Web Browser Interface User's Guide
Contents
1. Increment att Increment eee 4 64 12 192 5 80 13 208 6 96 14 224 7 112 15 240 Port Cost The spanning tree algorithm uses the cost parameter to decide which port provides the lowest cost path to the root bridge for that LAN The range is 0 to 65 535 The default setting is Auto detect which sets port cost depending on the speed of the port If you select Auto Detect the management software assigns a value of 100 if the port is operating at 10 Mbps 10 for 100 Mbps and 4 for one gigabit 9 After you have configured the parameters click Apply 10 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Note A change to the port priority parameter takes effect immediately A change to the port cost value requires you to reset the switch A new port cost value is not implemented until the unit is reset Displaying the STP Settings To display the STP settings perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 25 on page 94 3 Select the S2. Figure 7 Ping Client Tab Monitoring 3 Enter the IP address of the end node you want the switch to ping 4 Click OK The results of the ping are displayed in a popup window 5 To stop the ping click OK Section Basic Features 49 Chapter 3 Basic Switch Parameters Returning the AT S63 Management Software to the Factory Default Values The procedure in this section returns all AT S63 management software parameters to their default values Please note the following before you perform this procedure Q Returning all parameter settings to their default values also deletes any port based or tagged VLANs you created on the switch This procedure does not delete files from the AT S63 file system To delete files refer to Chapter 10 File System in the AT S63 Management Software Menus Interface User s Guide This procedure does not delete any encryption keys stored in the key database To delete encryption keys refer to Deleting a Key in Chapter 26 Encryption Keys in the AT S63 Management Software Menus Interface User s Guide Returning a switch to its default values deletes all configuration commands in the active boot configuration file If you want to keep the file you should either create a copy of it as explained in Chapter 10 File System in the AT S63 Management Software Menus Interface User s Guide Or you can assign another configuration file one whose config
3. Figure 128 RADIUS Client Configuration Page The upper portion of the page displays the following information Global Encryption Key The global encryption secret 331 Chapter 22 TACACS and RADIUS 332 Global Server Timeout The maximum amount of time the switch waits for a response from a RADIUS server before assuming the server cannot respond The lower portion of the page displays a table that contains the following columns of information Server The server number one of three IP Address IP address of the RADIUS server Port Port of the RADIUS server Encryption Key Encryption key for that server This parameter is blank if all the RADIUS servers have the same encryption secret Section IV Security Chapter 23 802 1x Port based Network Access Control This chapter contains instructions on how to configure the 802 1x Port based Network Access Control feature on the switch The chapter contains the following sections U Setting Port Roles on page 334 QO Enabling or Disabling 802 1x Port based Network Access Control on page 336 QO Configuring Authenticator Port Parameters on page 337 Q Configuring Supplicant Port Parameters on page 340 Q Displaying the Port based Network Access Control Parameters on page 342 Q RADIUS Accounting on page 346 Note For background information on port based network access control refer to Chapter 29 802 1x Port bas
4. Figure 113 GIP Connected Ports Ring Page The GIP Connected Ports Ring page displays a table that contains the following columns of information GIP Context ID A number assigned to the instance for the GIP context STP ID Present if the GARP application is GVRP identifies the spanning tree instance associated with the GIP context Ring The ring of connected ports Only ports presently in the spanning tree Forwarding state are eligible for membership in the GIP Section Ill VLANs AT S63 Management Software Web Browser Interface User s Guide connected ring If no ports exist in the GIP connected ring No ports are connected is displayed If the GARP application has no ports No ports have been assigned is displayed Section III VLANs 301 Chapter 18 GARP VLAN Registration Protocol GVRP 302 Section III VLANs Section IV Security The chapters in this section explain how to set up security on an AT 9400 Series switch The chapters include Q GC O D Chapter 19 Port Security on page 305 Q Chapter 20 Encryption Keys PKI and SSL on page 309 Chapter 21 Secure Shell SSH on page 317 Chapter 22 TACACS and RADIUS on page 323 Chapter 23 802 1x Port based Network Access Control on page 333 Chapter 24 Denial of Service Defense on page 351 303 304 Section IV Security Chapter 19 Port Security Section IV Security This chapter explains
5. Display Order Chronological O Reverse Chronological Figure 36 Event Log Tab Configuration 3 Inthe Log Settings section for the Status click Enabled to enable the event log or Disabled to disable the event log The event log is enabled by default Section II Advanced Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide 4 To determine what action the switch takes when the event log reaches its maximum capacity for the Log Full Action click one of the following Wrap When the event log reaches its maximum capacity this option deletes old entries and continues to add new entries This is the default Halt When the log file reaches its maximum capacity the log stops adding new entries Click Apply to activate the settings on the switch Select the General tab Click Save Changes to permanently save your changes This button is not displayed if there are no changes to save 129 Chapter 11 Event Log Displaying Events Each time that you want to view the event log you must choose how and what you want displayed The event log settings are not saved To specify the type of events you want to display in the event log perform the following procedure 1 From the home page select Monitoring The System page is displayed with the General tab selected by 2 Select the Event Log tab Note default as shown in Fig
6. 255 Chapter 16 SNMPv3 4 Click the button next to the SNMPv3 Community Table entry that you a 256 want to change and then click Modify The Modify SNMPv3 Community page is shown in Figure 93 T Modify SNMPVSCommunty Community Index alabama Community Name gt birmingham123 Security Name jenny Transport Tag gt swengtag Storage Type gt NonVolatile x Row Status Active Figure 93 Modify SNMPv3 Community Page In the Community Name field enter a Community Name of up to 64 alphanumeric characters The value of the Community Name parameter acts as a password for the SNMPv3 Community Table entry This parameter is case sensitive Note Allied Telesyn recommends that you select SNMP Community Names carefully to ensure these names are known only to authorized personnel In the Security Name field enter a name of an SNMPv1 and SNMPv2c user This name must be unique Enter a value of up to 32 alphnumeric characters Note Do not use a value configured with the User Name parameter in the SNMPv3 User Table In the Transport Tag field enter a name of up to 32 alphnumeric characters Section Il Advanced Features Section II Advanced Features 10 AT S63 Management Software Web Browser Interface User s Guide The Transport Tag parameter links an SNMPv3 Community Table entry with an SNMPv3 Target Address Table entry Add the value you configure for the Tr
7. Displaying the GVRP Counters To display the GVRP counters perform the following procedure 1 296 From the Home page select Monitoring The System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 25 on page 94 Select the GVRP tab The GVRP tab is shown in Figure 108 on page 289 In the View GVRP Parameters section click View GVRP Counters Click View The GVRP Counters page is shown in Figure 112 Receive Total GARP Packets Invalid GARP Packets Discarded GARP Disabled Port Not Listening Invalid Port Invalid Protocol Invalid Format Database Full GARP Messages Leaveall JoinEmpty Joinin LeaveEmpty Leaveln Empty Bad Message Bad Attribute Transmit Total GARP Packets GARP Disabled Port Not Sending LeaveAll JoinEmpty Joinin LeaveEmpty Leaveln Empty Figure 112 GVRP Counters Page Section Ill VLANs Section III VLANs AT S63 Management Software Web Browser Interface User s Guide The GVRP Counters page provides the information shown in Table 8 Table 8 GVRP Counters Parameter Meaning Receive Total GARP Packets Total number of GARP PDUs received by this GARP application Transmit Total GARP Packets Total number of GARP PDUs transmitted
8. The possible settings are enabled or disabled UM Unknown Multicast Unknown multicast packet filtering The possible settings are enabled or disabled UU Unknown Unicast Unknown unicast packet filtering The possible settings are enabled or disabled HOL Blocking HOL blocking state The possible settings are Enabled or disabled of cells Threshold number of cells 83 Chapter 6 Port Parameters Rate Limiting The limit on the number of ingress packets of a particular type that the port accepts per second The possible settings are B Broadcast Status of broadcast packet rate limit enabled or disabled and number of packets per second UM Unknown Multicast Status of unknown multicast packet filtering enabled or disabled and number of packets per second UU Unknown Unicast Status of unknown unicast packet filtering enabled or disabled and number of packets per second 84 Section l Basic Features AT S63 Management Software Web Browser Interface User s Guide Displaying Port Statistics To display the statistics of a switch port perform the following procedure 1 Section Basic Features From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 From the Monitoring menu select the Layer 1 option The Layer 1 page is displayed with the Port Settings tab selected by default as shown in
9. on page 288 Displaying the GVRP Configuration on page 289 Displaying the GVRP Port Configuration on page 291 Displaying the GVRP Database on page 292 Displaying the GVRP State Machine on page 293 Displaying the GVRP Counters on page 296 Displaying the GIP Connected Ports Ring on page 300 Note For background information on GVRP refer to Chapter 18 GARP VLAN Registration Protocol in the AT S63 Management Software Menus Interface User s Guide Section Ill VLANs 285 Chapter 18 GARP VLAN Registration Protocol GVRP Configuring GVRP 286 To configure GVRP perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select the Layer 2option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 23 on page 90 Select the GVRP tab The GVRP tab is shown in Figure 106 Layer 2 System Name Marketing MAC Addr 00 30 84 AB EF CD GVRP Parameters Enable GVRP Enable GIP Leave Time Leave All Time 60 CentiSeconds 1000 CentiSeconds Join Time 20 CentiSeconds GVRP Port Configuration 4 Figure 106 GVRP Tab Configuration In the GVRP Parameters section adjust the following parameters as necessary Enable GVRP Click to enable or disable
10. 274 6 7 the network To prevent inadvertently using the same VID for two different VLANs you should keep a list of all your network VLANs and their VID values Name Specify a name for the new VLAN The name can be from one to fifteen alphanumeric characters in length The name should reflect the function of the nodes that are part of the VLAN for example Sales or Accounting The name cannot contain spaces or special characters such as asterisks or exclamation points If the VLAN is unique in your network then the name should be unique as well If the VLAN is part of a larger VLAN that spans multiple switches then the name for the VLAN should be the same on each switch where nodes of the VLAN are connected Note AVLAN must be assigned a name To select the ports for the VLAN click on the appropriate ports in the switch image Clicking repeatedly on a port toggles the port through the following possible settings _ Untagged port ie Tagged port Port not a member of the VLAN Note When a transceiver is inserted into an uplink slot and a link is established that slot becomes a primary uplink port and the corresponding backup port 23R or 24R automatically transitions to redundant uplink status Any VLAN settings remain intact when the backup port makes the transition to a redundant uplink state Click Apply Note Any untagged ports that you assign to the new VLAN are automatically removed fr
11. To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Repeat this procedure to create more MSTI IDs To delete an MSTI ID perform the following procedure Oe 0r NE O From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 23 on page 90 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 51 on page 164 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 62 on page 185 In the CIST MSTI Table section of the tab click the button next to the MSTI ID you want to delete You can select only one MSTI ID at a time Click Remove A confirmation prompt is displayed Click OK to delete the MSTI or Cancel to cancel the procedure If you select OK the MSTI is deleted and VLANs associated with it are returned to CIST which has an ID of 0 To modify an MSTI ID perform the following procedure From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 Section Il Advanced
12. Advanced Features To create delete or modify MSTI IDs perform one of the following procedures To create an MSTI ID perform the following procedure From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 23 on page 90 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 51 on page 164 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 62 on page 185 In the CIST MSTI Table section of the tab click Add The Add New MSTI page is shown in Figure 63 TL AddNewMsTe J MSTIID Priority 8 4096 32768 VLAN List Figure 63 Add New MSTI Page In the MSTI ID field enter a new MSTI ID The range is 1 to 15 In the Priority field enter an MSTI Priority value This parameter is used in selecting a regional root for the MSTI The range is 0 zero to 61 440 in increments of 4 096 with 0 being the highest priority This 189 Chapter 15 MSTP 190 Deleting an MSTI ID Modifying an MSTI ID 10 parameter is used in selecting a regional root for the MSTI For a list of the increments refer to Table 5 Bridge Priority Value Increments on page 168 The default is 0 Click Apply
13. From the Monitoring menu select the Layer 1 option The Layer 1 page is displayed with the Port Settings tab selected by default as shown in Figure 20 AT 9424T SP Figure 20 Port Settings Tab Monitoring The Port Settings tab displays a graphical image of the front of the switch Ports with valid links to end nodes have a green light 3 Click a port You can select more than one port at a time when you want to display port status However you can select only one port when displaying statistics A selected port turns white To deselect a port click it again 4 Click Status Section I Basic Features 81 Chapter 6 Port Parameters The Port Status page is shown in Figure 21 Total Ports Selected 1 Page 1 of 1 Filtering Rate Limiting STP B Bcast s B Bcast Port Name MDIX Speed Duplex PVID Flow Ctl State UM Unknown Multicast HOL Blocking M Multicast UU Unknown Unicast UU Unknown Unicast B Disabled 262143 Pkts Sec B Disabled Enabled M Disabled 3 Port_03 Up Auto MDIX 0100 Full 1 Disabled Disabled UM Disabled 8191 Cells 262143 Pkts Sec UU Disabled UU Disabled 262143 Pkts Sec Figure 21 Port Status Page The Port Status page displays a table that contains the following columns of information Port The port number Name The name of the port Link The status of the link between the port and the end node connecte
