Click Create The Create ACLs page is displayed as shown in Figure 55 ID Description 0 255 Classifier List Port List ll ln Action E DENY x Figure 55 Create ACLs Page 5 Configure the following parameters ID Use this field to enter an ID number for the ACL Every ACL on the switch must have a unique ID number The range is 0 to 255 Classifier List Use this list to select the classifier you want to assign to this
99. through Trap Receiver IP Address 8 Use the above selections to specify the IP addresses of up to 8 trap receivers on your network that can receive traps from the switch Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 71 Chapter 4 SNMPv1 and SNMPv2c Deleting an SNMPv1 and SNMPv2c Community To delete an existing SNMPv1 and SNMPv2c community perform the following procedure 1 72 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Mgmt Protocols option The Mgmt Protocols page is displayed with the Server based Authentication tab selected by default as shown in Figure 177 on page 432 Select the SNMP tab The SNMP tab is shown in Figure 14 on page 64 In the SNMPv1 amp SNMPv2c section click Configure The SNMPv1 amp SNMPv2c Communities tab is shown in Figure 15 on page 66 Click the button next to the community name to delete and click Remove A warning message is displayed Click OK From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Displaying th
100. to permanently save your changes This option is not displayed if there are no changes to save To delete a traffic class perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Services option The Services page is displayed with the CoS tab selected by default as shown in Figure 59 on page 182 Select the Traffic Class tab The Traffic Class tab is shown in Figure 70 on page 198 Select the traffic class you want to delete and click Delete The traffic class is deleted from the list To display the traffic classes perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select Services The Services menu is displayed with the CoS tab selected by default as shown in Figure 62 on page 188 Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide 3 Select the Traffic Class tab The Traffic Class tab is shown in Figure 73 Page lof 1 Current Traffic Classes ID Description Active Parent Policy ID Flow Group List 0 test Yes 0 1 oO 11 Test 23 O 12 test Services Figure 73 Traffic Class Tab Monitoring Th
101. traffic class Use lt Ctrl gt click to select more than one Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save To modify a traffic class perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Services option The Services page is displayed with the CoS tab selected by default as shown in Figure 59 on page 182 Select the Traffic Class tab The Traffic Class tab is shown in Figure 70 on page 198 Select the traffic class you want to modify and click Modify Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide The Modify Traffic Class page is shown in Figure 72 ID Description 11 Test Exceed Action Exceed Remark value DROP x 0 0 63 DSCP Value Max Bandwidth 0 0 63 0 1016 Burst Size Priority 4 512 0 7 Remark Priority Flow Group List No x fo Figure 72 Modify Traffic Class Page 5 Configure the following parameters as necessary ID Specifies the ID number for this traffic class The range is 0 to 1023 Exceed Action Specifies the action to be taken if the traffic of the traffic class exceeds the maximum band
102. tree protocol resets the switch 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab shown by default as shown in Figure 123 on page 302 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 135 AT 9424T SP C Home Spanning C system ov Active Protocol Version i C Enable Spanning Tree OSTP RSTP O MSTP C Mutiat e Configure Spanning Tree Parameters Configure Figure 135 Spanning Tree Tab Configuration 320 Section IV Spanning Tree Protocols AT S63 Management Software Web Browser Interface User s Guide Note If you do not want to change the active spanning tree protocol and just want to enable or disable it go to Step 5 4 Tochange the active spanning tree protocol on the switch click STP RSTP or MSTP in the Active Protocol Version section of the tab The default is RSTP Note Only one spanning tree protocol can be active on the switch ata time 5 To enable or disable the active spanning tree protocol on the switch click the Enable Spanning Tree check box A check indicates that the spanning tree is enabled while no check indicates that spanning tree is disabled The default is disabled 6 Click Apply Note If you c
103. warning message is displayed Click OK From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save To modify an entry in the SNMPv3 View Table perform the following procedure 1 From the home page select Configuration 247 Chapter 18 SNMPv3 248 The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 In the SNMPv3 section click the button next to Configure View Table and then click Configure at the bottom of the tab The SNMPv3 View Table tab is shown in Figure 93 on page 245 Click the button next to the SNMPv3 View Table entry that you want to change and then click Modify The Modify SNMPv3 View page is shown in Figure 95 T Modiysuwpvsview o View Name mgmt Subtree OID gt 1 3 6 1 2 Subtree Mask View Type Included Storage Type NonVolatile J Row Status Active 5 Figure 95 Modify SNMPv3 View Page In the Subtree Mask field enter a subtree mask in hexadecimal format This is an optional parameter that is used to further refine the value of the Subtree OID parameter The Subtree OID parameter defines a MIB View and the Subtree Mask parameter further restricts a user s view to a specific the column and row of the MIB View The value o
104. white To deselect a port click it again 4 Click Status Section Basic Operations 85 Chapter 5 Port Parameters 86 The Port Status page is shown in Figure 23 T S Name Port_03 Vian Id 1 Speed and Duplex Auto Ingress Broadcast Filter Disabled Ingress Unknown Unicast Filter Disabled Ingress Unknown Multicast Filter Disabled Flow Control Disabled Flow Control Back Pressure Limit 7935 Broadcast Rate Limiting Disabled Unknown Unicast Rate Limiting Disabled Multicast Rate Limiting Disabled Status Enabled Link Status Down MDLMDIX Crossover MDIX Egress Broadcast Filter Disabled Egress Unknown Unicast Filter Disabled Egress Unknown Multicast Filter Disabled Back Pressure Disabled HOL Blocking 682 Broadcast Rate 262143 Unknown Unicast Rate 262143 Multicast Rate 262143 Figure 23 Port Status Page The Port Status page displays the following information Name The name of the port Status The status of the port enabled or disabled VLAN ID The VLAN identifier VID of the VLAN in which the port is an untagged member Link Status The status of the link between the port and the end node connected to the port up or down Speed and Duplex The speed and duplex mode MDI X Crossover The operating configuration of the port The possible settings are MDI and MDI X Ingress Broadcast Filter Status of the filter on ingress broa
105. 0 000 for 10 Mbps ports 200 000 for a 100 Mbps ports and 20 000 for one gigabit ports Point to Point This parameter defines whether the port is functioning as a point to point port The possible settings are Yes No and Auto Detect For an explanation of this parameter refer to Point to Point and Edge Ports in Chapter 23 Spanning Tree and Rapid Spanning Tree Protocols in the AT S63 Management Software Menus Interface User s Guide Edge Port This parameter defines whether the port is functioning as an edge port The possible settings are Yes and No For an explanation of this parameter refer to Point to Point and Edge Ports in Chapter 23 Spanning Tree and Rapid Spanning Tree Protocols in the AT S63 Management Software Menus Interface User s Guide 9 After you have configured the parameters click Apply 315 Chapter 19 Spanning Tree and Rapid Spanning Tree Protocols Resetting RSTP to the Default Settings Displaying RSTP 316 Settings 10 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Note All changes to a port s RSTP settings with the exception of port cost are activated immediately A change to the port cost value requires you to reset the switch A new port cost value is not implemented until the unit is reset To reset RSTP to the default settings perform the fo
106. 000 MSTI List The MSTIs defined on the switch You can use this list when setting the port priority and port internal path cost parameters to assign different values to a port for each MSTI when the port is a member Before setting priority or internal path cost select the appropriate MSTI where you want the new setting to be applied on the port The default is all MSTIs on the switch The MSTI List shows all of the spanning tree instances on the switch and not just those where the selected port is currently a member If you select an MSTI where the port is not a member you can pre configure the parameter in the event you later add the port as a member of the MSTI through a VLAN assignment Point to Point This parameter defines whether the port is functioning as a point to point port The possible settings are Yes No and Auto Detect For an explanation of this parameter refer to Point to Point and Edge Ports in Chapter 23 Spanning Tree and Rapid Spanning Tree Protocols in the AT S63 Management Software Menus Interface User s Guide Port External Path Cost The port cost of the port if the port is connected to a bridge which is a member of another MSTP region or is running STP or RSTP The range is 0 to 200 000 000 Table 10 lists the MSTP port costs with the Auto setting when the port is not a member of a trunk Table 10 MSTP Auto External Path Costs Port Speed Port Cost 10 Mbps 2 000 000
107. 1 protocol v2c Select this value to associate the Security Name or User Name with the SNMPv2c protocol v3 Select this value to associate the Security Name or User Name with the SNMPv3 protocol In the Security Name field enter a User Name that you previously configured with the SNMPv3 User Table See Creating a User Table Entry on page 236 In the Security Level field select one of the following Security Levels Note The value you configure for the Security Level must match the value configured for the User Name in the SNMPv3 User Table Menu See Creating a User Table Entry on page 236 No Authentication Privacy This option represents neither an authentication nor privacy protocol Section IIl SNMPv3 Section Ill SNMPv3 10 11 AT S63 Management Software Web Browser Interface User s Guide Select this security level if you do not want to authenticate SNMP entities and you do not want to encrypt messages using a privacy protocol This security level provides the least security Note If you have selected SNMPv1 or SNMPv2c as the Security Model you must select No Authentication Privacy as the Security Level Authentication This option represents authentication but no privacy protocol Select this security level if you want to authenticate SNMP users but you do not want to encrypt messages using a privacy protocol You can select this value if you configured the Security Model parame
108. 100 Mbps 200 000 1000 Mbps 20 000 335 Chapter 20 Multiple Spanning Tree Protocol 336 10 Table 11 lists the MSTP port costs with the Auto setting when the port is part of a port trunk Table 11 MSTP Auto External Path Trunk Costs Port Speed Port Cost 10 Mbps 20 000 100 Mbps 20 000 1000 Mbps 2 000 Edge Port This parameter defines whether the port is functioning as an edge port The possible settings are Yes and No For an explanation of this parameter refer to Point to Point and Edge Ports in Chapter 23 Spanning Tree and Rapid Spanning Tree Protocols in the AT S63 Management Software Menus Interface User s Guide After configuring the parameters click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Repeat this procedure to configure MSTP parameters for other switch ports Section IV Spanning Tree Protocols AT S63 Management Software Web Browser Interface User s Guide Displaying the MSTP Port Configuration Section IV Spanning Tree Protocols To display the MSTP port configuration perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 From the Monitoring menu select the Layer 2 option The Layer
109. 2 3 Select the SNMP tab The SNMP tab is shown in Figure 14 Mgmt Protocols Enable SNMP Access Enable Authentication Failure Trap SNMPv1 amp SNMPv2c Configure SNMPv1 amp SNMPv2c Communities SNMPv3 SNMP Engine ID 80 00 00 CF 03 00 30 84 AB EF CD Configure User Table Configure View Table Configure Access Table O Configure SecurityToGroup Table Configure Notify Table Configure Target Address Table O Configure Target Parameters Table Configure Community Table Figure 14 SNMP Tab Configuration Section Basic Operations Section I Basic Operations AT S63 Management Software Web Browser Interface User s Guide Click the Enable SNMP Access checkbox to enable or disable SNMP management A check in the box indicates that the feature is enabled meaning that the switch can be managed from an SNMP management station No check indicates that the feature is disabled The default is disabled If you want the switch to send authentication failure traps click the Enable Authentication Failure Traps checkbox A check in the box indicates that the switch sends the trap Click Apply A change to SNMP access is immediately activated on the switch The community strings that already exist on the switch are displayed in a table From the Configuration menu select the Save Config option to permanently save your changes This option is no
110. 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 123 on page 302 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 124 on page 303 This tab displays information on whether spanning tree is enable or disabled and which protocol version STP RSTP or MSTP is active 4 Click View 337 Chapter 20 Multiple Spanning Tree Protocol The MSTP Parameters tab is shown in Figure 140 AT 9424T SP Jarketing tome Spanning Tree a Monitor MSTP Parameters Force Version F NETE Bridge Max Ago Mmt Protocols 20 Services Configuration Name GES Monitor cist parameters Help ae SSS 1000 22700 CIST MSTI Table Total CIST MSTIs 1 Page 1of 1 CISTMSTI ID VLAN Associations Ce CIST O MSTI 1 15 Figure 140 Monitor MSTP Parameters Tab Monitoring 5 Click a port in the switch and click Settings You can select more than one port The MSTP Settings Port s page is shown in Figure 141 T st setings Porn 15 Total Ports Selected 1 Page lof 1 Edge Port Point to Point External Cost Internal Cost Priority fis ves Auto Detect 200000 Auto Update Figure 141 MSTP Settings Port s Page 338 Section IV Spanning Tree Protocols Section IV Spanning Tree Protocols AT S63 Management Software Web Browser Interface User s Guide The MSTP Settings page displays a table that contains the follo
111. 286 SNMPv3 Community Table entry creating 282 deleting 285 displaying 296 modifying 285 SNMPv3 Notify Table entry creating 263 deleting 265 displaying 293 modifying 266 SNMPv3 SecurityToGroup Table entry creating 257 deleting 260 displaying 292 modifying 260 SNMPv3 Target Address Table entry creating 268 deleting 271 displaying 294 modifying 272 SNMPv3 Target Parameters Table entry creating 275 deleting 278 displaying 295 modifying 279 SNMPv3 User Table entry creating 236 deleting 239 displaying 288 modifying 240 SNMPv3 View Table entry creating 244 deleting 247 displaying 290 modifying 247 SNTP See Simple Network Time Protocol SNTP software information 42 Spanning Tree Protocol RSTP parameters displaying 308 Spanning Tree Protocol STP bridge forwarding delay 306 bridge hello time 306 bridge identifier 307 bridge max age 306 bridge parameters configuring 304 bridge priority 305 disabling 302 320 enabling 302 320 parameters displaying 308 port cost 308 port priority 307 port settings displaying 340 resetting to defaults 311 SSH See Secure Shell SSH SSL See Secure Sockets Layer SSL static MAC address adding 94 deleting 96 static unicast MAC address displaying 98 STP ID 373 STP See Spanning Tree Protocol STP subnet mask configuring 40 supplicant port start period 406 supplicant timeout 403 switch hardware information 42 software information 42 switch name configuring 38 switch reboo
112. 3 GIP Context ID Figure 153 GIP Connected Ports Ring Page The GIP Connected Ports Ring page displays a table that contains the following columns of information GIP Context ID A number assigned to the instance for the GIP context STP ID Present if the GARP application is GVRP identifies the spanning tree instance associated with the GIP context Ring The ring of connected ports Only ports presently in the spanning tree Forwarding state are eligible for membership in the GIP connected 373 Chapter 22 GARP VLAN Registration Protocol ring If no ports exist in the GIP connected ring No ports are connected is displayed If the GARP application has no ports No ports have been assigned is displayed 374 Section V Virtual LANs Chapter 23 Protected Ports VLANs This chapter explains how to create modify and delete protected ports VLANs and contains the following sections Creating a New Protected Ports VLAN on page 376 Modifying a Protected Ports VLAN on page 381 Deleting a Protected Ports VLAN on page 385 Displaying a Protected Ports VLAN on page 386 OQ 0 0 Note For background information on protected ports VLANs refer to Chapter 28 Protected Ports VLANs in the AT S63 Management Software Menus Interface User s Guide Section V Virtual LANs 375 Chapter 23 Protected Ports VLANs Creating a New Protected Ports VLAN To creat
113. 30 84 F3 B5 00 SV_USERS_5 00 30 84 F 3 86 20 S V_USERS_3 00 30 84 F3 C9 40 SV_USERS_ 563 v1 2 0 AT 9424T SP 563 v1 2 0 AT 9424T SP 563 v1 2 0 AT 9424T SP 563 v1 2 0 AT 9424T SP 563 v1 2 0 AT 9424T SP 539 v3 2 0 AT 8026T 539 v3 2 0 AT 8026T 563 v1 2 0 AT 9424T SP 63 v1 2 0 AT 9424T SP 63 v1 2 0 AT 9424T SP 0000000000 Figure 12 Stacking Switches Page Note The master switch on which you started the management session is not included in the list nor are any switches with an enhanced stacking status of Unavailable You can sort the switches in the list by switch name or MAC address by clicking on the column headers By default the list is sorted by MAC address To refresh the list click Refresh This instructs the master switch to again poll the subnet for all switches 2 To manage another switch in an enhanced stack click the button to the left of the appropriate switch in the list You can select only one switch at a time Note If the web server on the master switch is operating in the secure HTTPS mode you can manage only those enhanced stacking switches that are also operating HTTPS You cannot manage a switch whose web server is operating in the non secure HTTP mode 3 Click Connect Section Basic Operations 59 Chapter 3 Enhanced Stacking 60 4 Enter a user name and password for the switch when prompted The home page of the selected switch
114. 320 Figure 136 Configure MSTP Parameters Tab Configuration 0c ccececeeeeeeeeeeeeeeeeeeeecieeeeeetaeeeeeeetiaeeeeeees 323 Figure 137 Add New MSTI Page ccccccecssecceeeeeeseneceseeneeedeeeeceneneeeseessaedeneesneeceeeeeeneeeceeeesnseeeeeesneaceeeneeneneess 326 Figure 138 Modify MS Th Page iii aer E EE EEEE ER E R EE 328 Figure 139 MSTP Settings Port S Page erro rieren irrin riarik Errea r AA EEA AA KENAA PAKTE A EERE PEPETA RA ET OAREN TEETE 333 Figure 140 Monitor MSTP Parameters Tab Monitoring c cccceeeeeeeeeeeeeeeeeeeeeseeeeeeeeseeeeaeeeeseeaaeeeeeeenaees 338 Figure 141 MSTP Settings Port S Page eecseinain araia i AAEE ERE EEA A RE EREA ER E 338 Figure 142 MSTP Port Status Port S Page sseessssssessrneesssernesrrrrsnestnnnnessnennnenttannentnnaannntenneadennnaannanneenne 340 Chapter 21 Port based and Tagged VLANS sssssnsunsennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnmn 345 Figure 143 VLAN Tab Configuration 0 ccc ccccceeeeeeeeeeeeeneeeeeeeeeaaeeeeeeeaaaeeeseeeaaaeeeeeeeaaeeeeeeeiaaeeeeseiaeeeeesenaees 346 Figure 144 Add New VLAN Page eraris cetei eerie aai eiad diaas kana Tni aa LADE e EE ieee d ias eraa Laena 347 Figure 145 VLAN Tab Monitorning secasncncsie e a a E A a aaa 395 Chapter 22 GARP VLAN Registration Protocol ssssssseseenuunnnnnnnnnnnnnnnnnnnunnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnne 359 Figure 146 GVRP Tab Configuration
115. 363 Displaying the GVRP Port Configuration on page 365 Displaying the GVRP Database on page 366 Displaying the GVRP State Machine on page 367 Displaying the GVRP Counters on page 370 OaQgaeQaqavju aga n Displaying the GIP Connected Ports Ring on page 373 Note For background information on GVRP refer to Chapter 26 GARP VLAN Registration Protocol in the AT S63 Management Software Menus Interface User s Guide 359 Chapter 22 GARP VLAN Registration Protocol Configuring GVRP To configure GVRP perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab shown by default as shown in Figure 123 on page 302 3 Select the GVRP tab The GVRP tab is shown in Figure 146 Layer 2 AT 9424T SP System Name Marketing MAC Addr 00 30 84 AB EF CD GVRP GVRP Parameters Enable GVRP F Enable GIP Leave Time Leave All Time 60 CentiSeconds 1000 CentiSeconds Join Time 20 CentiSeconds GVRP Port Configuration 360 Figure 146 GVRP Tab Configuration 4 In the GVRP Parameters section configure the following parameters as necessary Enable GVRP Click to enable or disable GVRP Sect
116. 4B EF CD SNMPv3 Notify Table Total Entries 1 Page lof 1 Notify Name Notify Tag Notify Type Storage Type Row Status techpubsnotify tptag Inform Nonvolatile Active Mgmt Protocols Figure 119 SNMPv3 Notify Table Tab Monitoring Displaying Target To display entries in the SNMPv3 Target Address Table perform the Address Table following procedure Entries 4 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 Select the SNMP Tab The SNMP tab is shown in Figure 114 on page 289 3 In the SNMPv3 section lick the button next to View Target Address Table and then click View at the bottom of the tab 294 Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide The SNMPv3 Target Address Table tab is shown in Figure 120 n Name Marketing r 00 30 84 4B EF CD SNMPv3 Target Address Table Total Entries 2 Page 1 of 2 Target Address Timeout snmpv3hostt 1500 Parameters Retries Mgmt Protocols snmpv3manager1 2 IP Address UDP Port Number 162 187 1 1 1 Storage Type Row Status NonvVolatile Active Tag List testengtag swengtag Figure 120 SNMPv3 Target Address Table Tab Monitoring Displaying Target To display entries in the SNMPv3 Target Parameters Table perform the Parameters Table following procedure Entries 4 From
117. 5 Configure the following parameters as necessary Name Use this selection to assign a name to a port from 1 to 15 alphanumeric characters Spaces are allowed but you should not use special characters such as asterisks or exclamation points You cannot assign a name when you are configuring more than one port Status Use this selection to enable or disable a port When disabled a port does not accept or forward frames You might want to disable a port and prevent packets from being forwarded if a problem occurs with the node or cable connected to the port After the problem has been fixed you can enable the port again to resume normal operation You might also want to disable a port that is not being used to secure it from unauthorized connections The possible settings are 79 Chapter 5 Port Parameters 80 Enabled The port receives and forwards packets This is the default setting Disabled The port does not receive or forward packets Speed and Duplex You use this selection to configure a port for Auto Negotiation or to manually set a port s speed and duplex mode If you select Auto Negotiate for Auto Negotiation which is the default setting the switch sets both speed and duplex mode for the port automatically Note the following about the operation of Auto Negotiation on a switch port O In order for a switch port to successfully autonegotiate its duplex mode with an end node the end node should a
118. 5 x Cos6toPO CoS7toPQ Q6 QoS Prioritya 6 x Q7 QoS PriorityO 7 x Configure Egress Weights Select Schedule Strict Priority Weighted Priority Queue 0 Weight Weighted Queue 4 Weight Weighted 0 0 15 0 0 15 Queue 1 Weight Weighted Queue 5 Weight Weighted 0 0 15 0 0 15 Queue 2 Weight Weighted Queue 6 Weight Weighted 0 0 15 a 0 15 Queue 3 Weight Weighted Queue 7 Weight Weighted 0 0 15 a 0 15 Figure 61 Queuing amp Scheduling Tab Configuration 184 Section II Advanced Operations AT S63 Management Software Web Browser Interface User s Guide Note The Configure Egress Weights section in the tab is explained in the next procedure Configuring Egress Scheduling on page 186 The default values are listed in Table 4 Table 4 Default Mappings of IEEE 802 1p Priority Levels to Egress Priority Queues IEEE 802 1p Priority Egress Port Priority Level Queue 0 Q1 1 QO Q2 Q3 Q4 Q5 Q6 Q7 NIOJ oO BR OIN 4 Inthe Configure CoS Queues to Egress Queues section of the tab click the list for a CoS priority whose queue assignment you want to change and select the new queue For example to direct all ingress tagged packets with a CoS priority of 5 to egress queue Q3 you would use the list in CoS 5 to PQ and select Q3 QoS PriorityQ 3 5 If desired repeat Step 4 to change the egress queue assignment of othe
119. 54 254 Network Security Comments Default Gateway Services o Je utilities ers logout Manager Password Operator Password Confirm Manager Password Confirm Operator Password Configuration BOOTP DHCP MAC Address Aging Time Enable DHCP 300 second s O Enable BOOTP O Disable Figure 5 General Tab Configuration 38 Section Basic Operations Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Note This procedure describes the parameters in the Administration section of the tab The Passwords section is described in Configuring the Manager and Operator Passwords on page 44 The BOOTP DHCP parameters are described in Activating the BOOTP or DHCP Client Software on page 41 The MAC Address Aging Time parameter is described in Changing the Aging Time on page 101 Note The Reset button resets the switch For instructions refer to Rebooting a Switch on page 46 2 Configure the following parameters as necessary System Name This parameter specifies a name for the switch for example Sales Ethernet switch The name is displayed at the top of the AT S63 management pages and tabs The name can be from 1 to 39 characters The name can include spaces and special characters such as exclamation points and asterisks The default is no name This parameter is optional Note Allied Telesyn recommends assign
120. AA E A A EEEE EAA EIRE 127 Figure 38 Eist Files Page weccts cetescec5 hehe Meepzeets raced ecettaaandebedi a a E A NAE cote 129 Chapter 10 File Downloads and UploadS sssssnuunsenennnnnnnnnnnnunnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nenne 133 Figure 39 System Utilities Tab Configuration 0 0 00 ccecceeceeeeeeeeeeeeeeeaaeeeeeeeaaeeeseeeaaeeeeeeeiaeeeseeeneeeeeesenaees 136 Chapter 11 Event Logs and Syslog Servers ccecseeeceeeeeeeeeeeeeseneeseeeeeneeeseseseeeeseeseeeeeeseeeesneeseesesneeeeeesesenes 141 Figure 40 Event Log Tab Configuration srainnsear nini ERA n EEA CEER AEAEE AR EE ERANA EEA CEER AAA A SETA CERENA 143 Figure 41 Event Log Tab Monitoring orreina aaa r EEA AE EA ae Re aa EE EE RENE 145 Figure 42 Event Log Example Displayed in Normal Mode ccccceccceteeeeeeceeeeeeeeneeeeeeeeeeeeeeseeeneeeeseenaneees 148 Figure 43 Event Log Example Displayed in Full Mode sassseeesssesessrrresessrsessssrnneerennnesrennnesenrnnestnnnaneenennnenennn 149 Figure 44 Create Event Log Output Page ccccececeecceeeeeeeeneeeeeseeneeeeeeseneeeeeeeceeeeeeeeseeneaeeeeseeaaeeesenenaeeees 152 Figure 45 View Event Log Output Page rierren oan a EEEE EE AE EK ERATE ER Er SEA Te EEEE 155 Figure 46 Configure Log Outputs SeCtiON ce eceeeeeeeeeeee eee eeeeeeeeeeeeeeeeeeeeaeaeeeeseeeeeeeeeseeeaeeeeeteeaeeeeeeeenaeeees 156 Figure 47 Modify Event Log Output Pages eiennenn eei AEE A aA E E REEN aE AARETE 156 Chap
121. ACL You can assign more than one classifier to an ACL To select multiple classifiers hold down the Ctrl key while making your selections To view the classifiers on a switch refer to Displaying the Classifiers on page 169 An ACL must have at least one classifier Action Use this menu to specify the action of the ACL Deny which is the default discards ingress packets that match the defined traffic flow of the classifier Permit accepts the packets The default is Deny Description Use this field to enter a description for the ACL A description can be up to 15 alphanumeric characters including spaces A description is optional Port List Use this list to specify the port where you want to assign the ACL You can assign an ACL to more than one port To select multiple ports hold down the Ctrl key while making your selections You do not have to assign an ACL to a port when you initially create it However an ACL that is not assigned to any port is considered inactive 173 Chapter 13 Access Control Lists 174 6 Click Apply The new ACL is immediately activated on the specified ports If you did not specify any ports for the ACL the ACL is created but remains inactive until you assign it to a port 7 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section Il Advanced Operations AT S63 Management
122. AGB tsictcectcsctbcaeh sed ccuders sadevee ic tteval eia decoded nthe cael teia erine e dt ha donee a 446 Deleting an ACE srie iaai a Ea e e A Dice as AAR E tener R R R e iea 448 Displaying the Management Access Control LiSt 0 ceceececeeeeeceeeeeeeeeeeeeeeseseeeeeeeseeeeaeeeseeeeaeeeseeeeeaeeseenaneees 449 alelet OP A eee eee a N E E T 451 Figures Chapter 1 Starting a Web Browser Management Session cesseeceeceeeeeeeeeeeeeeeneeeeeneeneeeeaeeeeeeeeenseeeneeeenees 27 Figure 1 Entering a Switch s IP Address in the URL Field eeeececeeeesseeeeeeeeeneeeeeeeaaaeeeseeenaeeeeeeeenaeeeeeseaaas 28 Figure 2 AT S63 Login Page ws ss5 E AA O OA GEE TERE AEE EAE DSE 29 Figure SH Home Page cieren theve nes guacdiadaad coe cleved puce AEEA AE E 29 Figure 4 Save Config Option in the Configuration Menu sssssesssrsssesrresserrrssstttrrestttrrnssttnrrsssttntnssttennssreen 32 Chapter 2 Basic Switch Parameters ncesisic ccesccesteteeccevecescanseeceutcceeceneneseevevecaueden enone cdvedevencesenantiedietedeeeenetis 37 Figure 5 General Tab Configuration ccccccccceeeeeeeeeeeeneeeeeeeeeeeeeeeeeaaeeeeeeeeaaeeeeseeeaeeeeeeecaeeeeeeeereeeseenieeeeeseeaas 38 Figure 6 General Tab Monitoring eceeecceeeeeeee eee eeeeee eee eeeeaae eee eeeaaaeeeeeeeaaeeeeseeeaeeeeseeeaeeeeseeeeeeeeeeneeeeeneeaas 42 Figure 7 Systemi Time Tab seian raet ETa date ARAE EATA EAE AeA AE esha ines eda A R 48 Figure 8 File System Tab Monito
123. AN Each group on the switch must be given a unique group number The range is 1 to 256 In the Available Untagged Port and Available Tagged Ports lists select the port you want to be in the group You can assign more than one port to group To select multiple ports from a list use lt Ctrl gt click Click Add 379 Chapter 23 Protected Ports VLANs 380 15 16 17 The switch creates the group and adds it to the VLAN Groups section of the window Repeat steps 12 to 14 to create the other groups for the VLAN After you have assigned all of the ports in the VLAN to a group click the Apply button at the bottom of the window The management software will not allow you to create the VLAN until all of the ports have been assigned to a group The new protected ports VLAN is now ready for network operations From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section V Virtual LANs AT S63 Management Software Web Browser Interface User s Guide Modifying a Protected Ports VLAN Section V Virtual LANs This procedure explains how to change the uplink port of a protected ports VLAN and how to add or remove ports from a VLAN When modifying a protected ports VLAN note the following g g You cannot change the VID of a protected port VLAN You cannot change the name of a VLAN from a web browser man
124. Access Mode Read Only O Read Write Managers Trap Receivers Allow Any Station Manager IP Address 1 Trap Receiver IP Address 1 Manager IP Address 2 Trap Receiver IP Address 2 Manager IP Address 3 Trap Receiver IP Address 3 Manager IP Address 4 Trap Receiver IP Address 4 Manager IP Address 5 Trap Receiver IP Address 5 Manager IP Address 6 Trap Receiver IP Address 6 Manager IP Address 7 Trap Receiver IP Address 7 Manager IP Address 8 Trap Receiver IP Address 8 Figure 17 Modify SNMPv1 amp SNMPv2c Community Page 6 Modify the following parameters Community Name This field is not configurable from this page It is the name of the SNMP community Status Click Enable to enable the SNMP community Click Disable to disable the SNMP community Access Mode Click Read Only to allow read access to the SNMP community Click Read Write to allow read write access to the SNMP community Allow Any Station Click this option to allow any SNMP manager to access the switch When you click this option a warning message appears on the screen Click OK to continue Manager IP Address1 through Manager IP Address 8 Enter an IP Address of a switch that is permitted SNMP manager Section Basic Operations Section I Basic Operations AT S63 Management Software Web Browser Interface User s Guide access to the current switch You can enter up to 8 Manager IP Addresses Trap Receiver IP Address 1
125. Active Figure 108 SNMPv3 Target Parameters Table Tab Configuration Section Ill SNMPv3 275 Chapter 18 SNMPv3 276 4 Click Add The Add New SNMPv3 Target Parameter page is shown in Figure 109 Target Parameters Name snmpv3manager50 Message Processing Model H v3 Security Model 3 v Security Name debashi Security Level Privacy Storage Type Volatile Row Status Active 5 Figure 109 Add New SNMPv3 Target Parameters Page In the Target Parameters Name field enter a name of the SNMP manager or host Enter a value of up to 32 alphanumeric characters Note Enter a value for the Message Processing Model parameter only if you select SNMPv1 or SNMPv2c as the Security Model If you select the SNMPv3 protocol as the Security Model then the Message Processing Model is automatically assigned to SNMPv3 In the Message Processing Model field enter a Security Model that is used to process messages Select one of the following SNMP protocols v1 Select this value to process messages with the SNMPv_1 protocol v2c Select this value to process messages with the SNMPv2c protocol v3 Select this value to process messages with the SNMPv3 protocol In the Security Model field select one of the following SNMP protocols as the Security Model for this Security Name or User Name Section Ill SNMPv3 Section Ill SNMPv3 AT S63 Management Software W
126. All packets are remarked DSCP Value Specifies a replacement value to write into the DSCP TOS field of the packets The range is 0 to 63 Traffic Class List Specifies the traffic classes to be assigned to the policy The traffic classes must already exist Select the classes from the list To select more than one use lt Ctrl gt click Ingress Port List Specifies the ingress ports to which the policy is to be assigned Select the ports from the list To select more than one use lt Ctrl gt click A port can be an ingress port of only one policy at a time Egress Port Specifies the egress port to which the policy is to be assigned A port can be an egress port of only one policy at a time Redirect Port Specifies the port to which the classified traffic from the ingress ports is redirected Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save To modify a policy perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Services option The Services page is displayed with the CoS tab selected by default as shown in Figure 59 on page 182 Select the Policies tab The Policies tab is shown in Figure 75 on page 206 Select a policy fro
127. C Addresses Click Dejete to Remove All Dynamic MAC Addresses Figure 123 MAC Address Tab Configuration 3 Select the Spanning Tree tab 302 Section IV Spanning Tree Protocols AT S63 Management Software Web Browser Interface User s Guide The Spanning Tree tab is shown in Figure 124 System Name Marketing C Addr 00 30 84 AB EF CD Active Protocol Version C Enable Spanning Tree OSTP RSTP MSTP Multicast e Configure Spanning Tree Parameters Configure Figure 124 Spanning Tree Tab Configuration 4 To enable or disable spanning tree click the Enable Spanning Tree check box A check indicates that the feature is enabled while no check indicates that the feature is disabled The default is disabled 5 To select a spanning tree version for the Active Protocol Version parameter click STP RSTP or MSTP The default is RSTP Note Only one spanning tree protocol can be active on the switch ata time 6 Click Apply 7 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 8 If you activated STP go to Configuring STP on page 304 If you activated RSTP go to Step Configuring RSTP on page 312 If you activated MSTP go to Chapter 20 Multiple Spanning Tree Protocol on page 319 Section IV Spanning Tree Protocols 303 Chapter 19 Spanning Tree and
128. CL which is either Permit or Deny An action of Permit instructs the port to accept packets from the defined traffic flow of the classifier while an action of Deny discards the packets Having this information handy will make it easier for you to perform the procedure To view the classifier ID numbers and specifications refer to Displaying the Access Control Lists on page 178 To configure a classifier perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Note You can access the Classifiers tab either through the Network Security menu option or through the Services menu option This procedure uses the path through the Network Security menu option 2 From the Configuration menu select the Network Security option The Network Security page is displayed with the Port Security tab selected by default as shown in Figure 158 on page 392 3 Select the Classifier tab 160 Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide The Classifier tab is shown in Figure 48 AT 9424T SP Page lof 1 em Name Mark cung dr 00 30 84 AB EF CD Classifier Current Classifiers Description plod bet p eee 1 test 2 test Network Security Figure 48 Classifier Tab Configuration The tab lists the
129. D field enter a subtree that this view will or will not be permitted to display You can enter either a numeric value in hex format or the equivalent text name For example the OID hex format for TCP IP is 1 3 6 1 2 1 6 The text format is for TCP IP is tcp In the Subtree Mask field enter a subtree mask in hexadecimal format This is an optional parameter that is used to further refine the value of the Subtree OID parameter The Subtree OID parameter defines a MIB View and the Subtree Mask parameter further restricts a user s view to a specific the column and row of the MIB View The value of the Subnet Mask parameter is dependent on the subtree you select For example if you configure the View Subtree parameter as MIB ifEntry 0 3 it has the following value 1 3 6 1 2 1 2 2 1 0 3 To restrict the user s view to the third row all columns of the MIB ifEntry 0 3 enter the following value for the Subtree Mask parameter ff bf In the View Type field enter one of the following view types Included Enter this value to permit the user to see the subtree specified above Excluded Enter this value to not permit the user to see the subtree specified above In the Storage Type field enter a storage type for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the View Table After making changes to a View Table entry with a Volatile storage type the Save Config option i
130. E araa 22 Table 2 AT S63 Software Modules isisisi tiurii iniii a aiioe ianiai ideeen 147 Table 3 Event Seventy Levels erinin a a a Mv a A a aaa 149 Table 4 Default Syslog Facilities 0 2 scss cecluetind enan e a E R EEE EA a E E A N 154 Table 5 Default Mappings of IEEE 802 1p Priority Levels to Egress Priority Queues cccceceeeeeeceeeeeeeseaeeeeeeeeeaees 185 Table 6 Example of Weighted Round Robin Priority oo ce eeseeeeseeeeeneeeeeneeeeeeeeeeenaeeeeeaeeeceeeeeeeneeeesaaaeseeeaeesnneeeneeeeeneaeees 186 Table 7 Bridge Prority Value INCrements sisisi iaa eee aea aiani aeaiiai aiita 306 Table 8 Port Priority Value IMcrement 2 c cesccctecseeescstecsen cee eeueeeeesceeuescbeseunennevenseesenedapustdeescdsmesceaedssneedenstennecdentedeneedeateess 307 Table 9 MSTP Auto Update Port Internal Path Costs 0 ee ccseeesceeeeeeeceneeeeeeeeeeaeeeeeaeeeseeeeeeseeeseaaesneeeeesaeeesnaaeeesneeeee 334 Table 10 MSTP Auto Update Port Trunk Internal Path Costs 0 eee ener ceeeeeeeneeeeeaeeeeeeeeeenaeesesaaeeseeeeesneeeneaeeeeneaeees 335 Table 11 MSTP Auto External Path Costs 0 0 cee cceesseeesneeeeeneeeeeeeeesaeeeeeaaeeeeeeeeeeaaeeseeaeeeeeeeessaeeeseaeeesneeeeseeeesnaeeenneeeee 335 Table 12 MSTP Auto External Path Trunk Costs eecceecceeeesneeeeeeeeeeneeeeeeaeeeeneeeeeaaeeeenaaeeseeeeeesaeeseeeaesneeeeseateeseaeeesneeeee 336 Table 13 GVRP State Machine Parameters 0 0 eee cecceeeeeeeecenneeeeeeeeeeeneeeeeaeeceneeeesaaeeseaaeeee
131. EEE A PETA ATSE 241 Figure 93 SNMPv3 View Table Tab Configuration esseseeesessreessesrrssseterrestttrrsstttrrsssttnressttnnnasttnnnnstennent 245 Figure 94 Add New SNMPv3 View Page sesssssessseerrsssstirstttttt ttt tttt ttnt tunna Attu AASS EEEEAAAE EEEE A SEEE En aat Ennan EEEn at 245 Figure 95 Modify SNMPv3 View Page asssssssssssrressrsrnnssrrnnnestinnnaastinnsaennanannntennaanttannadttannndtaaaanntnannaattaan naaa 248 Figure 96 SNMPv3 Access Table Tab Configuration eeesssseeeesseseeesseriresttrrsstirrststtnnsssttrrsssttennssttenenet 250 Figure 97 Add New SNMPVv3 Access PaQe ccceccceceeteteeeeeeeenneeee eee eiieeeeeeeeaeeeeeesiieeeeeeetaieeeeeeetieeeeeesieeeeene 251 Figure 98 Modify SNMPv3 Access Page cceeteceeeeceeteeee eee enne tees retin tees ee eeeeeeeaeeeeeetaaeeeeeesiaeeeestiaeeeeeeee 255 Figure 99 SNMPv3 SecurityToGroup Table Tab Configuration cccecceeeeseeeeeeeeeeeceeeeeeeteneeeeeeetneeeeerenea 258 Figure 100 Add New SNMPVv3 SecurityTOGroup Page 0 0 2 eceeeceeeeeteeee eee eecneeeeeeeeeeeeetaeeeeeetiaeeeeeetiaeeeeee 258 Figure 101 Modify SNMPv3 SecurityTOGroup Page 0 ccecceeeeeeeeeneeee eee eecneee eee taeeeeeetaeeeeeeteeeeeeetieeeeeead 261 Figure 102 SNMPv3 Notify Table Tab Configuration 00 ececeeeeceeeeeeeeeeene eee eeeeeeeeetaeeeeeesiaeeeeeesaeeeeeeaa 264 Figure 103 Add New SNMPv3 Notify Page cc cence ee eenreee terete ee eee e tees et aaeee eee na
132. Figure 115 SNMPv3 User Table Tab Monitoring 0 cccccceeeeeeeeeteeee eee eeneeee eee eneeeeeetaaeeeeeetaeeeeeesiaeeeene 290 Figure 116 SNMPv3 View Table Tab Monitoring cccceeceeteeceeeeeeeeeeeeeeeeneeeeeeteneeee eee teeeeeeetiaeeeeersnaeeeene 291 Figure 117 SNMPv3 Access Table Tab Monitoring 0 cccccecceceeeeteeeeeeeenieeeeeeteneeeeeeeeeeeeeetaeeeeeeseieeerenea 292 Figure 118 SNMPv3 SecurityToGroup Table Tab MOnitoring ccccceeeeseeeeeeeeceeeeseeeeeeeeeseeeeeaeeeeeeenaeeees 293 Figure 119 SNMPv3 Notify Table Tab MOnitoring 0 ccccceceeeeeeeeeee eee tenn steer etaeeeeeetaaeeeeeesiaeeeeessiaeeeene 294 Figure 120 SNMPv3 Target Address Table Tab Monitoring 0 ccccceeeeeeeeeeeeeeeeneeeeeeteeeeeeeetneeeeersiaeeeeee 295 Figure 121 SNMPv3 Target Parameters Table Tab MOnitoring 0 cccccccceeeseeeeeeeeeseneeeeeeetneeeeeesnaeeeeee 296 Figure 122 SNMPv3 Community Table Tab Monitoring 0 ccecceeceeeeseeeeeeeeeeenneeeeeettceeeeeetiaeeeeeesnaeeeeeeaa 297 Chapter 19 Spanning Tree and Rapid Spanning Tree Protocols c c seeeeeeeeeeeeeeeeeeeeeeeesseeneeeeeeeees 301 Figure 123 MAC Address Tab Configuration ccccceceeeeeeeeeeeeeceeee eee teneeeeeeeseeeeeetaaeeeeeesieeeeessneeeeenen 302 Figure 124 Spanning Tree Tab Configuration ecccceeceeceeee eee eeneee cere enieeeeeeeaeeeeeeeaeeeeeesiaeeeeesseeeeenen 303 Figure 125 Configure STP Parameters
133. Figure 124 on page 303 4 Click Configure 312 Section IV Spanning Tree Protocols AT S63 Management Software Web Browser Interface User s Guide The Configure RSTP Bridge Parameters tab is shown in Figure 131 Layer 2 Configure RSTP Parameters Force Version Bridge Max Age 6 40 O Force STP Compatible RSTP 20 Bridge Priority 0 15 Bridge Identifier 8 Bridge Hello Time 1 10 2 Bridge Forwarding 4 30 15 System Name Marketing MAC Addr 00 30 84 A4B EF CD 4096 32768 00 30 84 AB EF CD Section IV Spanning Tree Protocols Figure 131 Configure RSTP Parameters Tab Configuration 5 Configure the following parameters as necessary Force Version This selection determines whether the bridge operates with RSTP or in an STP compatible mode If you select RSTP the bridge operates all ports in RSTP except for those ports that receive STP BPDU packets If you select Force STP Compatible the bridge operates in RSTP using the RSTP parameter settings but it sends only STP BPDU packets out the ports Bridge Priority The priority number for the bridge This number is used in determining the root bridge for RSTP The bridge with the lowest priority number is selected as the root bridge If two or more bridges have the same priority value the bridge with the numerically lowest MAC address becomes the root bridge When a root bridge goes off line the bridge with the next prio