14. Volatile Select this storage type if you do not want the ability to save an entry in the Access Table After making changes to an Access Table entry with a Volatile storage type Save Changes does not appear on the General tab NonVolatile Select this storage type if you want the ability to save an entry in the Access Table After making changes to an Access Table entry with a NonVolatile storage type Save Changes appears on the General tab Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Access Table entry will take effect immediately 12 Click Apply 223 Chapter 16 SNMPv3 224 Deleting an Access Table Entry Modifying an Access Table Entry 13 To save your changes return to the General tab and click Save Changes To delete an entry in the SNMPv3 Access Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 3 Inthe SNMPv3 section click the button next to Configure Access Table and then click Configure at the bottom of the tab The SNMPv3 Access Table tab is shown in Figure 76 on page 221 4 Click Next or Previous to display the Access Table entry that you want to dele
15. following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 Select the SNMP tab The SNMP tab is shown in Figure 13 System AT 9424T SP arketing 4 4B8 EF CD SNMP Access Disabled Authentication Failure Trap Disabled SNMPv1 v2c View SNMPv1 2c Communities SNMPv3 SNMP Engine ID 80 00 00 CF 03 00 30 84 AB EF CD View User Table O View View Table O View Access Table Oview SecurityToGroup Table View Notify Table O View Target Address Table O View Target Parameters Table O View Community Table Figure 13 SNMP Tab Monitoring 3 Inthe SNMPv1 amp SNMPv2c section click View 62 Section Basic Features Section I Basic Features AT S63 Management Software Web Browser Interface User s Guide The SNMPv1 amp SNMPv2c Communities tab is shown in Figure 14 AT 9424T SP layer2 e SNMP Access is Enabled Security Authentication Failure Trap is Enabled as SNMPv1 amp SNMPv2c Communities Total Entries 3 Page 1 of 1 Help a i tape Community Name Mode Manager Stations Trap Receivers lemondrop19 Read Only rootbeer14 Read Only 198 1 1 9 198 1 1 9 198 1 1 1 198 1 1 1 198 20 2 2 198 20 2 2 198 30 3 3 198 30 3 3 198 30 3 9 198 30 3 9 sassafras12 Read rite Figure 14 SNMPv1 amp SNMPv2c Communi
16. in the AT S63 Management Software Menus Interface User s Guide Section Basic Features 65 Chapter 5 Enhanced Stacking Setting a Switch s Enhanced Stacking Status The enhanced stacking status of the switch can be master slave or unavailable Each status is described below Q Master A master switch of a stack can be used to manage other enhanced stacking switches in a subnet After you have established a local or remote management session with the master switch you can access and manage the other enhanced stacking switches in the subnet A master switch must have a unique IP address You can manually assign a master switch an IP address or activate the BOOTP and DHCP client software on the switch so that the switch automatically obtains an IP address from a BOOTP or DHCP server on your network Slave A slave switch can be remotely managed through a master switch It does not need an IP address or subnet mask Unavailable A switch with an unavailable stacking status cannot be remotely managed through a master switch A switch with this designation can be managed locally To be managed remotely a switch with an unavailable stacking status must be assigned a unique IP address Note The default setting for a switch is slave To adjust a switch s enhanced stacking status perform the following procedure 1 From the Home page select Configuration The Configuration System page is displayed with the Ge
17. 18 on page 74 Select the Port Mirroring tab The Port Mirroring tab is shown in Figure 31 on page 110 Click Modify The Modify Mirror page is shown in Figure 32 on page 111 Click the ports of the port mirror to change its type Clicking a port toggles it through the possible settings which are as follows e The destination mirror port There can be only one L destination port T A source port The port s ingress traffic is mirrored to the Le destination port i Ej A source port The port s egress traffic is mirrored to the destination port ee A source port The port s ingress and egress traffic is IE ce mirrored to the destination port To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 113 Chapter 9 Port Mirroring Disabling a Port Mirror To disable a port mirror perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Layer 1 option The Layer 1 page opens with the Port Settings tab displayed by default as shown in Figure 18 on page 74 3 Select the Port Mirroring tab The Port Mirroring tab is shown in Figure 31 on page 110 4 Click Modify The M
18. 40 From the Configuration menu select the Security option The Security page is displayed with the 802 1x Port Access tab selected by default as shown in Figure 129 on page 334 You cannot change the Authentication Method field Click the Enable Port Access check box A check in the box means that the feature is activated on the switch No check means that the feature is disabled Click Apply To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Section IV Security AT S63 Management Software Web Browser Interface User s Guide Configuring Authenticator Port Parameters Section IV Security To configure authenticator port parameters perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Security option The Security page is displayed with the 802 1x Port Access tab selected by default as shown in Figure 129 on page 334 3 Click the authenticator port that you want to configure You can select more that one authenticator port at a time The selected port turns white Note A port must already be configured as an authenticator before you can configure its settings For instruc
19. 43 Figure 44 Figure 45 Figure 46 Figure 47 Figure 48 Figure 49 Figure 50 Figure 51 Figure 52 Figure 53 Figure 54 Figure 55 Figure 56 Figure 57 Figure 58 Figure 59 Figure 60 Figure 61 Figure 62 Figure 63 Figure 64 Figure 65 Figure 66 Figure 67 Figure 68 Figure 69 Figure 70 Figure 71 Figure 72 Figure 73 Figure 74 Figure 75 Figure 76 Figure 77 Figure 78 Figure 79 Figure 80 Figure 81 Figure 82 Figure 83 Figure 84 Figure 85 Figure 86 Figure 87 Figure 88 Figure 89 Figure 90 Figure 91 Figure 92 Event Log Example Displayed in Normal Mode ssssssssssssccseesccssssecssscecssseccssssecssssecssssecsssseessseecsssssesssseeessseecsnsseeesneeess 134 Event Log Example Displayed in Full Mode ou ssesssssssssscssesecssssecsssescsssccesssssscssscecsnscecssscessuceccssseeessseesessseeesnseecsuseceesssess 135 COS Tab Comfightratin ciecccscsicsececseseatecseiecasecubessssicxsacawsccssuvesssistasstevecgcssccunuucnsaapeccapsccasvestscatsedastosecstesosdactaistanc elbvegheasncasobobes COS Setting for POM Page panana N E R QoS Scheduling Tab Configuration COS Tab Monitoring s sssssssssssseesessesssssssssseeeeresssssssse CoS Setting for Port Page QOS Scheduling Tab MOMItOriNG sssssssscsssscsssccsseccssccessccessccessccesscesssccssscesssccssscesssecssecsssecessccessecsssccessecessecsasecsssecesseessees IGMP Tab Configuration yansin iiinn AE E E aa T E NEE IGM
20. Access Table Tab Configuration scssssssssssscsssecsssecssscesssecssecsssecsssccsssccssscessccesscccssecsssccsssecsascessscesasecsaeesaseessees Add New SNMPv3 Access Page Modify SNMPv3 Access Page SNMPv3 SecurityToGroup Table Tab Configuration Add New SNMPv3 SecurityToGroup Page sssscssccsssscssecssssccssccsusccssecessecessecessccesseessscecssccsuseessecessecessecessccsssecesseessseeeseeess Modify SNMPv3 SecurityTOGrOUp Page sessssessccsseeccssesecssseeccssseeesssccesssssessssesesssseccssseessuseessssecesssssessssecessseessnssecsssseessnseeess SNMPv3 Notify Table Tab Configuration sessssscssssccsssccsssccssscsssscssecessscesssccsssccsscecsucecssccensecensecessecssseesssecessecsasecesseessees Add New SNMPv3 Notify Page essssscsssccsssccssescsssccsscccssccensccsssssssscessccsuscessecessecessccesuceesscessccesuceesuccesuceesuccessecessccesseeesseceseeees Modify SNMPv3 Notify Page seeesssssssccseesccsssssesseesesserees SNMPv3 Target Address Table Tab Configuration Add New SNMPv3 Target Address Page ssssescsssseenes Modify SNMPv3 Target Address Page sssssscssesscsssssccssssscsssesesssseecssseeessssessssseessnsccessseeesssscssssesessseseesssecessscessnsseceanecessnseeess SNMPv3 Target Parameters Table Tab Configuration sssssssssssseccssescsssccsccssseccssccsssecssscessccesscessscesssecsssecsaeecsnseessees 245 Add New SNMPv3 Target Parameters Page sssssccssssscssssscsssssecss
21. Chapter 2 Starting a Web Browser Management Session on page 31 Chapter 3 Basic Switch Parameters on page 39 Chapter 4 SNMPv1 and SNMPv2c on page 53 Chapter 5 Enhanced Stacking on page 65 Chapter 6 Port Parameters on page 73 Chapter 7 MAC Address Table on page 89 Chapter 8 Port Trunking on page 99 Chapter 9 Port Mirroring on page 109 29 30 Chapter 2 Starting a Web Browser Management Session This chapter contains the procedure for starting saving and quitting a web browser management session on an AT 9400 Series switch Sections in the chapter include U Starting a Web Browser Management Session on page 32 Q Web Browser Tools on page 35 U Saving Your Parameter Changes on page 36 Q Quitting a Web Browser Management Session on page 37 Section Basic Features 31 Chapter 2 Starting a Web Browser Management Session Starting a Web Browser Management Session To establish a web browser management session with an AT 9400 Series switch there must be at least one switch in the subnet that has been assigned an IP address and whose stacking status has been changed to master switch After you start a web browser management session on the master switch you can manage all the enhanced stacking switches that reside in the same subnet If the subnet does not contain an enhanced stacking switch with an IP address then you must use the menus or the command
22. Deleting a Target Address Table Entry on page 241 OY Modifying Target Address Table Entry on page 242 For reference information about the SNMPv3 Target Address Table see Chapter 18 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide Creating a To create an entry in the SNMPv3 Target Address Table perform the Target Address following procedure Table Entry 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 3 Inthe SNMPv3 section click the button next to Configure Target Address Table and then click Configure at the bottom of the tab 238 Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide The SNMPv3 Target Address Table tab is shown in Figure 85 AT 9424T SP System SNMPv3 Target Address Table Total Entries 20 Page 20 of 20 Target Address Timeout snmpv3host1 00 2500 Parameters Retries snmpv3manager1 00 7 IP Address UDP Port Number 194 1 1 1 162 Storage Type Row Status NonvVolatile Active Tag List hwengtag swenttag testengtag Figure 85 SNMPv3 Target Address Table Tab Configuration 4 Click Add The Add New SNMPv3 Target Address page is shown in Figure 86 T hdd New SNMPV3 Target Address Target Address Name g
23. ES ANNET ectedevecivesceesoubcneuecdededecroutecdedececsdeveceobapeesdenccleeece TACACS Client Default Settings ssesssssesccssessecneeeecnees Management Access Control List Default Setting Figures Figure 1 Entering a Switch s IP Address in the URL Field sssssssssccssssccsssssccssscessscecssscccsssseessnecesnscecsssceesnsecessuscensssscecssseeessseesessees 32 Figure 2 AT S63 Login Page 1 33 FIQUIE 3 HOME pagenan EAR n S 1 34 Figure 4 Save Changes Button in the General Tab Configuration sssssssssscssessscsssecssssecsssecesssesecssseeessseecsssecessseecsusecesnseceessees 36 Figure 5 General Tab Configuration sesssssssssscsssecsssscssccssssesssccessccessccessccsuscesuscessscesssccsascessecessceessecessecessecessceessccsssccssscessecsaecsaseceaseeses 40 Figure 6 General Tab MOMmitoring ssscsssscsssscssseccssccsssccsssccsssccssscesseccssccessecsssccsssccsssecssscessscessecessccessccessecessecesscesssccsasecsuscessscceasecssseceaseesse 44 Figure 7 Ping Client Tab Monitoring sesssssscssssccsseccseecsseeccssccsssecssccesscccssccessccsssccsssccesscesssecssscessccessecessecessecessecessecsusecsssecssscessecsasecesseesss 49 Figure 8 System Utilities Tab Configuration Peed Figure 9 SNMP Tab Configuration c sssecssescssecsseeceseeeess we D4 Figure 10 SNMPv1 amp SNMPv2c Communities Tab a D6 Figure 11 Add New SNMPv1 amp SNMPv2c Community Page esssssssccssesecsss
24. Enabling or Disabling SNMP Management ssssssssscsssssscssssecssssecsssssecsssceesssssessssecssssceessssecssssecssssesssssesssuseesssssesssuseessnssesssssesesnseessnssessete Creating a New SNMPv1 and SNMPv2c Community Modifying an SNMPv1 and SNMPv2c Community Deleting an SNMPv1 and SNMPv2c Community Displaying the SNMPv1 and SNMPv2c Communities Chapter 5 Enhanced Stackitigg 2sc2s sccss pccacttiactianuctaseieectsl saat aaa ane GSI LRG a aa a Setting a Switch s Enhanced Stacking Status Selecting a Switch in an Enhanced Stack ou sssescssssscsssececssssscsssescssseecssssecessseecsssseesssscecssseeessssecsnseeesssscessneceesssscecssseeesuseesssssesesnseeessnseeensees REtUIMING to ThE Master Switch x sccssccascacastsstscheasicessebdsessdvacesaszecnescastsnovsseesscoavecnudselavsoateselbalecwausaussetasscndessuatloassaniubasdusesbaadiatuecastatenscaigiainecetes Displaying the Enhanced Stacking Status ssesssssssscsssescsssescsssssecssscesssscsesssssesssssesssscesssssessssssesssceesssseesssseessnssessssscessssseessssesennseeesnnseseste Chapter 6 Port Parameters oiei iiri a Na eE r E N E ESS E REEE REAO TEE E NE ERRA Configuring Port Parameters osennan anaa aED A TRAE Displaying POPE Status rera naart AAE AAE AARAA EATE AR Displaying Port Statistics oo Resetting a Port to the Default Settings Chapter 7 MAG Address Table sireisas cessed AE e A A e A Ea E AAEE EA 89 Adding Static Unica
25. Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 23 on page 90 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 51 on page 164 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 62 on page 185 In the CIST MSTI Table section of the tab click the button next to the MSTI ID you want to modify You can select only one MSTI ID at a time You cannot modify CIST Click Modify The Modify MSTI page is shown in Figure 64 Meas MSTIID ne Priority 7 4096 28672 VLAN List 3 Figure 64 Modify MSTI Page In the Priority field enter a new MSTI Priority value This parameter is used in selecting a regional root for the MSTI The range is 0 zero to 61 440 in increments of 4 096 with 0 being the highest priority Fora list of the increments refer toTable 5 Bridge Priority Value Increments on page 168 The default is 0 Click Apply To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 10 Repeat this procedure to modify more MSTI IDs 191 Chapter 15 MSTP Adding Rem
26. GARP application is in use 297 Chapter 18 GARP VLAN Registration Protocol GVRP 298 Table 8 GVRP Counters Continued Parameter Meaning Receive GARP Messages LeaveAll Number of GARP LeaveAll messages received by the GARP application Transmit GARP Messages LeaveAll Number of GARP LeaveAll messages transmitted by the GARP application Receive GARP Messages JoinEmpty Total number of GARP JoinEmpty messages received for all attributes in the GARP application Transmit GARP Messages JoinEmpty Total number of GARP JoinEmpty messages transmitted for all attributes in the GARP application Receive GARP Messages JoinIn Total number of GARP JoinIn messages received for all attributes in the GARP application Transmit GARP Messages JoinIn Total number of GARP JoinIn messages transmitted for all attributes in the GARP application Receive GARP Total number of GARP LeaveEmpty messages Messages received for all attributes in the GARP LeaveEmpty application Transmit GARP Total number of GARP LeaveEmpty messages Messages transmitted for all attributes in the GARP LeaveEmpty application Receive GARP Total number of GARP Leaveln messages Messages Leaveln received for all attributes in the GARP application Transmit GARP Messages Leaveln Total number of GARP Leaveln messages transmitted for all attributes in the GARP application Receive G