134. Figure 34 on page 115 Click the Enable Mirror checkbox to remove the check and disable the mirror Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Deleting a Port Mirror To delete a port mirror perform the following procedure 1 Section Basic Features From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 1 option The Layer 1 page opens with the Port Settings tab displayed by default as shown in Figure 20 on page 78 Select the Port Mirroring tab The Port Mirroring tab is shown in Figure 33 on page 114 Click Modify The Modify Mirror page is shown in Figure 34 on page 115 Click the Enable Mirror checkbox to remove the check and disable the mirror Click Apply Click the destination port which is white so that it is black Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 119 Chapter 8 Port Mirroring Displaying the Port Mirror 120 To display the port mirror perform the following procedure 1 From the Home page s
135. IP Mask Destination IP Address Destination IP Mask IP Protocol User Specified IP Protocol User Specified Y Figure 50 Create Classifier Page IP Protocol Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide 5 Configure the following parameters as desired ID Specifies an ID number for the classifier Every classifier on the switch must have a unique ID number The range is 1 to 9999 This parameter is required Description Specifies a description for the classifier A description can be up to fifteen alphanumeric characters Spaces are allowed Destination MAC Defines a traffic flow by its destination MAC address Source MAC Defines a traffic flow by its source MAC address Ethernet Format Defines a traffic flow by the format of the Ethernet packets Selections are o Untagged Ethernet II untagged packets o Tagged Ethernet II tagged packets 0 802 2 untagged Ethernet 802 2 untagged packets 0 802 2 tagged Ethernet 802 2 tagged packets Priority Defines a traffic flow by the user priority level in tagged Ethernet frames The range is 0 to 7 VLAN ID Defines a traffic flow of tagged packets by its VLAN ID number The range is 1 to 4094 Protocol Defines a traffic flow as one of the following Layer 2 protocols o User Specified oO IP oO A
136. IRR Port mirroring PSEC Port security PTRUNK Static port trunks QOS Quality of Service RADIUS RADIUS authentication protocol 147 Chapter 11 Event Logs and Syslog Servers Table 1 AT S63 Software Modules Continued Name Description RPS Redundant power supply RRP RRP Snooping SNMP Simple Network Management Protocol SSH Secure Shell protocol SSL Secure Sockets Layer protocol STP Spanning Tree Rapid Spanning Tree and Multiple Spanning Tree protocols SYSTEM Hardware status Manager and Operator log in and log off events TACACS TELNET TACACS authentication protocol TELNET TFTP TIME Trivial File Transfer Protocol System Time and SNTP VLAN Port based and tagged VLANs and multiple VLAN modes 8 Click View Figure 42 shows an example of an event log in Normal mode 04 20 04 06 56 54 04 20 04 06 56 54 04 20 04 06 56 54 04 20 04 06 56 55 04 20 04 06 56 55 04 20 04 06 56 55 04 20 04 06 56 55 04 20 04 06 56 56 04 20 04 06 56 56 04 20 04 06 56 56 T Events view Normamode O O O O O oO file File System initialized http Server resetto defaults ssh SSH server disabled cfg Configuration initialized tacacs TACACS initialized radius RADIUS initialized garp GARP initialized qos Number of Egress Queues setto 8 qos Priority 0 mapped to Egress Queue 0 qos Priority 1 mapped to Egress Queue 1
137. IV Spanning Tree Protocols This chapter explains how to configure multiple spanning tree protocol MSTP parameters on an AT 9400 Series switch using a web browser management session It contains the following procedures QOQQ0Q0 0 OQ 000 Enabling MSTP on page 320 Configuring MSTP on page 322 Creating Deleting or Modifying MSTI IDs on page 326 Adding Removing or Modifying VLAN Associations to MSTIs on page 330 Configuring MSTP Port Parameters on page 333 Displaying the MSTP Port Configuration on page 337 Displaying the MSTP Port Status on page 340 Displaying the MSTP Port Status on page 340 Resetting MSTP to the Default Settings on page 342 Note For background information on MSTP refer to Chapter 24 Multiple Spanning Tree Protocol in the AT S63 Management Software Menus Interface User s Guide 319 Chapter 20 Multiple Spanning Tree Protocol Enabling MSTP The AT 9400 Series switch can support the three spanning tree protocols STP RSTP and MSTP However only one spanning tree protocol can be active on the switch at a time So before you can enable a spanning tree protocol you must first select it as the active spanning tree protocol After you select it you can then enable or disable it To select MSTP as the active spanning tree protocol and to enable or disable it perform the following procedure Note Changing the active spanning
138. LAN as untagged ports To permanently save the change select the Save Config menu selection 385 Chapter 23 Protected Ports VLANs Displaying a Protected Ports VLAN To display the details of a protected port VLAN perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 From the Monitoring menu select the Layer 2 option 3 The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 123 on page 302 4 Select the VLAN tab The VLAN tab is shown in Figure 145 on page 355 5 Click the circle next to the protected ports VLAN you want to view and click View The View Protected VLAN page is shown in Figure 157 T Vew Prosad vian VLAN Details VID Name 2 Marketing Type Protocol Protected None Untagged Ports Tagged Ports 15 19 22 Uplink Ports Protected VLAN Groups Group Number P Port List 15 21 Figure 157 View Protected VLAN Page The VLAN Details section displays the following information VID The VLAN ID Type The VLAN type which is always Protected 386 Section V Virtual LANs Section V Virtual LANs AT S63 Management Software Web Browser Interface User s Guide Untagged Ports The untagged ports that are members of the VLAN Uplink Ports The uplink port s fo
139. List The traffic classes to be assigned to the policy Ingress Port List The ingress ports to which the policy is to be assigned Egress Port The egress port to which the policy is to be assigned Redirect Port The port to which the classified traffic from the ingress ports is redirected 5 Click Close 212 Section Il Advanced Operations Chapter 16 Denial of Service Defense Section Il Advanced Operations This chapter contains instructions on how to configure the Denial of Service defense feature on the switch The sections include 0 Configuring Denial of Service Defense on page 214 0 Displaying the DoS Settings on page 217 Note For background information on denial of service defense refer to Chapter 18 Denial of Service Defense in the AT S63 Management Software Menus Interface User s Guide 213 Chapter 16 Denial of Service Defense Configuring Denial of Service Defense 214 To configure the ports on the switch for Denial of Service attack defense perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Network Security option The Network Security page is displayed with the 802 1x Port Access tab selected by default as shown in Figure 158 on page 392 Select the DoS tab The DoS tab is sh
140. MPv3 section click the button next to Configure View Table and then click Configure at the bottom of the tab Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide The SNMPv3 View Table tab is shown in Figure 93 SNMPvs3 View Table Total Entries 6 Page 1 of 2 SubTree SubTree View Name OID Mask View Type Storage Type Row Status 1 3 6 1 2 Excluded Nonvolatile Mgmt Protocols 1 3 6 1 4 ff Included Volatile internet 1 3 6 1 Included NonvVolatile O directory 1 3 6 1 1 Included NonvVolatile O experimental 1 36 13 Excluded NonvVolatile Figure 93 SNMPv3 View Table Tab Configuration 4 Click Add The Add New SNMPv3 View page is shown in Figure 94 T anew simwa View View Name gt private Subtree OID gt private Subtree Mask ff ff View Type Included Storage Type Volatile Row Status Active Figure 94 Add New SNMPv3 View Page 5 Inthe View Name field enter a descriptive name for this view Assign a name that reflects the subtree OID for example internet Enter a unique name of up to 32 alphanumeric characters Section Ill SNMPv3 245 Chapter 18 SNMPv3 246 Note The defaultViewAll value is the default entry for the SNMPv1 and SNMPv2c configuration You cannot use the default value for an SNMPv3 View Table entry In the Subtree OI
141. Management Software AT S63 Web Browser Interface User s Guide AT 9400 Series Layer 2 Gigabit Ethernet Switches Version 1 2 0 PN 613 50592 00 Rev C AV Al ied Telesyn Copyright 2005 Allied Telesyn Inc All rights reserved No part of this publication may be reproduced without prior written permission from Allied Telesyn Inc Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation Netscape Navigator is a registered trademark of Netscape Communications Corporation All other product names company names logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners Allied Telesyn Inc reserves the right to make changes in specifications and other information contained in this document without prior written notice The information provided herein is subject to change without notice In no event shall Allied Telesyn Inc be liable for any incidental special indirect or consequential damages whatsoever including but not limited to lost profits arising out of or related to this manual or the information contained herein even if Allied Telesyn Inc has been advised of known or should have known the possibility of such damages Contents PROTACG EEEE EEE sacs pet ce EAEE sa sanesdsanesace asus E E EA EAE asta 17 How This Guide is OrganiZed osare en cet ntde devin te E e ta ee etd et a teeta eee 18 Document Conventions E EE E E EE E A 19
142. Monitoring The System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 From the Monitoring menu select the Mgmt Protocols option The Mgmt Protocols page is displayed with the Server based Authentication tab selected by default as shown in Figure 179 on page 436 3 Select the SSL tab The SSL tab is shown in Figure 171 Maximum Number of Sessions is 50 Session Cache Timeout is 300 seconds Mgmt Protocols Figure 174 SSL Tab Monitoring The SSL tab provides the following information Maximum Number of Sessions The maximum number of SSL sessions allowed at one time Session Cache Timeout The length of time before the session cache times out in seconds Section VII Management Security 423 Chapter 26 Encryption Keys PKI and SSL 424 Section VII Management Security Chapter 27 Secure Shell SSH Section VII Management Security This chapter explains how to configure the Secure Shell SSH protocol and contains the following sections 0 Configuring SSH on page 426 o Displaying the SSH Settings on page 428 Note For background information on SSH refer to Chapter 35 Secure Shell SSH in the AT S63 Management Software Menus Interface User s Guide 425 Chapter 27 Secure Shell SSH Configuring SSH 426 To configure SSH perform the following procedure 1 From the Hom
143. No flow control on the port This is the default Enabled Flow control is activated For further information about flow control refer to Chapter 6 Port Parameters in the AT S63 Management Software Menus Interface User s Guide Back Pressure Use this parameter to set back pressure on a port This option only appears for ports operating in half duplex mode A switch port uses back pressure to control the flow of ingress packets The possible settings are Enabled Back pressure is enabled Disabled Back pressure is disabled This is the default Section Basic Operations Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide For further information about back pressure refer to Chapter 6 Port Parameters in the AT S63 Management Software Menus Interface User s Guide Flow Control Back Pressure Limit Use this parameter to specify the maximum number of ingress packets that a port receives within a one second period before initiating flow control or back pressure A cell equals 128 bytes The range is 1 to 7935 The default is 7935 cells The following three parameters allow you to set rate limiting the maximum number of ingress packets a port accepts each second Packets exceeding the threshold are discarded HOL Blocking HOL blocking sets a threshold on the utilization of a port s egress queue When the threshold for a port is exceeded the switch signals other
144. Only error messages are displayed Error messages indicate that the switch operation is severely impaired Warning Only warning messages are displayed These messages indicate that an issue may require manager attention Information Only informational messages are displayed Informational messages display useful information that you can ignore during normal operation Debug Debug messages provide detailed high volume information that is intended only for technical support personnel Use lt Ctrl gt click to select more than one severity at a time Type The only available type is Syslog and you cannot change this Syslog Server IP Address The IP address of the syslog server Facility Level The numerical code to be added to the entries sent to the syslog server to group the entries according to the module or switch that produced them The facility levels are described in Table 3 on page 154 157 Chapter 11 Event Logs and Syslog Servers Module Selections Specifies the AT S63 management software module s whose events you want to send to the syslog server To select more than one use lt Ctrl gt click For a list of modules refer to Table 1 on page 147 5 Click Apply to apply the changes or Close to close the page without making changes 6 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Deleting a Log
145. P or NTP server on your network or the Internet configure the following options UTC Offset Specifies the difference between the UTC and local time The default is 0 hours The range is 12 to 12 hours Note If the switch is using DHCP it automatically attempts to determine this value In this case you do not need to configure a value for the UTC Offset parameter 48 Section Basic Operations Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Daylight Savings Time DST Enables or disables the system s adjustment for daylight savings time The default is enabled Note The switch does not set DST automatically If the switch is in a locale that uses DST you must remember to enable this in April when DST begins and disable it in October when DST ends If the switch is in a locale that does not use DST this option should be set to disabled all the time Status Enables or disables the SNTP client on the switch The default is disabled Server IP Address Specifies the IP address of an SNTP server Note If the switch is obtaining its IP address and subnet mask from a DHCP sever you can configure the DHCP server to provide the switch with an IP address of an NTP or SNTP server If you configured the DHCP server to provide this address then you do not need to enter it here Poll Interval Specifies the number of seconds the switch waits between polling the
146. P port in the range of 0 to 65 535 The default UDP port is 162 In the Timeout field enter a timeout value in milliseconds When an Inform message is generated it requires a response from the switch The timeout value determines how long the switch considers the Inform message an active message This parameter applies to Inform messages only The range is from 0 to 2 147 483 647 milliseconds The default value is 1500 milliseconds In the Retries field enter the number of times the switch retries or resends an Inform message When an Inform message is generated it requires a response from the switch This parameter determines how many times the switch resends an Inform message The Retries parameter applies to Inform messages only The range is 0 to 255 retries The default is 3 retries In the Tag List field enter a list of tags that you configured in a SNMPv3 Notify Table with the Notify Tag parameter See Creating a Notify Table Entry on page 263 Enter a Tag List of up to 256 alphanumeric characters Use a space to separate entries for example hwengtag swengtag testengtag In the Target Parameters field enter a Target Parameters name This name can consist of up to 32 alphanumeric characters The value configured here must match the value configured with the Target Parameters Name parameter in the SNMPv3 Target Parameters Table In the Storage Type field enter one of the following storage types for this table en
147. Parameters Page cecccecceeeeeeeeeeeeeeeeeeeseneeeeeeeseceeeeeeeseeeeeeeeeseeeaeeeseeenaneees 409 Figure 169 Supplicant Port Parameters Page cccecccceeeeeeeeeeeeeeeeeeeeeeeeseneaeeeeeseseeeeeeeeeeeeaeeeeseeaeeeeseeenaeeees 410 Figure 170 802 1x Port Access Tab Monitoring cccecceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeseeeeeeeeeseeeeaeeeeseenaeeeeeseeeeeeees 413 Chapter 26 Encryption Keys PKI and SSL eccceccceeeeeeeeeeeeeeeeeee eee eeee eee eeeeeeneseaeeaeeeseeeeeeeseseeeseeeseaneeeees 417 Figure 171 Keys Tab Monitoring saarnia miinan A a e a aa ia ae aiaa 418 Figure 172 PKI Tab Monitoring ecnisarcnncen iiir iii Aa EAE AE ANTEA 420 Figure 173 X509 Certificate Details Page cc ceceeceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeseneeaeeeseeeeeeeeeseeeeaeeeeteeaeeeeseeenaeeees 421 Figure 174 SSL Tab Monitoring isscte ccecctce ieee ceec cece c das deete saan Soest lid eevee cco eheseueut a de seeelbll dedueestdeaeevevenineeedh 423 AT S63 Management Software Menus Interface User s Guide Chapter 27 Secure Shell SSH 0 cccceseeeeneeeeeeeneeeeeeeceneeeeeeeeeeeeeeeseeeeeeeeseaeeeeeeasecaeeeeeaseeeeeeeeaseenseeeasesenenenees 425 Figure 175 Secure Shell Tab Configuration 0 ceccceeeeeeeeeeeeeeeccneeeeeeeaeeeeeeeaeeeeeeeaaeeeesesaaeeeeeeneeeeesenaas 426 Figure 176 Secure Shell Tab MOnitoring ccceeceeeeeeeeeeeeeeenneeeeee tenants eee teeeeeeeenneeeeeeetaeeeeeeetieeeessieeeeeee 428 Chapter 28
148. Priority in the Configure Egress Weights section of the tab The default is Strict Priority Skip the next step if you select Strict Priority Queue weights do not apply to Strict Priority scheduling If you selected Weighted Priority use the Queue Weight fields to specify for each queue the number of packets you want a port to transmit before it goes to the next queue The range is 1 to 15 For an example refer to Table 5 Table 5 Example of Weighted Round Robin Priority Port Egress Queue Maximum Number of Packets QO 1 Q1 1 Section II Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide Table 5 Example of Weighted Round Robin Priority Continued Port Egress Queue Maximum Number of Packets Q2 1 Q3 5 Q4 5 Q5 5 Q6 15 Q7 15 Leaving the default value of 1 for each queue results in all egress queues being given the same priority Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 187 Chapter 14 Class of Service Displaying the CoS Settings To display the CoS settings perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42
149. RP oO RARP User Specified Protocol Defines a traffic flow of a Layer 2 protocol by its protocol number The number can be entered in either decimal or hexadecimal format For the latter precede the number with Ox To use this parameter the Protocol parameter must be set to User Specified 163 Chapter 12 Classifiers 164 TOS DSCP Defines a traffic flow by its Type of Service or DSCP value To set this parameter the Protocol parameter must be set to IP Options are ao TOS Type of Service o DSCP TOS Defines a traffic flow by its Type of Service value The range is 0 to 7 To set this value the TOS DSCP parameter must be set to TOS DSCP Defines a traffic flow by its DSCP value The range is 0 to 63 To set this value the TOS DSCP parameter must be set to DSCP IP Protocol Defines a traffic flow of a Layer 3 protocol To set this parameter the Protocol variable must be set to IP Options are o User Specified o TCP oO UDP o ICMP o IGMP User Specified IP Protocol Defines a traffic flow of a Layer 3 protocol by its protocol number The number can be entered in either decimal or hexadecimal format If you use the latter precede the number with 0x To set this parameter the IP Protocol parameter must be set to User Specified Source IP Address Source IP Mask Defines a traffic flow by a source IP address The address can be of a specific node or a subnet You do not need to include
150. RTLA IREE EER A Aa iiei 78 Displaying PO Status initial a E NA R ASEAS aa ened eee 85 Displaying Port Statistics ae onera sites a E EAEE EEE EAE A TE E a AE ts E A A 89 Resetting a Port to the Default Settings 00 0 0 cee tr et nn nee erie ee era neee eee naeeeeeneeeeeeeiaeeeeeene 92 Chapter 6 MAC Address Table ien e a erie eet ade eae tee nde 93 Adding Static Unicast and Multicast MAC AddreSSes 0 ccccecceeeeitteeeeeeeitieeeeeeetiieeeeeetaaeeeeestieeeeeersiaeeeerenaa 94 Deleting Unicast and Multicast MAC Addresses c cccccceeeeeceeeeeneeeeteeeeeeeeeseneeaeeeeceeeeeeeeseeeaeeeeseeeaeeeseeaeeees 96 Deleting All Dynamic MAC Addresses ccccceeeeeeeeeeeeeteeeeeeeeeceneeeeeeeseeeeeeeseeaeeeeceeeeaeeeeseeeeeeeeseaaeeeeteeaeeees 97 Displaying the MAC Address Tables 0 cccecscseseceeeeeeeeeeeeeeeeeeeeeeeeaaeneeeeesadaeaneseeaaeeeeeeqeaaeaseseeeeeaaeseeenenaeeees 98 Changing the Aging TINEri ea a E RA T O saat OE ETS 101 Chapter 7 Static Port Trunks sieti a a e ea e eaa a ae cde een eed le 103 Creating a Static Port TrUNR ererol etsi aa e E AAR TA A R A A AAA aae AS 104 Modifying a Static Port Trunks cedienenaieriiisie n E EA deeds E E T a 107 Deleting a Port TUNE anoni a e a ra a e a a ra hve da ar a a 109 Displaying the Port Trunks esien iireuiruiiiikreeii r s 22k e e a foaled a A e AS aN 110 Chapter 8 Port Mirroring eesseeeeeseeeesrisssiirtrtttitttttttt ttnt t ttut eee atte eee ea deere enna aaeee eee
151. Rapid Spanning Tree Protocols Configuring STP AN Caution The bridge provides default STP parameters that are adequate for most networks Changing them without prior experience and an understanding of how STP works might have a negative effect on your network You should consult the IEEE 802 1d standard before changing any of the STP parameters To configure STP perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab shown by default as shown in Figure 25 on page 94 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 124 on page 303 4 Click Configure 304 Section IV Spanning Tree Protocols AT S63 Management Software Web Browser Interface User s Guide The Configure STP Parameters tab is shown in Figure 125 System Name Marketing MAC Addr 00 30 84 4B EF CD C yeri Configure STP Parameters Bridge Priority 0 15 Bridge Max Age 6 40 E eee z0 Mgmt Protocols _ Bridge Hello Time 1 10 Bridge Identifier f2 00 30 84 AB EF CD R Bridge Forwarding 4 30 15 Figure 125 Configure STP Parameters Tab Configuration Note The Defaults button returns all STP settings to the default settings 5 Con
152. S server before assuming the server cannot respond The lower portion of the page displays a table that contains the following columns of information Server The server number one of three IP Address IP addresses of up a network server containing TACACS server software Encryption Key Encryption key for the server This parameter is blank if all the TACACS servers have the same encryption secret Section VII Management Security 437 Chapter 28 TACACS and RADIUS Protocols Configuring RADIUS 438 To configure RADIUS perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Select the Server based Authentication tab The Server based Authentication tab is shown in Figure 177 on page 432 In lower section of the Server based Authentication tab click RADIUS Configuration and click Configure The RADIUS Client Configuration page is shown in Figure 178 Global Encryption Key l Global Server Timeout 1 60 ATI 30 second s Port z IP Address 1 655235 Encryption Key 1812 Not Defined 1812 NotDefined 1812 Not Defined Figure 181 RADIUS Client Configuration Page 4 Configure the following parameters as necessary Global Encryption Key If all of the TACACS servers have the same encryption secret you can ente
153. SNMP tab is shown in Figure 89 on page 234 In the SNMPv3 section click the button next to Configure User Table and then click Configure The SNMPv3 User Table tab is shown in Figure 90 on page 237 Click the button next to the User Table entry that you want to delete and then click Remove A warning message is displayed Click OK From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save To modify an entry SNMPv3 User Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 In the SNMPv3 section click the button next to Configure User Table and then click Configure The SNMPv3 User Table tab is shown in Figure 90 on page 237 Click the button next to the SNMPv3 user that you want to change and then click Modify Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide The Modify SNMPv3 User page is shown in Figure 92 Tamsweg user Engine ID 80 00 00 cf 03 00 30 84 fd 57 da User Name debashis Authentication Protocol MD5 Authentication Password Confirm Authentication Password Privacy Protocol DES M Privacy Password Confirm Privacy Pa
154. Software Web Browser Interface User s Guide Modifying an Access Control List Section Il Advanced Operations To modify an access control list perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Network Security option The Network Security page is displayed with the Port Security tab selected by default as shown in Figure 158 on page 392 Select the ACL tab The ACL tab is shown in Figure 54 on page 172 Select the ACL you want to modify and click Modify The Modify ACLs page is displayed as shown in Figure 56 aao Cd ID Description 237 Local Classifier List Port List 1 1a 2 2 a 4 v Action DENY Figure 56 Modify ACLs Page Configure the following parameters as necessary ID The ID number of the ACL You cannot change this value Classifier List Use this list to select the classifier you want to assign to this ACL You can assign more than one classifier to an ACL To select multiple classifiers hold down the Ctrl key while making your selections To view the classifiers refer to Displaying the Classifiers on page 169 An ACL must have at least one classifier 175 Chapter 13 Access Control Lists 176 Action Use this menu to specify the action of the ACL Deny which is the default
155. Spanning Tree tab The Monitoring Spanning Tree tab for the active protocol MSTP is shown in Figure 140 Click a port in the switch and click Status You can select more than one port The MSTP Port Status Port s page is shown in Figure 142 Total Ports Selected 1 Page 1of1 Port State CISTMSTI ID Version Port Cost 17 Disabled 0 m 5 Figure 142 MSTP Port Status Port s Page The MSTP Port Status page displays a table that contains the following columns of information Port The port number State The MSTP state of the port The possible states are Discarding The port is discarding received packets and is not submitting forwarded packets for transmission Learning The port is enabled for receiving but not forwarding packets Forwarding Normal operation Section IV Spanning Tree Protocols Section IV Spanning Tree Protocols AT S63 Management Software Web Browser Interface User s Guide Disabled The port has not established a link with its end node Role The MSTP role of the port The possible roles are Root The port that is connected to the root switch directly or through other switches with the least path cost Alternate The port offers an alternate path in the direction of the root switch Backup The port on a designated switch that provides a backup for the path provided by the designated port Designated The port on the designa
156. The Add New SNMPv1 amp SNMPv2c Community page is shown in Figure 16 RAS tttCid Community Name Status Enable O Disable Access Mode Read Only O Read Write Managers Trap Receivers DAllow Any Station Manager IP Address 1 Trap Receiver IP Address 1 Manager IP Address 2 Trap Receiver IP Address 2 Manager IP Address 3 Trap Receiver IP Address 3 Manager IP Address 4 Trap Receiver IP Address 4 Manager IP Address 5 Trap Receiver IP Address 5 Manager IP Address 6 Trap Receiver IP Address 6 Manager IP Address 7 Trap Receiver IP Address 7 Manager IP Address 8 Trap Receiver IP Address 8 Figure 16 Add New SNMPv1 amp SNMPv2c Community Page 6 Configure the following parameters Community Name Enter an SNMP community name that consists of up to 15 alphanumeric characters Status Click Enable to enable the SNMP community Click Disable to disable the SNMP community Access Mode Click Read Only to allow read access to the SNMP community To allow read write access to the SNMP community click Read Write Allow Any Station Click this option to allow any SNMP manager to access the switch When you click this option a warning message appears on the screen Click OK to continue 67 Chapter 4 SNMPv1 and SNMPv2c Manager IP Address 1 through Manager IP Address 8 Enter an IP Address of a switch that is permitted SNMP manager access to the current switch You can enter up to eight
157. This parameter is used in selecting a regional root for the MSTI For a list of the increments refer to Table 6 Bridge Priority Value Increments on page 306 The default is 0 Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Repeat this procedure to create more MSTI IDs To delete an MSTI ID perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 on page 94 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 124 on page 303 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 136 on page 323 In the CIST MSTI Table section of the tab click the button next to the MSTI ID you want to delete You can select only one MSTI ID ata time Click Remove A confirmation prompt is displayed Click OK to delete the MSTI or Cancel to cancel the procedure If you select OK the MSTI is deleted and VLANs associated with it are returned to CIST which has an ID of 0 327 Chapter 20 Multiple Spanning Tree Protocol 328 Modifying an MSTI ID To modify an MSTI ID perf
158. ToGroup Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesyn recommends this storage type 261 Chapter 18 SNMPv3 Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 SecurityToGroup Table entry takes effect immediately 7 Click Apply to update the SNMPv3 SecurityToGroup Table 8 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 262 Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide Configuring the SNMPv3 Notify Table Creating a Notify Table Entry Section Ill SNMPv3 You can create delete and modify an SNMPv3 Notify Table entry See the following procedures o Creating a Notify Table Entry on page 263 0 Deleting a Notify Table Entry on page 265 a Modifying a Notify Table Entry on page 266 For reference information about the SNMPv3 Notify Table see Chapter 22 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide To create an entry in the SNMPv3 Notify Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the SNMP tab Th
159. Tree Tab Monitoring 309 Chapter 19 Spanning Tree and Rapid Spanning Tree Protocols 4 Click View The Monitor STP Parameters tab is shown in Figure 129 AT 9424T SP rome or Tree EEN Monitor STP Parameters Bridge Priority Bridge Max Age BHANGRA 32708 20 L Mgmt Security Bridge Hello Time Bridge Identifier Mgmt Protocols _ 2 00 30 84 AB EF CD 15 Figure 129 Monitor STP Parameters Tab Monitoring 5 To view port settings click a port in the switch and click Status or Settings The STP Settings page is shown in Figure 130 Total Ports Selected 1 Page lof 1 Priority Disabled 128 Figure 130 STP Settings Page The STP Settings page displays a table that contains the following columns of information Port Port number 310 Section IV Spanning Tree Protocols 6 AT S63 Management Software Web Browser Interface User s Guide State Current state of the port The possible states are Enabled or Disabled Cost Port cost of the port The default is Auto Update Priority The number used as a tie breaker when two or more ports have equal costs to the root bridge Click OK to close the page Resetting STP to To reset STP to the factory default settings perform the following the Default procedure Settings 4 Section IV Spanning Tree Protocols From the Home page select Configuration The System page is displayed with the General tab selected
160. User s Guide To display the encryption keys perform the following procedure 1 From the Home page select Monitoring The System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select the Mgmt Security option The Mgmt Security page is displayed with the Mgmt ACL tab displayed by default as shown in Figure 184 on page 449 Select the Keys tab The Keys tab is shown in Figure 171 Mgmt Security Total Keys 1 Page lof 1 Key ID Algorithm Length Digest Description 243 RSA Private 512 E8DD94FB Local key Figure 171 Keys Tab Monitoring The Keys tab displays a table that contains the following columns of information ID The identification number of the key Algorithm The algorithm used in creating the encryption This is always RSA Private Section VII Management Security Section VII Management Security AT S63 Management Software Web Browser Interface User s Guide Length The length of the key in bits Digest The CRC32 value of the MD5 digest of the public key Description The key s description You use these keys when you configure Secure Sockets Layer SSL or Secure Shell SSH To configure SSL you must use the AT S63 menus or CLI interface To configure SSH refer to Chapter 27 Secure Shell SSH on page 425 419 Chapter 26 Encryption Keys PKI and SSL Dis
161. a flash card slot has just one selection Flash which represents the flash memory in the switch An AT 9400 Series switch that has a flash card slot has two selections Flash and Flash Card The example tab in Figure 37 is from a switch that has a flash card slot Default Configuration File Specifies the filename of the active configuration file The switch uses this file to configure its operating parameters when it is reset or power cycled The active boot file is also the file that is updated when you select the Save Config option The columns in the List Files table are described below This information is for viewing purposes only If your unit has a compact flash card slot the switch by default displays the files in flash memory To view the files on a card go to step 4 File Name Name of the system file Section Il Advanced Operations 127 Chapter 9 File System 128 Device The device type either flash for flash memory or cflash for compact flash card Size Size of the file in bytes Modified The time the file was created or last modified in the following date and time format month day year hours minutes seconds Attributes The file type one of the following o Normal Read Only Hidden System Volume Directory Archive o2 auauna n Invalid To view the files on a compact flash card insert the card into the slot on the switch select Compact Flash under Current Drivers and
162. a or useless signals appearing on the port No of Rx Errors Total number of frames received on the port containing errors Undersize Frames Number of frames that were less than the minimum length specified by IEEE 802 3 64 bytes including the CRC received on the port Oversize Frames Number of frames exceeding the maximum specified by IEEE 802 3 1518 bytes including the CRC received on the port Fragments Number of undersized frames frames with alignment errors and frames with frame check sequence FCS errors CRC errors received on the port Section l Basic Operations AT S63 Management Software Web Browser Interface User s Guide TXCollisions Number of transmit collisions 5 To clear all the counters for the selected port click Clear To clear the counters for all ports on the switch click Clear All Section I Basic Operations 91 Chapter 5 Port Parameters Resetting a Port to the Default Settings 92 To reset a port to the default settings perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 1 option The Layer 1 page is displayed with the Port Settings tab selected by default as shown in Figure 20 on page 78 Click the port in the graphical switch image that you want to configure The selected port turns white You
163. able from either of the following Internet sites 0 Allied Telesyn web site www alliedtelesyn com o Allied Telesyn FTP server ftp ftp alliedtelesyn com If you prefer to download new software from the Allied Telesyn FTP server from your workstation s command prompt you will need FTP client software and you must log in to the server Enter anonymous for the user name and your email address for the password 21 Pi reface New Features in AT S63 Version 1 2 0 Table 1 lists the new features in version 1 2 0 of the AT S63 management software and includes pages references to the relevant procedures Only one of the new features in version 1 2 0 the Supplicant Mode parameter for 802 1x authenticator ports is supported in the web browser interface Table 1 New Features in AT S63 Version 1 2 0 Change Chapter and Procedure MAC Address Table Added new parameters to the CLI The web interface supports displaying MAC commands for deleting and displaying addresses as explained in Chapter 6 MAC Address specific types of MAC addresses in the Table on page 93 but not the new parameters The MAC address table The new new parameters are only supported in the CLI parameters are interface O STATIC STATICUNICAST and STATICMULTICAST for displaying and deleting static unicast and multicast MAC addresses o DYNAMIC DYNAMICUNICAST and DYNAMICMULTICAST for displaying and deleting dynamic un
164. ack Smurf attack Land attack Tear drop attack Ping of death attack IP Options OQ0Q00 0 7 Click Modify To configure all the ports click Modify All The DoS Configuration for Ports page opens The page shown in Figure 81 is for IP Options Status Disabled O Enabled Action Mirror Port Block 0 Mirror Port Figure 81 DoS Configuration for Ports Page 8 Configure the following parameters as necessary Section Il Advanced Operations 215 Chapter 16 Denial of Service Defense 216 10 Status Click Enable or Disable to enable or disable DoS on the selected ports Action The action a port takes when an intruder packet is received Although five possible selections are shown in the Action list box they all do the same thing block the packet record the event and drop the packet This option applies only to the IP Options defense Mirror Port This option applies to the Land Tear Drop Ping of Death and IP Options You can use this option to copy offending traffic to another port on the switch You can specify only one mirror port Specifying a mirror port is not required Click Apply The defense is immediately activated on the ports From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section Il Advanced Operations AT S63 Management Software Web Browser Interface User
165. ag Storage Type Community Index California SantaClara456 wilson Tp Nonvolatile Mgmt Protocols O alabama birmingham1 23 jenny swengtag NonVolatile O carolina raleigh998 chitra testengtag NonvVolatile bismarck 78 hwengtag WonVolatile swengtag Figure 111 SNMPv3 Community Table Tab Configuration 4 Click Add The Add New SNMPv3 Community page is shown in Figure 112 Community Index 10456 Community Name z SantaClaraCA333 Security Name murthy Transport Tag swengtag swenginform Storage Type gt NonVolatile w Row Status Active Figure 112 Add New SNMPv3 Community Page 5 In the Community Index field enter a numerical value for this Community This parameter is used to index the other parameters in an SNMPv3 Community Table entry Enter a value of up to 32 alphanumeric characters 6 In the Community Name field enter a Community Name of up to 64 alphanumeric characters 283 Chapter 18 SNMPv3 284 The value of the Community Name parameter acts as a password for the SNMPv3 Community Table entry This parameter is case sensitive Note Allied Telesyn recommends that you select SNMP Community Names carefully to ensure these names are known only to authorized personnel In the Security Name field enter a name of an SNMPv1 and SNMPv2c user This name must be unique Enter a value of up to 32 alphanumeric characters No
166. age 5 Configure the following parameters as necessary Trunk Name The name for the port trunk The name can be up to 16 alphanumeric characters No spaces or special characters such as asterisks and Section Basic Operations 105 Chapter 7 Static Port Trunks 106 10 exclamation points are allowed Each trunk must be given a unique name Trunk Method Select a load distribution method The possible settings are SA Source MAC address Layer 2 DA Destination MAC address Layer 2 SA DA Source MAC address destination MAC address Layer 2 SI Source IP address Layer 3 DI Destination IP address Layer 3 SI DI Source IP address destination IP address Layer 3 Click the ports that are to make up the static port trunk A selected port changes to white An unselected port is black A port trunk can contain up to eight ports Note All ports in a trunk must operate at the same speed When you include port 23R or 24R on an AT 9424 switch in a trunk and the port transitions to redundant uplink status the port speed is automatically adjusted to 1000 Mbps If the other ports in the trunk are operating at a different speed port trunking may be unpredictable Because of these port speed variables Allied Telesyn suggests that you not include port 23R or 24R in a port trunk Click Apply The new port trunk is now active on the switch From the Configuration menu select the Save Config option to perma
167. age 257 Configuring the SNMPv3 Notify Table on page 263 Configuring the SNMPv3 Target Address Table on page 268 Configuring the SNMPv3 Target Parameters Table on page 275 Configuring the SNMPv3 Community Table on page 282 Note Use the SNMPv3 Community Table only if you are configuring the SNMPv3 protocol with an SNMPv1 or an SNMPv2c implementation Allied Telesyn does not recommend this configuration Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide Enabling or Disabling SNMP Management Section Ill SNMPv3 In order to allow an SNMP manager or host to access the switch you need to enable SNMP access In addition to allow the switch to send a trap when it receives a login attempt from an unauthenticated user you need to enable authentication failure traps This section provides a procedure to accomplish both of these tasks To enable SNMP access and authentication failure traps perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Mgmt Protocols option The Mgmt Protocols page is displayed with the Server based Authentication tab selected by default as shown in Figure 177 on page 432 3 Select the SNMP tab 233 Chapter 18 SNMPv3 234 The SNMP tab is shown in Figure 89
168. agement session but you can from a local or Telnet session If you are adding untagged ports the ports must be untagged members of the Default_VLAN or a port based or tagged VLAN They cannot be members of another protected ports VLAN An untagged port removed from a VLAN is automatically returned to the Default_VLAN Changing the uplink port of a protected ports VLAN will require recreating all the VLAN s groups If you need to change the uplink port Allied Telesyn recommends that you write down on paper the VLAN s current configuration i e port to group assignments This information will make it easier for you to recreate the current configuration with whatever modifications you want to make when you perform the procedure To display a VLAN s configuration refer to Displaying a Protected Ports VLAN on page 386 To modify a protected ports VLAN perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 123 on page 302 Select the VLAN tab The VLAN tab is shown in Figure 143 on page 346 Click the button next to the name of the protected ports VLAN you want to modify Click Modify The Modify VLAN window for the VLAN is displayed T
169. ameters on page 333 Configure the following parameters as necessary 323 Chapter 20 Multiple Spanning Tree Protocol 324 Force Version This selection determines whether the bridge operates with MSTP or in an STP compatible mode If you select MSTP the bridge operates all ports in MSTP except those ports that receive STP or RSTP BPDU packets If you select Force STP Compatible the bridge uses its MSTP parameter settings but sends only STP BPDU packets from the ports The default is MSTP Bridge Hello Time The time interval between generating and sending configuration messages by the bridge This parameter can be from 1 to 10 seconds The default is 2 seconds This value is active only if the bridge is selected as the root bridge of the network Bridge Forwarding The waiting period before a bridge changes to a new state for example becomes the new root bridge after the topology changes If the bridge transitions too soon not all of the links may have adapted to the change possibly resulting in a network loop The range is from 4 to 30 seconds The default is 15 seconds This setting applies only to ports running in the STP compatible mode Configuration Name The name of the MSTP region The range is 0 zero to 32 alphanumeric characters in length The name which is case sensitive must be the same on all bridges in a region Examples of a configuration name include Sales Region and Production Region Bridge Max
170. and then click Configure at the bottom of the tab 257 Chapter 18 SNMPv3 The SNMPv3 SecurityToGroup Table tab is shown in Figure 99 AT 9424T SP System Name Marketing MAC Addr 00 30 84 4B EF CD SNMPv3 SecurityToGroup Table Total Entries 19 Page Sof 5 Security Name Group Name Storage Type Row Status Security Model jenny swengineering NonVolatile Active Mgmt Protocols chitra testengineering NonVolatile Active debashis swengineering NonVolatile Active Figure 99 SNMPv3 SecurityToGroup Table Tab Configuration 4 To create an SNMPv3 SecurityToGroup Table entry click Add The Add New SNMPv3 SecurityToGroup page is shown in Figure 100 Security Model Security Name E chita Group Name ltestengineering Storage Type NonVolatile v Row Status Active Figure 100 Add New SNMPv3 SecurityToGroup Page 5 In the Security Model field select the SNMP protocol that was configured for this User Name Choose from the following v1 Select this value to associate the Group Name with the SNMPv1 protocol 258 Section Ill SNMPv3 Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide v2c Select this value to associate the Group Name with the SNMPv2c protocol v3 Select this value to associate the Group Name with the SNMPv3 protocol In the Security Name field enter the User Name that you want t
171. apter 25 802 1x Port based Network Access Control Server Timeout Sets the timer used by the switch to determine authentication server timeout conditions The default value for this parameter is 10 seconds The range is 1 to 60 seconds Control Direction Specifies how the port handles ingress and egress broadcast and multicast packets when in the unauthorized state When a port is set to the Authenticator role it remains in the unauthorized state until the client logs on by providing a username and password combination In the unauthorized state the port only accepts EAP packets from the client All other ingress packets that the port might receive from the client including multicast and broadcast traffic are discarded until the supplicant has logged in The options are Ingress A port when in the unauthorized state discards all ingress broadcast and multicast packets from the client but forwards all egress broadcast and multicast traffic to the same client Both A port when in the unauthorized state does not forward ingress or egress broadcast and multicast packets from or to the client until the client logs in This is the default Piggyback Mode Controls who can use the switch port in cases where there are multiple clients e g the port is connected to an Ethernet hub If set to enabled the port allows all clients on the port to piggy back onto the initial client s authentication The port forwards all packets regardle
172. as 275 Deleting a Target Parameters Table Entry 0 ccececceeeeeeeeeeeeeeeeeeeeeeeaaeeeeseeaaeeeeeeecaeeeeeseecaeeeeesenaeeeeeeaas 278 Modifying a Target Parameters Table Entry c ccccccesseeceeeeeeceeeeeeeeeaeeeeeeenaeeeeeeenaaeeeeseeiaeeeeeeenaeeeeeeeaas 279 Configuring the SNMPv3 Community Table 0 cece eee eenee eee eene eee teeter eee eeetaeeeeeeeaeeeeeeeeaeeeeeeeeneeesenaees 282 Creating an SNMPv3 Community Table Entry 0 cceeeceeceeeeee ence eee ee eecneeeeeeeaeeeeeeeeaeeeeseeiaeeeeeeenaeeeeneas 282 Deleting an SNMPv3 Community Table Entry ccc eceeeeeeeeeeeeeeeeeeeaaeeeeeeeaeeeeeeeaaeeeeeeecaeeeeeeeenaeeeeeeaas 285 Modifying an SNMPv3 Community Table Entry 00 ccc ceeceeeeeeeeeeenne eee eeeeaaeeeeeeeaaeeeeeeeaaeeeeeeeeneeeeseeeaas 285 Displaying SNMPv3 Tables eucail cova eeeea devs dad Meee ei EE AE anaes aiuendeed T aE 288 Displaying User Table ENIES sirasi r a A S aL eNA LARN ETTE AREER AETA 288 Displaying View Table Entries 000 002 ccceeeeeeeeeeeeee cnet ee erence eee eee ae ee eee eaaeee eee eaaeeeesesaeeeeeeesieeeeessiaeeeeenenaees 290 Displaying Access Table Entries 0 cccceeeeeenne cece eecneee eee tants eee eaaeeeeeenaeeeeeeesaeeeeeeeeiaeeeessenieeeeeeeenaees 291 Displaying SecurityToGroup Table Entries eceeeccceeeeeeeeeeeeecneeeeeeeaaeeeeeeeaeeeeeeeaaeeeeeeecaeeeeeseenateeseeaas 292 Displaying Notify Table Entries nirien aa a eee L AES a RAA AEO AR AS A R iaiia 293 Displaying Targ
173. atic address If you are adding a static unicast address you can enter only one port If you are entering a static multicast address you must specify the port when the multicast application is located as well as the ports where the host nodes are connected Assigning the address only to the port where the multicast application is located results in the failure of the multicast packets to be properly forwarded to the host nodes You can specify the ports individually e g 1 4 5 as a range e g 11 14 or both e g 15 17 22 24 VLAN ID The VLAN ID where the port is a member 5 Click Apply 6 Repeat this procedure to add other static addresses to the switch 7 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 95 Chapter 6 MAC Address Table Deleting Unicast and Multicast MAC Addresses To delete a static or dynamic unicast or multicast MAC address from the switch perform the following procedure 1 96 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 2 option The Layer 2 page opens with the MAC Address tab selected by default as shown in Figure 25 on page 94 Display the MAC addresses on the switch by selecting one of the options For detailed instruction
174. ault setting Egress Unknown Unicast Filter Use this parameter to configure a port to forward or discard egress unknown unicast packets The possible settings are 81 Chapter 5 Port Parameters 82 Enabled The port discards egress unknown unicast packets Disabled The port forwards egress unknown unicast packets This is the default setting Ingress Unknown Multicast Filter Use this parameter to configure a port to forward or discard ingress unknown multicast packets The possible settings are Enabled The port discards ingress unknown multicast packets Disabled The port forwards ingress unknown multicast packets This is the default setting Egress Unknown Multicast Filter Use this parameter to configure a port to forward or discard egress unknown multicast packets The possible settings are Enabled The port discards egress unknown multicast packets Disabled The port forwards egress unknown multicast packets This is the default setting Flow Control Sets flow control on a port This option only applies to ports operating in full duplex mode A switch port uses back pressure to control the flow of ingress packets The switch sends a special pause packet to stop the end node from sending frames The pause packet notifies the end node to stop transmitting for a specified period of time The possible settings are Auto The port uses flow control if it detects that the end node is using it Disabled
175. ayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 Layer 2 AT 9424T SP MAC Address m Name Marketing dr 00 30 84 A4B EF CD View Add Unicast MAC Addresses View All View MAC Addresses on Port s View Static O View MAC Addresses for VLAN O View Dynamic O View MAC Address View Add Multicast MAC Addresses O View All View MAC Addresses on Port s O View Static View MAC Addresses for VLAN O View Dynamic O View MAC Address Delete All Dynamic MAC Addresses Click Delete to Remove All Dynamic MAC Addresses 94 Figure 25 MAC Address Tab Configuration Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide 3 To add a static unicast address in the View Add Unicast MAC Addresses section click Add To add a static multicast address in the View Add Multicast MAC Addresses section click Add The Add MAC Address page is shown in Figure 26 Section Basic Operations MAC Address Port Number VLAN ID Figure 26 Add MAC Address Page 4 Configure the following parameters as necessary MAC Address The new static unicast or multicast MAC address Port Number The number of the port on the switch where you want to assign the st
176. ble 0 00 0 ceceeccceeeeeeeneeeeeeeeeeeeeeeeeeeeeeeseeaaeeeeeseeeaeeeseeeeaeeeeseneaeeeeeseeeaeeeeeeeaaees 236 Creating a User Table EMY neringen i i E R a 236 Deleting a User Table ENY srren erti aR VE AeA AATAS RARA TAE A R 239 Modifying a User Table Entry secrctari E a 240 Configuring the SNMPv3 View Table ceceecececeeceeeeeeeeeeeeeeeeeseeeeeeeeeceaeeeeeeceeaeeeeseeeeaeeeeseeeeeeeeeseeeaeeeseeeaaaees 244 Creating a View Table Entry moninaiset ikri ei iE NE EEA AE EAEEREN E EET 244 Deleting a View Table Emy a anair A LATE aa OATS ARR ES aAA RA ETERRA ATES EA AA E Eai 247 Modifying a View Table Entry cccccccecceeeeeeeeceeeeeeeeeeeeeeeceneeeeeeeeeneeeeeeeeegeeeeeeseeeeaeeeeseeeeeeeeeseeeaeeeeeeeaaaees 247 Configuring the SNMPv3 Access Table cccccccceceeeeeeeeeeeeeeeeeteeeeeeeeeceaeeeeeeseneaeeeeseeeeaeeeeceneaaeeeeseneaeeeteeeaaees 250 Creating an Access Table 2 c cccccccecessceceececeneeeedenencesedeneeaeeesesuenseeeseeuenseeedeneeseeedsaneneaeedesuenseeedeeesedeeeteenaee 250 Deleting an Access Table Entry cc cs cccceeeesccceeeecenececeeeesnecesecsneeeeeeeedeaneeceessnececesenseceeeeessneeeeetnenesees 253 Modifying an Access Table Entry eccccececcceeeeeeeeeeeneeeeeeeeeeeeeeeeeneeeeeesegeeeeeeseeeeaeeeeseeneaeeeesegeaeeeeeeeaaees 254 Contents Configuring the SNMPv3 SecurityTOGroup Table cccccceeceeeeeeeneeeeeeeeeeeeeeeceeeeeeeeeeeeeaeeeeseeeeaeeeeseeeaeeeenaaees 257 Creating a Sec
177. ble Tab Configuration 4 Click Add The Add New SNMPv3 User page is shown in Figure 91 Engine ID 80 00 00 cf 03 00 30 84 fd 57 da User Name chitra Authentication Protocol SHA Authentication Password Confirm Authentication Password Privacy Protocol Privacy Password Confirm Privacy Password Storage Type NonVolatile Row Status Active Figure 91 Add New SNMPv3 User Page 5 Inthe User Name field enter a name or logon id that consists of up to 32 alphanumeric characters Section Ill SNMPv3 237 Chapter 18 SNMPv3 238 6 9 In the Authentication Protocol field enter an authentication protocol This is an optional parameter Select one of the following MD5 This value represents the MD5 authentication protocol With this selection users SNMP entities are authenticated with the MD5 authentication protocol after a message is received This algorithm generates the message digest The user is authenticated when the authentication protocol checks the message digest With the MD5 selection you can configure a Privacy Protocol SHA This value represents the SHA authentication protocol With this selection users are authenticated with the SHA authentication protocol after a message is received This algorithm generates the message digest The user is authenticated when the authentication protocol checks the me
178. bottom of the tab The SNMPv3 Target Parameters Table tab is shown in Figure 108 on page 275 4 Click the button next to the Target Parameters Table entry that you want to change and then click Modify The Modify SNMPv3 Target Parameter page is shown in Figure 110 on page 279 Target Parameters Name snmpy3manager1 00 Message Processing Model iv3 Security Model m Security Name chitra Security Level Privacy Storage Type NonVolatile v Row Status Active Figure 110 Modify SNMPv3 Target Parameter Page Section Ill SNMPv3 279 Chapter 18 SNMPv3 280 Note Enter a value for the Message Processing Model field only if you select SNMPv1 or SNMPv2c as the Security Model If you select the SNMPv3 protocol as the Security Model then the switch automatically assigns the Message Processing Model to SNMPv3 In the Message Processing Model field enter a Security Model that is used to process messages Select one of the following SNMP protocols v1 Select this value to process messages with the SNMPv_1 protocol v2c Select this value to process messages with the SNMPv2c protocol v3 Select this value to process messages with the SNMPv3 protocol In the Security Model field select one of the following SNMP protocols as the Security Model for this Security Name or User Name v1 Select this value to associate the Security Name or User Name with the SNMPv
179. cate name State The state of the certificate one of the following Trusted The certificate is from a trusted CA Untrusted The certificate is from an untrusted CA MTrust Manually Trusted The certificate has been manually verified that it is from a trusted or untrusted authority Type The certificate type one of the following EE The certificate was issued by a CA CA The certificate belongs to a CA Self A self signed certificate Source The certificate was created on the switch To view the details about a certificate click the certificate and click View The X509 Certificate Details page is shown in Figure 173 X509 Certificate Details Name first State Trusted Manually Trusted True Type EE Source Command Version V3 0X2 Serial Number 0 0X0 Signature Algorithm mdd5WithRSAEncryption Public Key Algorithm rsaEncryption Not Valid Before May 12 07 39 41 2004 GMT Not Valid After May 12 07 39 41 2006 GMT Subject CN marketing Issuer CN marketing MD5 Fingerprint 6B8 5C A8 81 AA1 7 AE DB E7 2B 3C 1 1 2F 90 92 D3 SHA1 Fingerprint A5 0D 6B 89 E7 75 25 36 BE 72 34 8C 24 87 33 8D 15 80 75 94 Figure 173 X509 Certificate Details Page The X509 Certificate Details page provides the following information about the certificate 421 Chapter 26 Encryption Keys PKI and SSL 5 422 Name The name of the certificate State Whether the certificate is Trusted or Untrusted
180. ccess the Classifiers tab either through the Network Security menu option or through the Services menu option This procedure uses the path through the Network Security menu option From the Configuration menu select the Network Security option The Network Security page is displayed with the Port Security tab selected by default as shown in Figure 158 on page 392 Select the Classifier tab The Classifier tab is shown in Figure 48 on page 161 Click Modify The Modify Classifier page is shown in Figure 51 Lives O OOOO ID Description 1 test Destination MAC Source MAC Ethernet Format Any bdl Priority VLAN ID 0 7 1 4094 Protocol User Specified Protocol User Specified xj Apply Cose Figure 51 Modify Classifier Page Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide Modify the parameters as necessary For descriptions of the parameters refer to Configuring a Classifier on page 160 Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 167 Chapter 12 Classifiers Deleting a Classifier To delete a classifier perform the following procedure Note You cannot delete a classifier if it belongs to an ACL or QoS policy You must first remove it from the ACL o
181. cecececeeeeeeeceneeeeeeeceeeeseeaueeeeeseauenneneeeaaueeeseeeaenseeeseeuesseseeeenseeeeeneenaeesees 177 Displaying the Access Control Lists osecniniiiaiiiriie a iai i ee e i aata eea 178 Chapter 14 Class of Service nnn r e E N ae e E E 181 Gom nhgunnG OS A E A R T A E E A O 182 Mapping CoS Priorities to Egress QUCUES ccceeeeeeeceeeente teste eetne AEA ET EAEE EARE AAE EE EE 184 Configuring Egress Scheduling reei TA TOT A 186 Displaying the CoS Settings mron an E A R E T de A o 188 Displaying he tns Schedule ea i aAA E A E TA R A E T 190 Chapter 15 Quality of Service ooo ccc eceeeee eee eetee eter eee aeee eee eeaeeeeeesaaeaeeeeseeeeeeeeseeeaeeeeeseeeaaeeeseeeaeees 191 Managing Flow Group orus arion Tar r a a AAS AR EEA RIET R EEA A E RATAT 192 Configuring Flow Grou osisvesieiiiansiriii i e a aS EA EE ATEA A A 192 Modiivinaa Flow Group serieei arrr eea A r a e AA ANEA 194 Deleting a Flow Group oeriposs iiien eia a a Ter N E EEE SEEE A a 195 Displaying Flow Groups monr s na eo I A T PARTES AA ASAS AA EEATT SAT 195 Managing Traffic ClaSSe s savarsi ariii iani A EASE E AAAA EAA ERE AASE AE E A S A 198 Configuring Traffic Classes nern a a a a a a A Aa a 198 Modifying a Traffic Class isinan a a eia ad e Lag aN A A A iota 200 Deleting a Trait Class y ant Rt LAEE R EATA EAE ERA A he aes 202 Displaying the Traffic Clas56S ae cosieniia anaia i a Ti ai E A ai 202 Managing Foltos sa deere e a ae a a A rai 206 Configuring a Policy nccrne ii ic
182. ced Stacking Tab Monitoring The information in the tab states the current enhanced stacking status of the switch as master slave or unavailable 62 Section Basic Operations Chapter 4 SNMPv1 and SNMPv2c Section Basic Operations This chapter explains how to activate SNMP management on the switch and how to create modify and delete SNMPv1 and SNMPv2c community strings This chapter contains the following procedures Enabling or Disabling SNMP Management on page 64 Creating a New SNMPv1 and SNMPv2c Community on page 66 Modifying an SNMPv1 and SNMPv2c Community on page 69 Deleting an SNMPv1 and SNMPv2c Community on page 72 Displaying the SNMPv1 and SNMPv2c Communities on page 73 Odo 0 Note For background information about SNMPv1 and SNMPv2c refer to Chapter 5 SNMPv1 and SNMPv2c in the AT S63 Management Software Menus Interface User s Guide 63 Chapter 4 SNMPv1 and SNMPv2c Enabling or Disabling SNMP Management 64 To enable or disable SNMP management on the switch perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Mgmt Protocols option The Mgmt Protocols page is displayed with the Server based Authentication tab selected by default as shown in Figure 177 on page 43
183. ced stacking status perform the following procedure 1 From the Home page select Configuration 56 Section l Basic Operations AT S63 Management Software Web Browser Interface User s Guide The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Mgmt Protocols option The Mgmt Protocols page is displayed with the Server based Authentication tab selected by default as shown in Figure 177 on page 432 3 Select the Enhanced Stacking tab The Enhanced Stacking tab is shown in Figure 11 Enhanced Stacking Switch State Master OSlave Unavailable Mgmt Protocols Figure 11 Enhanced Stacking Tab Configuration 4 Click the desired enhanced stacking status for the switch The default is Slave 5 Click Apply The new enhanced stacking status is immediately activated on the switch 6 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section Basic Operations 57 Chapter 3 Enhanced Stacking Selecting a Switch in an Enhanced Stack Before you perform any procedure on a switch in an enhanced stack check to be sure that you are performing it on the correct switch If you assigned system names to your switches identifying your switches is easy The AT S63 management soft
184. ceeceeeeeeeeeeeeteetecseenneaeeees 397 Sepa FOr ROES ss cists eerie a iret eri ite tort eh cote eee a che en coe ee a saath tag 398 Enabling or Disabling 802 1x Port based Network Access Control 0 ccccceceeeeeeeeeeeeetneeeeeeeeneeeeeeeneeeeenenaas 400 Configuring Authenticator Port Parameters cceccecseeeneeeeeeeeeeeeeeeeeeeeeeeeeeeeeaeeeeeeneeeeeeeseneeeeeeseeeeaeeeseeeaaees 401 Configuring Supplicant Port Parameters 0 ccccceceecceeeeeeeeeeeeeeteeeeeeeeeseeeeeeeeeseeeaeeeeseeeeeeeeeseneeaeeeeseneaeeeeeeeaaees 405 Displaying the Port based Network Access Control Parameters 0 ccccccceeeeeeeeeeeeeeenneeeeeeeteeeeeeeenaeeeeeeenaas 407 Displaying the Port Status cicovscosccccei iene cee esas niii pieni e elai iiai EEE E E R r e ai 407 Displaying the Port SettingS erine arar aT AE T TLES aa LaS TER A AAE a E Aa AEAEE A 408 RADIUS Accounting accs ten enait ai i AATE E AAE NTA EAEE EE AEE A 411 Configuring RADIUS Accounting 0 0 eeeeeeeeeeeeeee eee eeeeeeeeeteeeeeeeeeseneeeeeeeseeaeeeeseeeeaeeeeseeeeaeeeeseeaaaeeseeeaaaees 411 Displaying the RADIUS Accounting Settings 20 0 0 cece eee eeeteee terete eee ee reese ee taaeeeeeesaeeeeeesnaeeeeenea 412 Section VII Management Security sccssssscsssccssssssssssccssssssscscccsssccsseseeeses FLS Chapter 26 Encryption Keys PKI and SSL ccccccccceececeeccee cae e cece eee ee eee ee ceeceaeaaeeeeeseeeeeeeeteseenseaeees 417 Displaying the Encry
185. ceeeeeeeeeeeeeeenneeeeeeenaeeeeeeenaeeeeeeeiaeeeeeeeenaaes 70 Figure 18 SNMP Tab Monitorning jenene e aaiae iie r EE eee ATAI ATE A R R TaS 73 Figure 19 SNMPv1 amp SNMPv2c Communities Tab Monitoring 0 ccccceeeeeeneeeeeeeeeceeeeeeeenaeeeeeeeenaeeeeeeeaaes 74 Chapter 5 Port Param EIE Sa ee a ae aaae a a exten casas nse iudundechtencusvazeanyasunechtusdecevaiewestenvs 77 Figure 20 Port Settings Tab Configuration essseeessseeeeesireeesrrnessenernssinnnneestranaettnnesstennaastnnnnsentanentnenaaasnenaa 78 Figure 21 Port Configuration Page eisein neinei ae AE teeue edd sbeetae ide cqmess dads EEEN E cemeed dadveetideas RES 79 Figure 22 Port Settings Tab Monitoring eceeeeeeeeeeeee eee eeeeee eee eeeeaaeeeeeeeeaaeeeeseeeaeeeeeeeeaeeeeseeeaeeeseeneeeeeeeeaas 85 Figure 23 POR Status Page isesicicees ccs feeva E ated tees E E AE Jaded aan eee ee 86 Figure 24 Pon statistics Faga nyera fencer caves das AAE EAIA AE E EE heeeed 89 Chapter 6 MAC Address Tabl e e aa eaa daaa aa aAa aan ae aieo AAE a a E aaa a aae e aaea eaaa aes 93 Figure 25 MAC Address Tab Configuration ccccceceeeeeeeeeeeeenneeeeeeeeaeeeeeeeeaeeeeseeeaaeeeeeeeaaeeeseeenneeeeeeeeaas 94 Figure 26 Add MAG Address Page 1 2 cccccusteaiiigc uence eae ei uetagdect teen cebeud une ooee cs anced deck aside cosets REAA RE Tai 95 Figure 27 MAC Address Tab MOnitoring cccccesseeeeeeeeeneeeeeeeeeaeeeeeeeeaeeeeseceaeeeeseeeaeeeeseeenaee
186. ces on the switch and not just those where the selected port is currently a member If you select an MSTI where the port is not a member you can pre configure the parameter in the event you later add the port as a member of the MSTI through a VLAN assignment Port Priority This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the regional root bridge The range is O to 240 in increments of 16 The default value is 8 priority value is 128 For a list of the increments refer to Table 7 Port Priority Value Increments on page 307 Port Internal Path Cost The port cost of the port if the port is connected to a bridge which is part of the same MSTP region The range is 0 to 200 000 000 The default setting is Auto detect which sets port cost depending on the speed of the port Table 8 lists the MSTP port cost with Auto Update when a port is not part of a port trunk Table 8 MSTP Auto Update Port Internal Path Costs Port Speed Port Cost 10 Mbps 2 000 000 100 Mbps 200 000 1000 Mbps 20 000 Section IV Spanning Tree Protocols Section IV Spanning Tree Protocols AT S63 Management Software Web Browser Interface User s Guide Table 9 lists the MSTP port costs with Auto Update when the port is part of a port trunk Table 9 MSTP Auto Update Port Trunk Internal Path Costs Port Speed Port Cost 10 Mbps 20 000 100 Mbps 20 000 1000 Mbps 2
187. click Apply To view the contents of a configuration file in the Current Files section click a file and click View You can view one file at a time Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide The Viewing File page for a portion of a configuration file is shown in Figure 38 T__VewingFiebAbootefa i File Information Name boot cfg Device flash Last Modified 01 20 2005 at 13 44 42 Attributes Archive File Data System Configuration set system name Marketing set system contact Ralph 1 2 3 4 5 6 7 8 9 IP Configuration gt Figure 38 List Files Page Section Il Advanced Operations 129 Chapter 9 File System Selecting an Active Boot Configuration File This procedure changes the active boot configuration file on the switch The switch uses the active boot configuration file to configure its operating parameters whenever it is reset or power cycled The switch also updates the active boot file whenever you select the Save Config option Note the following before performing this procedure O You cannot create a new configuration file from a web browser management session That task must be performed from a local Telnet or SSH session using the menus or command line interface O The configuration file must already exist in the switch s file system or on a flash memory card for those switches tha
188. clude Initialize Disconnected and so forth Additional Info More information about the port including the MAC address To display the port based network access control port settings perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select Network Security The Network Security page is displayed with the Port Security tab selected by default as shown in Figure 160 on page 395 Select the 802 1x Port Access tab The 802 1x Port Access tab is shown in Figure 166 on page 407 To review the port access settings click OK to close the Port Access Port Status page and return to the 802 1x Port Access tab Section VI Port Security Section VI Port Security AT S63 Management Software Web Browser Interface User s Guide 5 To see the port settings click the port and click Settings You can select more than one port at a time Note To view the settings of multiple ports you must select ports that have the same port role authenticator or supplicant For authenticator port s the Authenticator Port Parameters page is displayed as shown in Figure 168 Total Ports 1 Page lof 1 ReautnP SuppTO Port Ouietp TP fe aw fo fm fo fmf Figure 168 Authenticator Port Parameters Page The Authenticator Port Parameters page disp
189. cription A description of the traffic class Exceed Remark Value The DSCP replacement value for traffic that exceeds the maximum bandwidth Max Bandwidth The maximum bandwidth available for the traffic class Priority The priority value in the IEEE 802 1p tag control field that traffic belonging to this traffic class is assigned Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide Flow Group List The flow groups assigned to this traffic class 5 Click Close Section Il Advanced Operations 205 Chapter 15 Quality of Service Managing Policies QoS policies consist of a collection of user defined traffic classes This section contains the following procedures Configuring a Policy next Modifying a Policy on page 208 Deleting a Policy on page 210 QOag0a00 Displaying Policies on page 210 Configuring a To configure a policy perform the following procedure Policy 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Services option The Services page is displayed with the CoS tab selected by default as shown in Figure 59 on page 182 3 Select the Policies tab The Policies tab is shown in Figure 75 System Name Marketing MAC Addr 00 30 84 AB EF CD Policies Current Policies
190. ctions must be performed from the menus interface or the command line interface OdQ0Q0a00 0 Ooaoagoaaqadaada n Q OQ 000 Configuring the console timer Forcing a port to renegotiate its settings with a remote node Configuring LACP port trunks Viewing the networking stack Configuring MAC address based VLANs Copying renaming and deleting files from the file system or from a compact flash memory card Changing directories on a compact flash memory card Uploading or downloading files to a compact flash memory card Creating a new switch configuration file Modifying the event log full action Configuring MLD snooping Configuring RRP snooping Creating deleting importing and exporting encryption keys Creating SSL self signed certificates Generating an SSL certificate enrollment request Copying SSL certificates into the certificate database or modifying certificates Formatting flash memory Transferring the AT S63 image file or a configuration file from a master switch to a slave switch i e switch to switch upload Configuring the Type of Service Move ToS to Priority Move Priority to ToS and Send to Mirror Port parameters in QoS flow groups traffic classes and policies Adjusting the baud rate on the serial terminal port Enabling and disabling the Telnet server Configuring the Telnet NULL character parameter Configuring the console startup mode Configuring the web browser server 35 Chapter 1 Startin
191. ctive dynamic MAC address can remain in the MAC address table before it is deleted IP Address The switch s IP address Subnet Mask The switch s subnet mask Default Gateway The IP address of a router for remote management System Up Time The length of time since the switch was last reset or power cycled The System Software section displays the following information Application Software The version number and build date of the AT S63 management software Bootloader The version number and build date of the AT S63 bootloader The Hardware section displays the following information Model Name The model name Serial Number The switch serial number Temperature Deg C The current system temperature Upper Temp Threshold Deg C The upper threshold for the switch temperature Fan 1 Speed RPM Status Fan 2 Speed RPM Status The speed or operating status of the system fan s The Voltage section provides the current voltage of the six power supplies in the switch identified as 2 5 V 3 3 V 5 V 1 8 V 1 25 V and 12 V 43 Chapter 2 Basic Switch Parameters Configuring the Manager and Operator Passwords There are two levels of management access on an AT 9400 Series switch manager and operator When you log in as a manager you can view and configure all of a switch s operating parameters When you log in as an operator you can only view the operating parameters you cannot change any values Y
192. d packet A tagged packet exits the switch with the same priority level that it had when it entered The default for this parameter is No meaning that the priority level of a tagged packet is determined by the tagged information in the packet itself Click Apply Configuration changes are immediately activated on the switch From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 183 Chapter 14 Class of Service Mapping CoS Priorities to Egress Queues This procedure explains how to change the default mappings of CoS priorities to egress priority queues To change the mappings perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Services option The Services page is displayed with the CoS tab selected by default as shown in Figure 59 on page 182 3 Select the Queuing amp Scheduling tab The Queuing amp Scheduling tab is shown in Figure 61 AT 9424T SP Queuing amp Scheduling Configure CoS Priority to Egress Queues CoS Oto PO CoS 1to PO Q1 QoS PriorityQ 1 Q0 QoS PriorityQ 0 v CoS 2to PO o CoS 3to PO Q2 QoS PriorityQ 2 03 QoS PriorityQ 3 w CoS 4 to PO o Cos 5to PQ Q4 QoS Priority 4 l 05 GoS Priortya
193. d distribution method of a static port trunk from the web browser interface Configure the following parameter as necessary Trunk Name The name can be up to 16 alphanumeric characters No spaces or special characters such as asterisks and exclamation points are allowed Each trunk must have a unique name To add or remove ports from a trunk click the ports in the graphical image of the switch A selected port changes to white An unselected port is black A static port trunk can contain up to eight ports Click Apply Changes to a port trunk are activated on the switch From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Reconnect the cables to the ports of the trunk Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Deleting a Port Trunk AN Caution Disconnect the cables from the port trunk on the switch before performing the following procedure Deleting a port trunk without first disconnecting the cables can create loops in your network topology Data loops can result in broadcast storms and poor network performance To delete a port trunk from the switch perform the following procedure 1 Section I Basic Operations From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on
194. d with the Port Security tab selected by default as shown in Figure 158 on page 392 Select the ACL tab The ACL tab is shown in Figure 54 on page 172 Select the ACL you want to delete and click Delete You can delete only one access control list at a time The ACL is immediately deleted from the switch From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 177 Chapter 13 Access Control Lists Displaying the Access Control Lists To display the current ACLs perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 From the Monitoring menu select Network Security The Network Security page is displayed with the Port Security tab selected by default as shown in Figure 160 on page 395 3 Select the ACL tab The ACL tab is shown in Figure 57 AT 9424T SP Page lof 1 Current ACL s ID Description Action Active Classifier List Port List 237 Local Deny Yes 1 Network Security View Figure 57 ACL Tab Monitoring The ACL tab displays a table of the currently configured ACLs that contains the following columns of information ID The ID number for the ACL Description A description of the ACL Action The ACL action of Permit or Deny
195. dcast packets Section Basic Operations Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Ingress Unknown Unicast Filter Status of the filter on ingress unknown unicast packets Ingress Unknown Multicast Filter Status of the filter on ingress unknown multicast packets Flow Control Status of flow control enabled or disabled Flow Control Back Pressure Limit The flow control back pressure limit Broadcast Rate Limiting The status of rate limiting on broadcast packets Unknown Unicast Rate Limiting The status of rate limiting on broadcast packets Multicast Rate Limiting The status of rate limiting on broadcast packets Status The overall status of the port enabled or disabled Egress Broadcast Filter The status of the filter on egress broadcast packets Egress Unknown Unicast Filter The status of the filter on egress unknown unicast packets Egress Unknown Multicast Filter The status of the filter on egress unknown multicast packets Back Pressure The status of back pressure on the port enabled or disabled Flow Control Back Pressure Limit The flow control and back pressure limit HOL Blocking The Head of Line Blocking setting Broadcast Rate Limiting The status of broadcast rate limiting enabled or disabled Broadcast Rate The rate on broadcast packets Unknown Unicast Rate Limiting The status of unknown unicast rate limiting enabled or disabled U
196. discards ingress packets that match the defined traffic flow of the classifier Permit accepts the packets The default is Deny Description Use this field to enter a description for the ACL A description can be up to 15 alphanumeric characters including spaces Entering a description is optional Port List Use this list to specify the port where you want to assign the ACL You can assign an ACL to more than one port To select multiple ports hold down the Ctrl key while making your selections To remove the ACL from its current port assignments without assigning it to any new ports hold down the Ctrl key while deselecting the currently assigned ports An ACL that is not assigned to any port is considered inactive Click Apply Changes to the ACL are immediately implemented on the switch From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide Deleting an Access Control List Section Il Advanced Operations To delete an access control list perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Network Security option The Network Security page is displaye
197. ds this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the Access Table entry takes effect immediately Click Apply to update the SNMPv3 Access Table From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section IIl SNMPv3 AT S63 Management Software Web Browser Interface User s Guide Configuring the SNMPv3 SecurityToGroup Table Creating a SecurityToGroup Table Entry Section Ill SNMPv3 You can create delete and modify an SNMPv3 SecurityToGroup Table entry See the following procedures 0 Creating a SecurityToGroup Table Entry on page 257 a Deleting a SecurityToGroup Table Entry on page 260 0 Modifying a SecurityToGroup Table Entry on page 260 For reference information about the SNMPv3 SecuritytoGroup Table see Chapter 22 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide To create an entry in the SNMPv3 SecurityToGroup Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 3 In the SNMPv3 section click the button next to Configure SecurityToGroup Table
198. e 325 Chapter 20 Multiple Spanning Tree Protocol Creating Deleting or Modifying MSTI IDs To create delete or modify MSTI IDs perform one of the following procedures Creating an To create an MSTI ID perform the following procedure MSTIID 1 6 326 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 on page 94 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 124 on page 303 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 136 on page 323 In the CIST MSTI Table section of the tab click Add The Add New MSTI page is shown in Figure 137 AdNews J MSTIID Priority 8 4096 32768 VLAN List Figure 137 Add New MSTI Page In the MSTI ID field enter a new MSTI ID The range is 1 to 15 Section IV Spanning Tree Protocols Deleting an MSTI ID Section IV Spanning Tree Protocols 10 AT S63 Management Software Web Browser Interface User s Guide In the Priority field enter an MSTI Priority value This parameter is used in selecting a regional root for the MSTI The range is 0 zero to 61 440 in increments of 4 096 with 0 being the highest priority
199. e or delete files from a web browser management session Those tasks must be performed from a local Telnet or SSH session To display a list of the system files stored in flash memory as well as on a compact flash card if the switch supports this and a compact flash card is inserted in the slot perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Utilities option The Utilities page is displayed with the System Utilities tab displayed by default as shown in Figure 10 on page 53 3 Select the File System tab 126 Section II Advanced Operations AT S63 Management Software Web Browser Interface User s Guide The Flle System tab for an AT 9400 Series switch with a flash memory card drive is shown in Figure 37 AT 9408LC SP al Flash Compact Flash Network Security Default Configuration File boot ctg Exists Utilities Page lofi File Name Modified Attributes Disconnect 02 01 2008 boot cfg Archive 10 32 40 05 07 1980 21 28 12 05 07 1980 21 33 20 O flash boot cfg Archive O chash boot cfg Archive Figure 37 File System Tab Configuration The information in the tab is defined below Current Drives Specifies the location of the file system An AT 9400 Series switch that does not feature
200. e CoS tab selected by default as shown in Figure 62 on page 188 3 Select the Queuing and Scheduling tab The Queuing and Scheduling tab is shown in Figure 64 AT 9424T SP tem Name ddr 00 arketing AB EF CD Queuing amp Scheduling CoS Oto PO CoS 1to PQ QoS PriorityQ 1 QoS Priority 0 CoS 2to PQ CoS 3to POQ QoS PriorityQ 2 QoS PriorityQ 3 CoS 4to PQ CoS 5to PQ QoS PriorityQ 4 QoS PriorityQ 5 CoS 6 to PQ CoS 7 to PQ QoS PriorityQ 6 QoS PriorityQ 7 Egress Weights Select Schedule Strict Priority Queue 0 Weight Weighted Queue 4 Weight Weighted Weight 0 Weight 0 Queue 1 Weight Weighted Queue 5 Weight Weighted Weight 0 Weight 0 Queue 2 Weight Weighted Queue 6 Weight Weighted Weight 0 Weight 0 Queue 3 Weight Weighted Queue 7 Weight Weighted Weight 0 Weight 0 Figure 64 QoS Scheduling Tab Monitoring The upper section displays the CoS priority to egress queue assignments The lower section displays the egress weight settings 190 Section Il Advanced Operations Chapter 15 Quality of Service Section Il Advanced Operations This chapter contains instructions on how to configure Quality of Service QoS This chapter contains the following procedures o Managing Flow Groups on page 192 o Managing Traffic Classes on page 198 o Managing Policies on page 206 Note For background information on QoS refer to Chapter 17
201. e Config option to permanently save your changes This option is not displayed if there are no changes to save Section IV Spanning Tree Protocols Section V Virtual LANs Section V VLANs The chapters in this section provide information and procedures for basic switch setup using the AT S63 management software The chapters include O Chapter 21 Port based and Tagged VLANs on page 345 o Chapter 22 GARP VLAN Registration Protocol on page 359 O Chapter 23 Protected Ports VLANs on page 375 343 344 Section V VLANs Chapter 21 Port based and Tagged VLANs Secton V Virtual LANs This chapter explains how to create modify and delete port based and tagged VLANs This chapter also explains how to select a multiple VLAN mode This chapter contains the following sections Creating a New Port Based or Tagged VLAN on page 346 Modifying a VLAN on page 350 Deleting a VLAN on page 352 Selecting a VLAN Mode on page 353 Displaying VLANs on page 355 OQOdaog0Q0Q0d00 0 Specifying a Management VLAN on page 357 Note For background information on port based and tagged VLANs as well as the management VLAN refer to Chapter 25 Port based and Tagged VLANs in the AT S63 Management Software Menus Interface User s Guide For more information about the multiple VLAN modes refer to Chapter 27 Multiple VLAN Modes in the AT S63 Management So
202. e General tab selected by default as shown in Figure 6 on page 42 2 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 27 aac access View unicast MAC Addresses O View All View MAC Addresses on Port s C Mgmt Protocols O View Static View MAC Addresses for VLAN Network Security O View Dynamic View MAC Address View Multicast MAC Addresses View All View MAC Addresses on Part s O View Static View MAC Addresses for VLAN O View Dynamic View MAC Address Figure 27 MAC Address Tab Monitoring The tab contains two sections The View Unicast MAC Addresses section displays unicast addresses The View Multicast MAC Addresses section displays multicast addresses The options function the same in both sections and are described below You can select only one option at a time 98 Section Basic Operations Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide View All Displays all dynamic addresses learned on the ports of the switch and all static addresses that have been assigned to the ports View Static Displays just the static addresses assigned to the ports on the switch View Dynamic Displays only the dynamic addresses learned on the ports on the switch View MAC Addresses on Port Displays the dynamic and static MAC addresses
203. e SNMP tab is shown in Figure 89 on page 234 3 In the SNMPv3 section click the button next to Configure Notify Table and then click Configure at the bottom of the tab 263 Chapter 18 SNMPv3 The SNMPv3 Notify Table tab is shown in Figure 102 System Name Marketing MAC Addr 00 30 84 4B EF CD SNMPV3 Notify Table Total Entries 16 Page 4of 4 Notify Name Notify Tag Notify Type Storage Type Row Status swenginform swenginformtag Inform NonvVolatile Active swengtra Nonvolatile Active Mgmt Protocols O gTap O testenginform Non olatile Active O testengtrap NonVolatile Active Figure 102 SNMPv3 Notify Table Tab Configuration 4 Click Add The Add New SNMPv3 Notify page is shown in Figure 103 __AddNewsnwpvanotfy Notify Name gt swengtrap Notify Tag swengtag Notify Type Trap M Storage Type NonVolatile Row Status Active Figure 103 Add New SNMPv3 Notify Page 5 In the Notify Name field enter the name associated with this trap message Enter a descriptive name of up to 32 alphanumeric characters For example you might want to define a trap message for hardware engineering and enter a value of hardwareengineeringtrap for the Notify Name 6 In the Notify Tag field enter a description name of the Notify Tag 264 Section Ill SNMPv3 Deleting a Notify Table Entry Section Ill