27. GMT CN marketing CN marketing MD5 Fingerprint 6B 5C A8 81 AA1 7 AE DB E7 2B 3C 11 2F 90 92 D3 SHA1 Fingerprint A5 0D 6B 89 E7 75 25 36 BE 72 34 BC 2A4 87 33 8D 15 80 75 94 Figure 119 X509 Certificate Details Page The X509 Certificate Details page provides the following information about the certificate 313 Chapter 20 Encryption Keys PKI and SSL a 314 Name The name of the certificate State Whether the certificate is Trusted or Untrusted Manually Trusted You verified the certificate is from a trusted or untrusted authority Type The type of the certificate The options are EE SELF and CA Source The certificate was created on the switch Version The version number of the AT S63 management software Serial Number The certificate s serial number Signature Algorithm The signature algorithm of the certificate Public Key Algorithm The public key algorithm Not Valid Before The date the certificate became active Not Valid After The date the certificate expires Self signed certificates are valid for two years Subject The Subject distinguished name Issuer The certificate issuer s distinguished name MD5 Fingerprint The MD5 algorithm This value provides a unique sequence for each certificate consisting of 16 bytes SHA1 Fingerprint The Secure Hash Algorithm This value provides a unique sequence for each certificate consisting of 20 bytes Click Close to close
28. GVRP state machine displaying 293 port configuration displaying 291 gateway address configuring 42 default setting 361 displaying 45 global encryption key configuring 329 331 default setting 379 global secret configuring 325 328 default setting 379 global server timeout configuring 325 328 default setting 379 GVRP See GARP VLAN Registration Protocol GVRP H hardware information 44 held period 341 hello time default setting 369 Rapid Spanning Tree Protocol RSTP 176 Spanning Tree Protocol STP 168 HOL blocking default setting 364 host key ID parameter 318 host nodes displaying 157 host router timeout interval configuring 155 158 default setting 367 l ingress packet threshold 78 Internet Group Management Protocol IGMP snooping configuring 154 default settings 367 disabling 154 157 displaying 157 enabling 154 157 Internet Protocol IP address configuring 42 default 361 intrusion action port configuring 307 default setting 373 L local management session definition 24 login timeout parameter 319 M MAC address aging time changing 97 default setting 361 MAC address table displaying 94 MAC addresses adding 90 deleting dynamic 93 deleting multicast 92 displaying 94 MAC limit default setting 373 MACs available parameter 321 Management Access Control List default setting 380 management access defaults 359 management access levels 28 46 Management Information Base See MIBs man
29. ID Server key ID defined for SSH Server Key Expiry Time Length of time in hours until the server key is regenerated The default is O hours which means the server key is not regenerated Login Timeout Time in seconds until a SSH server is released from an incomplete connection with a SSH client Authentication Available Authentication method available Currently password authentication is the only supported method Ciphers Available SSH ciphers that are available on the switch MACs Available Message Authorization Code MAC that is used to validate incoming SSH messages to the server Two algorithms are supported Data Compression Whether or not data compression is available on the switch Data compression is useful for networks that have a slow throughput speed 321 Chapter 21 Secure Shell SSH 322 Section IV Security Chapter 22 TACACS and RADIUS This chapter contains instructions on how to configure the authentication protocols This chapter contains the following procedures QO Enabling or Disabling TACACS or RADIUS on page 324 Q Configuring TACACS on page 325 D Displaying the TACACS Settings on page 327 OY Configuring RADIUS on page 329 Q Displaying the RADIUS Settings on page 331 Note For background information on the authentication protocols refer to Chapter 30 TACACS and RADIUS in the AT S63 Management Software Menus Interface User s Guide
30. MIB ifEntry 0 3 enter the following value for the Subtree Mask parameter ff bf In the View Type field enter one of the following view types Included Enter this value to permit the user to see the subtree specified above Excluded Enter this value to not permit the user to see the subtree specified above In the Storage Type field enter a storage type for this table entry Section Il Advanced Features Deleting a View Table Entry Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide Volatile Select this storage type if you do not want the ability to save an entry in the View Table After making changes to a View Table entry with a Volatile storage type Save Changes does not appear on the General tab NonVolatile Select this storage type if you want the ability to save an entry in the View Table After making changes to a View Table entry witha NonVolatile storage type Save Changes appears on the General tab Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 View Table entry takes effect immediately 10 Click Apply to update the SNMPv3 View Table 11 To save your changes return to the General tab and click Save Changes To delete an entry in the SNMPv3 View Table perform the following procedure 1 From the home page select Configuration The Co
31. Multicast Routers List page opens as shown in Figure 50 Static Router Ports 2 Figure 50 View Static Multicast Routers List Page 161 Chapter 13 IGMP Snooping 162 Section Il Advanced Features Chapter 14 STP and RSTP This chapter explains how to configure the STP and RSTP parameters on an AT 9400 Series switch The sections in the chapter include QO Enabling or Disabling a Spanning Tree Protocol on page 164 Q Configuring STP on page 166 Q Configuring RSTP on page 174 Note For background information on spanning tree refer to Chapter 16 STP and RSTP in the AT S63 Management Software Menus Interface User s Guide Multiple Spanning Tree Protocol MSTP is described in Chapter 15 MSTP on page 181 Section Il Advanced Features 163 Chapter 14 STP and RSTP Enabling or Disabling a Spanning Tree Protocol To enable or disable spanning tree on the switch perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab shown by default as shown in Figure 23 on page 90 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 51 System Name Marketing MAC Addr 00 30 84 00 00 00 Spanning Tree
32. O Allied Telesyn managed switch MIBs You must download the Allied Telesyn managed switch MIBs atistackinfo mib and atiswitch mib file from the Allied Telesyn web site and compile the files with your SNMP program For instructions refer to your SNMP management documentation Note SNMP management does not use the enhanced stacking feature of the switch Therefore you must assign an IP address to each switch that you want to manage with an SNMP program 27 Chapter 1 Overview Management Access Levels 28 There are two levels of management access in the AT S63 management software manager and operator When you log in as a manager you can view and configure all of a switch s operating parameters When you log in as an operator you can only view the operating parameters you cannot change any values You log in as a manager or an operator by entering the appropriate username and password when you start an AT S63 management session To log in as a manager type manager as the login name The default password is friend The username for operator is operator and the default password is also operator The usernames and passwords are case sensitive To change the passwords refer to Configuring the Manager and Operator Passwords on page 46 Section I Basic Features The chapters in this section provide information and procedures for basic switch setup and include Q 0D ODODO CO0 DD
33. O OOOO Total MAC Addresses 117 Page 1 of 12 VLANID MAC ADDRESS PORT s 00 00 CD 01 68 5D 00 00 CD 0D 40 00 00 F 4 44 12 44 00 00 F 4 0D 29 31 00 02 2D 7 B AA EA 00 02 2D 7 C AF F9 00 02 55 81 1E 98 00 02 DD 32 3D 1C 00 04 23 56 70 68 00 04 23 80 B3 0E n n a Aa Aa Aa Aa Aa AA A Figure 26 View MAC Addresses Page The View MAC Addresses page displays a table that contains the following columns of information VLAN ID The ID number of the VLAN where the port is a member MAC Address The static or dynamic unicast MAC address Port s The port on which the address was learned or assigned The MAC address with port CPU is the address of the switch Type The type of the address static or dynamic Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Changing the Aging Time Section Basic Features The switch uses the aging time to delete inactive dynamic MAC addresses from the MAC address table When the switch detects that no packets have been sent to or received from a particular MAC address in the table after the period specified by the aging time the switch deletes the address This prevents the table from becoming full of addresses of nodes that are no longer active The default setting for the aging time is 300 seconds 5 minutes To adjust the aging time perform the following procedure 1 From the Home page select Configuration The Sys
34. P Community Security Transport tayer2 k Community Index Name Name Tag Storage Type Row Status Security 10456 SantaClara5 tomas testengtag Nonvolatile Active testenginform Help 10555 SanJose78 ross testenginform NonvVolatile Active ____togout_ 10650 Sunnyvale45 nelvid swengtag Nonyolatile Active swenginform hwengtag hwenginform testengtag testenginform 10675 Fremont loan NonvVolatile Active 10725 Campbell98 frankk NonvVolatile Figure 102 SNMPv3 Community Table Tab Monitoring Section II Advanced Features 267 Chapter 16 SNMPv3 268 Section Il Advanced Features Section II VLANS The chapters in this section explain how to set up security on an AT 9400 Series switch The chapters include Q Chapter 17 Virtual LANs on page 271 OY Chapter 18 GARP VLAN Registration Protocol GVRP on page 285 269 270 Section III VLANs Chapter 17 Virtual LANs This chapter explains how to create modify and delete port based and tagged VLANs This chapter also explains how to select a multiple VLAN mode This chapter contains the following sections Q Creating a New Port Based or Tagged VLAN on page 272 Q Modifying a VLAN on page 276 Q Deleting a VLAN on page 278 Q Selecting a VLAN Mode on page 279 Q Displaying VLANs on page 281 O Specifying a Management VLAN on page 283 Note For background information on port based and ta
35. Protocol Privacy Protocol Storage Type blaze jenny chitra murthy summer SHA MD5 SHA SHA None DES DES DES Nonvolatile Nonvolatile NonvVolatile NonvVolatile NonvVolatile Figure 95 SNMPv3 User Table Tab Monitoring Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide Displaying View To display entries in the SNMPv3 View Table perform the following Table Entries procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 Select the SNMP tab The SNMP tab is shown in Figure 94 on page 259 3 Inthe SNMPv3 section click the button next to View View Table and then click View at the bottom of the tab The SNMPv3 View Table tab is shown in Figure 96 Total Entries 6 Page 1 of 2 SubTree Mask View Type Storage Type Row Status experimental 1 3 6 1 3 Home SNMPYVS View lable tayert ayer ViewName GD Security mgmt 1 3 6 1 2 C fep id private 1 3 6 1 4 internet 1 3 6 1 _ toot _ directory 1 3 6 1 1 Excluded Included Included Included Excluded Nonvolatile Volatile Nonvolatile NonvVolatile NonvVolatile Figure 96 SNMPv3 View Table Tab Monitoring Section II Advanced Features 261 Chapter 16 SNMPv3 Displaying To display entries in the SNMPv3 Access Table perfo
36. Q Modifying a View Table Entry on page 218 For reference information about the SNMPv3 View Table see Chapter 18 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide Creating a View To create an entry in the SNMPv3 View Table perform the following Table Entry procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 3 Inthe SNMPv3 section click the button next to Configure View Table and then click Configure at the bottom of the tab 214 Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide The SNMPv3 View Table tab is shown in Figure 73 AT 9424T SP SNMPv3 View Table Ts Total Entries 6 Page 1 of 2 SubTree SubTree tayer2_ k View Name OID Mask View Type Storage Type Row Status Hep si 1 3 6 1 2 Excluded NonVolatile L togt f 1 3 61 4 ff Included Volatile O internet 1 3 6 1 Included NonvVolatile O directory 1 3 6 1 1 Included NonvVolatile O experimental 1 3 6 1 3 Excluded NonvVolatile Figure 73 SNMPv3 View Table Tab Configuration 4 Click Add The Add New SNMPVv3 View page is shown in Figure 74 View Name gt private Subtree OID gt private Subtree Mask fff View Type
37. Q2 6or7 Q3 highest 366 AT S63 Management Software Web Browser Interface User s Guide IGMP Snooping Default Settings The following table lists the IGMP Snooping default settings IGMP Snooping Setting Default IGMP Snooping Status Disabled Multicast Host Topology Single Host Port Edge Host Router Timeout Interval 260 seconds Maximum Multicast Groups 64 Multicast Router Ports Mode Auto Detect 367 Appendix A AT S63 Default Settings Denial of Service Prevention Default Settings The following table lists the default settings for the Denial of Service prevention feature Denial of Service Prevention Setting Default IP Address 0 0 0 0 Subnet Mask 0 0 0 0 Uplink Port 26 SYN Flood Defense Disabled Smurf Defense Disabled Land Defense Disabled Teardrop Defense Disabled Ping of Death Defense Disabled IP Options Defense Disabled 368 AT S63 Management Software Web Browser Interface User s Guide STP RSTP and MSTP Default Settings This section provides the spanning tree STP RSTP and MSTP default settings Spanning Tree The following table describes the Spanning Tree Protocol default Switch Settings settings for the switch STP Switch Setting Default Spanning Tree Status Disabled Active Protocol Version RSTP STP Default The following table describes
38. Quality of Service Note The tagged information in a packet is not changed as the packet traverses the switch A tagged packet exits the switch with the same priority level that it had when it entered The default for this parameter is No meaning that the priority level of tagged packets is determined by the priority level specified in the packet itself 7 Click Apply Configuration changes are immediately activated on the switch 8 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 144 Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide Mapping CoS Priorities to Egress Queues Section II Advanced Features This procedure explains how to change the default mappings of CoS priorities to egress priority queues as shown in Table 3 on page 143 This is set at the switch level You cannot set this on a per port basis To change the mappings perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the QoS option The QoS page is displayed with the CoS tab selected by default as shown in Figure 40 on page 142 3 Select the Scheduling tab 145 Ch
39. SNMP protocols as the Security Model for this Security Name or User Name v1 Select this value to associate the Security Name or User Name with the SNMPv1 protocol v2c Select this value to associate the Security Name or User Name with the SNMPv2c protocol v3 Select this value to associate the Security Name or User Name with the SNMPv3 protocol In the Security Name field enter a User Name that you previously configured with the SNMPv3 User Table See Creating a User Table Entry on page 207 In the Security Level field select one of the following Security Levels Note The value you configure for the Security Level must match the value configured for the User Name in the SNMPv3 User Table Menu See Creating a User Table Entry on page 207 No Authentication Privacy This option represents neither an authentication nor privacy protocol Select this security level if you do not want to authenticate SNMP entities and you do not want to encrypt messages using a privacy protocol This security level provides the least security Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide Note If you have selected SNMPv1 or SNMPv2c as the Security Model you must select No Authentication Privacy as the Security Level Authentication This option represents authentication but no privacy protocol Select this security level if you want to authenticate SNMP users but you do no
40. State Slave 362 AT S63 Management Software Web Browser Interface User s Guide SNMP Default Settings The following table describes the SNMP default settings SNMP Communities Setting Default SNMP Status Disabled Authentication Failure Trap Status Disabled Community Name public Read only Community Name private Read Write Status public Enabled Status private Enabled Open Status public Yes Open Status private Yes 363 Appendix A AT S63 Default Settings Port Configuration Default Settings The following table lists the port configuration default settings Port Configuration Setting Default Status Enabled Broadcast Filter Disabled Override Priority No override HOL Blocking Disabled Back Pressure Disabled Flow Control Auto Speed Auto Negotiation Duplex Mode Auto Negotiation MDI MDI X Auto MDI MDIX 364 AT S63 Management Software Web Browser Interface User s Guide Event Log Default Settings The following table lists the event log default settings Event Log Setting Default Status Enabled Full Log Action Wrap 365 Appendix A AT S63 Default Settings Quality of Service The following table lists the default mappings of IEEE 802 1p priority levels to egress port priority queues IEEE 802 1p Priority Level Port Priority Queue Oor1 QO lowest 2or3 Q1 4or5
41. Tab Monitoring The GVRP Parameters section provides the following information GVRP The GVRP status Enabled or Disabled Leave Time The range is 30 to 80 centiseconds and the default is 60 centiseconds Join Time The range is 10 to 60 centiseconds and the default is 20 centiseconds 289 Chapter 18 GARP VLAN Registration Protocol GVRP GIP The GIP status Enabled or Disabled Leave All Time The range is 500 to 300 centiseconds and the default is 1000 centiseconds 290 Section III VLANs AT S63 Management Software Web Browser Interface User s Guide Displaying the GVRP Port Configuration Section III VLANs To display the GVRP port configuration perform the following procedure 1 From the Home page select Monitoring The System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 25 on page 94 Select the GVRP tab The GVRP tab is shown in Figure 108 on page 289 In the View GVRP Parameters section click View Port Configuration Click View The GVRP Port Configuration page is shown in Figure 109 T GVRP Port Contiouraion Page 1of3 Port Number 1 2 3 4 5 6 7 8 9 Figure 109 GVRP Port Configuration Page The GVRP Port Configuration page provides the fol
42. To create a new password enter the new password into both fields The default password is friend The password is case sensitive Caution Do not use spaces or special characters such as asterisks and exclamation points in a password if you are managing the switch from a web browser Many web browsers cannot handle special characters in passwords 46 Section Basic Features Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Operator Password Confirm Operator Password Use these parameters to change the operator s login password for the switch The password can be from 0 to 16 characters in length The same password is used for both local and remote management sessions To create a new password enter the new password into both fields The default password for operator is operator The password is case sensitive Caution Do not use spaces or special characters such as asterisks and exclamation points in a password if you are managing the switch from a web browser Many web browsers cannot handle special characters in passwords Note A change to a password is immediately activated on the switch You are prompted for the new password the next time you log in 3 Click Apply to activate your change on the switch 4 Click Save Changes to permanently save your change This button is not displayed if there are no changes to save 47 Chapter 3 Bas
43. Transfer Protocol TIME System Time and SNTP VLAN Port based and tagged VLANs and multiple VLAN modes 8 Click View 133 Chapter 11 Event Log Figure 38 shows an example of an event log in Normal mode vents View Normamode O O O o Date and Time 04 20 04 06 56 54 04 20 04 06 56 54 04 20 04 06 56 54 04 20 04 06 56 55 04 20 04 06 56 55 04 20 04 06 56 55 04 20 04 06 56 55 04 20 04 06 56 56 04 20 04 06 56 56 04 20 04 06 56 56 file File System initialized http Server reset to defaults ssh SSH server disabled cfg Configuration initialized tacacs TACACS initialized radius RADIUS initialized garp GARP initialized qos Number of Egress Queues setto 8 qos Priority 0 mapped to Egress Queue 0 qos Priority 1 mapped to Egress Queue 1 134 Figure 38 Event Log Example Displayed in Normal Mode The events are displayed in a table The columns in the table shown in normal display mode are described below S Severity The event s severity The severity codes and their corresponding severity level and description are shown in Table 2 Table 2 Event Severity Levels Severity ous verity Level Description Code Severity Leve escriptio E Error Switch operation is severely impaired W Warning An issue that may require network manager attention Information Useful information that can be ignored during normal operation D Debug Messages intended for technic
44. a File on page 125 139 Chapter 11 Event Log 140 Section Il Advanced Features Chapter 12 Quality of Service This chapter contains instructions on how to configure Quality of Service QoS This chapter contains the following procedure Q Configuring CoS on page 142 Q Mapping CoS Priorities to Egress Queues on page 145 Q Configuring Egress Scheduling on page 148 Q Displaying the CoS Settings on page 150 Q Displaying the QoS Schedule on page 152 Note gt For background information on QoS refer to Chapter 13 Quality of Service in the AT S63 Management Software Menus Interface User s Guide Section Il Advanced Features 141 Chapter 12 Quality of Service Configuring CoS This procedure explains how to change the egress queue used to handle untagged ingress packets on a port This procedure also overrides the priority levels in tagged ingress packets To configure CoS perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the QoS option The QoS page is displayed with the CoS tab selected by default as shown in Figure 40 Figure 40 CoS Tab Configuration Click the port where you want to configure CoS You can select more than one port at a time A selected port turns white To desele
45. amp SNMPv2c Communities tab is shown in Figure 10 on page 56 Click the button next to the community name and click Modify The Modify SNMPv1 amp SNMPv2c Community page is shown in Figure 12 Community Name first one Managers DodifyswMvi amp SNMPV2eCommuniy Status Enable O Disable Access Mode Read Only O Read Write Trap Receivers Allow Any Station Manager IP Address 1 Manager IP Address 2 Manager IP Address 3 Manager IP Address 4 Manager IP Address 5 Manager IP Address 6 Manager IP Address 7 Manager IP Address 8 Trap Receiver IP Address 1 Trap Receiver IP Address 2 Trap Receiver IP Address 3 Trap Receiver IP Address 4 Trap Receiver IP Address 5 Trap Receiver IP Address 6 Trap Receiver IP Address 7 Trap Receiver IP Address 8 Figure 12 Modify SNMPv1 amp SNMPv2c Community Page 59 Chapter 4 SNMPv1 and SNMPv2c 5 Modify the following parameters Community Name This field is not configurable from this page It is the name of the SNMP community Status Click Enable to enable the SNMP community Click Disable to disable the SNMP community Access Mode Click Read Only to allow read access to the SNMP community Click Read Write to allow read write access to the SNMP community Allow Any Station Click this option to allow any SNMP manager to access the switch When you click this option a warning message appears on t
46. and Operator accounts The default is 30 seconds The range is 1 to 30 seconds IP Address and Encryption Key Use these fields to specify the IP addresses and encryption secrets of up to three network servers containing TACACS server software You can leave an encryption field blank if you entered the server s secret in the Global Secret field 5 Click Apply 6 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 326 Section IV Security AT S63 Management Software Web Browser Interface User s Guide Displaying the TACACS Settings To display the TACACS settings on the switch perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 Select the Server based Authentication tab The Server based Authentication tab is shown in Figure 125 Server based Authentication System Server based Authentication Authentication Method Disabled TACACS TACACS Settings RADIUS Settings Figure 125 Server Based Authentication Tab Monitoring The upper part of the page shows if server based authentication is enabled or disabled and the authentication method The lower part of the page allows you to vie
47. as asterisks and exclamation points are allowed Each trunk must be given a unique name Trunk Method Select a load distribution method The possible settings are SA Source MAC address Layer 2 DA Destination MAC address Layer 2 SA DA Source MAC address destination MAC address Layer 2 SI Source IP address Layer 3 DI Destination IP address Layer 3 SI DI Source IP address destination IP address Layer 3 Click the ports that are to make up the port trunk A selected port changes to white An unselected port is black A port trunk can contain up to eight ports Note All ports in a trunk must operate at the same speed When you include port 23R or 24R in a trunk and the port transitions to redundant uplink status the port speed is automatically adjusted to 101 Chapter 8 Port Trunking 1000 Mbps If the other ports in the trunk are operating at a different speed port trunking may be unpredictable Because of these port speed variables Allied Telesyn suggests that you not include port 23R or 24R in a port trunk 7 Click Apply The new port trunk is now active on the switch 8 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 9 Configure the ports on the remote switch for port trunking 10 Connect the cables to the ports of the
48. as shown in Figure 23 on page 90 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 51 on page 164 4 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 62 Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide Layer 2 AT 9424T SP Spanning Tree Configure MSTP Parameters Force Version O Force STP Compatible MSTP Bridge Max Age 6 40 Bridge Hello Time 1 10 20 2 Bridge Max Hops 1 40 Bridge Forwarding 4 30 20 15 Revision Level 0 255 Configuration Name Configure CIST Parameters CIST Priority 0 15 18 4096 32768 CIST MSTI Table Total CIST MSTIs 1 Page 1of1 CISTMSTI ID Priority VLAN Associations CE Section Il Advanced Features Figure 62 Configure MSTP Parameters Tab Configuration Note This procedure explains the Configure MSTP Parameters section of the page The CIST MSTI Table is explained in Adding Removing or Modifying VLAN Associations to MSTIs on page 192 The graphic image of the switch is described in Configuring MSTP Port Parameters on page 195 Adjust the following parameters as necessary 185 Chapter 15 MSTP 186 Force Version This selection determines whether the bridge operates with MSTP or in an STP compatible mode If you select MSTP the bridge operates all ports in MSTP except those ports that receive STP or RSTP B
49. based Authentication tab The Server based Authentication tab is shown in Figure 123 on page 324 3 Inlower section of the Server based Authentication tab click RADIUS Configuration and click Configure The RADIUS Client Configuration page is shown in Figure 124 Global Encryption Key Global Server Timeout 1 60 ATI 30 second s Port IP Address 1 65535 Encryption Key 0 0 0 0 1812 Not Defined 0 0 0 0 1812 Not Defined 0 0 0 0 1812 Not Defined Figure 127 RADIUS Client Configuration Page 4 Adjust the following parameters as necessary Global Encryption Key If all of the TACACS servers have the same encryption secret you can enter the key here If the servers have different keys you must specify each key when you specify a server s IP address Global Server Timeout This parameter specifies the maximum amount of time the switch waits for a response from a TACACS server before assuming the server cannot respond If the timeout expires and the server has 329 Chapter 22 TACACS and RADIUS not responded the switch queries the next TACACS server in the list If there no more servers the switch defaults to the standard Manager and Operator accounts The default is 30 seconds The range is 1 to 30 seconds IP Address Port and Encryption Key Use these fields to specify the IP address UDP port number and encryption key of each RADIUS server You ca
50. button next to the SecurityToGroup Table entry that you 5 want to change and then click Modify The Modify SNMPv3 SecurityToGroup page is shown in Figure 81 T Mody SNMPVSSeauriyToGrouy Security Model v3 Security Name hoa Group Name swengineering Storage Type Nonvolatile Row Status Active Figure 81 Modify SNMPv3 SecurityToGroup Page In the Group Name field enter a Group Name that you configured in the SNMPv3 Access Table See Creating an Access Table on page 220 There are four default values for this field that are reserved for SNMPv1 and SNMPv2c implementations Q defaultV1GroupReadOnly Q defaultV1GroupReadWrite Q defaultV2cGroupReadOnly Q defaultV2cGroupReadWrite In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the SecurityToGroup Table After making changes to a SecurityToGroup Table entry with a Volatile storage type Save Changes does not appear on the General tab NonVolatile Select this storage type if you want the ability to save an entry in the SecurityToGroup Table After making changes to a SecurityToGroup Table entry with a NonVolatile storage type Save Changes appears on the General tab Allied Telesyn recommends this storage type 231 Chapter 16 SNMPv3 Note The Row Status parameter is a read only field in t
51. chapter include Q Enabling or Disabling the Event Log on page 128 Q Displaying Events on page 130 Q Disabling the Event Log on page 137 Q Clearing the Event Log on page 138 U Saving the Event Log to a File on page 139 For more information about the event log refer to the AT S63 Management Software Web Browser Interface User s Guide Note The event log even when disabled logs all AT S63 initialization events that occur when the switch is reset or power cycled Any switch events that occur after AT S63 initialization are entered into the log only if you enable the event log The default setting for the event log is disabled Section Il Advanced Features 127 Chapter 11 Event Log Enabling or Disabling the Event Log 128 To enable or disable the event log perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the Event Log tab The Event log tab is shown in Figure 36 AT 9424T SP m Name Marketing r 00 30 84 4B EF CD Event Log System Log Settings Status Log Full Action Disabled Wrap Enabled O Halt Clear Log O clear Log O Permanent Temporary Hi Filter Settings and Actions Log Location Mode Temporary RAM Normal O Permanent Nvs OFull Severity Selections Module Selections