204. e SNMPv1 and SNMPv2c Communities Section Basic Operations To display the SNMPv1 and SNMPv2c communities perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 From the Monitoring menu select the Mgmt Protocols option The Mgmt Protocols page is displayed with the Server based Authentication tab displayed by default as shown in Figure 179 on page 436 3 Select the SNMP tab The SNMP tab is shown in Figure 18 AT 9424T SP System Name Marketing C Addr 00 30 84 4B EF CD SNMP Access Enabled Authentication Failure Trap Disabled SNMPv1 amp SNMPv2c Mgmt Protocols View SNMPv1 amp SNMPv2c Communities SNMPv3 SNMP Engine ID 80 00 00 CF 03 00 30 84 AB EF CD View User Table O View View Table O view Access Table Oview SecurityToGroup Table O View Notify Table O View Target Address Table Oview Target Parameters Table O View Community Table Figure 18 SNMP Tab Monitoring 73 Chapter 4 SNMPv1 and SNMPv2c 74 In the SNMPv1 amp SNMPv2c section click View The SNMPv1 amp SNMPv2c Communities tab is shown in Figure 19 Mgmt Protocols AT 9424T SP SNMP v1 v2c Communities Total Entries 7 Page 1 of 2 Community Access P Trap Name Mode Manager Stations Receivers 196 1 1 1 ati S4sunny
205. e System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Services option The Services page is displayed with the CoS tab selected by default as shown in Figure 59 on page 182 3 Select the flow group you want to delete and click Delete The flow group is deleted from the list Displaying Flow To display the flow groups perform the following procedure Groups 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 Note You can access the Classifiers tab either through the Network Security menu option or through the Services menu option This procedure uses the path through the Services menu option 2 From the Monitoring menu select the Services option The Services menu is displayed with the CoS tab selected by default as shown in Figure 59 on page 182 3 Select the Flow Group tab Section Il Advanced Operations 195 Chapter 15 Quality of Service The Flow Group tab is shown in Figure 68 Page 1of1 Description Active Parent ges Class Classifier List Services Figure 68 Flow Group Tab Monitoring The Flow Group tab displays the currently configured flow groups in a table that contains the following columns of information ID The ID number for this flow group Description The flow
206. e Traffic Class tab displays the currently configured flow groups in a table that contains the following columns of information ID The ID of the traffic class Description A description of the traffic class Active Whether or not this traffic class is active on the switch Parent Policy ID The policy associated with this traffic class This information is for display only Flow Group List The flow groups assigned to this traffic class 4 To display detailed information about a traffic class select the traffic class and click View Section Il Advanced Operations 203 Chapter 15 Quality of Service 204 The View Traffic Class page is shown in Figure 74 O iew racos i ID Description 11 Test Exceed Action Exceed Remark value Drop DSCP Value Max Bandwidth 0 None Burst Size Priority None None Remark Priority Flow Group List No 23 Figure 74 View Traffic Class Page The View Traffic Class page displays the following information ID The ID of the traffic class Exceed Action The action to be taken if the traffic of the traffic class exceeds the maximum bandwidth specified by the Max Bandwidth parameter DSCP Value The replacement value to write into the DSCP TOS field of the packets Burst Size The size of a token bucket for the traffic class Remark Priority Replaces the user priority value in the packets with the new value specified in the Priority parameter Des
207. e User s Guide The Add New VLAN page is shown in Figure 154 Name Type PortBased Protected Protocol None Sesesesesess v Figure 154 Add New VLAN Page 5 Select the VID field and enter a VID value for the new VLAN The range of the VID value is 2 to 4096 The default is the next available VID number on the switch The switch is only aware of the VIDs of the VLANs that exist on the device and not those that might already be in use in the network For example if you add a new AT 9400 Series switch to a network that already contains VLANs that use VIDs 2 through 24 the AT S63 software will still use VID 2 as the default value when you create the first VLAN on the new switch even though that VID number is already being used by another VLAN on the network To prevent inadvertently using the same VID for two different VLANs you should keep a list of all your network VLANs and their VID values Note A VLAN must have a VID Select the Name field and enter a name for the new VLAN The name can be from one to fifteen alphanumeric characters in length The name should reflect the function of the nodes that will be a part of the VLAN for example Sales or Accounting The name cannot contain spaces or special characters such as asterisks or exclamation points Note A VLAN must be assigned a name 377 Chapter 23 Protected Ports VLANs 378 7 Select Protected as the Type
208. e a new protected ports VLAN perform the procedure below 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 123 on page 302 3 Select the VLAN tab The VLAN tab is shown in Figure 143 on page 346 Note The Modify and Remove buttons are not included in the tab if the only VLAN on the switch is the Default_VLAN This tab displays the VLANs in a table that contains the following columns of information VLAN ID The VID number assigned to the VLAN Client Name The name of the VLAN Uplink Port This column is applicable only when the switch is operating in one of the two multiple VLAN modes The column lists the port that is functioning as the uplink port for the other ports on the switch Type This column contains Port Based for both port based and tagged VLANs GVRP Dynamic for VLANs created by GVRP and Protected for protected ports VLANs Protocol Not used Tagged T Untagged U Port Lists the ports of the VLAN Tagged ports are designated with a T and untagged ports with a U 4 Tocreate a new protected ports VLAN click Add 376 Section V Virtual LANs Section V Virtual LANs AT S63 Management Software Web Browser Interfac
209. e button next to Configure Community Table and then click Configure at the bottom of the tab The SNMPv3 Community Table tab is shown in Figure 111 on page 283 Click the button next to the SNMPv3 Community Table entry that you want to change and then click Modify The Modify SNMPv3 Community page is shown in Figure 113 T Modify SNMPVS Community Community Index alabama Community Name birmingham 23 Security Name jenny Transport Tag swengtag Storage Type NonVolatile M Row Status Active Figure 113 Modify SNMPv3 Community Page In the Community Name field enter a Community Name of up to 64 alphanumeric characters The value of the Community Name parameter acts as a password for the SNMPv3 Community Table entry This parameter is case sensitive Note Allied Telesyn recommends that you select SNMP Community Names carefully to ensure these names are known only to authorized personnel In the Security Name field enter a name of an SNMPv1 and SNMPv2c user This name must be unique Enter a value of up to 32 alphanumeric characters Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide Note Do not use a value configured with the User Name parameter in the SNMPv3 User Table 7 Inthe Transport Tag field enter a name of up to 32 alphanumeric characters The Transport Tag parameter links an SNMPv3 Community Table entry with a
210. e eee a ed E E EE A ea eee 206 Modifying a PEV edors aS ra ARATE Kea PA SETITE AEE O RARE A AA A 208 Deleting a Policy arersnsnesriniionriie asii ea EAAS NE E E hae N ANA 210 Displaying Polices niian a ea bea a a r A a Ea 210 Chapter 16 Denial of Service Defense cccccccccceeeeeeeeeeeeeecaeeeeeeeeeeeteeeecneaaeaaeeeeeeeeeeeeeteeseeniaaeees 213 Configuring Denial of Service Defense cece cere ee enti te eee erate teen aeee eee naeee eee naaeeeeesnaeeeeeee 214 Displaying the DOS Settings imurit ra aa CAA RARE O TEAT RARA ABA ORRA 217 Chapter 17 IGMP Snooping ccccccccceceeeeeececeeee eee eeeeeeee ees ceaeaaeaeeeeeeeeeeeeeeseeseceaaeeeeeeeeeeeeeeseseeneenaeees 219 Configuring IGMP SNOOPING ii eire a aaia galas pettadaececend dacdlag etalacdgenad laa A EAE ee ad dgetdblad A 220 Displaying a List of Host NOES cee etter A T ATT 223 Displaying a List of Multicast ROUTE Seea a E ee etn ee eee E AREARE AEE E R 226 Section IHI SNIP V3 acscccscccescedescacdeccsscscsccssnacdasensaceisacvacsecedsacacesdessccestssccboasiantitessese 229 Chapter 187 SNMPV3 ficients BAK te aire needs dda la eee ahead Maik ie pend ne a ead eed ee 231 Configuring the SNMPv3 Protool ricz tssiri ieiet eiea entree eee ene AaS erent ee een neta sere anes aaria aT EES ATTE EEA 232 Enabling or Disabling SNMP Management 0 cccccccceeeeeeereeeeee entrees eeeteeeeeeeeeeeeeeeeaaeeeeeesiaeeeeersiaeeeeene 233 Configuring the SNMPv3 User Ta
211. e gives you the option of downloading the image file into the switch s application block or the file system The application block is the portion of flash memory in the switch reserved for the active AT S63 image file and is separate from the file system In most cases you will probably want to download a new image file directly into the switch s application block so that the unit immediately begins to use it as its new operating software However there may be occasion when you might want to download the image file to the file system with plans to copy it to the application block at a later date It should be noted however that the only way to copy an image file in the file system to the application block is with the LOAD command in the command line interface Caution Installing a new AT S63 image file into the application block of flash memory will cause a switch reset Some network traffic may be lost If you are downloading a boot configuration file note these additional o guidelines A configuration file should only be downloaded onto the same model of switch where the file was originally created for example AT 9408LC SP to AT 9408LC SP Allied Telesyn does not recommend downloading a configuration file onto a switch of a different model for example AT 9408LC SP to AT 9424T SP Undesirable switch behavior may result The configuration file is downloaded onto the switch without any modifications If the file conta
212. e is displayed with the Mgmt ACL tab selected by default as shown in Figure 184 AT 9424T SP ee _tayerrit e Mgmt ACL s are Enabled Browse Mgmt ACL s Mgmt Security IP Address IP Mask Protocol Interf __Mamt Protocols gi 149 35 8 31 255 255 255 0 TP ALL Figure 184 Mgmt ACL Tab Monitoring The Mgmt ACL tab contains two sections of information The top section shows if the management ACL feature is enabled or disabled The bottom section displays a table that lists the existing ACEs with the following columns of information IP Address The IP address of a management station or subnet IP Mask A mask that indicates the parts of the IP address the switch should filter on Protocol The protocol for the management packets 449 Chapter 29 Management Access Control List Interface The interface the management station uses when managing the switch 450 Section VII Management Security Index Numerics 802 1x Port based Network Access Control access role configuring 398 authenticator port configuring 401 configuring 398 disabling 400 enabling 400 port parameters displaying 408 port role configuring 398 port status displaying 407 supplicant port configuring 405 A active boot configuration file setting 130 administrator name configuring 39 aging time changing 101 app applicant state machine 368 associations VLANs to MSTI IDs
213. e most recent event to the oldest event To select the format of the event log for Mode click one of the following Normal Displays the time module severity and description for each event This is the default An example of Normal mode is shown in Figure 42 on page 148 Full Displays the same information as Normal plus the file name line number and event ID An example of Full mode is shown in Figure 43 on page 149 Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide 7 To display events of a particular AT S63 software module from the Module Selections list select one or more of the modules listed in Table 1 To select more than one module use lt Ctrl gt click Section Il Advanced Operations Table 1 AT S63 Software Modules Name Description ACL Access control lists ALL All modules CFG Configuration file CLASSIFIER ACL and QoS classifiers CLI Command line interface commands DOS Denial of Service defense ENCO Encryption keys ESTACK Enhanced stacking EVTLOG Event log FILE File system GARP GARP VLAN Registration Protocol HTTP Web server IGMPSNOOP IGMP snooping IP IP configuration LACP Link Aggregation Control Protocol MAC MAC address table MGMTACL Management ACL MLD MLD snooping PACCESS 802 1X Port based Access Control PCFG Port configuration PKI Public Key Infrastructure PM
214. e no changes to save To delete an entry in the SNMPv3 Target Parameters Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 In the SNMPv3 section click the button next to Configure Target Parameters Table and then click Configure at the bottom of the tab The SNMPv3 Target Parameters Table tab is shown in Figure 108 on page 275 Click the button next to the Target Parameters Table entry that you want to delete and then click Remove A warning message is displayed Section IIl SNMPv3 AT S63 Management Software Web Browser Interface User s Guide 5 Click OK 6 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Modifying a To modify an entry in the SNMPv3 Target Parameters Table perform the Target following procedure Parameters Table 4 From the home page select Configuration Entry The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 3 In the SNMPv3 section click the button next to Configure Target Parameters Table and then click Configure at the
215. e of the following settings Enabled The community is enabled Disabled The community is disabled Section I Basic Operations 75 Chapter 4 SNMPv1 and SNMPv2c 76 Section Basic Operations Chapter 5 Port Parameters This chapter explains how to view and change the parameter settings for the individual ports on a switch Examples of the parameters that you can adjust include port speed and duplex mode This chapter contains the following procedures Configuring Port Parameters on page 78 Displaying Port Status on page 85 Displaying Port Statistics on page 89 Oo ua n Resetting a Port to the Default Settings on page 92 Note For further information about port parameters refer to Chapter 6 Port Parameters in the AT S63 Management Software Menus Interface User s Guide Section Basic Operations 77 Chapter 5 Port Parameters Configuring Port Parameters 78 To configure the parameter settings of a port on the switch perform the following procedure 1 2 Layer 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 1 option The Layer 1 page is displayed with the Port Settings tab selected by default as shown in Figure 20 Port Settings 3 4 Figure 20 Port Settings Tab Con
216. e page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Mgmt Protocols option The Mgmt Protocols page is displayed with the Server based Authentication tab selected by default as shown in Figure 177 on page 432 Select the Secure Shell tab The Secure Shell tab is shown in Figure 175 Mgmt Protocols Secure Shell Secure Shell Configuration Status Disabled O Enabled Host Key ID Not Defined Host Key Size must differ Srvr Key Size by 128 Bits Server Key ID NotDefined key Size gt 512 Bits Server Expiry Time Login Timeout 0 hours 0 5 180 seconds 60 600 4 Figure 175 Secure Shell Tab Configuration Configure the following parameters as necessary Status Enable the SSH server after you have finished the configuration Or click Disabled while you are configuring the protocol SSH must be disabled while you are configuring the protocol This is the default Section VII Management Security AT S63 Management Software Web Browser Interface User s Guide Note You cannot disable the SSH server when there is an active SSH connection Host Key ID Enter the ID number of the encryption key for the SSH host The key must already exist on the switch To view key ID numbers refer to Displaying the Encryption Keys on page 418 The default is No
217. e web browser interface The Active value indicates the SNMPv3 Notify Table entry takes effect immediately 8 Click Apply to update the SNMPv3 Notify Table 9 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section III SNMPv3 267 Chapter 18 SNMPv3 Configuring the SNMPv3 Target Address Table Creating a Target 268 Address Table Entry You can create delete and modify an SNMPv3 Target Address Table entry See the following procedures o Creating a Target Address Table Entry on page 268 0 Deleting a Target Address Table Entry on page 271 o Modifying Target Address Table Entry on page 272 For reference information about the SNMPv3 Target Address Table see Chapter 22 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide To create an entry in the SNMPv3 Target Address Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 3 In the SNMPv3 section click the button next to Configure Target Address Table and then click Configure at the bottom of the tab Section Ill SNMPv3 Section Ill SNMPv3 AT S63 Management Software Web Browser I
218. e you can configure the authenticator port settings For instructions on how to set a port s role refer to Setting Port Roles on page 398 Click Settings 401 Chapter 25 802 1x Port based Network Access Control 402 The Authenticator Parameters page is shown in Figure 164 _AuthenticatorParameters 2 Supplicant Mode Single Port Control Max Requests Auto 2 Tx Period Quiet Period 30 60 Reauth Enabled Reauth Period Enabled 3600 Supplicant Timeout Server Timeout 30 30 Control Direction Piggyback Mode Both vil Disabled Figure 164 Authenticator Parameters Page 6 Configure the following parameters as necessary Supplicant Mode This parameter sets the supplicant mode of an authenticator port and can take the following values O Single Configures the port to accept only one authentication This authenticator mode should be used together with the piggy back mode When an authenticator port is set to the Single mode and the piggy back mode is disabled only the one client who is authenticated can use the port Packets from or to other clients on the port are discarded If piggy back mode is enabled other clients can piggy back onto another client s authentication and so be able to use the port O Multiple Configures the port to accept up to 20 authentications Every client using an authenticator port in this mode must have a username and password combination
219. eb Browser Interface User s Guide v1 Select this value to associate the Security Name or User Name with the SNMPv1 protocol v2c Select this value to associate the Security Name or User Name with the SNMPv2c protocol v3 Select this value to associate the Security Name or User Name with the SNMPv3 protocol In the Security Name field enter a User Name that you previously configured with the SNMPv3 User Table See Creating a User Table Entry on page 236 In the Security Level field select one of the following Security Levels Note The value you configure for the Security Level must match the value configured for the User Name in the User Table Menu See Creating a User Table Entry on page 236 No Authentication Privacy This option represents neither an authentication nor privacy protocol Select this security level if you do not want to authenticate SNMP entities and you do not want to encrypt messages using a privacy protocol This security level provides the least security Note If you have selected SNMPv1 or SNMPv2c as the Security Model you must select No Authentication Privacy as the Security Level Authentication This option represents authentication but no privacy protocol Select this security level if you want to authenticate SNMP users but you do not want to encrypt messages using a privacy protocol You can select this value if you configured the Security Model parameter with t
220. eee eine ee etre ane ee eee teaeeee eee eaaaeeeeeetaeeeeeeenaeeeeeeeeaas 342 Section V Virtual LANS seoosseosseoossossoeossoossesssesossosseosseosscesssesssoosseesssosseessessssese J Chapter 21 Port based and Tagged VLANS ecccceecceeeeeeeeeeeeeeeeeteeeeeeeeeseceeeeeeeseneaeeeeseeeeaeeeteeeaeees 345 Creating a New Port Based or Tagged VLAN cccceccteceeeeeeteeee eee eeneeeeeeeeaeeeeeeseeeeeeesieeeeeetaeeeeessieeeeenee 346 Modiin a VLANs A I T ET save R ATEA A EE AOE ET 350 Deleting a VLAN cerien E EEE E E A EREE 352 Selecting a VLAN Modai ceaiin A A e TA E EAA 353 Displaying VEAN S oeenn A A n E A Rn A R 355 Specifying a Management VLAN eoa Gi r E EE AEGEE ATA EEA AA AAEE A 357 Chapter 22 GARP VLAN Registration Protocol ueeeeeeeeeeeerisseerrrsstirrrsstrrnsstttrrsssttnrnssttennsssten nnt 359 COmhGunng GVRP nri ian a Ene AAA AL N dec ee I E RTE E E A R AEA A R Aa A 360 Enabling or Disabling GVRP on a Poft eeeeeceeeee scene ee etter tte ee eee tants eee tn EAAS eee eeaaeeeeeeeeaaeeeeeeeeaeeeseeenaeeeeeeenaas 362 Displaying the GVRP Configuration asenn ci eia tte ee renee ee eee eee eee e aaea A aa 363 Displaying the GVRP Port Configuration cccceeeeeecee eee e entree eee e entrees eee eaeeeeeeeeaeeeeeeeenaeeeeeseenaeeeeeeseneeeeeeeeaas 365 Displaying the GVRP Database rsrs arinina e rere tee erent eee errant ee a aaa eee eee naaeeee era R AKEE VETEEN AA TTE EEA 366 Displaying the GVRP State
221. eeeeeeeaaeeeeeeeaaeeeeeeenaeeeeeeaas 33 Ports 23R and 24R on the AT 9424T GB AT 9424T SP and AT 9424Ti SP Series Switches 0 08 34 Web Browser Interface Restrictions ccccceeceeeceeeeeeee eee eeeeae eee eeeaaeeeeeeeaaeeeeeeeeaeeeeeseeaaeeeseeeiaeeeseeneeeeeesenaaes 35 Chapter 2 Basic Switch Parameters 00 cccececeeeccccee cee ee cette eee eeaeaaeaeeceeeeeeeeseseacaaaaaeaeseseeeeeeeteeeeeesenaeeas 37 Configuring an IP Address and Switch Name ccccceeeeeeeeeeeeee eee ee encieee eee eeeeeeetaeeeeeeteeeeeeetieeeeenineeeenen 38 Activating the BOOTP or DHCP Client Software eee cccciceneeeeeeeeeneeeeeeeeaeeeeeeeaeeeeseeenaeeeeeeeeiaeeeeeneneeeeeneaaas 41 Displaying Syster Information x iccs sicci cessed dasccectas cad ages dadycegeataascecekasned coeguauhdyceeueiias neeotestad cease EEE 42 Configuring the Manager and Operator PasswordS ccccceeteeeeeeeeeeetee eee eetnneeee eee taeeee ee taeeeeeeniaeeeeeeniieeeene 44 REDOOUING ra SWITCH eiaa r saeiececexsbe A ee shank laden ve sas AEEA EREE EAEE ieee EE ee Seatac 46 Setting the System Date and Time gie rai roeas o r EA a OA E EEE A E E AR E 47 Pinging a Remote System w2 hsasheccesdiaatecacassdtccedissangecanvann pn ceenebsaneceaathslsaceenasadcGedee dada cecenthade ceeeahighubeate sadceedbeeidads 50 Returning the AT S63 Management Software to the Factory Default Values eeeeeeeeeeeeeteeeeeeeteneeeeeeeeee 52 Chapter 3 Enhanced Stacking ari n na
222. eeeeeenaeeeeeesieeeeenen 264 Figure 104 Modify SNMPv3 Notify Page eceeeee tenner terete reese etna eter etaeee eee teeeeeeetaeeeeeeetieeeeesieeeeeeee 266 Figure 105 SNMPv3 Target Address Table Tab Configuration 0 cccccecceceeeeeeeeeeeteneeeeeeetnieeeeeetiaeeeeee 269 Figure 106 Add New SNMPVv3 Target Address Page cccceccceeeetereeeeeeicneeeeeetineeeeeeeseeeeeetiaeeeeersiaeeeeenaa 269 Figure 107 Modify SNMPv3 Target Address Page c cccecciceeeeeetteeeeeeeticieeeeeetiieeeeeetiaeeeeeesiaeeeeeetieeeeeread 272 Figure 108 SNMPv3 Target Parameters Table Tab Configuration eccceececeeeeeeeeeeeeeeeeeeeeeaeeeeeeeneaeeees 275 Figure 109 Add New SNMPv3 Target Parameters Page cccccecceeeeseteeeeeeeteieeee eee enieeeeeeeeiieeeeeesiaeeeeeenaa 276 Figure 110 Modify SNMPv3 Target Parameter Page cccccecesceeeeeeeeecneeeeeeteneeeeeee teens eetiaeeeeessiaeeeeneaa 279 Figure 111 SNMPv3 Community Table Tab Configuration 0 ecceeeeeeeeteeeeee eerie ee eee teeeeeeeteeeeeetaeeeeerend 283 Figure 112 Add New SNMPv3 Community Page ceccceeeeeneee eee eene eee eeeaeee eee eeeeeeeetaeeeeeeteeeeeessneeeeeeaa 283 Figure 113 Modify SNMPv3 Community Page 0 ccccceceeeeeeteee eee enne sees ee teeeeeetineeeeeeeteeeeeetiaeeeeeeteeeene 286 Figure 114 SNMP Tab MOnitoring cecsceceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeceeeeeeeseceeeeeeseneaeeeeseneeeeeeeseneaeeeseeenaeeees 289
223. eeeseeneeeeeneeaas 98 Figure 28 View MAC Addresses Page ccccssccccetesenecceeseeseeceeeeseaneceesesnaeceetsnaaaeeetenaneedeesbneeeeeessneeeeeenenane 100 Chapter 7 Static Port Trunk ccsice ce cecsstcceeeevestecceeevsecceteeessecteeecevstcueaeessetendeecevstaceneesestinceeesstonceecersbaceneeeess 103 Figure 29 Port Trunking Tab Configuration 0 ccccseeeeeeeeeeeee eter eee eeeaaeeeeeeeaeeeeeeeaaeeeeeeeaeeeeeenaeeeeeeenaas 105 Figure 30 Add New Trunk Pagans pedretes ee eee tienes i iia aaas a aa daa iraan riea Atia Aeria 105 Figure 31 Modify Trunk Page sccnacinanrircnini aii ia A AA E AA aA 108 Figure 32 Port Trunking Tab Monitoring cccecceeeeeeeeee eee eecne eee ee tienes e ee eeeee eee eaeeeeeeenaeeeeeeetieeeeesiaeeeeeeen 110 Chapter 8 Port Mirroring aiiin eeann aki N a aN EREE de ATE EAEEREN E AAE AE EAA AKOE 113 Figure 33 Port Mirroring Tab Configuration jerre iiair t ea aE aE AARET LENEA RREA EA TEAR 114 Foue S4 Modly Mirror PIGE oei e E E E eae tet a 115 Figure 35 Example of a Modify Mirror Page issii irenrei sirni irentirineiaieni irra arkt isinan RRA nR Eaki ARARE R EARRA RAA GAREN ER 116 Figures Figure 36 Port Mirroring Tab MOnitoring ccccceeeeeeeseeeeeeeeeeeeeeeeeeeeeeeeeeeseeeeeeeeeceeeeeeeeeseeeeeeeeeseaeeeeseeeaeeees 120 Chapter 9 File Sy Stein ceca cccccecseceres iaa AEA EEA Aie AA ESEN EEE NEA AAEE AOA AAAA ENEE A aE 125 Figure 37 File System Tab Configuration reete rea EEE E
224. elect Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 From the Monitoring menu select the Layer 1 option The Layer 1 page is displayed with the Port Settings tab selected by default as shown in Figure 22 on page 85 3 Select the Port Mirroring tab The Port Mirroring tab is shown in Figure 36 AT 9424T SP System Name Marketing MAC Addr 00 30 84 4B EF CD Hone Por Mirroring system Total Mirrors 1 Page 1 of 1 i C yer grite Ingress Port s Egress Port s Status i O ane Figure 36 Port Mirroring Tab Monitoring The Port Mirroring tab displays a table that contains the following columns of information Mirror to Port The destination port to which the traffic is copied and where the network analyzer is located Ingress Port s The source ports whose ingress traffic is mirrored to the destination port Section Basic Features Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Egress Port s The source ports whose egress traffic is mirrored to the destination port Status The status of the mirroring feature The possible settings are Enabled Traffic is being copied to the destination port Disabled No traffic is being mirrored 121 Chapter 8 Port Mirroring 122 Section Basic Features Section IT Advanced Operations
225. en intrusion action is set to trap or disable the port discards invalid packets but it does not send a trap or disable the port MAC Limit This column specifies the maximum number of dynamic MAC addresses the port learns It only applies when a port is operating in the Limited security mode Section VI Port Security Chapter 25 802 1x Port based Network Access Control This chapter contains instructions on how to configure the 802 1x Port based Network Access Control feature on the switch The chapter contains the following sections O Setting Port Roles on page 398 o Enabling or Disabling 802 1x Port based Network Access Control on page 400 o Configuring Authenticator Port Parameters on page 401 0 Configuring Supplicant Port Parameters on page 405 o Displaying the Port based Network Access Control Parameters on page 407 o RADIUS Accounting on page 411 Note For background information on port based network access control refer to Chapter 31 802 1x Port based Network Access Control in the AT S63 Management Software Menus Interface User s Guide Section VI Port Security 397 Chapter 25 802 1x Port based Network Access Control Setting Port Roles To set port roles for port based network access control perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default
226. entries Events in this log are retained whenever the switch is reset or power cycled The following procedures explain how to view the events in the event log as well as how to enable or disable the log The procedures include This section includes the following topics Enabling or Disabling the Event Logs on page 142 Displaying Events on page 144 Clearing an Event Log on page 150 02 a 0 Saving an Event Log to a File on page 150 This procedure explains how to enable or disable the event logs on the switch If you disable the logs the AT S63 management software will not store events in its logs and will not send events to any syslog servers you might have defined The default setting for the event logs is enabled Note Allied Telesyn recommends setting the switch s date and time if you enable the event logs Otherwise the entries entered in the logs and sent to a syslog server will not have the correct date and time For instructions refer to Setting the System Date and Time on page 47 To enable or disable the event logs perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the Event Log tab Section Il Advanced Operations The Event log tab is shown in Figure 40 AT S63 Management Software Web Browser Interface User s Guide System
227. ents in an event log you want to display perform the following procedure 1 From the home page select Monitoring The System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 Note You can also display events by selecting Configuration from the home page and then the Event Log tab The tab contains the same Filter Settings and Actions section as described in this procedure 2 Select the Event Log tab 144 Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide The Event log tab is shown in Figure 41 C layeri e Configured Log Outputs as Cl LW 0 Permanent Enabled Wrap on Full C Mgmt Security O 1 Temporary Enabled Wrap on Full C Mgmt Protocols ol 3 Syslog Enabled 149 35 8 45 __Network Security _ o s5 Syslog Disabled 0 0 0 0 TI pispiayritter settings Help ewan ee C toot e Temporary RAM Normal Permanent Nvs OFull Severity Selections Module Selections D Debug SYSTEM jal cu E Error 2 W Warning Hnformation v EVTLOG MAC Display Order Chronological O Reverse Chronological Figure 41 Event Log Tab Monitoring 3 Inthe Display Filter Settings section for Log Location click one of the following Temporary Memory Displays the events stored in temporary memory This selection stores approximately 4 000 events If the switch ha
228. er the authentication password Note If you have the nonencrypted version of the AT S60 software then the Privacy Protocol field is read only Note You can only configure the Privacy Protocol if you have configured the Authentication Protocol with the MD5 or SHA values In the Privacy Protocol field enter one of the following options DES Select this value to make the DES privacy or encryption protocol the privacy protocol for this User Table entry With this selection messages transmitted between the host and the switch are encrypted with the DES protocol None Select this value if you do not want a privacy protocol for this User Table entry With this selection messages transmitted between the host and the switch are not encrypted In the Privacy Password field enter a privacy password of up to 32 alphanumeric characters In the Confirm Privacy Password field re enter the privacy password In the Storage Type field enter one of the following storage options for this User Table entry Volatile Select this storage type if you do not want the ability to save an entry in the SNMPv3 User Table After making changes to an SNMPv3 User Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 User Table After making changes to an SNMPv3 User Table Section Ill SNMP
229. eral tab selected by default as shown in Figure 5 on page 38 2 Select the Event Log tab The Event log tab is shown in Figure 40 on page 143 3 In the Log Settings section click the Clear Log checkbox 4 Click the button next to the event log you want to clear either Permanent or Temporary 5 Click Apply to activate the settings on the switch Saving an Event You can save an event log to a file to review later The file is saved as an Log to a File ASCII file in the switch s file system from where you can view it or upload it to your management workstation or a TFTP server To save an event log to a file perform the following procedure 1 From the home page select Configuration 150 Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Select the Event Log tab The Event log tab is shown in Figure 40 on page 143 In the Display Filter Settings section select the log and the type of events you want to save to the file For instructions refer to steps 3 to 7 in Displaying Events on page 144 In the Save Filename field enter a name for the file The name can be up to 16 alphanumeric characters The name must include the log file name extension Click Save The log file is saved to the switch s file system as an ASCII file
230. ermanently save your changes This option is not displayed if there are no changes to save 447 Chapter 29 Management Access Control List Deleting an ACE 448 To delete an ACE from the management ACL perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Mgmt Security option The Mgmt Security page is displayed with the Mgmt ACL tab selected by default as shown in Figure 183 on page 444 Select the ACE you want to delete from the table in the middle section of the tab and click Delete The ACE is deleted from the list To see the new list click Refresh From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section VII Management Security AT S63 Management Software Web Browser Interface User s Guide Displaying the Management Access Control List Section VII Management Security To display the management access control list and its access control entries perform the following procedure 1 From the home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select the Mgmt Security option The Mgmt Security pag
231. es the ID number for this traffic class The range is 0 to 1023 Exceed Action Specifies the action to be taken if the traffic of the traffic class exceeds the maximum bandwidth specified by the Max Bandwidth parameter The possible options are drop and remark DSCP Specifies a replacement value to write into the DSCP TOS field of the packets The range is 0 to 63 Burst Size Specifies the size of a token bucket for the traffic class The range is 4 to 512 Kbps You must also specify the Max Bandwidth Remark Priority Replaces the user priority value in the packets with the new value specified in the Priority parameter Description Specifies the traffic class description A description can be up to 15 alphanumeric characters including spaces 199 Chapter 15 Quality of Service Modifying a Traffic Class 200 Exceed Remark Value Specifies the DSCP replacement value for traffic that exceeds the maximum bandwidth This value takes precedence over the DSCP value The default is O Max Bandwidth Specifies the maximum bandwidth available for the traffic class The range is 0 to 1016 Mbps If you set this parameter to 0 zero all traffic that matches that traffic class is dropped Priority Specifies the priority value in the IEEE 802 1p tag control field that traffic belonging to this traffic class is assigned The range is 0 to 7 with 0 zero as the lowest priority Flow Group List The flow groups assigned to this
232. et Address Table Entries 0 0 0 0 ecccecceeeeeeeeeeeeeeeeeeeeeeeaaeeeeseeaaaeeeseeenaeeeeeeeenaeeeeeeenaeeeeeeaas 294 Displaying Target Parameters Table Entries 00 cccceeeeceeeeeeenneeeeeeeecaeeeeeeeaaeeeeeeeaeeeeeeeeneeeeeeeenaeeeeneaees 295 Displaying SNMPv3 Community Table Entries ccceeeceeeeeeeeeeeeeeeneeeeeeeeaeeeeeeeaaeeeeeeeaaeeeeeeeedeeeeeneas 296 Section IV Spanning Tree Protocols ccccsscscscrsccessccssesccsscscscesecssssccsseees DOO Chapter 19 Spanning Tree and Rapid Spanning Tree Protocols ccccccceeeeeeeeceeceeeeeeeeeteeeeneees 301 Enabling or Disabling a Spanning Tree Protocol 0 eceececeeeeeeeee eee eeeeeeeeeeeeeeeeeeeeeseeeeeeeeeeeeeeeeeeeseeeaaeeeeeenaneees 302 COnMGUNING STP 325 aest2 a A T T tected as 304 Displaying the STP Settings rnain a aR E A E E EEE ERT 308 Resetting STP to the Default SettingS ooro irea a EAEE AET R E 311 Contouring RST P eerie a E E A EAE EA EAEAN 312 Resetting RSTP to the Default Settings s asesseseesssrressesrreessrinnesennnnaestnannedentnnnanttnnnadttnnadusdnaneeuttannaennaa 316 Displaying RSTP Settings otera ar hecceek AARE E EE EEE ae ena adacdeeh anderen 316 Chapter 20 Multiple Spanning Tree Protocol cccccccceceeeeeeeeeeeceneecaeeeeeeeeeeseeseceeaesaeeeeeeeeeeeeeneees 319 Enabling MST P narrisid iriri Seve teenie beeen idee Bandi ae lta Bee Oa eed el 320 Configuring MSTP earra eect a EAT E Recetas ate cnse a
233. f GARP PDUs received by this GARP application Transmit Total GARP Packets Total number of GARP PDUs transmitted by this GARP application Packets Receive Discarded GARP Disabled Receive Invalid GARP Number of invalid GARP PDUs received by this GARP application Number of received GARP PDUs discarded because the GARP application was disabled Transmit Discarded GARP Disabled Number of GARP PDUs discarded because the GARP application was disabled This counter is incremented when ports are added to or deleted from the GARP application arising from port movements in the underlying VLAN or STP Receive Discarded Port Not Listening Number of GARP PDUs discarded because the port that received the PDUs was not listening that is MODE NONE was set on the port Transmit Discarded Port Not Sending Number of GARP PDUs discarded because the port that the PDUs were to be transmitted on was not sending that is MODE NONE was set on the port Receive Discarded Invalid Port Number of GARP PDUs discarded because the port that received the PDU does not belong to the GARP application Receive Discarded Invalid Protocol Number of GARP PDUs discarded because the GARP PDU contained an invalid protocol Receive Discarded Invalid Format Number of GARP PDUs discarded because the format of the GARP PDU was not recognized Receive Discarded Database Full Number of GARP PDUs d
234. f a port refer to Setting Port Roles on page 398 Click Settings The Supplicant Parameters page is shown in Figure 164 Auth Period Held Period 3 60 Max Start Start Period 3 30 User Name User Password Figure 165 Supplicant Parameters Page 405 Chapter 25 802 1x Port based Network Access Control 406 6 Configure the following parameters as needed Auth Period Specifies the period of time in seconds that the supplicant waits for a reply from the authenticator after sending an EAP Response frame The range is 1 to 60 seconds The default is 30 seconds Held Period Specifies the amount of time in seconds the supplicant is to refrain from retrying to re contact the authenticator in the event the end user provides an invalid username and or password After the time period has expired the supplicant can attempt to log on again The range is 0 to 65 535 seconds The default value is 60 seconds Max Start Specifies the maximum number of times the supplicant sends EAPOL Start frames before assuming that there is no authenticator present The range is 1 to 10 The default is 3 Start Period Specifies the time period in seconds between successive attempts by the supplicant to establish contact with an authenticator when there is no reply The range is 1 to 60 The default is 30 User Name Specifies the username for the switch port The port sends the name to the authentication ser
235. f the Subnet Mask parameter is dependent on the subtree you select For example if you configure the View Subtree parameter as MIB ifEntry 0 3 it has the following value 1 3 6 1 2 1 2 2 1 0 3 To restrict the user s view to the third row all columns of the MIB ifEntry 0 3 enter the following value for the Subtree Mask parameter ff bf Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide 6 Inthe View Type field enter one of the following view types Included Enter this value to permit the View Name to see the subtree specified above Excluded Enter this value to not permit the View Name to see the subtree specified above 7 Inthe Storage Type field enter a storage type for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Target Parameters Table After making changes to an Target Parameters Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonvVolatile Select this storage type if you want the ability to save an entry in the View Table After making changes to a View Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 View Table entry takes effect
236. fault Settings in the AT S63 Management Software Menus Interface User s Guide To return the AT S63 management software to the default settings perform the following procedure 1 From the home page select Configuration The Configuring System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Utilities option The Utilities page is displayed with the System Utilities tab selected by default as shown in Figure 10 Utilities System Name Marketing MAC Addr 00 30 84 AB EF System Utilities Reset to Factory Defaults cD C Reboot Switch After Resetting to Defaults TFTP File Uploads and Downloads TFTP Server IP Address 0 o 10 0 TFTP Remote Filename TFTP FileType Image Config set default amp reboot O File TFTP Operation Download Upload TFTP Local Filename Figure 10 System Utilities Tab Configuration 3 Click the Reboot Switch After Resetting to Defaults checkbox 4 Click Apply The web browser displays the following prompt This page may no longer be available while the switch reboots Do you want to continue 53 Chapter 2 Basic Switch Parameters 54 5 Click OK to continue or Cancel to cancel the procedure If you select OK the switch resets and returns all values to the default settings After the reset is complete you must
237. figuration Click the port in the graphical switch image that you want to configure The selected port turns white You can select more than one port at a time to configure To deselect a port click it again Click Modify To configure all the ports click Modify All Note If you select Modify All you cannot configure the port name or set the speed and duplex mode The speed and duplex mode are set to autonegotiate Section Basic Operations Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide The Port Configuration page is shown Figure 21 T_Portconfiguraton 5 Name Port_05 Speed and Duplex S Auto Negotiate iv Ingress Broadcast Filter Status _ Enabled v MDIMDIX Crossover Auto M Egress Broadcast Filter Disabled v Disabled Ingress Unknown Unicast Filter Egress Unknown Unicast Filter Disabled Disabled v Ingress Unknown Multicast Filter Egress Unknown Multicast Filter Disabled v Disabled v Flow Control Back Pressure Disabled Disabled Flow Control Back Pressure Limit HOL Blocking 7935 1 7935 Cells 682 0 8191 Cells Broadcast Rate Disabled v 262143 0 262143 Pkts Sec Unknown Unicast Rate Limiting Unknown Unicast Rate Disabled v 262143 0 262143 Pkts Sec Multicast Rate Limiting Multicast Rate Disabled v 262143 0 262143 Pkts Sec Figure 21 Port Configuration Page
238. figure the following parameters as necessary Bridge Priority The priority number for the bridge This number is used in determining the root bridge for RSTP The bridge with the lowest priority number is selected as the root bridge If two or more bridges have the same priority value the bridge with the numerically lowest MAC address becomes the root bridge When a root bridge goes off line the bridge with the next priority number automatically takes over as the root bridge This parameter can be from 0 zero to 61 440 in increments of Section IV Spanning Tree Protocols 305 Chapter 19 Spanning Tree and Rapid Spanning Tree Protocols 306 4096 with 0 being the highest priority For a list of the increments refer to Table 6 Table 6 Bridge Priority Value Increments Increment sad Increment plony 0 0 8 32768 1 4096 9 36864 2 8192 10 40960 3 12288 11 45056 4 16384 12 49152 5 20480 13 53248 6 24576 14 57344 7 28672 15 61440 Bridge Hello Time The time interval between generating and sending configuration messages by the bridge This parameter can be from 1 to 10 seconds The default is 2 seconds Bridge Forwarding Delay The waiting period in seconds before a bridge changes to a new state for example becomes the new root bridge after the topology changes If the bridge transitions too soon not all links may have yet adapted to the change resulting in network loops The ra