52. delay 186 bridge hello time 186 bridge max age 186 bridge settings configuring 184 configuration name 186 configuring 184 connecting to VLANs 192 default settings 370 disabling 182 edge port 196 enabling 182 force version 186 max hops 187 MSTIID creating 189 deleting 190 modifying 190 parameters configuring 184 parameters displaying 197 point to point port 196 port external path cost 196 port internal path cost 196 port parameters configuring 195 displaying 197 port priority 195 port settings displaying 200 port status displaying 200 resetting to defaults 202 0 operator access 28 46 operator password configuring 46 default setting 359 override priority default setting 364 P password changing 46 default 33 pinging 49 PKI certificates maximum number default setting 384 377 point to point port default setting 369 Multiple Spanning Tree Protocol MSTP 196 Rapid Spanning Tree Protocol RSTP 177 poll interval default setting 360 port configuring parameters basic 74 disabling 75 enabling 75 link status 82 resetting to defaults 88 statistics displaying 85 status default setting 364 displaying 81 port control 802 1x port based access control 338 force authorized 338 force unauthorized 338 port cost default setting 369 Multiple Spanning Tree Protocol MSTP 196 Rapid Spanning Tree Protocol RSTP 177 Spanning Tree Protocol STP 170 port mirror creating 110 deleting 115 disabling 114 d
53. implementation Allied Telesyn does not recommend this configuration For reference information about the SNMPv3 protocol see Chapter 18 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide 204 Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide Enabling or Disabling SNMP Management Section II Advanced Features In order to allow an SNMP manager or host to access the switch you need to enable SNMP access In addition to allow the switch to send a trap when it receives a login attempt from an unauthenticated user you need to enable authentication failure traps This section provides a procedure to accomplish both of these tasks To enable SNMP access and authentication failure traps perform the following procedure procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the SNMP tab The SNMP tab is shown in Figure 69 AT 9424T SP tem Name Marketing ddr 00 30 84 4B8 EF CD _layer2 e C Enable SNMP Access Security Enable Authentication Failure Trap SS suweviiv2e Configure SNMPv1V2c Communities SNMPv3 SNMP Engine ID 80 00 00 CF 03 00 30 84 AB EF CD Configure User Table Configure View Table O Configure Access Table Configure SecurityToGroup Table Configu
54. in Figure 6 on page 44 2 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 25 on page 94 3 Select the GVRP tab The GVRP tab is shown in Figure 108 on page 289 4 Inthe View GVRP Parameters section click View GVRP State Machine for VLAN and enter the VLAN number in the box 5 Click View The GVRP State Machine for VLAN page is shown in Figure 111 Port App Reg Port App Reg Reg Port App Reg Aa Fix Aa Fix Fix Aa Fix Aa Fix Aa Fix Fix Aa Fix Aa Fix Aa Fix Fix Aa Fix Aa Fix Aa Fix Fix Aa Fix Aa Fix Aa Fix Fix Aa Fix Aa Fix Aa Fix Fix Aa Fix Figure 111 GVRP State Machine for VLAN Page The GVRP State Machine for VLAN page provides the information shown in Table 7 Table 7 GVRP State Machine Parameters Parameter Meaning Port Port number on the switch this port belongs to the GARP application If the GARP application has no ports No ports have been assigned is displayed 293 Chapter 18 GARP VLAN Registration Protocol GVRP Table 7 GVRP State Machine Parameters Continued Parameter Meaning App Applicant state machine for the GID index on that particular port One of Normal Participant Management state Vo Very Anxious Observer Ao Anxious Observer Qo Quiet Observer Lo Leaving O
55. line interface CLI to give the switch an IP address and subnet mask Then you can connect to that switch and start a web browser management session Note For background information on enhanced stacking refer to Chapter 5 Enhanced Stacking in the AT S63 Management Software Menus Interface User s Guide To start a web browser management session perform the following procedure 1 Start your web browser Note If your PC with the web browser is connected directly to the switch to be managed or is on the same side of a firewall as the switch you must configure your browser s network options not to use proxies Consult your web browser s documentation on how to configure the switch s web browser not to use proxies 2 Inthe URL field of the browser enter the IP address of the switch you want to manage or of the master switch of the enhanced stack Z Home Microsoft Internet Explorer File Edit View Favorites Tools Help las oa BL in Back Forward Stop Refresh Home a a 3l J A amp Search Favorites History Mail Print Edit Related Switch s F Address Figure 1 Entering a Switch s IP Address in the URL Field 32 Section Basic Features AT S63 Management Software Web Browser Interface User s Guide The AT S63 management software displays the login page as shown in Figure 2 AT 9424T SP User Name Password Copyright 2004 Allied Telesyn Inc All rights res
56. menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab shown by default as shown in Figure 23 on page 90 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 51 on page 164 4 Click Configure Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide The Configure RSTP Bridge Parameters tab is shown in Figure 57 Layer 2 AT 9424T SP Spanning Tree Configure RSTP Parameters Force Version Bridge Max Age 6 40 O Force STP Compatible RSTP 20 Bridge Priority 0 15 Bridge Identifier 8 Bridge Hello Time 1 10 2 Bridge Forwarding 4 30 15 4096 32768 00 30 84 00 00 00 Section II Advanced Features Figure 57 Configure RSTP Parameters Tab Configuration 5 Adjust the following parameters as necessary Force Version This selection determines whether the bridge operates with RSTP or in an STP compatible mode If you select RSTP the bridge operates all ports in RSTP except for those ports that receive STP BPDU packets If you select Force STP Compatible the bridge operates in RSTP using the RSTP parameter settings but it sends only STP BPDU packets out the ports Bridge Priority The priority number for the bridge This number is used in determining the root bridge for RSTP The bridge with the lowest priority number is selected as the root bridge If two or more bridges have
57. on the master switch of the enhanced stack you are by default addressing that particular switch The management tasks that you perform affect only the master switch To manage a slave switch or another master switch in the same stack you need to select it from the management software To select a switch to manage in an enhanced stack perform the following procedure 1 From the home page select Enhanced Stacking Note If the Home page does not have an Enhanced Stacking menu option the switch s enhanced stacking status is either slave or unavailable For instructions on how to changea switch s stacking status refer to the previous procedure Section Basic Features AT S63 Management Software Web Browser Interface User s Guide The master switch polls the network for the slave and master enhanced stacking switches in the subnet and displays a list of the switches in the Stacking Switches page An example is shown in Figure 16 AT 9424T SP Stacking Switches Total Switches 12 Page 1 of 2 Mac Addr Software Switch Version Model z o 00 00 00 A4 BB CD 00 30 80 00 4D 34 00 30 84 52 02 60 SV Users 8 00 30 84 54 4B 00 00 30 84 54 F 5 80 00 30 84 F3 B4 00 SV_USERS_4 00 30 84 F 3 84 20 SV_USERS_2 00 30 84 F3 B5 00 SV_USERS_5 00 30 84 F3 B6 20 S V_USERS_3 00 30 84 F3 C9 40 SV_USERS_ 39 v3 2 0 AT 8012M 39 v3 1 1 AT 8012M 39 v3 1 1 AT 8024GB 39 v3 2 0 Pat AT 8024GB 39 v3 2 0 AT 8
58. one port at a time 4 Click Port Role The Port Role Configuration page is shown in Figure 130 Port Role None OAuthenticator Supplicant Figure 130 Port Role Configuration Page 5 Select the desired role for the port The possible settings are None The port is not to participate in port based access control This is the default setting Authenticator The port is to function as an authenticator This is the appropriate setting if the port is connected to a supplicant Supplicant The port is to function as an supplicant This is the appropriate setting if the port is connected to an authenticator A port can have only one port role at a time 6 Click Apply To enable or disable port based access control go to Enabling or Disabling 802 1x Port based Network Access Control on page 336 Then to configure authenticator port settings go to Configuring Authenticator Port Parameters on page 337 To configure supplicant port settings go to Configuring Supplicant Port Parameters on page 340 Section IV Security 335 Chapter 23 802 1x Port based Network Access Control Enabling or Disabling 802 1x Port based Network Access Control 336 To enable or disable 802 1x Port based Network Access Control perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page
59. packet from the client before retransmitting the request ReAuthP The frequency of the periodic reauthentication of the client SuppTO The switch to client retransmission time for the EAP Request packet Section IV Security Section IV Security AT S63 Management Software Web Browser Interface User s Guide MaxReq The maximum number of times that the switch retransmits an EAP Request packet to the client before it times out the authentication session For supplicant port s the Supplicant Port Parameters Page is displayed as shown in Figure 136 Total Ports 1 Page lof 1 Figure 136 Supplicant Port Parameters Page The Supplicant Port Parameters page displays a table that contains the following columns of information Port The port number AuthPeriod The period of time in seconds that the supplicant waits for a reply from the authenticator HeldPeriod The amount of time the supplicant is to refrain from trying to recontact the authenticator in the event that the end user provides an invalid user name and or password MaxStart The maximum number of times the supplicant sends EAPoL Start packets before assuming that there is no authenticator present StartPeriod The time period between successive attempts by the supplicant to establish contact with an authenticator when there is no reply User Name The user name for the port User Password The password for the port 345 Cha
60. pages Selecting Back on your browser s toolbar returns you to the previous display You can also use the browser s bookmark feature to save the link to the switch Section Basic Features 35 Chapter 2 Starting a Web Browser Management Session Saving Your Parameter Changes When you make a change to a switch parameter the change is in most cases immediately activated as soon as you click the Apply button on the page However a change to a switch parameter is initially saved only to temporary memory It is lost the next time you reset or power cycle the unit To permanently save a change you must click the Save Changes button This button is located on the General tab To locate the button from the home page click Configuration The General tab is displayed The Save Changes button is at the bottom of the page If the button is not displayed there are no changes for the switch to save AT 9424T SP Administration System Name Marketing Administrator Josh Comments IP Address 149 35 19 172 Subnet Mask 255 255 252 0 Default Gateway 149 35 16 1 Passwords Manager Password Confirm Manager Password Configuration BOOTP DHCP Enable Disable Save Changes Button Operator Password Confirm Operator Password MAC Address Aging Time 300 second s Figure 4 Save Changes Button in the General Tab Configuration Section Basic Features AT S63 Management Softwar
61. port s speed and duplex mode manually Q If you disable autonegotiation on a port the auto MDI MDI X feature on a port is also disabled and the port defaults to the MDI X configuration Consequently if you disable autonegotiation and set a port s speed and duplex mode manually you might also need to set the port s MDI MDI X setting as well Auto Negotiate The port autonegotiates both speed 10 100 1000 Mbps and duplex mode This is the default The other possible settings are 10Mbps Half Duplex 10Mbps Full Duplex 100Mbps Half Duplex 100Mbps Full Duplex Note When a transceiver is inserted into an uplink slot and a link is established that slot becomes a primary uplink port and the corresponding backup port 23R or 24R automatically transitions to redundant uplink status The speed and duplex mode of the Section Basic Features Section Basic Features AT S63 Management Software Web Browser Interface User s Guide redundant port automatically transitions to Auto Negotiate to match the speed of the primary uplink port and you cannot configure the MDI MDIX crossover parameter Note 1000 Mbps speed is only available when you set the port to autonegotiate You cannot set this manually If you select all ports the Soeed and Duplex setting displays Not Configurable because all ports are set to autonegotiate Broadcast Filter Use this parameter to limit the number of ingress broadcast packets
62. s Guide In the Configure RADIUS Accounting section adjust the following parameters as necessary Enable Accounting This parameter activates or deactivates RADIUS accounting on the switch Select Enabled to activate the feature or Disabled to deactivate it The default is Disabled Trigger Type This parameter specifies the action that causes the switch to send accounting information to the RADIUS server The possible settings are Start_Stop The switch sends accounting information whenever a client logs on or logs off the network This is the default Stop The switch sends accounting information only when a client logs off Port Number Specifies the UDP port for RADIUS accounting The default is port 1813 Type This parameter specifies the type of RADIUS accounting The default is Network You cannot change this value Enable Update This parameter controls whether the switch is to send interim accounting updates to the RADIUS server A check in the box indicates that updating is enabled No check in the box means that updating is disabled Update Interval Specifies the intervals at which the switch sends interim accounting updates to the RADIUS server The range is 30 to 300 seconds The default is 60 seconds 4 Click Apply To display the RADIUS accounting settings perform the following procedure 1 From the home page select Monitoring The System page is displayed with the General tab selected by d
63. sssssccssssccssseessssscessseseessssessssscesssecessusesssnsesssssecessusesessesssnsscsesusesssnsecessnecessnsesssntessesnsssssseesese Table 7 GVRP State Machine Parameters sssssssssscssssscsssescssssccesssssecssseeesssscesssseecssscessssseessssecssssseessseessssseessuscessusseessuscsssnseesussesesnseessse Table8 GVRP COUMtE LS sic sasvcsicve sc cactucasessetasepuchbscacieshsucsccsactbtcaslSdcaveyactuslsbcavesscsa cXesbeics dba dvosoaseatoghcosGsiestsuil bhcndpsipuabSocavestcntetstbntestdatcterbaivetees Tables Preface How This Guide This guide contains instructions on how to configure an AT 9400 Series Layer 2 Gigabit Ethernet Switch using the AT S63 management software and the web browser user interface is Organized This manual is divided into three sections Section I Basic Features The chapters in this section explain how to start a local management session and perform some basic tasks such as configuring switch and port parameters port trunking and enhanced stacking Section Il Advanced Features The Advanced Features section includes procedures for working with the file system spanning tree IGMP Quality of Service the event log and VLANs Section Ill Security The chapters in this section explain how to use a wide variety of switch security features including management ACLs encryption web server port based access control denial of service defense TACACS and RADIUS For information about man
64. that support enhanced stacking that reside in the same subnet all from the same local management session Note For further information on enhanced stacking refer to Chapter 5 Enhanced Stacking in the AT S63 Management Software Menus Interface User s Guide AT S63 Management Software Web Browser Interface User s Guide Telnet Management Session You can use any management station on your network that has the Telnet application to manage an AT 9400 Series switch This type of management session is referred to in this guide as a remote management session because you do not need to be in the wiring closet where the switch is located You can manage the switch from any workstation on the network that has the application protocol To establish a Telnet management session with a switch there must be at least one enhanced stacking switch in the subnet to which you assigned an IP address Only one switch in a subnet needs to have an IP address After you have established a Telnet management session with the switch that has an IP address you can use the enhanced stacking feature of the management software to access all other switches that support enhanced stacking that reside in the same subnet Note For further information on enhanced stacking refer to Chapter 5 Enhanced Stacking in the AT S63 Management Software Menus Interface User s Guide Note For instructions on how to start a Telnet management session refer t
65. the General tab Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the Access Table entry takes effect immediately Click Apply to update the SNMPv3 Access Table To save your changes return to the General tab and click Save Changes Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide Configuring the SNMPv3 SecurityToGroup Table Creating a SecurityToGroup Table Entry Section II Advanced Features You can create delete and modify an SNMPv3 SecurityToGroup Table entry See the following procedures Q Creating a SecurityToGroup Table Entry on page 227 Q Deleting a SecurityToGroup Table Entry on page 230 Q Modifying a SecurityToGroup Table Entry on page 230 For reference information about the SNMPv3 SecuritytoGroup Table see Chapter 18 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide To create an entry in the SNMPv3 SecurityToGroup Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 3 Inthe SNMPv3 section click the button next to Configure SecurityToGroup Table and then click Configure at the bott
66. the STP default settings Settings STP Setting Default Bridge Priority 32768 Bridge Hello Time 2 Bridge Forwarding 15 Bridge Max Age 20 Port Cost Automatic Update Port Priority 128 RSTP Default The following table describes the RSTP default settings Settings RSTP Setting Default Force Version RSTP Bridge Priority 32768 Bridge Hello Time 2 Bridge Forwarding 15 Bridge Max Age 20 Edge Port Yes Point to Point Auto Detect Port Cost Automatic Update Appendix A AT S63 Default Settings RSTP Setting Default Port Priority 128 MSTP Default The following table lists the MSTP default settings Settings MSTP Setting Default Status Disabled Force Version MSTP Bridge Hello Time 2 Bridge Forwarding Delay 15 Bridge Max Age 20 Maximum Hops 20 Configuration Name null Revision Level 0 CIST Priority Increment 8 32768 Port Priority Increment 8 128 Port Internal Path Cost Auto Update Port External Path Cost 200 000 Point to Point Auto Detect Edge Port Yes 370 AT S63 Management Software Web Browser Interface User s Guide VLAN Default Settings This section provides VLAN default settings VLAN Setting Default Default VLAN Name Default_VLAN all ports Management VLAN ID 1 Default_VLAN VLAN Mode User Configured Uplink Port None 371 Appendix A AT S63 Default Settings GVRP Default Setting
67. the port receives The possible settings are Enabled The port does not receive any broadcast packets Disabled The port receives broadcast packets This is the default setting For further information about filters refer to Chapter 6 Port Parameters in the AT S63 Management Software Menus Interface User s Guide Unknown Unicast Filter Use this parameter to limit the number of ingress unknown unicast packets the port receives The possible settings are Enabled The port does not receive any unknown unicast packets Disabled The port receives unknown unicast packets This is the default setting Unknown Multicast Filter Use this parameter to limit the number of ingress unknown multicast packets the port receives The possible settings are Enabled The port does not receive any unknown multicast packets Disabled The port receives unknown multicast packets This is the default setting Flow Control Sets flow control on a port This option only applies to ports operating in full duplex mode A switch port uses back pressure to control the flow of ingress packets The switch sends a special pause packet to stop the end node from sending frames The 77 Chapter 6 Port Parameters 78 pause packet notifies the end node to stop transmitting for a specified period of time The possible settings are Auto The port uses flow control if it detects that the end node is using it Disabled No flow co
68. the same priority value the bridge with the numerically lowest MAC address becomes the root bridge When a root bridge goes off line the bridge with the next priority number automatically takes over as the root bridge This parameter can be from 0 zero to 61 440 in increments of 4096 with 0 being the highest priority For a list of the increments refer to Table 5 on page 168 175 Chapter 14 STP and RSTP 176 Bridge Hello Time The time interval between generating and sending configuration messages by the bridge This parameter can be from 1 to 10 seconds The default is 2 seconds Bridge Forwarding The waiting period before a bridge changes to a new state for example becomes the new root bridge after the topology changes If the bridge transitions too soon not all links may have yet adapted to the change possibly resulting in a network loop The range is 4 to 30 seconds The default is 15 seconds This setting applies only to ports running in the STP compatible mode Bridge Max Age The length of time after which stored bridge protocol data units BPDUs are deleted by the bridge All bridges in a bridged LAN use this aging time to test the age of stored configuration messages called bridge protocol data units BPDUs For example if you use the default 20 all bridges delete current configuration messages after 20 seconds This parameter can be from 6 to 40 seconds The default is 20 seconds In selecting a value for ma
69. the speed and duplex mode The speed and duplex mode are set to autonegotiate Section Basic Features Section Basic Features AT S63 Management Software Web Browser Interface User s Guide The Port Configuration page is shown Figure 19 Port Name Status Port_05 O Disabled Enab Broadcast Filter Auto Negotiate Disabled O Enab Unknown Unicast Filter Unknown Multicast Filter O Disabled Enabled O Disabled O Enabled Flow Control Back Pressure O Auto Disabled O Enabled Disabled Enabled Broadcast Rate Limit Disabled O Enabled 262143 0 262143 Pkts Sec Flow ControlBackPressurse Limit 000561 1 7935 Cells Unknown Unicast Rate Limit Multicast Rate Limit Disabled Enabled Disabled Enabled 262143 0 262143 Pkts Sec 262143 0 262143 Pkts Sec HOL Blocking Disabled Enab MDIMDIX Crossover O auto mod O mDIXx 008191 1 8191 Ce Figure 19 Port Configuration Page 6 Adjust the following parameters as necessary Port Name Use this selection to assign a name to a port The name can be from one to fifteen alphanumeric characters Spaces are allowed but you should not use special characters such as asterisks or exclamation points You cannot assign a name when you are configuring more than one port Status Use this selection to enable or disable a port When disabled a port does not accept or forward frames You might want to disa
70. the version of AT S63 management software that features SSL PKI and SSH security Note the following before you begin this procedure L You must use TFTP to download a file from a web browser management session Q To use TFTP there must be a node on your network that contains the TFTP server software Q The file that you are downloading must be stored on the TFTP server node Q You should start the TFTP server before you begin the download procedure Q The AT S63 image file contains the bootloader for the switch You cannot load the image file and bootloader separately U Installing anew AT S63 software image does not change the current configuration of a switch for instance IP address subnet mask and virtual LANs If you want to return a switch to its default configuration values refer to Returning the AT S63 Management Software to the Factory Default Values on page 50 Caution The switch stops forwarding Ethernet traffic after it has downloaded an AT S63 image file and begun to initialize the software Some network traffic may be lost To download a file perform the following procedure 122 Section Il Advanced Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide 1 From the home page select Configuration The System page is displayed with the General tab selected by default 2 Select the System Utilities tab The System Utilities tab is sho
71. you configured in the encryption menus using the AT S63 menus interface Section IV Security AT S63 Management Software Web Browser Interface User s Guide Server Expiry Time Set the time in hours for the server key to expire This timer determines how often the server key is regenerated A server key is regenerated for security purposes A server key is only valid for the time period configured in the Server Key Expiry Expiration Time timer Allied Telesyn recommends that you set this field to 1 With this setting a new key is generated every hour Login Timeout Enter a number between 60 and 600 The default is 180 This is the time it takes to release the SSH server from an incomplete SSH client connection Enter a time in seconds The default is 180 seconds 3 minutes The range is 60 to 600 seconds Status Enable the SSH server after you have finished the configuration and want to log on to the server Or click Disabled while you are configuring the protocol SSH must be disabled while you are configuring the protocol This is the default 5 Click Apply 6 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Section IV Security 319 Chapter 21 Secure Shell SSH Displaying the SSH Settings To view the Secure Shell settings perform the foll
72. 024GB 39 v3 2 0 AT 8026T 39 v3 2 0 AT 8026T 39 v3 2 0 AT 8026T 39 v3 2 0 AT 8026T 39 v3 2 0 AT 8026T 0000000000 NNNNA NNNNA Figure 16 Stacking Switches Page Note The master switch on which you started the management session is not included in the list nor are any switches with an enhanced stacking status of Unavailable You can sort the switches in the list by switch name or MAC address by clicking on the column headers By default the list is sorted by MAC address To refresh the list click Refresh This instructs the master switch to again poll the subnet for all switches 2 To manage another switch in an enhanced stack click the button to the left of the appropriate switch in the list You can select only one switch at a time Note If the web server on the master switch is operating in the secure HTTPS mode you can manage only those enhanced stacking switches that are also operating HTTPS You cannot manage a switch whose web server is operating in the non secure HTTP mode 3 Click Connect Section l Basic Features 69 Chapter 5 Enhanced Stacking 4 Enter a user name and password for the switch when prompted The home page of the selected switch is displayed You can now manage the switch 70 Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Returning to the Master Switch Section Basic Features When you are fini
73. 177 port settings displaying 178 200 resetting to defaults 178 rate limit setting 78 reauth period configuring 338 AT S63 Management Software Web Browser Interface User s Guide reg registrar state machine parameter 295 remote management access defaults 359 RJ 45 serial terminal port default settings 360 S Secure Shell SSH protocol configuring 318 default settings 378 displaying settings 320 Secure Sockets Layer SSL default settings 376 displaying settings 315 server authentication UDP port configuring 330 default setting 379 server key ID parameter 318 server timeout configuring 338 server based authentication method default setting 379 session cache timeout configuring 315 default setting 376 Simple Network Time Protocol SNTP default setting 360 slave switch assigning 66 defined 66 SNMP default setting for remote management 359 default settings 363 SNMP community string default name 363 SNMP management disabling 54 205 enabling 54 205 SNMP management session 27 SNMP management default setting 363 SNMPv1 and SNMPv2c community creating 56 deleting 61 displaying 62 modifying 59 SNMPv3 Access Table entry creating 220 deleting 224 displaying 262 modifying 224 SNMPv3 community name modifying 256 SNMPv3 Community Table entry creating 252 deleting 255 displaying 267 385 Index modifying 255 SNMPv3 Notify Table entry creating 233 deleting 235 displaying 264 modifying 236 SNMPv3 SecurityT
74. 185 5 Inthe diagram of the switch at the bottom of the MSTP Spanning Tree Expanded page click the ports you want to configure You can select more than one port at a time 6 Click Modify The MSTP Settings Port s page is shown in Figure 65 T st setings Pons Port Priority 0 15 Point To Point_ 8 16 128 Auto Detect v Port Internal Path Cost 0 200000000 Port External Path Cost 1 200000000 0 0 Auto Update 200000 Edge Port ves x Figure 65 MSTP Settings Port s Page 7 Adjust the following parameters as necessary Port Priority This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the regional root bridge The 195 Chapter 15 MSTP 196 10 range is 0 to 240 in increments of 16 The default value is 8 priority value is 128 For a list of the increments refer to Table 6 Port Priority Value Increments on page 169 Port Internal Path Cost The port cost of the port if the port is connected to a bridge which is part of the same MSTP region The range is 0 to 200 000 000 The default setting is Auto detect which sets port cost depending on the speed of the port Default values are 2 000 000 for 10 Mbps ports 200 000 for a 100 Mbps ports and 20 000 for one gigabit ports Edge Port This parameter defines whether the port is functioning as an edge port The possible settings are Yes and No For an explanation of t
75. 2 From the Monitoring menu select the Layer 2 option The Monitoring Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 on page 94 3 Select the Spanning Tree tab 197 Chapter 15 MSTP The Monitor MSTP Parameters tab is shown in Figure 66 AT 9424T SP tome Spanning Tree Monitor MSTP Parameters Force Version HETE Bridge Max Age C o 20 0 C togo Configuration Name Monitor CIST Parameters CIST Priority 8 4096 32768 CIST MSTI Table Total CIST MSTIs 1 Page 1of 1 CISTMSTI ID VLAN Associations Ce a8 CIST O MSTI 1 15 Figure 66 Monitor MSTP Parameters Tab Monitoring 4 Clicka port in the switch and click Settings You can select more than one port The MSTP Settings Port s page is shown in Figure 67 T st setings Porn 15 Total Ports Selected 1 Page lof 1 Edge Port Point to Point External Cost Internal Cost Priority Auto Detect 200000 Auto Update Figure 67 MSTP Settings Port s Page 198 Section II Advanced Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide The MSTP Settings page displays a table that contains the following columns of information Port The port number Edge Port Whether or not the port is functioning as an edge port The possible settings are Yes and No Point to Point Whether o