239. following procedure From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 on page 94 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 124 on page 303 4 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 136 Section IV Spanning Tree Protocols AT S63 Management Software Web Browser Interface User s Guide Layer 2 AT 9424T SP Spanning Tree Configure MSTP Parameters Force Version O Force STP Compatible MSTP Bridge Max Age 6 40 Bridge Hello Time 1 10 20 2 J Bridge Max Hops 1 40 Bridge Forwarding 4 30 20 15 J Revision Level 0 255 Configuration Name Configure CIST Parameters CIST Priority 0 15 8 4096 32768 CIST MSTI Table Total CIST MSTIs 1 Page 1of 1 CISTMSTI ID VLAN Associations C Section IV Spanning Tree Protocols Figure 136 Configure MSTP Parameters Tab Configuration Note This procedure explains the Configure MSTP Parameters section of the page The CIST MSTI Table is explained in Adding Removing or Modifying VLAN Associations to MSTIs on page 330 The graphic image of the switch is described in Configuring MSTP Port Par
240. ftware Menus Interface User s Guide 345 Chapter 21 Port based and Tagged VLANs Creating a New Port Based or Tagged VLAN To create a new port based or tagged VLAN perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 123 on page 302 3 Select the VLAN tab The VLAN tab is shown in Figure 143 Home PFA C yei e VLAN Configuration VLAN Mode Mgmt VLAN ID Mgmt Security User Configured x 1 C Mgmt Protocols Uplink Port utilities Total VLANs 2 Page 1of 1 ence __tegout VLAN ID Client Name Uplink Port Protocol Tagged T Untagged U Ports 1 Default_VLAN NA Port Based None U 1 24 O 2 test Port Based None T 5 6 Figure 143 VLAN Tab Configuration Note The Modify and Remove buttons are not shown in the tab if the only VLAN on the switch is the Default_VLAN 346 Secton V Virtual LANs Secton V Virtual LANs AT S63 Management Software Web Browser Interface User s Guide The VLAN Mode and Uplink Port options are explained in Selecting a VLAN Mode on page 353 The Mgmt VLAN ID option is explained in Specifying a Management VLAN on page 357 The tab disp
241. g a Web Browser Management Session 36 Section Basic Operations Chapter 2 Basic Switch Parameters This chapter contains the following sections Configuring an IP Address and Switch Name on page 38 Activating the BOOTP or DHCP Client Software on page 41 Displaying System Information on page 42 Configuring the Manager and Operator Passwords on page 44 Rebooting a Switch on page 46 Setting the System Date and Time on page 47 Pinging a Remote System on page 50 o2 a aoauanuaunua a Returning the AT S63 Management Software to the Factory Default Values on page 52 Section Basic Operations 37 Chapter 2 Basic Switch Parameters Configuring an IP Address and Switch Name Note For guidelines about when to assign an IP address subnet address and gateway address to an AT 9400 Series switch refer to When Does a Switch Need an IP Address in Chapter 3 Basic Switch Parameters in the AT S63 Management Software Menus Interface User s Guide To set basic switch parameters for an AT 9400 Series switch perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 es a e L ayer2 System Name IP Address Mam Seery SETE a jsi C Mgmt Protocols Administrator Subnet Mask Ralph 2
242. g is enabled No check in the box means that updating is disabled Update Interval Specifies the intervals at which the switch sends interim accounting updates to the RADIUS server The range is 30 to 300 seconds The default is 60 seconds 5 Click Apply Changes to the accounting settings are immediately implemented on the switch 6 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Displaying the To display the RADIUS accounting settings perform the following RADIUS procedure Accounting 41 From the home page select Monitoring Settings The System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 From the Monitoring menu select the Network Security option The Network Security page is displayed with the Port Security tab selected by default as shown in Figure 160 on page 395 3 Select the 802 1x Port Access tab 412 Section VI Port Security AT S63 Management Software Web Browser Interface User s Guide The 802 1x Port Access tab is shown in Figure 170 Network Security System Name Marketing MAC Addr 00 30 84 A4B EF CD 802 1x Port Access Port Access Parameters Port Access is Disabled Authentication Method RADIUS EAP RADIUS Accounting Accounting Trigger Type Disabled Start_Stop Port Number Type 1813 Network Accounting U
243. h to its default values does not alter the contents of the active boot configuration file To reset the file back to the default settings you must select Save Config from the menu after the switch reboots and you reestablish your management session Otherwise the switch reverts back to the previous configuration the next time you reset or power cycle the unit O The speed of the Terminal Port on the switch is not changed Please note the following when performing this procedure on a master switch of an enhanced stack O You will not be able to reestablish your web browser management session on the unit at the completion of this procedure because the unit will not have an IP address and its stacking status will be slave the default setting Unless there is another master switch in the same subnet you must use a local management session if you want to continue managing the switch at the completion of this procedure O The management VLAN setting is returned to Default_VLAN A Caution This procedure involves a switch reset Some network traffic may be lost while the unit initializes its management software and loads the default configuration settings a process that takes approximately 20 seconds to complete 52 Section l Basic Operations Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Note The AT S63 management software default values are listed in Appendix A AT S63 De
244. hanged the active spanning tree protocol the switch resets and your management session is ended To continue managing the switch you must restart your management session after the switch is finished reloading the AT S63 management software 7 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 8 If you activated STP go to Configuring STP on page 304 If you activated RSTP go to Configuring RSTP on page 312 If you activated MSTP go to Configuring MSTP on page 322 Section IV Spanning Tree Protocols 321 Chapter 20 Multiple Spanning Tree Protocol Configuring MSTP Configuring MSTP Parameters 322 This section contains the following procedures Configuring MSTP Parameters next Configuring the CIST Priority on page 325 Creating Deleting or Modifying MSTI IDs on page 326 OQ 0 0 Adding Removing or Modifying VLAN Associations to MSTIs on page 330 0 Configuring MSTP Port Parameters on page 333 Note MSTP must be selected as the active spanning tree protocol on the switch before you can configure it For instructions on selecting the active spanning tree refer to Enabling MSTP on page 320 Note When MSTP is enabled the GVRP tab is not shown on the Configuration or Monitoring Layer 2 page To configure MSTP parameters perform the
245. he SNMPv3 protocol Privacy This option represents authentication and the privacy protocol Select this security level to allow authentication and encryption This level provides the greatest level of security You can select this value if you configured the Security Model parameter with the SNMPv3 protocol 277 Chapter 18 SNMPv3 Deleting a Target Parameters Table 278 Entry 10 11 12 In the Storage Type parameter select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Target Parameters Table After making changes to a Target Parameters Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonVolatile Select this storage type if you want the ability to save an entry in the Target Parameters Table After making changes to a Target Parameters Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Target Parameters Table entry takes effect immediately Click Apply to update the SNMPv3 Target Parameters Table From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there ar
246. he possible settings are None The port is not to participate in port based access control This is the default setting Authenticator The port is to function as an authenticator This is the appropriate setting if the port is connected to a supplicant Supplicant The port is to function as an supplicant This is the appropriate setting if the port is connected to an authenticator Click Apply The new role is immediately implemented on the port To enable or disable port based access control go to Enabling or Disabling 802 1x Port based Network Access Control on page 400 Then to configure authenticator port settings go to Configuring Authenticator Port Parameters on page 401 To configure supplicant port settings go to Configuring Supplicant Port Parameters on page 405 399 Chapter 25 802 1x Port based Network Access Control Enabling or Disabling 802 1x Port based Network Access Control To enable or disable 802 1x Port based Network Access Control perform the following procedure 1 400 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Network Security option The Network Security page opens with the Port Security tab selected by default as shown in Figure 158 on page 392 Select the 802 1x Port Access tab The 802 1x Port Access tab is shown in Figu
247. icast Hosts List is shown in Figure 86 T View uticastroststise O O O O Total Multicast Groups 4 Page 1 of 1 Multicast Group VLAN ID Member Port Hoste status 01 00 5E 00 01 01 1 6 172 16 10 51 Active 01 00 5E 7F FF FA 1 5 149 35 200 75 Active 149 35 200 65 Active 01 00 5E 00 00 02 1 17 149 35 200 69 Active 01 00 5E 00 00 09 1 14 149 35 200 61 Active Figure 86 View Multicast Hosts List Page The View Multicast Hosts List page displays a table that contains the following columns of information Multicast Group The multicast address of the group VLAN ID The VID of the VLAN in which the port is an untagged member Member Port The port s on the switch to which one or more host nodes of the multicast group are connected Host IP The IP address es of the host node s connected to the port Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide Status Indicates IGMP group status of the port The possible settings are Active The port is active in the IGMP group Left Group The port is not active in the IGMP group Section Il Advanced Operations 225 Chapter 17 IGMP Snooping Displaying a List of Multicast Routers 226 To view multicast routers perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on
248. icast and multicast MAC addresses Added the following new parameters to The web browser interface supports the management Quality of Service Flow Groups and Traffic Classes QoS flow groups and traffic classes of flow groups and traffic classes as explained in Chapter 15 Quality of Service on page 191 but not the new parameters The new parameters are supported in the menus and command line interfaces O ToS parameter for replacing the Type of Service field of IPv4 packets O Move ToS to Priority parameter for replacing the value in the 802 1p priority field with the value in the ToS priority field on IPv4 packets O Move Priority to ToS parameter for replacing the value in the ToS priority field with the 802 1p priority field on IPv4 packets 22 AT S63 Management Software Web Browser Interface User s Guide Table 1 New Features in AT S63 Version 1 2 0 Change Chapter and Procedure O Quality of Service Policies Added the following new parameters to The web browser interface supports the management QoS policies of policies as explained in Chapter 15 Quality of o ToS Move ToS to Priority and Service on page 191 but not the new parameters The new parameters are supported in the menus and Move Priority to ToS as defined ae command line interfaces above O Send to Mirror Port parameter for copying traffic to a destination mirror port This parameter ap
249. iew Target Parameters Table Oview Community Table Figure 114 SNMP Tab Monitoring 4 Inthe SNMPv3 section click the button next to View User Table and then click View at the bottom of the tab Section Ill SNMPv3 289 Chapter 18 SNMPv3 The SNMPv3 User Table tab is shown in Figure 115 stem Name Marketing r 00 30 84 4B EF CD SNMPv3 User Table Total Entries 2 Page lof 1 Authentication Privacy Protocol Protocol blaze SHA DES Nonvolatile Active summer MD5 DES Nonvolatile Active storlye Type Row Status User Name Mgmt Protocols Figure 115 SNMPv3 User Table Tab Monitoring Displaying View To display entries in the SNMPv3 View Table perform the following Table Entries Procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 Select the SNMP tab The SNMP tab is shown in Figure 114 on page 289 3 In the SNMPv3 section click the button next to View View Table and then click View at the bottom of the tab 290 Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide The SNMPv3 View Table tab is shown in Figure 116 SNMPvs3 View Table Total Entries 6 Page 1 of 2 SubTree SubTree OID Mask 1 3 6 1 2 Excluded Nonvolatile View Name View Type Storage Type Row Status Mgmt Protocols
250. ify Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 In the SNMPv3 section click the button next to Configure Notify Table and then click Configure at the bottom of the tab 265 Chapter 18 SNMPv3 266 Modifying a Notify Table Entry The SNMPv3 Notify Table tab is shown in Figure 102 on page 264 Click the button next to the Notify Table entry that you want to delete and then click Remove A warning message is displayed Click OK From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save To modify an entry in the SNMPv3 Notify Table perform the following procedure 1 5 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 In the SNMPv3 section click the button next to Configure Notify Table and then click Configure at the bottom of the tab The SNMPv3 Notify Table tab is shown in Figure 102 on page 264 Click the button next to the table entry that you want to change and then click Modify The Modify
251. iguration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Network Security option The Network Security page opens with the Port Security tab selected by default as shown in Figure 158 Network Security Figure 158 Port Security Tab Configuration 3 Inthe graphical image of the switch click the ports you want to configure and click Modify The Security for Ports page is shown in Figure 161 Security Mode Intruder Action Participating MAC Limit Automatic Discard No No Limit Security Mode Automatic v Figure 159 Security for Ports Page Configuration 392 Section VI Port Security Section VI Port Security AT S63 Management Software Web Browser Interface User s Guide 4 From the Security Mode pull down menu select the desired port security level for the port Options are Automatic Disables port security on a port This is the default setting Limited Allows you to specify a maximum number of dynamic source MAC addresses a port can learn Once a port has learned its maximum number it will not learn any new addresses and will only accept frames from the source nodes of the learned addresses A dynamic MAC address learned on a port operating in the Limited security mode never times out from the MAC address table even when the corresponding end node is inactive
252. iguring Traffic Classes next Modifying a Traffic Class on page 200 Deleting a Traffic Class on page 202 Displaying the Traffic Classes on page 202 To configure a traffic class perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Services option The Services page is displayed with the CoS tab selected by default as shown in Figure 59 on page 182 Select the Traffic Class tab The Traffic Class tab is shown in Figure 70 Services y m Name Marketing dr 00 30 84 AB EF CD Traffic Class Current Traffic Classes ID Description Active Parent Policy ID Flow Group List 0 test Yes 0 O 11 Test No 12 test No Figure 70 Traffic Class Tab Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide 4 Click Create The Create Traffic Class page is shown in Figure 71 Greate Trafficcess ID Description 0 1023 Exceed Action Exceed Remark value DROP x 0 0 63 DSCP Value Max Bandwidth 0 63 0 1016 Burst Size Priority 4 512 0 7 Remark Priority Flow Group List No x 0 _ 1 23 Figure 71 Create Traffic Class Page 5 Configure the following parameters ID Specifi
253. iguring the SNMPv3 Target Parameters Table You can create delete and modify an SNMPv3 Target Parameters Table entry See the following procedures o Creating a Target Address Table Entry on page 268 o Deleting a Target Address Table Entry on page 271 o Modifying Target Address Table Entry on page 272 For reference information about the SNMPv3 Target Parameters Table see Chapter 22 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide Creating a Target To create an entry in the SNMPv3 Target Parameters Table perform the Parameters Table following procedure Entry 4 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 3 In the SNMPv3 section click the button next to Configure Target Parameters Table and then click Configure at the bottom of the tab The SNMPv3 Target Parameters Table tab is shown in Figure 108 AT 9424T SP SNMPv3 Target Parameters Table Total Entries 3 Page lof 1 Security Security Security Storage Row Model Name Level Type Status Message Params Name Processing Model snmpv3manager120 v3 hoa AuthNoPriv NonVolatile Active Mgmt Protocols O snmpv3manager220 v3 luke AuthPriy NonVolatile Active O snmpv3manager330 v3 chitra AuthPriv NonVolatile
254. ile system to a TFTP server on your network using the web browser interface You can upload any of the following files OQ 0 0 Boot configuration file Public encryption key CA enrollment request Event log file Note The public key and CA enrollment request are supported only on the version of AT S63 management software that features SSL PKI and SSH security Note the following before you begin this procedure m m You must use TFTP to upload a file from a web browser management session There must be a node on your network that contains the TFTP server software You should start the TFTP server before you begin the upload procedure The switch from which you are uploading a file must have an IP address and subnet mask such as a master switch of an enhanced stack If the switch does not have an IP address such as a slave switch you can upload the file from a local management session of the switch using Xmodem For instructions refer to the AT S63 Management Software Menus Interface User s Guide You cannot upload a file from a compact flash memory card using the web browser interface To upload a file perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Utilities option The Utilities page is displayed with the System Uti
255. immediately 8 Click Apply 9 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section Ill SNMPv3 249 Chapter 18 SNMPv3 Configuring the SNMPv3 Access Table Creating an Access Table 250 You can create delete and modify an SNMPv3 Access Table entry See the following procedures Oo Creating an Access Table on page 250 O Deleting an Access Table Entry on page 253 o Modifying an Access Table Entry on page 254 For information about the SNMPv3 Access Table see Chapter 22 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide To create an entry in the SNMPv3 Access Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 3 In the SNMPv3 section click the button next to Configure Access Table and then click Configure at the bottom of the tab The SNMPv3 Access Table tab is shown in Figure 96 AT 9424T SP System Name Marketing MAC Addr 00 30 84 4B EF CD SNMPv3 Access Table Total Entries 6 Page 2 of 6 Group Name Security Model testengineering v3 Security Level Context Prefix AuthPriv Mgmt Protocols
256. in the chapter include o Enabling or Disabling a Spanning Tree Protocol on page 302 o Configuring STP on page 304 0 Configuring RSTP on page 312 Note For background information on spanning tree refer to Chapter 23 Spanning Tree and Rapid Spanning Tree Protocols in the AT S63 Management Software Menus Interface User s Guide Multiple Spanning Tree Protocol MSTP is described in Chapter 20 Multiple Spanning Tree Protocol on page 319 Section IV Spanning Tree Protocols 301 Chapter 19 Spanning Tree and Rapid Spanning Tree Protocols Enabling or Disabling a Spanning Tree Protocol To enable or disable spanning tree on the switch perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 123 Layer 2 AT 9424T SP MAC Address View Add Unicast MAC Addresses View All View MAC Addresses on Port s View Static View MAC Addresses for VLAN O View Dynamic O View MAC Address View Add Multicast MAC Addresses O View All View MAC Addresses on Port s View Static O View MAC Addresses for VLAN O View Dynamic O View MAC Address Delete All Dynamic MA
257. ing a Policy Displaying Policies 210 Egress Port Specifies the egress port to which the policy is to be assigned A port can be an egress port of only one policy at a time Redirect Port Specifies the port to which the classified traffic from the ingress ports is redirected Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save To delete a policy perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Services option The Services page is displayed with the CoS tab selected by default as shown in Figure 59 on page 182 Select the Policies tab The Policies tab is shown in Figure 75 on page 206 Do one of the following 0 Select a policy from the list and click Delete 0 Click Purge to delete all the policies To display the policies perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select Services The Services menu is displayed with the CoS tab selected by default as shown in Figure 62 on page 188 3 Select the Policies tab Section Il Advanced Opera
258. ing a Web Browser Management Session Section Basic Operations This chapter contains the procedure for starting using and quitting a web browser management session on an AT 9400 Series switch Sections in the chapter include o Establishing a Remote Connection to Use the Web Browser Interface on page 28 Web Browser Tools on page 31 Saving Your Parameter Changes on page 32 Quitting a Web Browser Management Session on page 33 Ports 23R and 24R on the AT 9424T GB AT 9424T SP and AT 9424Ti SP Series Switches on page 34 o Web Browser Interface Restrictions on page 35 g g o g 27 Chapter 1 Starting a Web Browser Management Session Establishing a Remote Connection to Use the Web Browser Interface To establish a web browser management session with an AT 9400 Series switch the switch must be part of an enhanced stack or it must have an IP address and subnet mask If the switch is part of an enhanced stack such as a slave switch start the web browser management session on the stack s master switch After you have started the session you can access and manage all of the switches in the stack from the master switch If the switch is not part of an enhanced stack and does not have an IP address and you want to manage it with the web browser interface you must give it an IP address This is initially assigned through a local connection to the switch using the Terminal Port on
259. ing each switch a name Names make it easier for you to identify the various switches when you manage them and they can help you avoid performing a configuration procedure on the wrong switch Administrator This parameter specifies the name of the network administrator responsible for managing the switch The name can be from 1 to 20 characters It can include spaces and special characters such as dashes and asterisks The default is no name This parameter is optional Comments This parameter specifies the location of the switch for example 4th Floor rm 402B The location can be from 1 to 20 characters The location can include spaces and special characters such as dashes and asterisks The default is no location This parameter is optional 39 Chapter 2 Basic Switch Parameters 40 Note The following three parameters are used to manually assign the switch an IP address subnet mask and default gateway An alternative method to configuring these parameters is with a DHCP or BOOTP server which can assign values to these parameters automatically See Activating the BOOTP or DHCP Client Software on page 41 and information in Chapter 3 Basic Switch Parameters in the AT S63 Management Software Menus Interface User s Guide IP Address This parameter specifies the IP address of the switch You must specify an IP address if you want the switch to function as the Master switch of an enhanced stack The
260. ing new addresses after the table reaches maximum capacity 3 Click Apply 4 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 101 Chapter 6 MAC Address Table 102 Section Basic Operations Chapter 7 Static Port Trunks Section Basic Operations This chapter contains the procedure for creating modifying or deleting a static port trunk The sections in this chapter are Creating a Static Port Trunk on page 104 Modifying a Static Port Trunk on page 107 Deleting a Port Trunk on page 109 OQ 00 Displaying the Port Trunks on page 110 Note For background information on static port trunking refer to Chapter 8 Static and LACP Port Trunks in the AT S63 Management Software Menus Interface User s Guide 103 Chapter 7 Static Port Trunks Creating a Static Port Trunk AN Caution Do not connect the cables of a port trunk to the ports on the switch until after you have configured the ports on both the switch and the end node Connecting the cables prior to configuring the ports can create loops in your network topology Loops can result in broadcast storms which can adversely effect the operation of your network Note Before creating a static port trunk examine the speed duplex mode and flow control settings of the lowest numbered port that will be
261. ing selected the switch continues sending multicast packets out a port even after it receives a leave request from a host node on the port This ensures that the remaining active host nodes on the port continue to receive the multicast packets Only after all of the host nodes connected to a switch port have transmitted leave requests or have timed out does the switch stop sending multicast packets out the port If a switch has a mixture of host nodes that is some connected directly to the switch and others through an Ethernet hub you should select the Intermediate Multi Host Port selection Multicast Router Ports Mode Specifies whether the router ports are determined automatically or if you enter them manually If you want the switch to determine the ports automatically select Auto Detect which is the default To enter them yourself click Manual Select and enter the ports in the field Host Router Timeout Interval Specifies the time period in seconds after which the switch determines that a host node has become inactive An inactive host node is a node that has not sent an IGMP report during the specified time interval The range is from 1 second to 86 400 seconds 24 hours The default is 260 seconds This parameter also specifies the time interval used by the switch in determining whether a multicast router is still active The switch makes the determination by watching for queries from the router If the switch does not detect an
262. ins a command for assigning the switch a specific IP address it should not be downloaded onto more than one switch Otherwise the same IP address will be assigned to more than one switch This procedure gives you the option of downloading the file as the active boot file for the switch in which case the switch automatically designates it as its active boot file or just into the file system If you choose the latter you can designate the file as the switch s active boot file manually at a later time 135 Chapter 10 File Downloads and Uploads 136 A Caution Downloading a configuration file as the switch s new active boot configuration file will cause a switch reset Some network traffic may be lost To download a file perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Utilities option The Utilities page is displayed with the System Utilities tab selected by default as shown in Figure 39 Utilities System Utilities Reset to Factory Defaults C Reboot Switch After Resetting to Defaults TFTP File Uploads and Downloads TFTP Server IP Address TFTP Operation 0 0 0 Jo Download Upload TFTP Remote Filename TFTP Local Filename TFTP FileType Image Config set default amp reboot O File
263. ion when you are finished managing a switch For instructions see Quitting a Web Browser Management Session on page 33 Logging out prevents unauthorized individuals from making changes to a switch s configuration if you leave your management station unattended Also as long as you are logged in no one else can access the switch through another local or remote connection If you close your web browser without logging out the switch considers the management session as still in progress and will not permit the start of another management session until the expiration of the console timer The timer is used to end inactive local and remote management sessions The default setting for the timer is ten minutes The console timer can be set from the menus or the command line interface but not from the web browser interface Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Web Browser Tools You can use the web browser tools to move around the management pages Selecting Back on your browser s toolbar returns you to the previous display You can also use the browser s bookmark feature to save the link to the switch Section I Basic Operations 31 Chapter 1 Starting a Web Browser Management Session Saving Your Parameter Changes 32 When you make a change to a switch parameter the change is in most cases immediately activated as soon as you click the Apply button on the web
264. ion V Virtual LANs Section V Virtual LANs AT S63 Management Software Web Browser Interface User s Guide Leave Time Use this parameter to specify the leave time The range is 30 to 80 centiseconds and the default is 60 centiseconds Join Time Use this parameter to specify the join time The range is 10 to 60 centiseconds and the default is 20 centiseconds Enable GIP Click to enable GIP which is required to propagate VLAN information among the ports of the switch Leave All Time The range is 500 to 300 centiseconds and the default is 1000 centiseconds Click Apply Configuration changes are immediately activated on the switch From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 361 Chapter 22 GARP VLAN Registration Protocol Enabling or Disabling GVRP on a Port To enable or disable GVRP on a port perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 25 on page 94 Select the GVRP tab The GVRP tab is shown in Figure 146 on page 360 In the GVRP Port Configuration section click the ports that you want to configure
265. is displayed You can now manage the switch Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Returning to the Master Switch Section I Basic Operations When you are finished managing a slave switch and want to manage another switch in the stack return to the Home page of the switch and select Disconnect from the menu This returns you to the Enhanced Stacking page in Figure 12 on page 59 When you see that page you are again addressing the master switch from which you started the management session You can select another switch in the list to manage or if you want to manage the master switch select Home to return to the master switch s home page 61 Chapter 3 Enhanced Stacking Displaying the Enhanced Stacking Status To display the enhanced stacking status of the switch perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 From the Monitoring menu select the Mgmt Protocols option The Mgmt Protocols page is displayed with the Server based Authentication tab selected by default as shown in Figure 179 on page 436 3 Select the Enhanced Stacking tab The Enhanced Stacking tab is shown Figure 13 Enhanced Stacking The current switch mode is Master Mgmt Protocols Figure 13 Enhan
266. iscarded because the database for the GARP application was full that is the maximum number of attributes for the GARP application is in use Receive GARP Messages LeaveAll Number of GARP LeaveAll messages received by the GARP application Transmit GARP Messages LeaveAll Number of GARP LeaveAll messages transmitted by the GARP application Section V Virtual LANs 371 Chapter 22 GARP VLAN Registration Protocol 372 Table 13 GVRP Counters Continued Parameter Meaning Receive GARP Messages JoinEmpty Total number of GARP JoinEmpty messages received for all attributes in the GARP application Transmit GARP Messages JoinEmpty Total number of GARP JoinEmpty messages transmitted for all attributes in the GARP application Receive GARP Messages JoinIn Total number of GARP JoinIn messages received for all attributes in the GARP application Transmit GARP Messages JoinIn Total number of GARP JoinIn messages transmitted for all attributes in the GARP application Receive GARP Total number of GARP LeaveEmpty messages Messages received for all attributes in the GARP LeaveEmpty application Transmit GARP Total number of GARP LeaveEmpty messages Messages transmitted for all attributes in the GARP LeaveEmpty application Receive GARP Messages Leaveln Total number of GARP Leaveln messages received for all attributes in the GARP application Tra
267. ived 45 Multicast Frames Sent 72 Frames 64 Bytes 211 Frames 65 127 Byte 348 Frames 128 255 Bytes 105 Frames 256 511 Bytes 33 Frames 512 1023 Bytes 19 Frames 1024 1518 Bytes 147 Frames 1519 1522 Bytes 0 Dropped Frames CRC Error Jabber No of Rx Errors No of Tx Errors UnderSize Frames OverSize Frames Fragments TX Collisions Figure 24 Port Statistics Page The Port Statistics page displays a table that contains the following columns of information Bytes Received Number of bytes received on the port 89 Chapter 5 Port Parameters 90 Bytes Sent Number of bytes transmitted from the port Frames Received Number of frames received on the port Frames Sent Number of frames transmitted from the port Broadcast Frames Received Number of broadcast frames received on the port Broadcast Frames Sent Number of broadcast frames transmitted from the port Multicast Frames Received Number of multicast frames received on the port Multicast Frames Sent Number of multicast frames transmitted from the port Frames 64 Bytes Frames 65 127 Bytes Frames 128 255 Bytes Frames 256 511 Bytes Frames 512 1023 Bytes Frames 1024 1518 Bytes Frames 1519 1522 Number of frames transmitted from the port grouped by size CRC Error Number of frames with a cyclic redundancy check CRC error but with the proper length 64 1518 bytes received on the port Jabber Number of occurrences of corrupted dat
268. l encryption item in accordance with the Export Administration Regulations 15 C F R Part 730 772 promulgated by the U S Department of Commerce and conditionally may be exported in accordance with the pertinent terms of License Exception ENC described in 15 C F R Part 740 17 In no case may it be exported to Cuba Iran Iraq Libya North Korea Sudan or Syria If you wish to transfer this software outside the United States or Canada please contact your local Allied Telesyn sales representative for current information on this product s export status Preface How This Guide is Organized This guide is organized into the following sections Section Basic Operations The chapters in this section explain how to start a management session and perform basic tasks including how to configure port parameters set up SNMPv1 and SNMPv2c access enhanced stacking and create port trunks and a port mirror O Section Il Advanced Operations This section includes information about the file system uploading and downloading files using the event log and working with classifiers Quality of Service IGMP and Denial or Service prevention O Section Ill SNMPv3 The chapter in this section contains the procedures for configuring SNMPv3 O Section IV Spanning Tree Protocols The chapters in this section contain the procedures for configuring the Spanning Tree Rapid Spanning Tree and Multiple Spanning Tree Protocols
269. lays a table that contains the following columns of information Port The port number PortCtrl The port control setting The possible settings are Force authorized 802 1x port based authentication is disabled Force unauthorized The port is in an unauthorized state ignoring attempts by the client to authenticate Auto 802 1x port based authentication is enabled QuietP The number of seconds the port remains in a quiet state following a failed authentication exchange with the client TxP The number of seconds that the switch waits for a response to an EAP Request packet identity packet from the client before retransmitting the request ReAuthP The frequency of the periodic reauthentication of the client 409 Chapter 25 802 1x Port based Network Access Control 410 SuppTO The switch to client retransmission time for the EAP Request packet MaxReq The maximum number of times that the switch retransmits an EAP Request packet to the client before it times out the authentication session For supplicant port s the Supplicant Port Parameters Page is displayed as shown in Figure 169 Total Ports 1 Page lof 1 AuthPeriod HeldPeriod MaxStart StartPeriod User Name User Password Figure 169 Supplicant Port Parameters Page The Supplicant Port Parameters page displays a table that contains the following columns of information Port The port number AuthPeriod The peri
270. lays an existing VLANs on the switch To add anew VLAN click Add The Add New VLAN page is shown in Figure 144 Name Type PortBased Protected Protocol None Figure 144 Add New VLAN Page 5 Configure the following parameters as necessary VID Enter a VID value for the new VLAN The range of the VID value is 2 to 4096 The default is the next available VID number on the switch If this VLAN is unique in your network then its VID should also be unique If this VLAN is part of a larger VLAN that spans multiple switches then the VID value for the VLAN should be the same on each switch For example if you are creating a VLAN called Sales that spans three switches you should assign the Sales VLAN on each switch the same VID value Note A VLAN must have a VID It is important to note that the switch is only aware of the VIDs of the VLANs that exist on the device and not those that might already be in use in the network For example if you add a new AT 9400 Series switch to a network that already contains VLANs that use VIDs 2 through 24 the AT S63 management software still uses VID 2 as the 347 Chapter 21 Port based and Tagged VLANs 348 default value when you create the first VLAN on the new switch even though that VID number is already being used by another VLAN on the network To prevent inadvertently using the same VID for two different VLANs you should keep a list of all your netw
271. leapp c 131 webserv c 79 atissh c 535 cfgmain c 159 tacacs c 830 radiusclient c 1 280 garpmain c 259 qosapp c 711 oo 1 Oo on 2 3 34 0 ff qosapp c 787 qosapp c 787 file File System initialized http Server reset to defaults ssh SSH server disabled cfg Configuration initialized tacacs TACACS initialized radius RADIUS initialized garp GARP initialized qos Number of Egress Queues setto 8 qos Priority 0 mapped to Egress Queue 0 qos Priority 1 mapped to Egress Queue 1 Section Il Advanced Operations Figure 43 Event Log Example Displayed in Full Mode 149 Chapter 11 Event Logs and Syslog Servers In addition to the information displayed in Normal mode the Full mode also displays additional columns in the table as described below Event ID A unique random number assigned to each event Filename Line The AT S63 software source file name and the line number in that source file that produced the event 9 Click one of the following buttons to scroll through the event log Last Last page First First page Next Next page Previous Previous page Close Closes the log To clear the current event log go to Clearing an Event Log on page 150 Clearing an You can clear an event log to remove old events and start fresh To clear Event Log 4 event log do the following 1 From the home page select Configuration The System page is displayed with the Gen
272. lities tab displayed by default 139 Chapter 10 File Downloads and Uploads 140 Note The top portion of the tab is used to return the switch to its factory default settings For instructions refer to Returning the AT S63 Management Software to the Factory Default Values on page 52 In the TFTP File Uploads and Downloads section in the TFTP Server IP Address field enter the IP address of the network node that contains the TFTP server software For the TFTP Operation parameter click Upload In the TFTP Remote Filename field enter a name for the file This is the name that the file is stored as on the TFTP server In the TFTP Local Filename field enter the name of the file in the switch s file system that you want to upload to the TFTP server In TFTP File Type select File Note If you select Image as the TFTP File Type the switch uploads its active AT S63 image file to the FTP server and stores it under the name specified in step 5 There should be little or no need for you to ever upload a switch s image file to a TFTP server Click Apply The management software notifies you when the upload is complete Section II Advanced Operations Chapter 11 Event Logs and Syslog Servers Section Il Advanced Operations This chapter describes how to view or save the contents of the event logs and how to create a log output to send events to a syslog server The event logs allow you to view i
273. llowing procedure From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select Layer 2 The Layer 2 page is displayed with the MAC Address tab shown by default as shown in Figure 25 on page 94 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 124 on page 303 4 Click Configure The Configure RSTP Bridge Parameters tab is shown in Figure 131 on page 313 5 Click Defaults The RSTP settings are returned to their default values 6 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save To display RSTP parameter settings perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 From the Monitoring menu select the Layer 2 option 3 The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 127 on page 309 Section IV Spanning Tree Protocols AT S63 Management Software Web Browser Interface User s Guide 4 Select the Spanning Tree tab The Spanning Tree tabs is shown in Figure 128 on page 309 This tab displays information on whether spanning tree is enable or disabled and which protocol version STP
274. lobal Secret If all of the TACACS servers have the same encryption secret you can enter the key here If the servers have different keys you must specify each key when you specify a server s IP address Global Server Timeout This parameter specifies the maximum amount of time the switch waits for a response from a TACACS server before assuming the server Section VII Management Security Section VII Management Security AT S63 Management Software Web Browser Interface User s Guide cannot respond If the timeout expires and the server has not responded the switch queries the next TACACS server in the list If there are no more servers the switch defaults to the standard Manager and Operator accounts The default is 30 seconds The range is 1 to 30 seconds IP Address and Encryption Key Use these fields to specify the IP addresses and encryption secrets of up to three network servers containing TACACS server software You can leave an encryption field blank if you entered the server s secret in the Global Secret field Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 435 Chapter 28 TACACS and RADIUS Protocols Displaying the TACACS Settings To display the TACACS settings on the switch perform the following procedure 1 From the Home page select Monitoring The Monitoring System
275. lso be using Auto Negotiation Otherwise a duplex mode mismatch can occur A switch port using Auto Negotiation defaults to half duplex if it detects that the end node is not using Auto Negotiation This results in a mismatch if the end node is operating at a fixed duplex mode of full duplex To avoid this problem when connecting an end node with a fixed duplex mode of full duplex to a switch port you should disable Auto Negotiation on the port and set the port s speed and duplex mode manually O If you disable Auto Negotiation on a twisted pair port the auto MDI MDI X feature on a port is also disabled and the port defaults to the MDI X configuration If you disable Auto Negotiation and set a port s speed and duplex mode manually you might also need to set the port s MDI MDI X setting as well Auto Negotiate The port autonegotiates both speed and duplex mode This is the default To manually set the speed and duplex mode of a port select one of the following 10Mbps Half Duplex 10Mbps Full Duplex 100Mbps Half Duplex 100Mbps Full Duplex 1Gb Full Duplex Applicable only to 1000Base SFP and GBIC modules Section Basic Operations Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Note A 10 100 1000Base T twisted pair port can operate at 1000 Mbps only when set to Auto Negotiation You cannot manually configure a 10 100 1000Base T twisted pair port to 1000
276. lt as shown in Figure 6 on page 42 From the Monitoring menu select the Multicast option The Multicast page is displayed with the IGMP tab as shown in Figure 85 Multicast IGMP Snooping Status Host Router Timeout Interval Disable 260 seconds Snoop Topology Maximum Multicast Groups Single Host Port Edge Multicast Router Ports Mode Auto Select View Multicast Hosts List View Multicast Routers List Section Il Advanced Operations Figure 85 IGMP Tab Monitoring The IGMP tab provides the following information Enable IGMP Snooping Status The IGMP snooping status on the switch Possible settings are Enabled and Disabled Snoop Topology Whether there is only one host node per switch port or multiple host nodes per port The possible settings are Edge Single Host Port and Intermediate Multi Host Port 223 Chapter 17 IGMP Snooping 224 3 Multicast Router Ports Mode How the router ports are determined The possible settings are Auto Detect The switch determines the ports automatically Port number The selected router ports Host Router Timeout Interval The time period in seconds after which the switch determines that a host node has become inactive Maximum Multicast Groups The maximum number of multicast groups the switch learns To view the multicast addresses and the host nodes click View Multicast Hosts List and then click View The View Mult
277. m the list and click Modify Section Il Advanced Operations Section Il Advanced Operations The Modify Policy page is shown in Figure 77 AT S63 Management Software Web Browser Interface User s Guide ID 0 Remark DSCP Traffic Class List Description audio DSCP Value 0 63 ngress Port List A v Egress Port Redirect Port 3 1 24 1 1 24 Figure 77 Modify Policy Page 5 Modify the following parameters as necessary ID Specifies the ID number for this policy The range is 0 to 255 Description Specifies the policy description A description can be up to 15 alphanumeric characters including spaces Remark DSCP Specifies the conditions under which the ingress DSCP value is overwritten Select one of the following options from the list None Disables this function All All packets are remarked DSCP Value Specifies a replacement value to write into the DSCP TOS field of the packets The range is 0 to 63 Traffic Class List Specifies the traffic classes to be assigned to the policy The traffic classes must already exist Select the classes from the list To select more than one use lt Ctrl gt click Ingress Port List Specifies the ingress ports to which the policy is to be assigned Select the ports from the list To select more than one use lt Ctrl gt click A port can be an ingress port of only one policy at a time 209 Chapter 15 Quality of Service Delet
278. ment The new user configured VLAN is now ready for network operations 8 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 349 Chapter 21 Port based and Tagged VLANs Modifying a VLAN 350 This procedure explains how to add or remove ports from a VLAN When modifying a VLAN note the following g o m You cannot change the VID of a VLAN You cannot change the name of a VLAN from a web browser management session but you can from a local or Telnet session You cannot modify VLANs when the switch is operating in one of the multiple VLAN modes To modify a VLAN perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 on page 94 Select the VLAN tab The VLAN tab is shown in Figure 143 on page 346 Click the button next to the name of the VLAN you want to modify Click Modify The Modify VLAN page for the VLAN is displayed To add or remove ports from the VLAN click on the appropriate ports in the switch image Clicking repeatedly on a port toggles the port through the following possible settings Untagged po
279. n SNMPv3 Target Address Table entry Add the value you configure for the Transport Tag parameter to the Tag List parameter in the Target Address Table as desired See Creating a Target Address Table Entry on page 268 8 Inthe Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the SNMPv3 Community Table After making changes to an SNMPv3 Community Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 Community Table After making changes to an SNMPv3 Community Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Community Table entry takes effect immediately 9 Click Apply to update the SNMPv3 Community Table 10 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section III SNMPv3 287 Chapter 18 SNMPv3 Displaying SNMPv3 Tables 288 Displaying User Table Entries This section contains procedures to display the SNMPv3 Table
280. n in Figure 20 on page 78 Select the Port Mirroring tab The Port Mirroring tab is shown in Figure 33 on page 114 Click Modify The Modify Mirror page is shown in Figure 34 on page 115 Click the ports of the port mirror to change its type Clicking a port toggles it through the possible settings which are as follows p The destination mirror port There can be only one LI destination port roy A source port The port s ingress traffic is mirrored to the destination port A source port The port s egress traffic is mirrored to the destination port TF A source port The port s ingress and egress traffic is LIE mirrored to the destination port i Not part of a port mirror i From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 117 Chapter 8 Port Mirroring Disabling a Port Mirror 118 To disable a port mirror perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 1 option The Layer 1 page opens with the Port Settings tab displayed by default as shown in Figure 20 on page 78 Select the Port Mirroring tab The Port Mirroring tab is shown in Figure 33 on page 114 Click Modify The Modify Mirror page is shown in
281. n menu NonvVolatile Select this storage type if you want the ability to save an entry in the Access Table After making changes to an Access Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Access Table entry will take effect immediately Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save To delete an entry in the SNMPv3 Access Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 253 Chapter 18 SNMPv3 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 In the SNMPv3 section click the button next to Configure Access Table and then click Configure at the bottom of the tab The SNMPv3 Access Table tab is shown in Figure 96 on page 250 Click Next or Previous to display the Access Table entry that you want to delete Click Remove A warning message is displayed Click OK to remove the Access Table entry From the Configuration menu select the Save Config option to permanently save your changes This op
282. n the SNMPv3 section click the button next to Configure Target Address Table and then click Configure at the bottom of the tab The SNMPv3 Target Address Table tab is shown in Figure 105 on page 269 4 Click Next or Previous to display the SNMPv3 Target Address Table entry that you want to delete 5 Click Remove A warning message is displayed 6 Click OK 7 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 271 Chapter 18 SNMPv3 Modifying Target 272 Address Table Entry To modify an entry in the SNMPv3 Target Address Table perform the following procedure 1 6 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 In the SNMPv3 section click the button next to Configure Target Address Table and then click Configure at the bottom of the tab The SNMPv3 Target Address Table tab is shown in Figure 105 on page 269 Click Next or Previous to display the Target Address Table entry that you want to change Click Modify The Modify SNMPv3 Target Address page is shown Figure 107 T Moaity sumPv3 Target Adaress Target Address Name snmpy3host50 IP Address 1192 1 1 1 UDP Port Number 162 Timeout
283. naaeeeeeeeeaaeeeeeeeiaeeeeeeeaas 113 Greating a FORN MIRON rres atins Aa ec caagd dese A RA ALET dees ateed ed chat dasuses Sages TERT A G 114 Modifying a Port MIMO i ccc cio se eens enh hen ASE NE EAA A estan dee 117 Disabling a Fort MITO iecsee heath en Mis GR Oe 118 Deleting a Port Mirrors f cdeiececsceed hecdecee bee aeia EA EE Laide eu betadedved ETA Lagdceet si hudgens a 119 Displaying the Port MUTO Aineias nire aaa n gages Lav scene dets si OR AEL AT AERAR EAS ATARATA ARARE a Ai 120 Section II Advanced Operations eesssoesssoccessocesooosessoesesoocesooesessocesooosessoesessosesesos 123 Chapter 9 File System sieci A EE E EEEE 125 Listing the Files in Flash Memory or on a Compact Flash Card ssssseseesssseresssesrrsssrrrrssttrrrssterrrssrrnnssrrenne 126 Selecting an Active Boot Configuration File sesaaesssieesseerrreersraneesrrnnesstrnnnsstnennsettnaantttaaaestenaneesannneannnnneeene 130 Chapter 10 File Downloads and Uploads ccccccceccecce eee ce eee ee tec eeaecaeeeeeeeeeeeeeseceaeaesaeeeeeeeeeeeeeteeea 133 Downloading a Pile wucs ccnc0ts aedeel tbe ieee e A rete daa Meee dee dancer AEEA EEE a dvb NAAT A 134 Ea EE E E acca A eres TT A E E siagetacen agen EATE TO ET 134 Uploading a Filereeserc nianna n ai N ee AU TAA AARE a AAA a AETA ANES adele 139 Chapter 11 Event Logs and Syslog Servers 00 cccccceeeeeeeeeeneee eee eeenaeeeeseeeaeeeeeeeaeeeeeseeaeeeeeeeeneeeeeseaaes 141 Working
284. neeeesaeeseeeeesneeeeeeneeeseaeeseneeeee 367 Table14 GVRP Counters eia eaea aeeai ea ridae intents webs cong hs a ns ins betes Ghee a a aaae 371 15 Tables Preface This guide contains instructions on how to configure and maintain an AT 9400 Series Layer 2 Gigabit Ethernet switch using the web browser interface in the AT S63 management software For instructions on how to manage the switch from the menus or command line interface refer to the AT S63 Management Software Menus Interface User s Guide or the AT S63 Management Software Command Line Interface User s Guide The guides are available from the Allied Telesyn web site For background information and guidelines on the features of the AT 9400 Series switches and the AT S63 management software refer to the appropriate chapter in the AT S63 Management Software Menus Interface User s Guide This guide also contains an overview of the different methods to managing a switch This preface contains the following sections How This Guide is Organized on page 18 Document Conventions on page 19 Where to Find Web based Guides on page 20 Contacting Allied Telesyn on page 21 OdQ0Q0Q00 New Features in AT S63 Version 1 2 0 on page 22 A Caution The software described in this documentation contains certain cryptographic functionality and its export is restricted by U S law As of this writing it has been submitted for review as a retai
285. nently save your changes This option is not displayed if there are no changes to save Configure the ports on the remote switch for port trunking Connect the cables to the ports of the trunk on the switch The port trunk is ready for network operations Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Modifying a Static Port Trunk Section Basic Operations This section contains the procedure for modifying a static port trunk on the switch You can change the name of a trunk and the ports that constitute the trunk You cannot change the load distribute method Be sure to review the guidelines in Chapter 8 Static and Dynamic Port Trunking in the AT S63 Management Software Menus Interface User s Guide before you perform the procedure AN Caution If you are adding or removing ports from the trunk you should disconnect all data cables from the ports of the trunk on the switch before performing the procedure Adding or removing ports from a port trunk without first disconnecting the cables may result in loops in your network topology Loops can produce broadcast storms and poor network performance Note the following before performing this procedure o If you are adding a port and the port will be the lowest numbered port in the trunk its parameter settings will overwrite the settings of the existing ports in the trunk Consequently you should check to see if its
286. nformation about switch activity Sections in the chapter include ao Working with the Event Logs on page 142 ao Working with Log Outputs on page 152 For more information about the event logs and log outputs refer to Chapter 13 Event Logs and Syslog Servers in the AT S63 Management Software Menus Interface User s Guide Note The event logs even when disabled log all AT S63 initialization events that occur when the switch is reset or power cycled Any switch events that occur after AT S63 initialization are entered into the logs only if you enable the event log feature The default setting for the event logs is disabled 141 Chapter 11 Event Logs and Syslog Servers Working with the Event Logs 142 Enabling or Disabling the Event Logs The event logs contain event messages that are generated by a switch These events can provide vital information about network activity on an AT 9400 Series switch that can help you identify and solve network problems The information includes the time and date when an event occurred the event s severity the AT S63 module that generated the event and an event description The AT 9400 Series switch has two event logs Both logs store the same event messages There is a temporary log with a storage capacity of 4 000 events Events in this log are lost whenever the switch is reset or power cycled The other log is in permanent memory and has a capacity of 2 000
287. ng amp Scheduling Tab Configuration eceeceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeseeeeeeeeeeeeeaeeeeeneaaees 184 Figure 62 CoS Tab Monitoring rrea aat iE TRA E ETTA EEIT 188 Figure 63 CoS Setting for Port Page 0 2 2 aE EE E E E A A EREE 189 Figure 64 QoS Scheduling Tab Monitoring seeessseeesssrrreesssrrnesenrrneestnnnnesnnnnnnestinnndetenneedntinaaaatannnaennannenne 190 Chapter 15 Quality Of Service s nisssrsssnniinseininassnunnnanun nnna Naema E ANANA KEN NNNNA NANa EAKAS AN NUNAA RASANEN 191 Figure 65 Flow Group Tab Configuration cccccceceeeeeeeeneeeeeeeeneeeeeeeeaeeeeseeeaeeeeeeeaeeeeeeeeneeeesseaneeeeesenaees 192 Figure 66 Create Flow Group Page ccccccceecsneeeeeeeeeeeeeeceeseceeeesneneedesecneneeeeeeneaeeeeeeneaeedensneeaseeesseaaedenenseasees 193 Figure 67 Modify Flow Group Page ceceeececeeeeeceeeeeeeeneeeeeeseeeeeeeeeseneaeeeeeteeaeeeeesegeeaeeeeeeenaeeeeseeaeeeeseeenaeeess 194 Figure 68 Flow Group Tab Monitoring c cccccceeeeeeeeeeeeeeeeeeeeeeeeeeeeseeeeeeeeseeeeeeeeeseeeeeeeeseeeeaeeesseeneeeeeseenaeeess 196 Figure 69 View Flow Group Page cccccecceceeeeeeeeeeeeeeeeeeeeeececeeeeeeeseeeeeeeeeseneaeeeeeceeeeaeeeeseeeeaeereseeaeeeeseeenaeeess 197 Figure 70 Traffic Class Tab 2 02 05 seek arinira niia i tinned ET E FE E a dvdeegecnvdeedisnideede 198 Figure 71 Create Traffic ClaSS Page cccceccecesesseceeteeseceeeeeeseaneeeeeeeaaeseseeeaueeeeeeeeanseesedeaanee
288. ng procedure From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 on page 94 Section IV Spanning Tree Protocols Modifying a VLAN Association Section IV Spanning Tree Protocols AT S63 Management Software Web Browser Interface User s Guide Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 124 on page 303 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 136 on page 323 In the CIST MSTI Table section of the tab the VLAN Associations field remove the VIDs of the VLANS that you no longer want to be associated with this MSTI You can specify more than one VID at a time for example 2 4 7 Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Or proceed to the next procedure to configure the CIST priority To modify a VLAN association perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 2 option The
289. nge is 4 to 30 seconds The default is 15 seconds Bridge Max Age The length of time after which stored bridge protocol data units BPDUs are deleted by the bridge All bridges in a bridged LAN use this aging time to test the age of stored configuration messages called bridge protocol data units BPDUs For example if you use the default value 20 all bridges delete current configuration messages after 20 seconds This parameter can be from 6 to 40 seconds In selecting a value for maximum age the following rules must be observed MaxAge must be greater than 2 x HelloTime 1 MaxAge must be less than 2 x ForwardingDelay 1 Section IV Spanning Tree Protocols AT S63 Management Software Web Browser Interface User s Guide Note The aging time for BPDUs is different from the aging time used by the MAC address table Bridge Identifier The MAC address of the bridge The bridge identifier is used as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority value This value cannot be changed 6 After you have made the desired changes click Apply 7 Toconfigure a port s STP settings click on the port in the switch image and click Modify You can select more than one port at a time The STP Settings Port s page is shown in Figure 126 T S seinas Pono i3 OOOO Port Priority 0 15 8 16 128 Port Cost 0 65535 0 0 Auto Update
290. nitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select Network Security The Network Security page is displayed with the Port Security tab selected by default as shown in Figure 160 on page 395 Select the 802 1x Port Access tab The 802 1x Port Access tab is shown in Figure 166 AT Network Security 9424T SP System Name Marketing MAC Addr 00 30 84 4B EF CD Port Access Parameters Port Access is Disabled Authentication Method RADIUS EAP RADIUS Accountin Accounting Trigger Type Disabled Start_Stop Port Number Type 1813 Network Accounting Update Update Interval Disabled 60 Section VI Port Security Figure 166 802 1x Port Access Tab Monitoring 407 Chapter 25 802 1x Port based Network Access Control 408 Displaying the Port Settings 4 To see the status of the port click the port and click Status You can select more than one port at a time The Port Access Port Status page is shown in Figure 167 Total Ports 1 Page lof 1 Port Role Status Additional Info Authenticator Figure 167 Port Access Port Status Page The Port Access Port Status page displays a table that contains the following columns of information Port The port number Port Role The port role None Authenticator or Supplicant Status The options in
291. nknown Unicast Rate The rate on unknown unicast packets 87 Chapter 5 Port Parameters Multicast Rate Limiting The status of multicast rate limiting enabled or disabled Multicast Rate The rate on multicast packets 88 Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Displaying Port Statistics Section Basic Operations To display the statistics of a switch port perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select the Layer 1 option The Layer 1 page is displayed with the Port Settings tab selected by default as shown in Figure 22 on page 85 The Port Setting tab displays a graphical image of the front of the switch Ports with valid links to end nodes have a green light Click a port You can select more than one port at a time when you want to display port status However you can select only one port when displaying statistics A selected port turns white To deselect a port click it again Click Statistics The Port Statistics page is shown in Figure 24 T porsas a OOOO Current Port 1 Total Ports Selected 1 Page lof 1 Bytes Received 62591 Bytes Sent 244962 Frames Received 571 Frames Sent 292 Broadcast Frames Received 358 Broadcast Frames Sent 4 Multicast Frames Rece
292. nsmit GARP Messages Leaveln Total number of GARP Leaveln messages transmitted for all attributes in the GARP application Receive GARP Messages Empty Total number of GARP Empty messages received for all attributes in the GARP application Transmit GARP Messages Empty Total number of GARP Empty messages transmitted for all attributes in the GARP application Receive GARP Number of GARP messages that had an invalid Messages Bad Attribute Type value an invalid Attribute Length Message value or an invalid Attribute Event value Receive GARP Number of GARP messages that had an invalid Messages Bad Attribute Value value Attribute Section V Virtual LANs AT S63 Management Software Web Browser Interface User s Guide Displaying the GIP Connected Ports Ring Section V Virtual LANs To display the GIP connected ports ring perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 123 on page 302 Select the GVRP tab The GVRP tab is shown in Figure 148 on page 363 In the View GVRP Parameters section click View GIP Connected Ports Ring Click View The GIP Connected Ports Ring page is shown in Figure 15
293. nterface User s Guide The SNMPv3 Target Address Table tab is shown in Figure 105 AT 9424T SP tem Name Marketing r 00 30 84 AB EF CD SNMPY3 Target Address Table Total Entries 20 Page 20 of 20 Target Address Timeout snmpv3hosti 00 2500 Parameters Retries Mgmt Protocols snmpv3manager1 00 T IP Address UDP Port Number 194 1 1 1 162 Storage Type Row Status NonVolatile Active Tag List hwengtag swenttag testengtag Figure 105 SNMPv3 Target Address Table Tab Configuration 4 Click Add The Add New SNMPv3 Target Address page is shown in Figure 106 T had New SNMPv3 Target Address Target Address Name gt snmpv3host50 IP Address gt 192 1 1 1 UDP Port Number 162 Timeout 11500 Retries E Tag List gt swengtag hwengtag Target Parameters gt snmpv3manager50 Storage Type Volatile k Row Status Active Figure 106 Add New SNMPv3 Target Address Page 5 Inthe Target Address Name field enter the name of the SNMP manager or host that manages the SNMP activity on your switch 269 Chapter 18 SNMPv3 270 10 11 12 You can enter a name of up to 32 alphanumeric characters In the IP Address field enter the IP address of the host Use the following format for an IP address XXX XXX XXX XXX In the UDP Port Number field enter a UDP port number You can enter a UD
294. o associate with a group Enter a User Name that you configured in Creating a User Table Entry on page 236 In the Group Name field enter a Group Name that you configured in the Access Table See Creating an Access Table on page 250 There are four default values for this field that are reserved for SNMPv1 and SNMPv2c implementations a defaultV1GroupReadOnly o defaultV1GroupReadWrite a defaultV2cGroupReadOnly o defaultV2cGroupReadWrite In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the SecurityToGroup Table After making changes to a SecurityToGroup Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonvVolatile Select this storage type if you want the ability to save an entry in the SecurityToGroup Table After making changes to a SecurityToGroup Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 SecurityToGroup Table entry takes effect immediately 9 Click Apply 259 Chapter 18 SNMPv3 Deleting a SecurityToGroup Table Entry Modifying a SecurityToGroup 260 Table Entry
295. o add or remove ports from the VLAN click on the appropriate ports in the switch image 381 Chapter 23 Protected Ports VLANs Clicking repeatedly on a port toggles the port through the following possible settings Untagged port si i Port is not a member of the VLAN Tagged port 7 After making the necessary changes click Apply Note Untagged ports that are added to a VLAN are automatically removed from their current untagged VLAN assignment Untagged ports that are removed from a VLAN are returned to the Default_VLAN Removing an untagged port from the Default_VLAN without assigning it to another VLAN will leave the port as an untagged member of no VLAN 382 Section V Virtual LANs Section V Virtual LANs AT S63 Management Software Web Browser Interface User s Guide The Modify Protected VLAN page is shown in Figure 156 Vodiy Proeced vian Protected VLAN Details VID Name 2 Bldg_2_Floor_1st Type Protocol Protected None Untagged Ports Tagged Ports 1 6 9 12 None Uplink Ports A 2 S 3 a VLAN Groups Group Number 1 256 Available Untagged Ports Available Tagged Ports None None Figure 156 Modify Protected VLAN Page 8 To change the uplink port do the following Note Changing the uplink port will delete all the groups a Use the Uplinks Port menu to select a new uplink port for the groups of this protected ports VLAN The
296. od of time in seconds that the supplicant waits for a reply from the authenticator HeldPeriod The amount of time the supplicant is to refrain from trying to recontact the authenticator in the event that the end user provides an invalid user name and or password MaxStart The maximum number of times the supplicant sends EAPoL Start packets before assuming that there is no authenticator present StartPeriod The time period between successive attempts by the supplicant to establish contact with an authenticator when there is no reply User Name The user name for the port User Password The password for the port Section VI Port Security RADIUS Accounting AT S63 Management Software Web Browser Interface User s Guide Configuring RADIUS Accounting Section VI Port Security The AT S63 management software supports RADIUS accounting for ports operating in the Authenticator role The accounting information sent by the switch to a RADIUS server includes the date and time when clients log on and log off as well as the number of packets sent and received by a switch port during a client session For background information on this feature refer to Chapter 31 802 1x Port based Network Access Control in the AT S63 Management Software Menus Interface User s Guide This feature is disabled by default on the switch To configure RADIUS accounting perform the following procedure 1 From the home page select Config
297. odes displaying 223 host router timeout interval configuring 221 224 l IGMP See Internet Group Management Protocol IGMP Snooping ingress packet threshold 83 Internet Group Management Protocol IGMP snooping configuring 220 452 disabling 220 223 displaying 223 enabling 220 223 Internet Protocol IP address configuring 40 intrusion action 393 intrusion action port configuring 396 L limited port security level 393 locked port security level 393 login timeout parameter 427 MAC address aging time changing 101 MAC address table displaying 98 MAC addresses adding 94 deleting dynamic 97 deleting multicast 96 displaying 98 MACs available parameter 429 management access control list disabling 444 enabling 444 management access levels 44 management VLAN ID configuring 357 management VLAN specifying 357 manager access 44 manager password configuring 44 master switch assigning 56 defined 56 returning to 61 max age Rapid Spanning Tree Protocol RSTP 314 Spanning Tree Protocol STP 306 max hops Multiple Spanning Tree Protocol MSTP 324 max requests 403 max start 406 maximum multicast groups configuring 221 displaying 224 MDI MDIX mode 81 MSTI ID creating 326 deleting 327 modifying 328 MSTI ID association to a VLAN adding 330 modifying 331 MSTI See Multiple Spanning Tree Instance MSTI MSTP See Multiple Spanning Tree Protocol MSTP multicast groups maximum configuring 221 displaying 224
298. of this protocol You can configure the AT S63 software to obtain the current date and time from an SNTP or Network Time Protocol NTP server located on your network or the Internet SNTP is a reduced version of the NTP However the SNTP client software in the AT S63 management software is interoperable with NTP servers Note The default system time on the switch is midnight January 1 1980 To set the system time manually or to configure SNTP client do the following 1 From the Home Page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the System Time tab Section Basic Operations 47 Chapter 2 Basic Switch Parameters The System Time tab is shown in Figure 7 Home SE ee ___layer2_ System Time 13 26 J12 on 20 41 Time Format HH MM SS on DAY MON YEAR Network Security Additional Time Parameters as fo z0 Multicast Daylight Savings Time DST Disabled Enabled TT simple Network Time Protocol SNTP Settings Status Disabled Enabled Server IP Address 0 0 0 0 Poll Interval 600 seconds Figure 7 System Time Tab 3 To set the system time manually do the following a In the System Time section of the tab enter the time and date in the following format hh mm ss dd mm yyyy b Click Apply 4 To configure the switch to obtain its date and time from an SNT
299. ome page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 123 on page 302 Select the GVRP tab The GVRP tab is shown in Figure 148 on page 363 In the View GVRP Parameters section click View GVRP State Machine for VLAN and enter the VLAN number in the box Click View The GVRP State Machine for VLAN page is shown in Figure 151 Port App Reg Port App Reg Reg Port App Reg Aa Fix Aa Fix Fix Aa Fix Aa Fix Aa Fix Fix Aa Fix Aa Fix Aa Fix Fix Aa Fix Aa Fix Aa Fix Fix Aa Fix Aa Fix Aa Fix Fix Aa Fix Aa Fix Aa Fix Fix Aa Fix Figure 151 GVRP State Machine for VLAN Page The GVRP State Machine for VLAN page provides the information shown in Table 12 Table 12 GVRP State Machine Parameters Parameter Meaning Port Port number on the switch this port belongs to the GARP application If the GARP application has no ports No ports have been assigned is displayed 367 Chapter 22 GARP VLAN Registration Protocol Table 12 GVRP State Machine Parameters Continued Parameter Meaning App Applicant state machine for the GID index on that particular port One of Normal Participant Management state Vo
300. ommunity Table entry takes effect immediately 10 Click Apply 11 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save To delete an entry in the SNMPv3 Community Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 In the SNMPv3 section click the button next to Configure Community Table and then click Configure at the bottom of the tab The SNMPv3 Community Table tab is shown in Figure 111 on page 283 Click the button next to the SNMPv3 Community Table entry that you want to delete and then click Remove A warning message is displayed Click OK From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save To modify an entry in the SNMPv3 Community Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Select the SNMP tab 285 Chapter 18 SNMPv3 5 286 The SNMP tab is shown in Figure 89 on page 234 In the SNMPv3 section click th
301. on Basic Operations AT S63 Management Software Web Browser Interface User s Guide The Ping Client tab is shown in Figure 9 System Name Marketing MAC Addr 00 30 84 AB EF CD Ping Client IP Address Utilities Figure 9 Ping Client Tab Monitoring 4 Enter the IP address of the end node you want the switch to ping 5 Click OK The results of the ping are displayed in a popup window 6 To stop the ping click OK 51 Chapter 2 Basic Switch Parameters Returning the AT S63 Management Software to the Factory Default Values The procedure in this section returns all AT S63 management software parameters to their default values Please note the following before you perform this procedure o Returning all parameter settings to their default values also deletes any port based or tagged VLANs you created on the switch 0 This procedure does not delete files from the AT S63 file system To delete files refer to Chapter 11 File System in the A7 S63 Management Software Menus Interface User s Guide O This procedure does not delete any encryption keys stored in the key database To delete encryption keys refer to Deleting a Key in Chapter 33 Encryption Keys in the A7 S63 Management Software Menus Interface User s Guide o Ifyou manually assigned the unit an IP address and subnet mask they are deleted o DHCP and BOOTP are disabled o Returning a switc
302. on Page The GVRP Port Configuration page provides the following information Port Number The port number Mode The port mode either Normal or None 365 Chapter 22 GARP VLAN Registration Protocol Displaying the GVRP Database 366 To display the GVRP database perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 123 on page 302 Select the GVRP tab The GVRP tab is shown in Figure 148 on page 363 In the View GVRP Parameters section click View GVRP Database Click View The GVRP Database page is shown in Figure 150 T O Page 1of0 GID Index VLAN ID Used 0 E ves Figure 150 GVRP Database Page The GVRP Database page provides the following information GID Index The value of the GID index corresponding to the attribute VLAN ID The value of the attribute Used Whether the GID index is currently being used by any port in the GARP application Section V Virtual LANs AT S63 Management Software Web Browser Interface User s Guide Displaying the GVRP State Machine Section V Virtual LANs To display the GVRP state machine perform the following procedure 1 From the H
303. or Cancel to cancel the procedure Note The switch does not forward packets while it initializes the AT S63 management software and loads its active configuration file This process takes between 20 seconds to 2 minutes to complete depending on the number and types of commands in the configuration file Resetting the switch ends your web browser management session You must restart the session to continue managing the switch 46 Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Setting the System Date and Time This procedure explains how to set the switch s date and time Setting the date and time is important if you plan to view the events in the switch s event log or send the events to a syslog server The correct date and time are also important if the management software will be sending traps to your management workstation or if you plan to create a self signed SSL certificate Events traps and self signed certificates should contain the date and time of when they occurred or in the case of certificates when they were created There are two ways that you can set the switch s date and time One method is to set it manually The AT 9400 Series switch has an onboard battery that maintains the date and time even when the unit is powered off or reset The second method uses the Simple Network Time Protocol SNTP The AT S63 management software comes with the client version
304. ord for the switch The password can be from 0 to 16 characters in length The same password is used for both local and remote management sessions To create a new password enter the new password into both fields The default password for operator is operator The password is case sensitive AN Caution Do not use spaces or special characters such as asterisks and exclamation points in a password if you are managing the switch from a web browser Many web browsers cannot handle special characters in passwords Note A change to a password is immediately activated on the switch You are prompted for the new password the next time you log in 3 Click Apply to activate your change on the switch 4 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 45 Chapter 2 Basic Switch Parameters Rebooting a Switch Note Any parameters changes that have not been saved are discarded when a system is reset To save parameter changes refer to Saving Your Parameter Changes on page 32 To reboot a switch perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Click Reset at the bottom of the tab A confirmation prompt is displayed 3 Click OK to reset the switch
305. ork VLANs and their VID values Name Specify a name for the new VLAN The name can be from one to fifteen alphanumeric characters in length The name should reflect the function of the nodes that are part of the VLAN for example Sales or Accounting The name cannot contain spaces or special characters such as asterisks or exclamation points If the VLAN is unique in your network then the name should be unique as well If the VLAN is part of a larger VLAN that spans multiple switches then the name for the VLAN should be the same on each switch where nodes of the VLAN are connected Note A VLAN must be assigned a name Type Select Port Based as the Type This is the default setting This is the correct setting when creating a port based or tagged VLAN Note The Type selection of Protected is used to create a protected ports VLAN as explained in Chapter 23 Protected Ports VLANs on page 375 To select the ports for the VLAN click on the appropriate ports in the switch image Clicking repeatedly on a port toggles the port through the following possible settings Untagged port si amp Port is not a member of the VLAN Tagged port Secton V Virtual LANs Secton V Virtual LANs AT S63 Management Software Web Browser Interface User s Guide 7 Click Apply Note Any untagged ports that you assign to the new VLAN are automatically removed from their current untagged VLAN assign
306. orm the following procedure 1 7 8 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 on page 94 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 124 on page 303 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 136 on page 323 In the CIST MSTI Table section of the tab click the button next to the MSTI ID you want to modify You can select only one MSTI ID at a time You cannot modify CIST Click Modify The Modify MSTI page is shown in Figure 138 MSTI ID 2 Priority 7 4096 28672 VLAN List 13 Figure 138 Modify MSTI Page In the Priority field enter a new MSTI Priority value This parameter is used in selecting a regional root for the MSTI The range is 0 zero to 61 440 in increments of 4 096 with O being the highest priority For a list of the increments refer toTable 6 Bridge Priority Value Increments on page 306 The default is 0 Click Apply Section IV Spanning Tree Protocols AT S63 Management Software Web Browser Interface User s Guide From the Configuration menu select the Save Config option to permanently save your changes This option is not dis
307. ormat Extended x Severity Selections D Debug a E Error VWeWarning Hnformation v Type SysLog Syslog Server IP Address Facility Level DEFAULT x Module Selections Figure 44 Create Event Log Output Page Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide 4 Configure the following parameters as necessary Output ID An ID number for the log output Output Status Specifies whether or not the output is sent to the syslog server The options are Enabled Enables the log output Event messages are sent to the defined syslog server Disabled Disables the log output Event messages are not sent to the defined syslog server Message Format Specifies the format of the messages sent to the syslog server The options are Extended Sends the time module severity description file name line number and event ID This is the default Normal Sends the time module severity and description for each event Severity Selections Specifies the severity of events you want to send to the syslog server The possible options are ALL Sends all event messages of the following types This is the default Error Sends only error event messages Error messages indicate that the switch operation is severely impaired Warning Sends only warning event messages These messages indicate that an issue may re
308. ou log in as a manager or an operator by entering the appropriate username and password when you start an AT S63 management session The default password for manager access is friend The default password for operator access is operator Passwords are case sensitive To change the manager or operator password perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Inthe Passwords section enter the new values The parameters are described below Manager Password Confirm Manager Password You use these parameters to change the manager s login password for the switch The password can be from 0 to 16 characters in length The same password is used for both local and remote management sessions To create a new password enter the new password into both fields The default password is friend The password is case sensitive AN Caution Do not use spaces or special characters such as asterisks and exclamation points in a password if you are managing the switch from a web browser Many web browsers cannot handle special characters in passwords 44 Section l Basic Operations Section I Basic Operations AT S63 Management Software Web Browser Interface User s Guide Operator Password Confirm Operator Password Use these parameters to change the operator s login passw
309. own in Figure 80 Network Security DoS LAN Subnet IP DoS LAN Subnet Mask o lo 0 oO 0 DoS Uplink Port 24 SynFlood D Figure 80 DoS Tab Configuration If you are implementing the SMURF or Land defense you must provide an IP address and mask for your LAN To do this complete the following procedure Otherwise skip ahead to Step 5 a Inthe DoS LAN Subnet IP field enter the IP address of one of the devices connected to the switch preferably the lowest IP address Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide b In the DoS Subnet Mask field enter the LAN s mask enter the mask A binary 1 indicates the switch should filter on the corresponding bit of the IP address while a 0 indicates that it should not As an example assume that the devices connected to a switch are using the IP address range 149 11 11 1 to 149 11 11 50 The mask would be 0 0 0 63 c If you are activating the Land defense in the DoS Uplink Port field enter the number of the port connected to the device e g DSL router that leads outside your network You can specify only one uplink port 5 Click the ports in the switch image where you want to enable or disable a defense mechanism 6 Using the DoS Type list select the type of denial of service attack you want to either enable or disable on the ports The possible selections are Syn Flood att
310. page However a change to a switch parameter is initially saved only to temporary memory It is lost the next time you reset or power cycle the unit To permanently save a change you must click the Save Config option on the Configuration menu shown in Figure 4 Selecting the option updates the switch s active configuration file A change saved to the active configuration file is retained even when the unit is powered off or reset This menu option is displayed only after you have made configuration changes After you click Save Config your changes are added to the active configuration file and the option is removed from the menu System L Save Config Option Administration System Name Marketing Administrator Ralph Comments In closet 2 IP Address 149 35 8 45 Subnet Mask 255 255 258 0 Default Gateway 149 35 8 1 Passwords Manager Password Confirm Manager Password Configuration BOOTP DHCP Enable DHCP Enable BOOTP O Disable Operator Password Confirm Operator Password MAC Address Aging Time 300 second s Figure 4 Save Config Option in the Configuration Menu Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Quitting a Web Browser Management Session To exit a web browser management session select the Logout option from the main menu Section I Basic Operations 33 Chapter 1 Starting a Web Browser Management
311. page 38 From the Configuration menu select the Layer 1 option The Layer 1 page opens with the Port Settings tab displayed by default as shown in Figure 20 on page 78 Select the Port Trunking tab The Port Trunking tab is shown in Figure 29 on page 105 Click the button next to the port trunk you want to delete and click Remove The port trunk is deleted from the switch From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 109 Chapter 7 Static Port Trunks Displaying the Port Trunks 110 To display the port trunks perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select the Layer 1 option The Layer 1 page is displayed with the Port Settings tab selected by default as shown in Figure 22 on page 85 Select the Port Trunking tab The Port Trunking tab is shown in Figure 32 n Name Marketing r 00 30 84 AB EF CD Port Trunking Total Trunks 1 Page 1of1 Layer 1 ID Name Type Ports 1 Local SADA 5 6 Figure 32 Port Trunking Tab Monitoring The Port Trunking tab displays a table that contains the following columns of information ID The ID number of the trunk Name The name