76. 3 User Table see Chapter 18 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide To create an entry in the SNMPv3 User Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 69 on page 205 2 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 3 Inthe SNMPv3 section click the button next to Configure User Table and then click Configure at the bottom of the tab 207 Chapter 16 SNMPv3 The SNMPv3 User Table tab is shown in Figure 70 AT 9424T SP Home SNMPvs3 User Table L ayeri n Total Entries 4 Page 1 of 1 C oe Username Pretocal Pratocat Storage Type Hep MD5 None NonVolatile L togout MDS DES NonVolatile SHA NonVolatile NonvVolatile Figure 70 SNMPv3 User Table Tab Configuration 4 Click Add The Add New SNMPv3 User page is shown in Figure 71 Engine ID 80 00 00 cf 03 00 30 84 fd 57 da User Name chitra Authentication Protocol SHA Authentication Password Confirm Authentication Password Privacy Protocol Privacy Password Confirm Privacy Password Storage Type NonVolatile v Row Status Active Figure 71 Add New SNMPv3 User Page 5 Inthe User Name field enter a name or logon id
77. 4 Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide Displaying To display entries in the SNMPv3 Target Address Table perform the Target Address following procedure Table Entries 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 Select the SNMP Tab The SNMP tab is shown in Figure 94 on page 259 3 In the SNMPVv3 section lick the button next to View Target Address Table and then click View at the bottom of the tab The SNMPv3 Target Address Table tab is shown in Figure 100 ting SNMPv3 Target Address Table C yerri Total Entries 2 Page 1 of 2 GENEVE rroo arose Timeout Parameters Retries C Hep snmpv3manageri L togut IP Address UDP Port Number 187 1 1 1 162 Storage Type Row Status NonVolatile Active Tag List testengtag swengtag Figure 100 SNMPv3 Target Address Table Tab Monitoring Section II Advanced Features 265 Chapter 16 SNMPv3 Displaying To display entries in the SNMPv3 Target Parameters Table perform the Target following procedure Parameters i 1 From the Home page select Monitoring Table Entries The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 Select the SNMP tab The SNMP tab is shown in Figure 94 on page 259 3 Inthe SNMPVv3 sec
78. 87 Chapter 6 Port Parameters Resetting a Port to the Default Settings To reset a port to the default settings perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Layer 1 option 3 Select the Port Settings tab The Port Settings tab is shown in Figure 18 on page 74 4 Click the port in the graphical switch image that you want to configure The selected port turns white You can select more than one port at a time to configure To deselect a port click it again 5 Click Modify To configure all of the ports click Modify All The Port Configuration page is shown Figure 19 on page 75 6 Click Defaults The port s are returned to the default settings listed in Appendix A AT S63 Default Settings on page 357 88 Section Basic Features Chapter 7 MAC Address Table This chapter contains instructions on how to add and view the dynamic and static addresses in the MAC address table of the switch This chapter contains the following procedure Q Adding Static Unicast and Multicast MAC Addresses on page 90 Q Deleting Unicast and Multicast MAC Addresses on page 92 D Deleting All Dynamic MAC Addresses on page 93 Q Displaying the MAC Address Tables on page 94 Q Changing the Aging Time on page 97 Note For backg
79. ARP Messages Empty Total number of GARP Empty messages received for all attributes in the GARP application Transmit GARP Messages Empty Total number of GARP Empty messages transmitted for all attributes in the GARP application Section III VLANs Section III VLANs AT S63 Management Software Web Browser Interface User s Guide Table 8 GVRP Counters Continued Parameter Meaning Receive GARP Number of GARP messages that had an invalid Messages Bad Attribute Type value an invalid Attribute Message Length value or an invalid Attribute Event value Receive GARP Number of GARP messages that had an invalid Messages Bad Attribute Value value Attribute 299 Chapter 18 GARP VLAN Registration Protocol GVRP Displaying the GIP Connected Ports Ring 300 To display the GIP connected ports ring perform the following procedure 1 From the Home page select Monitoring The System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 25 on page 94 Select the GVRP tab The GVRP tab is shown in Figure 108 on page 289 In the View GVRP Parameters section click View GIP Connected Ports Ring Click View The GIP Connected Ports Ring page is shown in Figure 113
80. AT S63 Management Software Web Browser Interface User s Guide MaxAge must be less than 2 x ForwardingDelay 1 Note The aging time for BPDUs is different from the aging time used by the MAC address table Bridge Identifier The MAC address of the bridge The bridge identifier is used as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority value This value cannot be changed 6 After you have made the desired changes click Apply 7 To adjust a port s STP settings click on the port in the switch image and click Modify You can select more than one port at a time The STP Settings Port s page is shown in Figure 53 T S senos Pornos Port Priority 0 15 8 16 128 Port Cost 0 65535 0 0 Auto Update Figure 53 STP Settings Port s Page 8 Adjust the following parameters as necessary Port Priority This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge The range is 0 to 240 in increments of 16 The default value is 8 priority value 128 For a list of the increments refer to Table 6 Table 6 Port Priority Value Increments Increment af Increment sab 0 0 8 128 1 16 9 144 2 32 10 160 3 48 11 176 Section II Advanced Features 169 Chapter 14 STP and RSTP Table 6 Port Priority Value Increments Continued
81. Active Protocol Version Layer 2 stTP ORSTP O MSTP C Enable Spanning Tree Configure Spanning Tree Parameters Figure 51 Spanning Tree Tab Configuration 4 To enable or disable spanning tree click the Enable Spanning Tree check box A check indicates that the feature is enabled while no check indicates that the feature is disabled The default is disabled 5 To select a spanning tree version for the Active Protocol Version parameter click STP RSTP or MSTP The default is RSTP Note Only one spanning tree protocol can be active on the switch at a time 6 Click Apply 164 Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide 7 Ifyou activated STP go to Configuring STP on page 166 If you activated RSTP go to Step Configuring RSTP on page 174 If you activated MSTP go to Chapter 15 MSTP on page 181 Section II Advanced Features 165 Chapter 14 STP and RSTP Configuring STP A Caution The bridge provides default STP parameters that are adequate for most networks Changing them without prior experience and an understanding of how STP works might have a negative effect on your network You should consult the IEEE 802 1d standard before changing any of the STP parameters To configure STP perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by defaul
82. Advanced Features Configuring the SNMPv3 Protocol on page 204 Q Enabling or Disabling SNMP Management on page 205 Configuring the SNMPv3 User Table on page 207 Configuring the SNMPv3 View Table on page 214 Configuring the SNMPv3 Access Table on page 220 Configuring the SNMPv3 SecurityToGroup Table on page 227 Configuring the SNMPv3 Notify Table on page 233 Configuring the SNMPv3 Target Address Table on page 238 Configuring the SNMPv3 Target Parameters Table on page 245 Configuring the SNMPv3 Community Table on page 252 Displaying SNMPv3 Tables on page 258 203 Chapter 16 SNMPv3 Configuring the SNMPv3 Protocol To configure the SNMPv3 protocol you need to first enable SNMP access on the switch Then you configure the SNMPv3 tables See the following procedures Q Enabling or Disabling SNMP Management on page 205 Configuring the SNMPv3 User Table on page 207 Configuring the SNMPv3 View Table on page 214 Configuring the SNMPv3 Access Table on page 220 Configuring the SNMPv3 SecurityToGroup Table on page 227 Configuring the SNMPv3 Notify Table on page 233 Configuring the SNMPv3 Target Address Table on page 238 Configuring the SNMPv3 Target Parameters Table on page 245 COovovoo vv Oo Configuring the SNMPv3 Community Table on page 252 Note Use the SNMPv3 Community Table only if you are configuring the SNMPv3 protocol with an SNMPv1 or an SNMPv2c
83. Allied Telesyn recommends assigning each switch a name Names make it easier for you to identify the various switches when you manage them and they can help you avoid performing a configuration procedure on the wrong switch Administrator This parameter specifies the name of the network administrator responsible for managing the switch The name can be from 1 to 20 characters It can include spaces and special characters such as dashes and asterisks The default is no name This parameter is optional Comments This parameter specifies the location of the switch for example 4th Floor rm 402B The location can be from 1 to 20 characters The location can include spaces and special characters such as dashes and asterisks The default is no location This parameter is optional 41 Chapter 3 Basic Switch Parameters 42 IP Address This parameter specifies the IP address of the switch You must specify an IP address if you want the switch to function as the Master switch of an enhanced stack The IP address must be entered in the format xxx xxx xxx xxx The default value is 0 0 0 0 Subnet Mask This parameter specifies the subnet mask for the switch You must specify a subnet mask if you assigned an IP address to the switch The subnet mask must be entered in the format XXX XXX XXX XXX The default value is 255 255 0 0 Default Gateway This parameter specifies the default router s IP address This address is required if
84. Default Setting on page 380 358 AT S63 Management Software Web Browser Interface User s Guide Basic Switch Default Settings Boot Configuration File Default Setting Management Access Default Settings Management Interface Default Settings following topics are covered Ooo vo Oo SNTP Default Settings on page 360 This section lists the default settings for basic switch parameters The Q Boot Configuration File Default Setting on page 359 UY Management Access Default Settings on page 359 Management Interface Default Settings on page 359 RJ 45 Serial Terminal Port Default Settings on page 360 Switch Administration Default Settings on page 361 System Software Default Settings on page 361 The following table lists the File menu default setting File Menu Setting Default Default Configuration File boot cfg The following table lists the management access default settings Remote Management Access Setting Default Telnet Enabled SNMP Disabled TFTP Enabled Web Server Enabled The following table lists the management interface default settings Management Interface Setting Default Manager Login Name manager Manager Password friend Operator Login Name operator Operator Password operator 359 Appendix A AT S63 Default Settings RJ 45 Serial Terminal Port Default Settings SNTP Default Se
85. DoS prevention Action The action a port takes when an intruder packet is received Although five possible actions may be shown they all do the same thing block the packet record the event and drop the packet Mirror Port The port on the switch to which offending traffic is copied 356 Section IV Security Appendix A AT S63 Default Settings This appendix lists the AT S63 factory default settings It contains the following sections in alphabetical order D CoovovoOUHOUOUDODUOCUDO DO O COovovo wv Basic Switch Default Settings on page 359 Enhanced Stacking Default Setting on page 362 SNMP Default Settings on page 363 Port Configuration Default Settings on page 364 Event Log Default Settings on page 365 Quality of Service on page 366 IGMP Snooping Default Settings on page 367 Denial of Service Prevention Default Settings on page 368 STP RSTP and MSTP Default Settings on page 369 VLAN Default Settings on page 371 GVRP Default Settings on page 372 Port Security Default Settings on page 373 802 1x Port Based Network Access Control Default Settings on page 374 Web Server Default Settings on page 375 SSL Default Settings on page 376 PKI Default Settings on page 377 SSH Default Settings on page 378 Server Based Authentication Default Settings on page 379 357 Appendix A AT S63 Default Settings OQ Management Access Control List
86. Figure 20 on page 81 The Port Setting tab displays a graphical image of the front of the switch Ports with valid links to end nodes have a green light Click a port You can select more than one port at a time when you want to display port status However you can select only one port when displaying statistics A selected port turns white To deselect a port click it again Click Statistics The Port Statistics page is shown in Figure 22 Current Port 3 Total Ports Selected 1 Page 1 of 1 Bytes Received 391175 Bytes Sent 81530 Frames Received 3960 Frames Sent 489 Broadcast Frames Received 2098 Broadcast Frames Sent 4 Frames 64 Bytes 2282 Frames 65 127 Byte 1298 Frames 128 255 Bytes 251 Frames 256 511 Byte 219 Frames 512 1023 Bytes 34 Frames 1024 Byte 365 CRC Error 7 Jabber UnderSize Frames 0 OverSize Frames Fragments 0 Dropped Frames Figure 22 Port Statistics Page The Port Statistics page displays a table that contains the following columns of information Bytes Received Number of bytes received on the port 85 Chapter 6 Port Parameters 86 Bytes Sent Number of bytes transmitted from the port Frames Received Number of frames received on the port Frames Sent Number of frames transmitted from the port Broadcast Frames Received Number of broadcast frames received on the port Broadcast Frames Sent Number of broadcast frames transmitted from the port Multicast Frame
87. GVRP Leave Time Use this parameter to specify the leave time The range is 30 to 80 centiseconds and the default is 60 centiseconds Section Ill VLANs Section III VLANs 6 AT S63 Management Software Web Browser Interface User s Guide Join Time Use this parameter to specify the join time The range is 10 to 60 centiseconds and the default is 20 centiseconds Enable GIP Click to enable GIP which is required to propagate VLAN information among the ports of the switch Leave All Time The range is 500 to 300 centiseconds and the default is 1000 centiseconds Click Apply Configuration changes are immediately activated on the switch To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 287 Chapter 18 GARP VLAN Registration Protocol GVRP Enabling or Disabling GVRP on a Port To enable or disable GVRP on a port perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select the Layer 2option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 23 on page 90 Select the GVRP tab The GVRP tab is shown in Figure 106 on page 286 In the
88. GVRP Port Configuration section click the ports that you want to configure Click Modify The GVRP Port Configuration page is shown in Figure 107 Port Mode Normal None Figure 107 GVRP Port Configuration Page 6 Click Normal to have the port propagate GVRP information or None to prevent processing GVRP information and transmitting PDUs 7 Click Apply to save the change or Cancel to cancel 288 Section Ill VLANs AT S63 Management Software Web Browser Interface User s Guide Displaying the GVRP Configuration Section IIl VLANs To display the GVRP configuration perform the following procedure 1 From the Home page select Monitoring The System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 25 on page 94 Select the GVRP tab The GVRP tab is shown in Figure 108 EGER CRP Parameters GVRP is Disabled GIP is Enabled Security e Leave Time Leave All Time 60 CentiSeconds 1000 CentiSeconds gos J Tiie System Name Marketing AC Addr 00 30 84 00 00 00 View GVRP Parameters view Port Configuration view GVRP Counters O View GVRP Database View GIP Connected Ports Ring View GVRP State Machine for VLAN Figure 108 GVRP