312. page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 Select the Mgmt Protocols option The Mgmt Protocols tab is displayed with the Server based Authentication tab selected by default as shown in Figure 179 System Name Marketing MAC Addr 00 30 84 AB EF CD Server based Authentication Server based Authentication Authentication Method Disabled TACACS Mgmt Protocols TACACS Settings O RADIUS Settings Figure 179 Server Based Authentication Tab Monitoring The upper part of the page shows if server based authentication is enabled or disabled and the authentication method The lower part of the page allows you to view either the settings for the current authentication method 3 In the lower portion of the tab click TACACS Settings 4 Click View 436 Section VII Management Security AT S63 Management Software Web Browser Interface User s Guide The TACACS client configuration page is shown in Figure 180 Global Secret Global Server Timeout 1 300 Winner 30 second s severe waauess mai ti aid 149 32 14 237 RC Corp 149 32 14 248 RC Corp 149 32 14 248 Figure 180 TACACS Client Configuration Page The upper portion of the page provides the following information Global Secret The TACACS server encryption secret Global Server Timeout The maximum amount of time the switch waits for a response from a TACAC
313. pdate Update Interval Disabled 60 Section VI Port Security Figure 170 802 1x Port Access Tab Monitoring The RADIUS Accounting section provides the following information Accounting The status of RADIUS accounting either Enabled or Disabled Trigger Type The action that causes the switch to send accounting information to the RADIUS server The possible settings are Start_Stop The switch sends accounting information whenever a client logs on or logs off the network This is the default Stop The switch sends accounting information only when a client logs off Port Number The UDP port for RADIUS accounting Type The type of RADIUS accounting The default is Network Accounting Update Whether or not the switch sends interim accounting updates to the RADIUS server The options are Enabled or Disabled 413 Chapter 25 802 1x Port based Network Access Control Update Interval The intervals in seconds at which the switch sends interim accounting updates to the RADIUS server The graphical image of the switch and the Status and Settings buttons refer to the 802 1x Port based Network Access Control settings described in Displaying the Port based Network Access Control Parameters on page 407 414 Section VI Port Security Section VII Management Security Section VII Management Security The chapters in this section contain the procedure for implementing management security on the switch to
314. played if there are no changes to save 10 Repeat this procedure to modify more MSTI IDs Section IV Spanning Tree Protocols 329 Chapter 20 Multiple Spanning Tree Protocol Adding Removing or Modifying VLAN Associations to MSTIs Adding a VLAN 330 Association Removing a VLAN Association This section explains how to add or remove VLANs associated to MSTI IDs To add a VLAN association perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 on page 94 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 124 on page 303 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 136 on page 323 In the CIST MSTI Table section of the tab the VLAN Associations field enter the VIDs of the VLANS to be associated with this MSTI You can specify more than one VID at a time for example 2 4 7 Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Or proceed to the next procedure to configure the CIST priority To remove a VLAN association perform the followi
315. playing the PKI Settings and Certificates 420 You can view the current PKI settings and certificates on the switch To configure the PKI settings and certificates you must use the AT S63 menus or command line interface For more information about PKI refer to the AT S63 Management Software Menus Interface User s Guide To display the PKI settings and certificates perform the following procedure 1 From the Home page select Monitoring The System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select the Mgmt Security option The Mgmt Security page is displayed with the Mgmt ACL tab displayed by default as shown in Figure 184 on page 449 Select the PKI tab The PKI tab is shown in Figure 172 Mgmt Security Maximum Number of Certificates is 256 Total Certificates 2 Page 1of1 Name State MTrust Type Source Local Trusted True EE Command Secondary Trusted True EE Command Figure 172 PKI Tab Monitoring The upper section states the maximum number of certificates that can be configured on the switch The lower section displays a table that lists the currently configured certificates and contains the following columns of information Section VII Management Security Section VII Management Security AT S63 Management Software Web Browser Interface User s Guide Name The certifi
316. plies only to QoS policies MLD Snooping New feature This feature is not supported in the web browser interface but is supported in the menus interface and command line interface MAC address based VLANs New feature This feature is not supported in the web browser interface but is supported in the menus interface and command line interface 802 1x port based network access control Added the following new parameter to Chapter 25 802 1x Port based Network Access an authenticator port Control on page 397 O Supplicant Mode for supporting Modified procedure multiple supplicant accounts on an Configuring Authenticator Port Parameters on authenticator port page 401 23 Preface 24 Section I Basic Operations Section Basic Operations The chapters in this section provide information and procedures for basic switch setup using the AT S63 management software The chapters include Chapter 1 Starting a Web Browser Management Session on page 27 Chapter 2 Basic Switch Parameters on page 37 Chapter 3 Enhanced Stacking on page 55 Chapter 4 SNMPv1 and SNMPv2c on page 63 Chapter 5 Port Parameters on page 77 Chapter 6 MAC Address Table on page 93 Chapter 7 Static Port Trunks on page 103 Chapter 8 Port Mirroring on page 113 OaQgaQaqvju UuwW ado 25 26 Section Basic Operations Chapter 1 Start
317. plink Uplink Port This column contains NA meaning Not Applicable for tagged and port based VLANs For a protected ports VLAN this column contains the uplink port s for the port groups A tagged uplink port is designated with a T and an untagged uplink port has a U If the switch is operating in one of the two multiple VLAN modes this column displays the port that is functioning as the uplink port for the other ports on the switch VLAN Type The VLAN type The possible settings are Port Based The VLAN is a port based or tagged VLAN GARP The VLAN was automatically created by GARP Protocol The protocol associated with this VLAN The possible settings are Blank The VLAN is a port based or tagged VLAN GARP The VLAN is a dynamic GVRP VLAN or the port is a dynamic GVRP port of a static VLAN Tagged T Untagged U Port Lists the ports of the VLAN Tagged ports are designated with a T and untagged ports with a U Secton V Virtual LANs AT S63 Management Software Web Browser Interface User s Guide Specifying a Management VLAN The management VLAN is the VLAN through which an AT 9400 Series switch expects to receive management packets This VLAN is important if you are managing a switch remotely or using the enhanced stacking feature of the switch For more details about specifying a management VLAN see Chapter 25 Port based and Tagged VLANs in the AT S63 Management Softwa
318. ption KOYS ccciesdi cabs xiag ceccuw edd EE EAEE AEREA EA A AAE ARARIRE 418 Displaying the PKI Settings and Certificates 2 0 00 ceee eerie eee e eee eee aaeee eee taaeeeeeenaeeeeeeteeeeeeenea 420 Displaying the SSL Settings sz ar hen acceetenn co cteeandhs hein cache ahah dk tac etadedeeevannacagdewiadecuege sabe R 423 Contents Chapter 27 Secure Shell SSH 0 00 0 eee cece rete eater seen ae eee eneeaeeeeeeeeaaaeeeeeeeaaeeeeeeeaeeeeeeeenaeeeeseeaas 425 COMMOUMNG S SH raran A apse bee EE cen NERE a OAE EE AEE RT A A E 426 Displaying the SSH Settings oscesrriiariirenitii i ai ai ea AAE Ai EA aA a 428 Chapter 28 TACACS and RADIUS Protocols ccccccccceceeeeeeeeececeneecaeeeeeeeeeeteeeececcaecaeeeeeeeeeneeeteeea 431 Enabling or Disabling TACACS or RADIUS 1 0 2 eceeeeeeeeeeeeee eee eeeeeeeeeeseceeaeeeeseeeeeeeeeseeeeeeeeeseeaeeeeseeenaeeees 432 Configuring TACACS Fins sera dbefevtazey EE ante ceed EErEE ES ctebiauh EEA chy tueed ahaa dees A E 434 Displaying the TACACS Sating Sirro ieor e o r A AEE E ETAETA AR TEENE ES 436 Contguning RADIUS sepiaria a EE AAEE E A EE EEEE REE R E aE 438 Displaying the RADIUS Settings croiser A A A EEE ET E A TA 440 Chapter 29 Management Access Control List 0 0 0 0 eee ccceeeeeeeeee ener eee eeeeaeeeeeeeaeeeeeeeeaeeeeeeeenaeeeeeseaaes 443 Enabling or Disabling the Management ACL c ccccceeceeeeeeeeeeeeeeeeeeeeeeeeeeeeceeaeeeeeeeeeaeeeeeeeeeaeeeeesenaaeeesenenaneees 444 Creating an
319. quire manager attention Information Sends only informational event messages Informational messages display useful information that you can ignore during normal operation Debug Sends debug event messages These events provide detailed high volume information that is intended only for technical support personnel Use lt Ctrl gt click to select more than one severity at a time Type The only available type is Syslog and you cannot change this Syslog Server IP Address The IP address of the syslog server 153 Chapter 11 Event Logs and Syslog Servers Facility Level The numerical code to be added to the entries sent to the syslog server to group the entries according to the module or switch that produced them The facility levels are described in Table 3 Table 3 Default Syslog Facilities Facility Mapped Event Log Modules and Events Default This facility number applies the functional groupings defined in the RFC 3164 standard local 1 through local 7 An identifier to assign to specific switches or groups of switches Note For further information about the syslog facility levels refer to Chapter 13 Event Logs and Syslog Servers in the AT S63 Management Software Menus Interface User s Guide Module Selections Specifies the AT S63 management software module s whose events you want to send to the syslog server To select more than one use lt Ctrl gt click For
320. r CoS priorities 6 Click Apply 7 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section Il Advanced Operations 185 Chapter 14 Class of Service Configuring Egress Scheduling 186 This procedure explains how to select and configure a scheduling method for Class of Service Scheduling determines the order in which the ports handle packets in their egress queues For an explanation of the two scheduling methods refer to Chapter 16 Class of Service in the AT S63 Management Software Menus Interface User s Guide Scheduling is set at the switch level You cannot set this at the port level To change scheduling perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Services option The Services page is displayed with the CoS tab selected by default as shown in Figure 59 on page 182 Select the Queuing amp Scheduling tab The Queuing amp Scheduling tab is shown in Figure 61 on page 184 Note The Configure CoS Queues to Egress Queues section in the tab is explained in the previous procedure Mapping CoS Priorities to Egress Queues on page 184 To select a scheduling method click either Strict Priority or Weighted
321. r List No x 1 Figure 66 Create Flow Group Page 5 Configure the following parameters as necessary ID Specifies the ID number for this flow group The range is 0 to 1023 DSCP Specifies a replacement value to write into the DSCP TOS field of the packets The range is 0 to 63 Remark Priority Replaces the user priority value in the packets with the new value specified in the Priority parameter Description Specifies the flow group description A description can be up to 15 alphanumeric characters including spaces Priority 802 1p Specifies a new user priority value for the packets The range is 0 to 7 Classifier List The classifiers to be assigned to the policy The specified classifiers must already exist To select more than one classifier use lt Ctrl gt click Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 193 Chapter 15 Quality of Service Modifying a Flow 194 Group To modify a flow group perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Services option The Services page is displayed with the CoS tab selected by default as shown in Figure 59 on page 182 Select the flo
322. r policy before you can delete it 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Note You can access the Classifiers tab either through the Network Security menu option or through the Services menu option This procedure uses the path through the Network Security menu option 2 From the Configuration menu select the Network Security option The Network Security page is displayed with the Port Security tab selected by default as shown in Figure 158 on page 392 3 Select the Classifier tab The Classifier tab is shown in Figure 48 on page 161 4 Click the button next to the classifier you want to delete and click Delete The classifier is deleted from the switch 5 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 168 Section II Advanced Operations AT S63 Management Software Web Browser Interface User s Guide Displaying the Classifiers To display the classifiers perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 Note You can access the Classifiers tab either through the Network Security menu option or through the Services menu option This procedu
323. r the key here If the servers have different keys you must specify each key when you specify a server s IP address Global Server Timeout This parameter specifies the maximum amount of time the switch waits for a response from a TACACS server before assuming the server Section VII Management Security Section VII Management Security AT S63 Management Software Web Browser Interface User s Guide cannot respond If the timeout expires and the server has not responded the switch queries the next TACACS server in the list If there no more servers the switch defaults to the standard Manager and Operator accounts The default is 30 seconds The range is 1 to 30 seconds IP Address Port and Encryption Key Use these fields to specify the IP address UDP port number and encryption key of each RADIUS server You can specify up to a maximum of three servers You can leave the encryption field blank if you entered the server s key in the Global Secret field Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 439 Chapter 28 TACACS and RADIUS Protocols Displaying the RADIUS Settings 440 To display the RADIUS settings on the switch perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default
324. r this group of ports Name The VLAN name Protocol Not use Tagged Ports The tagged ports that are members of the VLAN The Protected VLAN Groups section displays the following information Group Number The number assigned to the group Port List The ports that are members of this group 6 Click Clear to close the page 387 Chapter 23 Protected Ports VLANs 388 Section V Virtual LANs Section VI Port Security The chapters in this section provide the procedures for configuring port security The chapters include Oo Chapter 24 MAC Address based Port Security on page 391 O Chapter 25 802 1x Port based Network Access Control on page 397 Section VI Port Security 389 390 Section VI Port Security Chapter 24 MAC Address based Port Security This chapter explains how to configure and display the MAC address security levels on the ports on the switch It contains the following sections o Configuring Port Security on page 392 o Displaying the Port Security Level on page 395 Note For background information on port security refer to Chapter 30 MAC Address based Port Security in the AT S63 Management Software Menus Interface User s Guide Section VI Port Security 391 Chapter 24 MAC Address based Port Security Configuring Port Security To configure security for the ports perform the following procedure 1 From the home page select Conf
325. rbidden The initialized state for the Registrar is Mt 369 Chapter 22 GARP VLAN Registration Protocol Displaying the GVRP Counters To display the GVRP counters perform the following procedure 1 370 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 123 on page 302 Select the GVRP tab The GVRP tab is shown in Figure 148 on page 363 In the View GVRP Parameters section click View GVRP Counters Click View The GVRP Counters page is shown in Figure 152 Receive Total GARP Packets Invalid GARP Packets Discarded GARP Disabled Port Not Listening Invalid Port Invalid Protocol Invalid Format Database Full GARP Messages LeaveAll JoinEmpty Joinin LeaveEmpty Leaveln Empty Bad Message Bad Attribute Transmit Total GARP Packets GARP Disabled Port Not Sending LeaveAll JoinEmpty Joinin LeaveEmpty Leaveln Empty Figure 152 GVRP Counters Page Section V Virtual LANs AT S63 Management Software Web Browser Interface User s Guide The GVRP Counters page provides the information shown in Table 13 Table 13 GVRP Counters Parameter Receive Total GARP Packets Meaning Total number o
326. rd all remote management packets making it impossible for you to remotely manage the unit from a Telnet or web browser management session For instructions on how to add ACEs refer to Creating an ACE on page 446 To enable or disable the management ACL perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Mgmt Security option The Mgmt Security page is displayed with the Mgmt ACL tab selected by default as shown in Figure 183 AT 9424T SP System Name Marketing MAC Addr 00 30 84 48 EF CD E lt a Configure Mgmt ACLi s C ayez Disable Mgmt ACLs Enable Mgmt ACLs Cer L Network Security IP Aaddress IP Mask Protocol Interface Help Mgmt ACL IP Address Mgmt ACL IP Mask 0 0 0 0 0 0 0 0 Protocor Interface TCP v TELNET x Figure 183 Mgmt ACL Tab Configuration Section VII Management Security Section VII Management Security AT S63 Management Software Web Browser Interface User s Guide The middle section of the tab lists the existing ACEs on the switch The bottom portion is used to add and delete entries For instructions refer to Creating an ACE on page 446 and Deleting an ACE on page 448 Click either Enable MGMT ACL or Disable MGMT
327. re 162 on page 398 Click the Enable Port Access check box A check in the box means that the feature is activated on the switch No check means that the feature is disabled For instructions on configuring the accounting feature refer to RADIUS Accounting on page 411 Click Apply A change to the status of 802 1x Port based Network Access Control is immediately implemented on the switch From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section VI Port Security AT S63 Management Software Web Browser Interface User s Guide Configuring Authenticator Port Parameters Section VI Port Security To configure authenticator port parameters perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Network Security option The Network Security page opens with the Port Security tab selected by default as shown in Figure 158 on page 392 Select the 802 1x Port Access tab The 802 1x Port Access tab is shown in Figure 162 on page 398 Click the authenticator port that you want to configure You can select more that one authenticator port at a time The selected port turns white Note The role of a port must be set to authenticator befor
328. re Menus Interface User s Guide Note You cannot specify a management VLAN when the switch is operating in a multiple VLAN mode To specify the management VLAN perform the following procedure 1 Secton V Virtual LANs From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 on page 94 Select the VLAN tab The VLAN tab is shown in Figure 143 on page 346 For the Mgmt VLAN ID parameter enter the VID of the VLAN on the switch that you want to function as the management VLAN The VLAN must already exist on the switch The default is 1 which is the VID of the Default_VLAN Click Apply From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 357 Chapter 21 Port based and Tagged VLANs 358 Secton V Virtual LANs Chapter 22 GARP VLAN Registration Protocol Section V Virtual LANs This chapter contains instructions on how to configure GARP VLAN Registration Protocol GVRP This chapter contains the following procedures Configuring GVRP on page 360 Enabling or Disabling GVRP on a Port on page 362 Displaying the GVRP Configuration on page
329. re uses the path through the Services menu option From the Monitoring menu select Services The Services menu is displayed with the CoS tab selected by default as shown in Figure 62 on page 188 Select the Classifiers tab The Classifiers tab is shown in Figure 52 Services Page 1of1 No of RI o of ive Description nafetehces Act Associations 0 0 1 1 Section Il Advanced Operations Figure 52 Classifier Tab Monitoring The Classifier tab displays a table of the currently configured classifiers that contains the following columns of information ID The ID number of the classifier 169 Chapter 12 Classifiers 170 Description A description of the classifier No of References The number of active and inactive ACLs and QoS policies to which the classifier is currently assigned An active ACL or QoS is assigned to at least one switch port while an inactive ACL or QoS policy is currently not assigned to any port If this column is O zero the classifier is not assigned to any ACLs or policies active or inactive No of Active Associations The number of active ACLs and QoS policies to which the classifier is currently assigned An active ACL or QoS policy is assigned to at least one switch To display detailed information about a classifier select the classifier and click View An example of the View Classifier page is shown in Figure 53 T MewGessifer
330. ri E AA A E EAEE R 55 Setting a Switch s Enhanced Stacking Status eeeeseeeseeeeeeesrneeessrrnesernnasastennesettnneetenaaectttnasaettnnesennneetannenet 56 Selecting a Switch in an Enhanced Stack oeer eee eee AEE E E ORAON 58 Returning tothe Master Switch ezici aeieea E EENE E AE AAEE IAEE 61 Displaying the Enhanced Stacking Status eeeeeessseeessrnresetrrneestttnnessttnanesinianeesnttnaettinnadsetennedsdanaesetanneennnn 62 Chapter 4 SNMPv1 and SNMPV2C 0 oo cc ccc cee ee ee ceecccce cece eee ee tect e eee aeaaeaeeeeeeeeeeeeeesecaaaaeseeeeeeeeeeeeeeseeesenaeeas 63 Enabling or Disabling SNMP Management ccccceeeeeeeeeeeeeeenteeeeeeeeeeeeeeeeeaeeeeeeeeaeeeeeeenaeeeeeeenneeeeeseaas 64 Creating a New SNMPv1 and SNMPv2c Community cc ccceccceeeeeeeeeeeeee ee einie nese etaeeeeeeeeeeeeeeaeeeeseniaeeeeena 66 Modifying an SNMPv1 and SNMPv2c Community 00 00 eceececceeee scenes eee eecneeeeeeeeaeeeeeeeeaeeeeeeeeaeeeeeeeeiaeeeeeeeeaas 69 Deleting an SNMPv1 and SNMPv2c Community 0 eeececeeee een ee eee enne eee eeeaeeeeeeeaaeeeeeeeeaeeeeeesnaeeeeeeeenaeeeeeeaas 72 Displaying the SNMPv1 and SNMPv2c Communities 0 0 0 2 cece eeceeee eee eenee eee eeeeaeeeeeeeeaeeeeeeeeaeeeeeeeeneeeeeeeaas 73 Contents Chapter 5 Port Parameters oninia e cates vee elie ane tae dence enue aa aaa dauie the deed evs aa Ea oaae eaa aa da PET laces 77 Configuring Port Parameters r saleen ee aiios p a a RIERA AA EERE A
331. ring ccccceeeeeeceeeeeeee eee eeenee eee eeeaaeeeeeeeeaaeeeeeeeaeeeeseeecaeeeeseeenaeeeseeieeeeeeeeaas 50 Figure 9 Ping Client Tab MOnitoring ceiien rerni areira erei arrera iera i arar eii T ar Eads 51 Figure 10 System Utilities Tab Configuration cc ccceceeeeeeeeeeeeeee eee eeeeaeeeeeeeeaeeeeeeeeaeeeeseeeaaeeeeeseeneeeeeseeaas 53 Chapter 3 Enhanced Stacking airaa EE Aa Aa EREE AeA S EENS seeevsoceeereesenectapesesentegecetecey 55 Figure 11 Enhanced Stacking Tab Configuration sesssssssesesessrresetsrrrsstttrrsstttrnrnsttnrnsssttnnsssttnnnnstttnnnsen n 57 Figure 12 Stacking Switches Page moronene a ohecedaads ceeded la REA ian ceceua dada AEAEE RE EAA AERE 59 Figure 13 Enhanced Stacking Tab MOnitoring cccceeeeeeeeeeeeeeneeeeeeeeaaeeeeseeaaaeeeeeeenaeeeeeeeeaeeeeeeeeneeeeeeenaas 62 Chapter 4 SNMPv1 and SNMPV2C 0 vccccsccccteecccecteeetecevestevestessseuenteved eeevnedesuereencucceeenneceseeaveeescatenusnned centers deerens 63 Figure 14 SNMP Tab Configuration ccccccceeceeeeeeeeeeee senses eee eeeeeaeeeeeeeeaaeeeeeeeaaeeeeeeeeaeeeeseeeaeeeseeneeeeeeeeaas 64 Figure 15 SNMPv1 amp SNMPv2c Communities Tab cc cccccececcceeeeeneeeeeeeecaeeeeeeeaeeeeeeeeaeeeeeeeneeeeeeeeneeeeeeaas 66 Figure 16 Add New SNMPv1 amp SNMPv2c Community Page ccccceecteceeeeenneeeeeeeetceeeeeeeeaeeeeeeeenaeeeeeeenaaes 67 Figure 17 Modify SNMPv1 amp SNMPv2c Community Page cccccc
332. rity number automatically takes over as the root bridge This parameter can be from 0 zero to 61 440 in increments of 4096 with 0 being the highest priority For a list of the increments refer to Table 6 on page 306 313 Chapter 19 Spanning Tree and Rapid Spanning Tree Protocols 6 7 314 Bridge Hello Time The time interval between generating and sending configuration messages by the bridge This parameter can be from 1 to 10 seconds The default is 2 seconds Bridge Forwarding The waiting period before a bridge changes to a new state for example becomes the new root bridge after the topology changes If the bridge transitions too soon not all links may have yet adapted to the change possibly resulting in a network loop The range is 4 to 30 seconds The default is 15 seconds This setting applies only to ports running in the STP compatible mode Bridge Max Age The length of time after which stored bridge protocol data units BPDUs are deleted by the bridge All bridges in a bridged LAN use this aging time to test the age of stored configuration messages called bridge protocol data units BPDUs For example if you use the default 20 all bridges delete current configuration messages after 20 seconds This parameter can be from 6 to 40 seconds The default is 20 seconds In selecting a value for maximum age the following must be observed MaxAge must be greater than 2 x HelloTime 1 MaxAge must be less than
333. rivacy password of up to 32 alphanumeric characters In the Confirm Privacy Password field re enter the privacy password In the Storage Type field enter one of the following storage options for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the User Table After making changes to an User Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonVolatile Select this storage type if you want the ability to save an entry in the User Table After making changes to an User Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 User Table entry takes effect immediately Click Apply to update the SNMPv3 User Table From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save To delete an entry in the SNMPv3 User Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Select the SNMP tab 239 Chapter 18 SNMPv3 Modifying a User Table Entry 240 The
334. rs assigned to this Group Name to view the information specified by the View Table entry This value does not need to be unique 7 Inthe Write View Name field enter a value that you configured with the View Name parameter in the View Table This parameter allows the users assigned to this Security Group to write or modify the information in the specified View Table This value does not need to be unique 8 In the Notify View Name field enter a value that you configured with the View Name parameter in the View Table This parameter allows the users assigned to this Group Name to send traps permitted in the specified View This value does not need to be unique Section Ill SNMPv3 255 Chapter 18 SNMPv3 256 9 10 11 Note The Context Match field is a read only field The Context Match field is always set to Exact In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Access Table After making changes to an Access Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonVolatile Select this storage type if you want the ability to save an entry in the Access Table After making changes to an Access Table entry with a NonvVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesyn recommen
335. rt S Port is not a member of the VLAN a Tagged port Click Apply Secton V Virtual LANs Secton V Virtual LANs AT S63 Management Software Web Browser Interface User s Guide Note Untagged ports that are added to a VLAN are automatically removed from their current untagged VLAN assignment Untagged ports that are removed from a VLAN are returned to the Default_VLAN Removing an untagged port from the Default_VLAN without assigning it to another VLAN leaves the port as an untagged member of no VLAN The modified VLAN is now ready for network operations From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 351 Chapter 21 Port based and Tagged VLANs Deleting a VLAN To delete a port based or tagged VLAN from the switch perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 on page 94 3 Select the VLAN tab The VLAN tab is shown in Figure 143 on page 346 4 Click the button next to the name of the VLAN you want to delete You cannot delete the Default_VLAN 5 Click Remove A confirmation prompt is displayed
336. s The following procedures are provided OaoQgd0Q00Q060 00 0 Displaying User Table Entries next Displaying View Table Entries on page 290 Displaying Access Table Entries on page 291 Displaying SecurityToGroup Table Entries on page 292 Displaying Notify Table Entries on page 293 Displaying Target Address Table Entries on page 294 Displaying Target Parameters Table Entries on page 295 Displaying SNMPv3 Community Table Entries on page 296 To display entries in the SNMPv3 User Table perform the following procedure 1 3 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select Mgmt Protocols The Mgmt Protocols page is displayed with the Server based Authentication tab displayed by default as shown in Figure 13 on page 62 Select the SNMP tab Section IIl SNMPv3 AT S63 Management Software Web Browser Interface User s Guide The SNMP tab is shown in Figure 114 SNMP SNMP Access Enabled Authentication Failure Trap Disabled Mgmt Protocols SNMPv1 amp SNMPv2c View SNMPv1 amp SNMPv2c Communities SNMPv3 SNMP Engine ID 80 00 00 CF 03 00 30 84 AB EF CD View User Table O View View Table Oview Access Table Oview SecurityToGroup Table O View Notify Table O View Target Address Table Ov
337. s The range is 1 to 10 retransmissions TX Period Sets the number of seconds that the switch waits for a response to an EAP request identity frame from the client before retransmitting the request The default value is 30 seconds The range is 1 to 65 535 seconds Quiet Period Sets the number of seconds that the port remains in the quiet state following a failed authentication exchange with the client The default value is 60 seconds The range is 0 to 65 535 seconds Reauth Enabled Controls whether the client must periodically reauthenticate The default setting of enabled requires the client to periodically reauthenticate The time period between reauthentications is set with the Reauth Period option If this parameter is set to disabled the client is not required to reauthenticate after the initial authentication unless there is a change to the status of the link between the supplicant and the switch or the switch is reset or power cycled The options are Enabled or Disabled The default is Enabled Reauth Period Enables periodic reauthentication of the client which is disabled by default The Reauth Enabled option must be set to Enabled for this parameter to be operational The default value is 3600 seconds The range is 1 to 65 535 seconds Supplicant Timeout Sets the switch to client retransmission time for the EAP request frame The default value for this parameter is 30 seconds The range is 1 to 600 seconds 403 Ch
338. s refer to Displaying the MAC Address Tables on page 98 Click the button next to the MAC address that you want to delete from the switch Click Remove Note You cannot delete a switch s MAC address an STP BPDU MAC address or a broadcast address From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section l Basic Operations AT S63 Management Software Web Browser Interface User s Guide Deleting All Dynamic MAC Addresses Section I Basic Operations To delete all the dynamic MAC addresses unicast or multicast perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 2 option The Layer 2 page opens with the MAC Address tab selected by default as shown in Figure 25 on page 94 In the Delete All Dynamic MAC Addresses section click Delete From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 97 Chapter 6 MAC Address Table Displaying the MAC Address Tables To view the MAC address table perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with th
339. s been running for some time without a reset or power cycle select Temporary This is the default Permanent NVS Displays events stored in nonvolatile memory which stores no more than 2 000 events If the switch was recently reset or power cycled and you want to view the events that occurred prior to the reset select Permanent Section Il Advanced Operations 145 Chapter 11 Event Logs and Syslog Servers 4 146 To display events of a selected severity in the Severity Selections list select one or more of the following severity types D Debug Debug messages provide detailed high volume information that is intended only for technical support personnel E Error Only error messages are displayed Error messages indicate that the switch operation is severely impaired W Warning Only warning messages are displayed These messages indicate that an issue may require manager attention Information Only informational messages are displayed Informational messages display useful information that you can ignore during normal operation ALL All messages of any type are displayed To select more than one severity use lt Ctrl gt click To choose the chronological order of events in the display for Display Order click one of the following Chronological Displays the events in the order from the oldest event to the most recent event This is the default Reverse Chronological Displays the events in from th
340. s not displayed on the Configuration menu Section Ill SNMPv3 Deleting a View Table Entry Modifying a View Table Entry Section Ill SNMPv3 10 11 AT S63 Management Software Web Browser Interface User s Guide NonVolatile Select this storage type if you want the ability to save an entry in the View Table After making changes to a View Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 View Table entry takes effect immediately Click Apply to update the SNMPv3 View Table From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save To delete an entry in the SNMPv3 View Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 In the SNMPv3 section click the button next to Configure View Table and then click Configure The SNMPv3 View Table tab is shown in Figure 93 on page 245 Click the button next to the View Table entry that you want to delete and then click Remove A
341. sed authentication perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Mgmt Protocols option The Mgmt Protocols page is displayed with the Server based Authentication tab selected by default as shown in Figure 177 Server based Authentication C Enable Server based Authentication Authentication Method Tacacs O RADIUS Mgmt Protocols TACACS Configuration RADIUS Configuration Figure 177 Server based Authentication Tab Configuration 3 To select an authentication protocol in the Authentication Method section of the tab click either RADIUS or TACACS The default is TACACS Note The switch can support only one authentication protocol at a time Additionally you cannot select a different authenticator protocol when this feature is enabled 4 To enable or disable the authentication feature on the switch click the Enable Server based Authentication check box A check in the box indicates that this feature is enabled No check indicate the feature is disabled The default is disabled Section VII Management Security AT S63 Management Software Web Browser Interface User s Guide Note The Enable Server based Authentication check box applies only when you are using the TACACS or RADIUS client
342. seeeseeeeeeeeseneesees 199 Figure 72 Modify Traffic Class Page nerenin niari r i A a rei a E AAA eaea NEA R 201 Figure 73 Traffic Class Tab MOnitoring cccceeeeeeeeeeeeeeeeseeeeeeeeeceeeeeeeeeseneaeeeeseeeeeeeeeseeneaeeeeseaaeeeeseeenaeeees 203 Figure 74 View Traffic Class Page cccccesceceeseeceeeeeeeeeeeeeseeeeeeeeeseeeeeeeeeseneaeeeeeseeeeeeeeseeeeaeeeeseeneeeeeseeenneees 204 Figure 75 Policies Tab Configuration cccccccceeeeeeeeeeeeeeeeeeeseeeeeeeeeceeeeeeeeeseeeaaeeeceeeeeeeeeseeeeaeeesteeaeeeeseeenaeeess 206 Figure 76 Create Policy Page 2 0 ccccccccedeseeneeedeeseeneeeeeeencetedeneceeeeeeeneneeeededuensesedeceeneeedeedeneeedeeeeneeenedeenneeetee 207 Figure 77 Modify Policy Page inten R a E E A A E E EAE EE AE RAA 209 Figure 78 Policies Tab Monitoring esesecessssseesssssassssnnnesnnnnnssnsennnsnnnnaanettnnnnnnanaaddnannneandananadaanaanadaaddananneadta 211 Figure 79 View Policy Page monera inaen r rea e i EAEE Aa A e A TAa AEAT ET debe a T e a 212 AT S63 Management Software Menus Interface User s Guide Chapter 16 Denial of Service Defense cceseeeceeeeee eee eeeeeeeeneeneeeeeeeeeeenseeeeeeaeeaeeeseeseeeeeeeseeseeeneeeeseeeeees 213 Figure 80 DoS Tab Configuration rerien riea ina aA TAEA T AAEE E R A 214 Figure 81 DoS Configuration for Ports Page cccccececceeeeeeeseneeeeeeeenneeeeeeeeeeeeeesneeeeeeetieeeeeeetieeeersnieeeeeee 215 Figure 82 DoS Tab MOmitoring
343. ss of the client after one client has been authenticated If set to Disabled the switch port forwards only those packets from the client who was authenticated and discards packets from all other users 7 Click Apply Changes to the authenticator settings are immediately implemented on a port 8 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 404 Section VI Port Security AT S63 Management Software Web Browser Interface User s Guide Configuring Supplicant Port Parameters Section VI Port Security To configure supplicant port parameters perform the following procedure 1 T supplicant Parameters 20 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Network Security option The Network Security page opens with the Port Security tab selected by default as shown in Figure 158 on page 392 Select the 802 1x Port Access tab The 802 1x Port Access tab is shown in Figure 162 on page 398 Click the supplicant port that you want to configure You can select more that one supplicant port at a time The selected port turns white Note A port must already be designated as a supplicant before you can configure its settings For instructions on how to set the role o
344. ssage digest With the SHA selection you can configure a Privacy Protocol None This value represents no authentication protocol When messages are received users are not authenticated With the None selection you cannot configure a Privacy Protocol Note You may want to assign NONE to a super user In the Authentication Password field enter an authentication password of up to 32 alphanumeric characters In the Confirm Authentication Password field re enter the authentication password Note If you have the nonencrypted version of the AT S60 software then the Privacy Protocol field is read only Note You can only configure the Privacy Protocol if you have configured the Authentication Protocol with the MD5 or SHA values In the Privacy Protocol field enter one of the following options DES Select this value to make the DES privacy or encryption protocol the Section Ill SNMPv3 Deleting a User Table Entry Section Ill SNMPv3 10 11 12 13 14 AT S63 Management Software Web Browser Interface User s Guide privacy protocol for this User Table entry With this selection messages transmitted between the host and the switch are encrypted with the DES protocol None Select this value if you do not want a privacy protocol for this User Table entry With this selection messages transmitted between the host and the switch are not encrypted In the Privacy Password field enter a p
345. ssword Storage Type NonYolatile v Row Status Active Figure 92 Modify SNMPv3 User Page 5 In the Authentication Protocol field enter an authentication protocol This is an optional parameter Select one of the following MD5 This value represents the MD5 authentication protocol With this selection users SNMP entities are authenticated with the MD5 authentication protocol after a message is received This algorithm generates the message digest The user is authenticated when the authentication protocol checks the message digest With the MD5 selection you can configure a Privacy Protocol SHA This value represents the SHA authentication protocol With this selection users are authenticated with the SHA authentication protocol after a message is received This algorithm generates the message digest The user is authenticated when the authentication protocol checks the message digest With the SHA selection you can configure a Privacy Protocol None This value represents no authentication protocol When messages are received users are not authenticated With the None selection you cannot configure a Privacy Protocol Section III SNMPv3 241 Chapter 18 SNMPv3 242 10 11 Note You may want to assign NONE to a super user In the Authentication Password field enter an authentication password of up to 32 alphanumeric characters In the Confirm Authentication Password field re ent
346. t Defined Note You cannot create encryption keys from the web browser interface but you can from the menus and command line interfaces Server Key ID Enter the ID number of the encryption key for the SSH server The key must already exist on the switch The default is Not Defined Server Expiry Time Set the time in hours for the server key to expire This timer determines how often the server key is regenerated A server key is regenerated for security purposes A server key is only valid for the time period configured in the Server Key Expiry Expiration Time timer Allied Telesyn recommends that you set this field to 1 With this setting a new key is generated every hour Login Timeout Enter a number between 60 and 600 The default is 180 This is the time it takes to release the SSH server from an incomplete SSH client connection Enter a time in seconds The default is 180 seconds 3 minutes The range is 60 to 600 seconds 5 Click Apply 6 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section VII Management Security 427 Chapter 27 Secure Shell SSH Displaying the SSH Settings To view the Secure Shell settings perform the following procedure 1 From the Home page select Monitoring The System page is displayed with the General tab selected by default as shown in Figure 6 on page 42
347. t displayed if there are no changes to save 65 Chapter 4 SNMPv1 and SNMPv2c Creating a New SNMPv1 and SNMPv2c Community To create anew SNMPv1 and SNMPv2c community perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Mgmt Protocols option The Mgmt Protocols page is displayed with the Server based Authentication tab selected by default as shown in Figure 177 on page 432 3 Select the SNMP tab The SNMP tab is shown in Figure 14 on page 64 4 Inthe SNMPv1 amp SNMPv2c section click Configure The SNMPv1 amp SNMPv2c Communities tab is shown in Figure 15 System Name Marketing MAC Addr 00 30 84 4B EF CD SNMP SNMPv1 amp SNMPv2c Communities Total Entries 3 Page lof 1 Open Access Access Mode Read Only Community Name Manager Stations Trap Receivers lemondrop19 O rootbeer14 Read Only 198 1 1 9 198 1 1 1 198 20 2 2 198 30 3 3 198 1 1 9 198 1 1 1 198 20 2 2 198 30 3 3 Mgmt Protocols O sassafras12 Read rite Figure 15 SNMPv1 amp SNMPv2c Communities Tab 5 Click Add 66 Section Basic Operations Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide
348. t mirror You can mirror one port a few ports or all of the ports on the switch with the exception of course of the destination port Section Basic Features 115 Chapter 8 Port Mirroring Figure 35 shows an example of the Modify Mirror page configured for a port mirror The egress traffic on ports 11 and 12 is being mirrored to the destination port 5 Enable Mirror Mirror Ingress Port Mirror Egress Port Mirror Ingress Egress Port O Mirror To Port Figure 35 Example of a Modify Mirror Page 6 After selecting the destination and source ports click the Enable Mirror check box 7 Click Apply The port mirror is now active on the switch You can connect a data analyzer to the destination port to monitor the traffic on the source ports 8 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 116 Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Modifying a Port Mirror To modify a port mirror perform the following procedure 1 Section Basic Features From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 1 option The Layer 1 page opens with the Port Settings tab displayed by default as show
349. t support a flash card To view the switch s configuration files see Listing the Files in Flash Memory or on a Compact Flash Card on page 126 Configuration files have a cfg extension O Specifying a new active boot configuration file does not change the current operating configuration of the switch To reconfigure the switch in accordance to the configuration in a newly assigned active boot configuration file reset or power cycle the switch at the end of the procedure O Selecting Save Config after changing the active configuration file overwrites the settings in the file with the current operating settings of the switch O You can specify a configuration file on a flash memory card for those systems that support a flash card However the switch does not copy the configuration file to its file system Instead it uses and updates the file directly on the card If at some point you remove the card the switch does not allow you to save any further configuration changes until you reinsert the flash card or specify another active boot configuration file Additionally if you reset the switch after removing a flash card that contains a switch s active boot configuration file the management software uses the switch s default settings To change the switch s active configuration file perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected b
350. tab is shown in Figure 136 on page 323 In the diagram of the switch at the bottom of the MSTP Spanning Tree Expanded page click the ports you want to configure You can select more than one port at a time Click Modify The MSTP Settings Port s page is shown in Figure 139 Port Priority 0 15 Point To Point 8 16 128 Auto Detect Port Internal Path Cost 0 200000000 Port External Path Cost 0 200000000 0 0 Auto Update 0 MSTI List Priority amp Internal Cost 0 CIST 2 MSTI 3 MSTI Edge Port No Figure 139 MSTP Settings Port s Page 333 Chapter 20 Multiple Spanning Tree Protocol 334 7 Configure the following parameters as necessary The port parameters can be divided into two groups generic parameters and MSTI specific parameters A generic port parameter is set just once on a port and applies to all of a port s MSTIs assignments Generic parameters are Oo External path cost Oo Point to point port o Edge port An MSTI specific parameter can be set on a per MSTI basis This means that you can assign a different value to a MSTI specific parameter for each spanning tree instance where a port is a member These parameters are o Internal path cost o Port priority When setting an MSTI specific parameter use the MSTI List in the window to select the intended MSTI It should be noted that the MSTI List shows all of the spanning tree instan
351. tch you can access and manage the other enhanced stacking switches in the subnet In order to manage the switches of an enhanced stack using the web browser interface you must assign the master switch a unique IP address You can manually assign the address or activate the BOOTP or DHCP client software on the switch so that it automatically obtains an IP address from a BOOTP or DHCP server on your network Refer to Configuring an IP Address and Switch Name on page 38 and Activating the BOOTP or DHCP Client Software on page 41 for further information 0 Slave A slave switch can be remotely managed through a master switch It does not need an IP address or subnet mask O Unavailable A switch with an unavailable stacking status cannot be remotely managed through a master switch A switch with this designation can be managed locally To be managed remotely a switch with an unavailable stacking status must be assigned a unique IP address Note The default setting for a switch is slave Note The only switch whose stacking status you can change through a web browser management session is the switch where you started the management session typically a master switch You cannot change the stacking status of a switch accessed through enhanced stacking If the switch does not have an IP address and subnet mask you must use a local management session to change its stacking status To configure a switch s enhan
352. te Do not use a value configured with the User Name parameter in the SNMPv3 User Table In the Transport Tag field enter a name of up to 32 alphanumeric characters The Transport Tag parameter links an SNMPv3 Community Table entry with an SNMPv3 Target Address Table entry Add the value you configure for the Transport Tag parameter to the Tag List parameter in the Target Address Table as desired See Creating a Target Address Table Entry on page 268 In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the SNMPv3 Community Table After making changes to an SNMPv3 Community Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 Community Table After making changes to an SNMPv3 Community Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesyn recommends this storage type Section Ill SNMPv3 Deleting an SNMPv3 Community Table Entry Modifying an SNMPv3 Community Table Entry Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 C
353. ted switch for a LAN that has the least cost path to the root switch This port connects the LAN to the root switch Master Similar to the root port When the port is a boundary port the MSTI port roles follow the CIST port roles The MSTI port role is called master when the CIST role is root P2P Whether or not the port is functioning as a point to point port The possible settings are Yes No and Auto Detect Version Whether the port is operating in MSTP mode or STP compatible mode Internal Port Cost The port cost when the port is connected to a bridge in the same MSTP region 5 Click OK to close the page 341 Chapter 20 Multiple Spanning Tree Protocol Resetting MSTP to the Default Settings 342 To reset MSTP to the factory default settings perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 on page 94 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 135 on page 320 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 136 on page 323 Click Defaults The MSTP settings are returned to their default values From the Configuration menu select the Sav
354. ter 12 Classifiers Anna aea aae aa aaa oaa e Eaa Aa aa eaa ORS enar Ea er Aaaa E aaea a a daaa Nara i 159 Figure 48 Classifier Tab Configuration J iecrreireneiei iiti narnii reine IREE EnA EEE ARA EEEE R EREA RRA TEA AAR EAEAN R ARE 161 Figure 49 Create Classifier PagO seinri enera a EAA EEEE EREA EEA ENRERE AAEE ARRAT REISER A ARREARS 162 Figure 50 Create Classifier Page IP Protocol sssssessssrreseeerresrnrnnnesenennestnnnnestntaasnnrnnesdtnnnnennneaneetnnnnnennnna 162 Figure 51 Modiiy Classifier Page more miter E AA S O E E OTA OER E S 166 Figure 52 Classifier Tab MODON nies eegee aa E E E E EA EE 169 Figure 53 View Classifier Pagos ere ar R A T A A T T 170 Chapter 13 Access Control LiStS sinisiksi reinan tania aaa aaraa aaraa aa aiaa aaaeaii teed 171 Figure 54 ACL Tab Configuration ccecceeeeeeecneeeeeeeeeeeeeteceeeeeeeceeeeeeeeeceeeaeeeeeeeneeeeeeseneaaeeeseeaeeeeseeenanenes 172 Figur 55 Create ACLS Page cictsncesectanh fc ie a aehen bial r Mendel a r T E ea E 173 Figure 96 Modi ACLI P300 aone a ea SATARE TAAT AEE S A es 175 Figure 57 ACL Tab Monitoring oersisdecana ai e A A a a aaa 178 Figure 58 View ACLS Faga snoren eiir ra r e E A ee T 179 Chapter 14 Glass of SOnviCe disien ear a ar eaaa oa da esveceadevesiestnsaceoseedes a Ehana Eann 181 Figure 59 CoS Tab Configuration as er E a E E E E E EEEE E 182 Figure 60 CoS Setting for Port Page seor irina E E AE E E E T OA EE EE ERE 183 Figure 61 Queui
355. ter with the SNMPv3 protocol Privacy This option represents authentication and the privacy protocol Select this security level to allow authentication and encryption This level provides the greatest level of security You can select this value if you configured the Security Model parameter with the SNMPv3 protocol In the Storage Type parameter select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Target Parameters Table After making changes to an Target Parameters Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonVolatile Select this storage type if you want the ability to save an entry in the Target Parameters Table After making changes to an Target Parameters Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Target Parameters Table entry will take effect immediately Click Apply to update the SNMPv3 Target Parameters Table From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 281 Chapter 18 SNMPv3 Configuring the SNMPv3 Community
356. that you configured with the View Name parameter in the SNMPv3 View Table 251 Chapter 18 SNMPv3 252 10 This parameter allows the users assigned to this Group Name to view the information specified by the View Table entry This value does not need to be unique In the Write View Name field enter a value that you configured with the View Name parameter in the SNMPv3 View Table This parameter allows the users assigned to this Security Group to write or modify the information in the specified View Table This value does not need to be unique In the Notify View Name field enter a value that you configured with the View Name parameter in the SNMPv3 View Table This parameter allows the users assigned to this Group Name to send traps permitted in the specified View This value does not need to be unique In the Security Model field enter an SNMP protocol Select one of the following SNMP protocols as the Security Model for this Group Name v1 Select this value to associate the Group Name with the SNMPv1 protocol v2c Select this value to associate the Group Name with the SNMPv2c protocol v3 Select this value to associate the Group Name with the SNMPv3 protocol In the Security Level field enter a security level Select one of the following security levels No Authentication Privacy This option represents neither an authentication nor privacy protocol Select this security level if you do not want to au
357. the file system For example you would select this option if you are downloading a CA certificate or a boot configuration file you do not want designated as the active boot configuration file 8 Click Apply The management software notifies you after the download is complete AN Caution If you downloaded a new AT S63 image file to the switch s application block the switch decompresses it and writes it to flash memory This can require one to two minutes to complete Do not reset or power off the unit while it is decompressing the file After the file has been decompressed the switch automatically resets Your web browser management session ends To continue managing the switch you must reestablish the management session Section Il Advanced Operations 137 Chapter 10 File Downloads and Uploads Note If you downloaded a configuration file using the Config selection the switch automatically designates it as its active configuration file and resets At the completion of the reset the switch operates with the parameter settings in the downloaded configuration file The reset ends your web browser management session To continue managing the switch you must reestablish the management session 138 Section Il Advanced Operations Uploading a File AT S63 Management Software Web Browser Interface User s Guide Section Il Advanced Operations This procedure explains how to upload a file from the switch s f
358. the switch and either the menus or the command line interface CLI After an IP address and subnet mask are assigned you can remotely connect to the switch and start a web browser management session Note For background information on enhanced stacking refer to Chapter 4 Enhanced Stacking in the AT S63 Management Software Menus Interface User s Guide To start a web browser management session perform the following procedure 1 Start your web browser Note If your PC with the web browser is connected directly to the switch to be managed or is on the same side of a firewall as the switch you must configure your browser s network options not to use proxies Consult your web browser s documentation on how to configure the switch s web browser to not use proxies 2 Inthe URL field of the browser enter the IP address of the switch you want to manage or of the master switch of the enhanced stack Z Home Microsoft Internet Explorer File Edit View Favorites Tools Help 3 Ga 3 eh S a e gt 0 A Gris Stop Refresh Home Search Favorites History Mail Print Edit Related Address TEERERE Switch s lp Address Figure 1 Entering a Switch s IP Address in the URL Field 28 Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide The AT S63 management software displays the login page shown in Figure 2 User Name Password
359. thenticate SNMP entities and you do not want to encrypt messages using a privacy protocol This option provides the least security Note If you have selected SNMPv1 or SNMPv2c N NoAuthNoPriv is the only security level you can select Authentication This option permits an authentication protocol but not a privacy Section Ill SNMPv3 Deleting an Access Table Section Ill SNMPv3 Entry 11 12 13 AT S63 Management Software Web Browser Interface User s Guide protocol Select this security level if you want to authenticate SNMP users but you do not want to encrypt messages using a privacy protocol You can select this value if you configured the Security Model parameter with the SNMPv3 protocol Privacy This option represents authentication and the privacy protocol Select this security level to allow authentication and encryption This level provides the greatest level of security You can select this value if you configured the Security Model parameter with the SNMPv3 protocol Note The Context Match field is a read only field The Context Match field is always set to Exact In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Access Table After making changes to an Access Table entry with a Volatile storage type the Save Config option is not displayed on the Configuratio
360. ting 46 system date setting 47 system file downloading 134 uploading 139 system name configuring 39 system time setting 47 T TACACS configuring 434 disabling 432 AT S63 Management Software Web Browser Interface User s Guide displaying settings 436 enabling 432 server timeout configuring 438 tagged VLAN creating 346 deleting 352 385 displaying 355 386 modifying 350 threshold 394 traffic class configuring 198 deleting 202 displaying 202 modifying 200 tx period configuring 403 U unavailable status defined 56 uplink port configuring 354 displaying 356 user name configuring 406 default 29 user password configuring 406 V versions supported SSH parameter 428 virtual LAN VLAN associating to MSTI IDs 330 creating 346 deleting 352 385 displaying 355 386 mode selecting 353 modifying 350 VLAN identifier VID configuring 376 VLAN name configuring 376 VLAN type port based or tagged VLAN 348 Ww web browser management session quitting 33 starting 28 455 Index 456
361. tings are Enabled Multicast packet ingress rate limiting is enabled Disabled Multicast packet ingress rate limiting is disabled This is the default Multicast Rate Use this parameter to set the multicast rate limit in packets per second The range is 0 to 262143 The default is 262143 After you have made the desired changes click Apply The switch activates the parameter changes on the port From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Displaying Port Status To display the status of a switch port perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select the Layer 1 option The Layer 1 page is displayed with the Port Settings tab selected by default as shown in Figure 22 Figure 22 Port Settings Tab Monitoring The Port Settings tab displays a graphical image of the front of the switch Ports with valid links to end nodes have a green light Click a port You can select more than one port at a time when you want to display port status However you can select only one port when displaying statistics A selected port turns
362. tion is not displayed if there are no changes to save Modifying an To modify an entry in the SNMPv3 Access Table perform the following Access Table Procedure Entry 4 254 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 In the SNMPv3 section click the button next to Configure Access Table and then click Configure at the bottom of the tab The SNMPv3 Access Table tab is shown in Figure 96 on page 250 Click Next or Previous to display the Access Table entry that you want to change Click Modify The Modify SNMPv3 Access page is shown in Figure 98 Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide Group Name Context Prefix Read View Write View Notify View Security Model Security Level Context Match T Modifysnwpvsaccess testengineering jinternet private internet gt W3 gt AuthPriv Exact Storage Type NonVolatile x Row Status Active Figure 98 Modify SNMPv3 Access Page Note The Context Prefix field is a read only field The Context Prefix field is always set to null 6 In the Read View Name field enter a value that you configured with the View Name parameter in the View Table This parameter allows the use
363. tions AT S63 Management Software Web Browser Interface User s Guide The Policies tab is shown in Figure 78 em Name Marketing 00 30 84 AB EF CD Policies Page 1of1 Current Policies Description Active Traffic Class List Ingress Port List l o test Yes a 22 Services Figure 78 Policies Tab Monitoring The Policies tab displays the existing policies in a table that contains the following columns of information ID The ID of the policy Description A description of the policy Active Whether or not this policy is active on the switch Traffic Class List The traffic classes assigned to the policy Ingress Port List The ingress ports to which the policy is assigned 4 To view the details of a specific policy select the policy and click View Section Il Advanced Operations 211 Chapter 15 Quality of Service The View Policy page is shown in Figure 79 LL i O ID Description 0 audio Remark DSCP DSCP Value None None Traffic Class List Ingress Port List 0 Egress Port Redirect Port 3 1 Figure 79 View Policy Page The View Policy page contains the following information ID The ID of the policy Description A description of the policy Remark DSCP The conditions under which the ingress DSCP value is overwritten DSCP Value A replacement value to write into the DSCP TOS field of the packets Traffic Class
364. try Volatile Select this storage type if you do not want the ability to save an entry in the Target Address Table After making changes to a Target Address Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu Section Ill SNMPv3 Deleting a Target Address Table Section Ill SNMPv3 Entry AT S63 Management Software Web Browser Interface User s Guide NonVolatile Select this storage type if you want the ability to save an entry in the Target Address Table After making changes to a Target Address Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Target Address Table entry takes effect immediately 13 Click Apply to update the SNMPv3 Target Address Table 14 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save To delete an entry in the SNMPv3 Target Address Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 3 I
365. uder packet is received Although five possible selections are shown in the Action list box they all do the same thing block the packet record the event and drop the packet This column is only displayed for the IP Options defense Mirror Port The port on the switch to which offending traffic is copied 218 Section Il Advanced Operations Chapter 17 IGMP Snooping This chapter describes how to configure the IGMP snooping feature on the switch The sections in the chapter include 0 Configuring IGMP Snooping on page 220 o Displaying a List of Host Nodes on page 223 o Displaying a List of Multicast Routers on page 226 Note For background information refer to Chapter 19 IGMP Snooping in the AT S63 Management Software Menus Interface User s Guide Section Il Advanced Operations 219 Chapter 17 IGMP Snooping Configuring IGMP Snooping 220 To configure IGMP snooping perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 From the Configuration menu select the Multicast option The Multicast page is displayed with the IGMP tab selected by default as shown in Figure 84 Multicast C Enable IGMP Snooping Multicast Host Topology Single Host Port Edge O Multi Hosts Port Intermediate Multicast Router Ports Mode
366. ur changes This option is not displayed if there are no changes to save Section Ill SNMPv3 235 Chapter 18 SNMPv3 Configuring the SNMPv3 User Table 236 Creating a User Table Entry You can create delete and modify an SNMPv3 User Table entry See the following procedures o Creating a User Table Entry on page 236 o Deleting a User Table Entry on page 239 ao Modifying a User Table Entry on page 240 For reference information about the SNMPv3 User Table see Chapter 22 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide To create an entry in the SNMPv3 User Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 89 on page 234 2 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 3 In the SNMPv3 section click the button next to Configure User Table and then click Configure at the bottom of the tab Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide The SNMPv3 User Table tab is shown in Figure 90 AT 9424T SP Home SNMPv3 User Table C yeri Total Entries 4 Page lof 1 C me Username Pratocal Protocet Strave Twee Helps MDS None NonVolatile L togout MD5 NonVolatile SHA NonvVolatile O debashis NonVolatile Figure 90 SNMPv3 User Ta
367. uration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Configuration menu select the Network Security option The Network Security page opens with the Port Security tab selected by default as shown in Figure 158 on page 392 Select the 802 1x Port Access tab The 802 1x Port Access tab is shown in Figure 162 on page 398 In the Configure RADIUS Accounting section configure the following parameters as necessary Enable Accounting This parameter activates or deactivates RADIUS accounting on the switch Select Enabled to activate the feature or Disabled to deactivate it The default is Disabled Trigger Type This parameter specifies the action that causes the switch to send accounting information to the RADIUS server The possible settings are Start_Stop The switch sends accounting information whenever a client logs on or logs off the network This is the default Stop The switch sends accounting information only when a client logs off Port Number Specifies the UDP port for RADIUS accounting The default is port 1813 411 Chapter 25 802 1x Port based Network Access Control Type This parameter specifies the type of RADIUS accounting The default is Network You cannot change this value Enable Update This parameter controls whether the switch is to send interim accounting updates to the RADIUS server A check in the box indicates that updatin
368. uration 0 cccceeeeeeeeeeeeeeeeeeeeeeeeeeeeeseeaaeeeseeeeeeeeeeeeeeaeeeeseeaeeeseeeaeeees 392 Figure 159 Security for Ports Page Configuration ccccceceeceeeeeeeeeeeeeeseeeeeeeeeeeeeeeeeeseneeeeeeseeeaeeeseeenaeeees 392 Figure 160 Port Security Tab Monitoring ccecesceeeeeeeeeeeeeeeeeeeeeeeseeeeeeeeeseeeaeeeeseeeeeeeeeseeneeeeeeteeeeeeeseeenanenes 395 Figure 161 Security for Port S Page 2c cccccecececsceeeeceeneeeeedenenneteedaneneeeeedeaeneeeededaaeeeeddeteaceeededbeneteneeneneeened 396 Chapter 25 802 1x Port based Network Access Control c seeeceeeeeeeeeeeeeeeesseaeeeeeeeeeeeeeeseeeeeeseaneeeees 397 Figure 162 802 1x Port Access Tab Configuration ccccceceeceeeeeeeeeeceeeeeeeeeeeeeseeeeeeeeeseeeeeeeeseeeaaeeeteeaeeees 398 Figure 163 Port Role Configuration Page eesto eA AE E EEE AAFAA NARESE 399 Figure 164 Authenticator Parameters Page ccccccecceccceeeeeeeeeeeeeeseneeeeeeeseneaeeeeeseeeseeeeeseeeaaeeeesenaaaeeeeseeenaeeegs 402 Figure 165 Supplicant Parameters Page eesssssseesrressssrnnesrrnrnestinnnssenennesttnnaedettanaatinnaedettnnenntanaeetnanaannnna 405 Figure 166 802 1x Port Access Tab Monitoring cccccceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeseceeeeeeeseeeeaeeeeseeeaeeeeeseeeaeeess 407 Figure 167 Port Access Port Status Page 0 2 0 0 cccccccceesecnnneceeeeeneeeeeeeeeneeeeeeeeeneeeeeeeuaneeeseceunaeeeeeeeeaeneseeeeeneeeeee 408 Figure 168 Authenticator Port
369. ure 6 on page 42 2 Select the SNMP tab The SNMP tab is shown in Figure 114 on page 289 3 In the SNMPv38 section click the button next to the View SecurityToGroup Table and then click View at the bottom of the tab 292 Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide The SNMPv3 SecurityToGroup Table tab is shown in Figure 118 System Name Marketing MAC Addr 00 30 84 4B EF CD SNMPv3 SecurityToGroup Table Total Entries 5 Page 1of 2 Security paaa Group Name Storage Type Security Model hoa swengineering NonVolatile Mgmt Protocols luke testengineering NonVolatile jenny swengineering NonVolatile chitra testengineering NonVolatile debashis swengineering NonVolatile Figure 118 SNMPv3 SecurityToGroup Table Tab Monitoring Displaying Notify To display entries in the SNMPv3 Notify Table perform the following Table Entries Procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 2 Select the SNMP tab The SNMP tab is shown in Figure 114 on page 289 3 In the SNMPv3 section click the button next to View Notify Table and then click View at the bottom of the tab Section Ill SNMPv3 293 Chapter 18 SNMPv3 The SNMPv3 Notify Table tab is shown in Figure 119 AT 9424T SP System Name Marketing r 00 30 84
370. urityToGroup Table Entry 00 cceeeceeeeeeeenne eee ee enceeee eee eaaeeeeeesaeeeeeeeaaeeeseeeiaaeeeeeeenaeeseeeaas 257 Deleting a SecurityTOGroup Table Entty ccccccceceeeeeeeeeeeeeeeeeeneeeeeeeaaeeeeseeeaaeeeseeeaaaeeeeeeeiaeeeeeeenaeeeeeeaas 260 Modifying a SecurityToGroup Table Entry ceceececeseeeeeeeeeeeeneeeeeeeeeaaeeeeeeeaeeeeeeeaaaeeeeeeenaeeeeeeeenaeeseenaas 260 Configuring the SNMPv3 Notify Table nerenin aani ia S aE ATEEN ONSE EAE 263 Creating a Notify Table Entry araroa aAa AA ieee renee Aa A EES SA AT E AA 263 Deleting a Notify Table ENY renrrancornirrur ani i A A ATA AEE E A 265 Modifying a Notify Table ENI anera a r ae a e a a A 266 Configuring the SNMPv3 Target Address Table cece cccceeeeeeeeeeeeeeeneeeeeeeeaaeeeeeeeaaaeeeseeeaeeeeeeeaeeeeseenaeeeeeeaas 268 Creating a Target Address Table Entry ssaaaeessssesesesnennssnnesesnnnensssnnnestninaannninnennnnananntnnneetnnnnaaananeaenannane 268 Deleting a Target Address Table Entry cccceccccceeeeenneeeeeeeecneeeeeeeaeeeeeeeaeeeeeeeaaeeeeeesenaeeeeeseneeeeenenaees 271 Modifying Target Address Table Entry 0 eecccceeeeeeneeee eee eenneee eee eneee eee eaaeeeeeeeaaeeeeeesiaeeeeeneiaeeesenenaees 272 Configuring the SNMPv3 Target Parameters Table ccccccecceeeeceeeeeeeeeeeeeeeeeenaeeeeseeaaeeeeeeenaeeeeeeenaeeeeeeaas 275 Creating a Target Parameters Table Entry 0 ccccceeeeeseeeeeeeeeeneeeeeeeeeneeeeeeeaaeeeseeeaaeeeeessiaeeeeeeeenaeeeeeea
371. v3 Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 User Table entry takes effect immediately 12 Click Apply to update the SNMPv3 User Table 13 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save 243 Chapter 18 SNMPv3 Configuring the SNMPv3 View Table 244 Creating a View Table Entry You can create delete and modify an SNMPv3 View Table entry See the following procedures o Creating a View Table Entry on page 244 o Deleting a View Table Entry on page 247 0 Modifying a View Table Entry on page 247 For reference information about the SNMPv3 View Table see Chapter 22 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide To create an entry in the SNMPv3 View Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the SNMP tab The SNMP tab is shown in Figure 89 on page 234 3 Inthe SN
372. vale Read WWrite 198 12 19 1 198 12 20 1 198 12 19 1 198 12 20 14 bothell99 Read Only 196 1 1 1 196 1 1 1 145 2 2 2 145 2 34 4 198 10 10 10 198 10 10 11 miami 7 Read Only 145 2 2 2 145 2 34 4 milan Read Only 198 10 10 10 198 10 10 11 Figure 19 SNMPv1 amp SNMPv2c Communities Tab Monitoring The SNMPv1 amp SNMPv2c Communities tab displays a table that contains the following columns of information Community Name The SNMP community name Access Mode The access mode for access to that community The possible settings are Read Only and Read Write Manager Stations The IP addresses of the management stations that are allowed SNMP access to the switch using a community string This only applies if the community string has a closed status Trap Receivers The IP addresses of up to 8 trap receivers on your network that can receive traps from the switch Open Access The status of access to the SNMP community by a management station one of the following settings Yes The community string has an open status meaning that any management station can access the SNMP community No The community string has an closed status meaning that access to the SNMP community is only available to those management stations whose IP addresses are assigned to the community string Section Basic Operations AT S63 Management Software Web Browser Interface User s Guide Status The community status on
373. ve Note A change to the port priority parameter takes effect immediately A change to the port cost value requires you to reset the switch A new port cost value is not implemented until the unit is reset Displaying the To display the STP settings perform the following procedure STP Settings The Monitoring System page is displayed with the General tab 1 From the Home page select Monitoring selected by default as shown in Figure 6 on page 42 2 From the Monitoring menu select the Layer 2 option 308 Section IV Spanning Tree Protocols AT S63 Management Software Web Browser Interface User s Guide The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 127 Layer 2 MAC Address View Unicast MAC Addresses O View All View MAC Addresses on Port s O View Static View MAC Addresses for VLAN O View Dynamic O View MAC Address View Multicast MAC Addresses View All View MAC Addresses on Port s View Static View MAC Addresses for VLAN L O view Dynamic O View MAC Address Figure 127 MAC Address Tab Monitoring 3 Select the Spanning Tree tab The Spanning Tree tabs is shown in Figure 128 Layer 2 Section IV Spanning Tree Protocols Spanning Tree Active Protocol Version Spanning Tree is Disabled RSTP View Spanning Tree Parameters View Figure 128 Spanning
374. ver for verification when the port logs on to the network The username can be from be from 1 to 16 alphanumeric characters A to Z a to z 1 to 9 Do not use spaces or special characters such as asterisks or exclamation points The username is case sensitive User Password Specifies the password for the switch port The port sends the password to the authentication server for verification when the port logs on to the network The password can be from 1 to 16 alphanumeric characters A to Z a to z 1 to 9 Do not use spaces or special characters such as asterisks or exclamation points The password is case sensitive Click Apply Changes to the supplicant settings are immediately implemented on a port From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section VI Port Security AT S63 Management Software Web Browser Interface User s Guide Displaying the Port based Network Access Control Parameters You can display information about the port based network access control status and settings of the ports on the switch This section contains the following procedures o o Displaying the Port Status next Displaying the Port Settings on page 408 Displaying the To display the port based network access control port status perform the Port Status following procedure 1 From the Home page select Mo
375. w group you want to modify and click Modify The Modify Flow Group page is displayed as shown in Figure 67 __ModivFowGrou i ID Description 1 test DSCP Priority 802 1p 0 0 63 0 0 7 Remark Priority Classifier List No x 1 2 Figure 67 Modify Flow Group Page Configure the following parameters as necessary ID Specifies the ID number for this flow group The range is 0 to 1023 DSCP Specifies a replacement value to write into the DSCP TOS field of the packets The range is 0 to 63 Remark Priority Replaces the user priority value in the packets with the new value specified in the Priority parameter Description Specifies the flow group description A description can be up to 15 alphanumeric characters including spaces Priority 802 1p Specifies a new user priority value for the packets The range is 0 to 7 Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide Classifier List The classifiers to be assigned to the policy The specified classifiers must already exist To select more than one classifier use lt Ctrl gt click 5 Click Apply 6 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Deleting a Flow To delete a flow group perform the following procedure Group 1 From the home page select Configuration Th
376. ware displays the name of the switch being managed at the top of every management menu When you start a web browser management session on the master switch of the enhanced stack you are by default addressing that particular switch The management tasks that you perform affect only the master switch To manage a slave switch or another master switch in the same stack you need to select it from the management software To select a switch to manage in an enhanced stack perform the following procedure 1 From the home page select Enhanced Stacking Note If the Home page does not have an Enhanced Stacking menu option the switch s enhanced stacking status is either slave or unavailable For instructions on how to change a switch s stacking status refer to the previous procedure The master switch polls the network for the slave and master enhanced stacking switches in the subnet and displays a list of the switches in the Stacking Switches page An example is shown in Figure 12 58 Section l Basic Operations AT S63 Management Software Web Browser Interface User s Guide AT 9424T SP tem Nar ddr 00 arketing Stacking Switches Total Switches 12 Page 1 of 2 Software Switch Mac Addr Version Model 00 00 00 A4 BB CD 00 30 80 00 4D 34 00 30 84 52 02 60 SV Users 8 00 30 84 54 4B8 00 00 30 84 54 F 5 80 00 30 84 F3 B4 00 S V_USERS_4 00 30 84 F3 B4 20 S _USERS_2 00
377. width specified by the Max Bandwidth parameter The possible options are drop and remark DSCP Specifies a replacement value to write into the DSCP TOS field of the packets The range is 0 to 63 Burst Size Specifies the size of a token bucket for the traffic class The range is 4 to 512 Kbps You must also specify the Max Bandwidth Remark Priority Replaces the user priority value in the packets with the new value specified in the Priority parameter Description Specifies the traffic class description A description can be up to 15 alphanumeric characters including spaces Exceed Remark Value Specifies the DSCP replacement value for traffic that exceeds the maximum bandwidth This value takes precedence over the DSCP value The default is 0 201 Chapter 15 Quality of Service Deleting a Traffic 202 Class Displaying the Traffic Classes Max Bandwidth Specifies the maximum bandwidth available for the traffic class The range is 0 to 1016 Mbps If you set this parameter to 0 zero all traffic that matches that traffic class is dropped Priority Specifies the priority value in the IEEE 802 1p tag control field that traffic belonging to this traffic class is assigned The range is 0 to 7 with 0 zero as the lowest priority Flow Group List The flow groups assigned to this traffic class Use lt Ctrl gt click to select more than one Click Apply From the Configuration menu select the Save Config option
378. wing columns of information Port The port number Edge Port Whether or not the port is functioning as an edge port The possible settings are Yes and No Point to Point Whether or not the port is functioning as a point to point port The possible settings are Yes No and Auto Detect External Cost The port cost of the port if the port is connected to a bridge which is a member of another MSTP region or is running STP or RSTP Internal Cost The port cost of the port if the port is connected to a bridge which is part of the same MSTP region The possible settings are Auto detect Port cost is automatically set depending on the speed of the port Default values 2 000 000 for 10 Mbps ports 200 000 for a 100 Mbps ports and 20 000 for one gigabit ports Priority This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the regional root bridge 6 Click OK to close the page 339 Chapter 20 Multiple Spanning Tree Protocol Displaying the MSTP Port Status 340 To display MSTP port status perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 42 From the Monitoring menu select the Layer 2 option The Monitoring Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 27 on page 98 Select the
379. ww alliedtelesyn com You can view the documents online or download them onto a local workstation or server AT S63 Management Software Web Browser Interface User s Guide Contacting Allied Telesyn Online Support Email and Telephone Support Returning Products Sales or Corporate Information Management Software Updates This section provides Allied Telesyn contact information for technical support as well as sales and corporate information You can request technical support online by accessing the Allied Telesyn Knowledge Base http kb alliedtelesyn com You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions For Technical Support via email or telephone refer to the Support amp Services section of the Allied Telesyn web site www alliedtelesyn com Products for return or repair must first be assigned a return materials authorization RMA number A product sent to Allied Telesyn without an RMA number will be returned to the sender at the sender s expense To obtain an RMA number contact Allied Telesyn Technical Support through our web site www alliedtelesyn com You can contact Allied Telesyn for sales or corporate information through our web site www alliedtelesyn com To find the contact information for your country select Contact Us gt Worldwide Contacts New releases of management software for our managed products are avail
380. y default as shown in Figure 5 on page 38 2 From the Configuration menu select the Utilities option The Utilities page is displayed with the System Utilities tab displayed by default as shown in Figure 10 on page 53 130 Section II Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide 3 Select the File System tab The File System tab for an AT 9400 series switch with a compact flash card is shown in Figure 37 on page 127 In the Default Configuration File field enter the name of the file When entering the file name not the following o Be sure to include the cfg extension o If the file is stored on a flash card in the switch precede the name with cflash Click Apply The switch searches the file system or flash memory card for the file If it finds the file it displays the file name in the Default Configuration File field along with the word Exists The file is now the active boot configuration file for the switch If the switch can not locate the file it again displays the name of the previous boot configuration file Repeat steps 4 and 5 being sure to enter the name correctly 6 Do one of the following O To configure the switch using the parameter settings in this boot configuration file do not select Save Config Instead reset or power cycle the switch O To overwrite the settings in the configuration file with
381. y Table entry See Creating a Notify Table Entry on page 263 Enter a Tag List of up to 256 alphanumeric characters Use a space to separate entries for example hwengtag swengtag testengtag In the Target Parameters field enter a Target Parameters name This name can consist of up to 32 alphanumeric characters The value configured here must match the value configured with the Target Parameters Name parameter in the Target Parameters Table In the Storage Type field enter one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Target Address Table After making changes to a Target Address Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonVolatile Select this storage type if you want the ability to save an entry in the Target Address Table After making changes to an Target Address Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesyn recommends this storage type 273 Chapter 18 SNMPv3 274 13 Click Apply to update the SNMPv3 Target Address Table 14 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section Ill SNMPv3 AT S63 Management Software Web Browser Interface User s Guide Conf
382. y means the port discards the packets unless the packets also match the criteria of a Permit ACL 5 Click Close 179 Chapter 13 Access Control Lists 180 Section Il Advanced Operations Chapter 14 Class of Service Section Il Advanced Operations This chapter contains instructions on how to configure Class of Service CoS This chapter contains the following procedures Configuring CoS on page 182 Mapping CoS Priorities to Egress Queues on page 184 Configuring Egress Scheduling on page 186 Displaying the CoS Settings on page 188 OdQ0Q00Q00 Displaying the QoS Schedule on page 190 Note For background information on CoS refer to Chapter 16 Class of Service in the AT S63 Management Software Menus Interface User s Guide 181 Chapter 14 Class of Service Configuring CoS This procedure sets the Class of Service priority level for ingress untagged packets on a port The priority level dictates which priority queue the packets are stored in on the egress port In the default settings ingress untagged packets on a port are assigned a priority level of 0 and are stored in egress queue Q1 on the egress port This procedure also overrides the priority level in tagged ingress packets To adjust the mappings of priority levels to egress queues refer to Mapping CoS Priorities to Egress Queues on page 184 To change the CoS priority level on a port perform the
383. y queries from a multicast router during the specified time interval it assumes that the router is no longer active on the port Maximum Multicast Groups Specifies the maximum number of multicast groups the switch learns The range is 1 to 255 groups The default is 64 multicast groups This setting is useful with networks that contain a large number of multicast groups You can use the parameter to prevent the switch s MAC address table from filling up with multicast addresses leaving no room for dynamic or static MAC addresses The range is 1 address to 2048 addresses The default is 256 multicast addresses 4 Click Apply 221 Chapter 17 IGMP Snooping 222 5 From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save Section Il Advanced Operations AT S63 Management Software Web Browser Interface User s Guide Displaying a List of Host Nodes You can use the AT S63 management software to display a list of the multicast groups on a switch as well as the host nodes You can also view the multicast routers A multicast router is a router that is receiving multicast packets from a multicast application and transmitting the packets to host nodes To view host nodes perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by defau

Download Pdf Manuals

Related Search

Related Contents

  SWIS CICO User`s Manual 4.2 - North Clackamas School District  Télécharger le manuel d`utilisation du clavier CK3-15  Toshiba Portégé Z935-ST3N01  Scuola Secondaria 1° grado - Istituto comprensivo San Giorgio di  PCRT285_E - Support  IMPRESSA F70 / F707  YTA Series Temperature Transmitter Fieldbus  Blanco Supreme 511-577 User's Manual  New Products - IEEE Computer Society  

Copyright © All rights reserved. Failed to retrieve file