89. General section displays the following information System Name The name of the switch Administrator The name of the network administrator responsible for managing the switch Comments The location of the switch for example 4th Floor rm 402B 44 Section l Basic Features Section Basic Features AT S63 Management Software Web Browser Interface User s Guide DHCP BOOTP The status of the DHCP and BOOTP client software If enabled the switch is obtaining its IP information from a DHCP and BOOTP server on the network If disabled the IP address must be manually entered MAC Address Aging Timer The time interval an inactive dynamic MAC address can remain in the MAC address table before it is deleted IP Address The switch s IP address Subnet Mask The switch s subnet mask Default Gateway The IP address of a router for remote management System Up Time The length of time since the switch was last reset or power cycled The System Software section displays the following information Application Software The version number and build date of the AT S63 management software Bootloader The version number and build date of the AT S63 bootloader The Hardware section displays the following information Model Name The model name Serial Number The switch serial number Temperature Deg C The current system temperature Upper Temp Threshold Deg C The upper threshold for the switch tempera
90. General tab and click Save Changes To delete an entry SNMPv3 SecurityToGroup Table perform the following procedure From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 In the SNMPv3 section click the button next to Configure SecurityToGroup Table and then click Configure at the bottom of the tab The SNMPv3 SecurityToGroup Table tab is shown in Figure 79 on page 228 Click the button next to the SecurityToGroup Table entry that you want to delete and then click Remove A warning message is displayed Click OK To save your changes return to the General tab and click Save Changes To modify an entry SNMPv3 SecurityToGroup Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 In the SNMPv3 section click the button next to Configure SecurityToGroup Table and then click Configure at the bottom of the tab The SNMPv3 SecurityToGroup Table tab is shown in Figure 79 on page 228 Section Il Advanced Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide 4 Click the
91. ID The VID number assigned to the VLAN Client Name The name of the VLAN If the switch is operating in one of the multiple VLAN modes the names of the VLANs start with Client with the exception of the VLAN containing the uplink port which starts with Uplink Uplink Port This column is applicable only when the switch is operating in one of the two multiple VLAN modes The column lists the port that is functioning as the uplink port for all the other ports on the switch VLAN Type The VLAN type The possible settings are Port Based The VLAN is a port based or tagged VLAN GARP The VLAN was automatically created by GARP Protocol The protocol associated with this VLAN The possible settings are Blank The VLAN is a port based or tagged VLAN GARP The VLAN is a dynamic GVRP VLAN or the port is a dynamic GVRP port of a static VLAN Tagged T Untagged U Port Lists the ports of the VLAN Tagged ports are designated witha T and untagged ports with a U Section III VLANs AT S63 Management Software Web Browser Interface User s Guide Specifying a Management VLAN The management VLAN is the VLAN through which an AT 9400 Series switch expects to receive management packets This VLAN is important if you are managing a switch remotely or using the enhanced stacking feature of the switch For more details about specifying a management VLAN see Chapter 19 Port based and Tagged VLANs in t
92. Included Storage Type Volatile Row Status Active Figure 74 Add New SNMPv3 View Page 5 Inthe View Name field enter a descriptive name for this view Assign a name that reflects the subtree OID for example internet Enter a unique name of up to 32 alohnumeric characters Section II Advanced Features 215 Chapter 16 SNMPv3 216 6 9 Note The defaultViewAll value is the default entry for the SNMPv1 and SNMPv2c configuration You cannot use the default value for an SNMPv3 View Table entry In the Subtree OID field enter a subtree that this view will or will not be permitted to display You can enter either a numeric value in hex format or the equivalent text name For example the OID hex format for TCP IP is 1 3 6 1 2 1 6 The text format is for TCP IP is tcp In the Subtree Mask field enter a subtree mask in hexidecimal format This is an optional parameter that is used to further refine the value of the Subtree OID parameter The Subtree OID parameter defines a MIB View and the Subtree Mask parameter further restricts a user s view to a specific the column and row of the MIB View The value of the Subnet Mask parameter is dependent on the subtree you select For example if you configure the View Subtree parameter as MIB ifEntry 0 3 it has the following value 1 3 6 1 2 1 2 2 1 0 3 To restrict the user s view to the third row all columns of the
93. Layer 3 SI DI Source IP address destination IP address Layer 3 Ports The ports of the trunk 107 Chapter 8 Port Trunking 108 Section Basic Features Chapter 9 Port Mirroring This chapter contains the procedure for creating or deleting a port mirror The sections in the chapter include Q Creating a Port Mirror on page 110 Q Modifying a Port Mirror on page 113 Q Disabling a Port Mirror on page 114 Q Deleting a Port Mirror on page 115 Q Displaying the Port Mirror on page 116 Note For background information on port mirroring refer to Chapter 9 Port Mirroring in the AT S63 Management Software Menus Interface User s Guide Section Basic Features 109 Chapter 9 Port Mirroring Creating a Port Mirror To create a port mirror perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Layer 1 option The Layer 1 page opens with the Port Settings tab displayed by default as shown in Figure 18 on page 74 3 Select the Port Mirroring tab The Port Mirroring tab is shown in Figure 31 AT 9424T SP System Name Marketing MAC Addr 00 30 84 00 00 00 Home Port Mirroring system Total Mirrors 1 Page 1 of 1 a C yer plied 9 Ingress Port s Egress Port s S
94. Management Software AT S63 Web Browser Interface User s Guide AT 9424T SP AND AT 9424T GB LAYER 2 GIGABIT ETHERNET SWITCHES VERSION 1 0 0 Allied Telesyn PN 613 50592 00 Rev A Copyright 2004 Allied Telesyn Inc All rights reserved No part of this publication may be reproduced without prior written permission from Allied Telesyn Inc Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation Netscape Navigator is a registered trademark of Netscape Communications Corporation All other product names company names logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners Allied Telesyn Inc reserves the right to make changes in specifications and other information contained in this document without prior written notice The information provided herein is subject to change without notice In no event shall Allied Telesyn Inc be liable for any incidental special indirect or consequential damages whatsoever including but not limited to lost profits arising out of or related to this manual or the information contained herein even if Allied Telesyn Inc has been advised of known or should have known the possibility of such damages Contents FH UNS is cesses AAEE acacia deel Sedan nase EEEE ENON OTA TAEA OREO 9 Tables fs sec cccssesccsaccsscesexutcasesszesuccestutetsasDaeduac esses toh uae esuiun ia oliriasbastatk fades d enth c
95. Management Access Levels sci cacsssssssssscascsiscssssssscssssansuvecssnessecsessnsnntsansusvensnnvssesssecessonsnsaviecsovstecssddnovaseesabbscnsubseesabbscnonasstssstsnsouesssensarnnwenssoices 28 Section Basic Features hs csissccstisinio tes atacand case tcsn n n ai 29 Chapter 2 Starting a Web Browser Management Session ssssssssssssscsssesecssscecsssececsssesesssseccsssceessscecssssecessseeessssessssscesssssceesssesesnseeeenseeees 31 Starting a Web Browser Management Session ss Web Browser TOO iniia Ea NA EANNA NE E EN NIA Saving YourParameter Changes aosi n ENEA AN EARE EAEAN AA A NEREA Quitting a Web Browser Management Session ssssssccssssscssssscssessecssscecssseeesssseecssscessnseesssssessssscesssssessussessnssesssusecesnsseessnsecesnseessnnsesseee 37 Chapter 3 Basic Switch Parameters iia icsciss cisco icscsseesesstecsasecesaudbcataa lecousda A ENEA NA densa ENEA EEA eens ascertains 39 Contents REBOOTING a SWICK arerioa ennan EAA N AANA NAE N AAE N tay sesequesetbeycedeavecsteabdesbebgettedbeosted 48 Pinging a Remote Systemi seve ccsscasssisaccsascaatesssusblseteddacovebesssutseasavdtevcnniesschaodssed guvedgolseedivessossansebdouviiadnncacvehdassesensecgdubeonigad gesnducadeaastbczasteievavesccoice 49 Returning the AT S63 Management Software to the Factory Default Values sssss sssssssrssssssseessssssseessssseeesssseeeeessssseeresssseeesssseeressss 50 Chapter 4 SNMPv I and SNMPYV2e aiina FEAE ele Ma ele A AN A E A A LaNa
96. Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 From the Monitoring menu select the QoS option The QoS page is displayed with the CoS tab selected by default as shown in Figure 43 eting 0 00 00 Figure 43 CoS Tab Monitoring 3 Click the port where you want to view the settings You can select more than one port at a time A selected port turns white To deselect a port click it again 4 Click View The CoS Setting for Port page is shown in Figure 44 Tees seming torpor O Pot VLAN Id Default Priority Override Priority po o o oo o Figure 44 CoS Setting for Port Page 150 Section Il Advanced Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide The CoS Setting for Port page displays a table that contains the following columns of information Port The port number VLAN ID The VLAN of which the port is a member Default Priority The default priority level for this port Override Priority Whether or not the default priority should be overridden 151 Chapter 12 Quality of Service Displaying the QoS Schedule To display the QoS schedule perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 From the Monit
97. P Tab M itoring sassscscssccucscs tessssassis caassscweencucsdnsticbaciataacocscscssutenvadvaessabedcadashasstususadaguccvastciatindadisobaicecbiesd adeslineseiatebeatasdase View Multicast Hosts List Page ssssssscsssssscssssccssscecssscscsssssesssseesssscsessseecssssessssscessnscessssesssnsceesusesessnscessnscessnseessssesessseessnsess View Multicast Routers List Page sessscsssssccseeeens View Static Multicast Routers List Page Spanning Tree Tab Configuration secseecseeees Configure STP Parameters Tab Configuration sesssssscsssssssscsssscsseccseccsscecsccsssccssssessscessccesscesucesscessecssceesseeeeneeessees STP S ttinGS POrt S PAGS innn aa a a a aeaea Ea A ER o Eig E T E EAE aS Spanning Tree Tab Monitoring sssssssscsssecsssecsssccsssccsscccssecessccsssccesscesssccssscesssccsssccsscesssecessccensecessecssscessseesssecessecsaceesaseessees Monitor STP Parameters Tab Monitoring ssssssssscssseccsssccssccssecsssccssscessecesseccsseecssccesuccesscssucessccessccessccessccessecesucessscesses STP Settings PIJE yrasri nhan ia ai aa Configure RSTP Parameters Tab Configuration RSTP Settings Port s Page sessescssscseecseecseecseecseenes Monitor RSTP Parameters Tab Monitoring sesssssscsssscssssccssscssescsssecssccessccessecesuccessscessecessccssccessccsssccessecessecesscceseeeeseceeses RSTP Settings RAGE aren EE E A E EE R A N U R Spanning Tree Tab Configuration cssccsssss
98. PDU packets If you select Force STP Compatible the bridge uses its MSTP parameter settings but sends only STP BPDU packets from the ports The default is MSTP Bridge Hello Time The time interval between generating and sending configuration messages by the bridge This parameter can be from 1 to 10 seconds The default is 2 seconds This value is active only if the bridge is selected as the root bridge of the network Bridge Forwarding The waiting period before a bridge changes to a new state for example becomes the new root bridge after the topology changes If the bridge transitions too soon not all of the links may have adapted to the change possibly resulting in a network loop The range is from 4 to 30 seconds The default is 15 seconds This setting applies only to ports running in the STP compatible mode Configuration Name The name of the MSTP region The range is 0 zero to 32 alphanumeric characters in length The name which is case sensitive must be the same on all bridges in a region Examples of a configuration name include Sales Region and Production Region Bridge Max Age The length of time after which stored bridge protocol data units BPDUs are deleted by the bridge This parameter applies only if the bridged network contains an STP or RSTP single instance spanning tree Otherwise the bridges use the Max Hop counter to delete BPDUs All bridges in a single instance bridged LAN use this aging time to test t
99. Preface Where to Find Web based Guides 18 The installation and user guides for all Allied Telesyn products are available in portable document format PDF from on our web site at www alliedtelesyn com You can view the documents online or download them onto a local workstation or server AT S63 Management Software Web Browser Interface User s Guide Contacting Allied Telesyn Online Support Email and Telephone Support For Sales or Corporate Information This section provides Allied Telesyn contact information for technical support as well as sales or corporate information You can request technical support online by accessing the Allied Telesyn Knowledge Base at www alliedtelesyn com kb You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions For Technical Support via email or telephone refer to the Support amp Services section of the Allied Telesyn web site www alliedtelesyn com You can contact Allied Telesyn for sales or corporate information at our web site www alliedtelesyn com To find the contact information for your country select Contact Us gt Worldwide Contacts Preface Management Software Updates 20 New releases of management software for our managed products can be downloaded from either of the following Internet sites Q Allied Telesyn web site www alliedtelesyn com Q Allied Telesyn FTP server ftp ftp alliedtel
100. Pv2c implementations Q defaultV1GroupReadOnly Q defaultV1GroupReadWrite Q defaultV2cGroupReadOnly Q defaultV2cGroupReadWrite 221 Chapter 16 SNMPv3 222 10 Note The Context Prefix field is a read only field The Context Prefix field is always set to null In the Read View Name field enter a value that you configured with the View Name parameter in the SNMPv3 View Table This parameter allows the users assigned to this Group Name to view the information specified by the View Table entry This value does not need to be unique In the Write View Name field enter a value that you configured with the View Name parameter in the SNMPv3 View Table This parameter allows the users assigned to this Security Group to write or modify the information in the specified View Table This value does not need to be unique In the Notify View Name field enter a value that you configured with the View Name parameter in the SNMPv3 View Table This parameter allows the users assigned to this Group Name to send traps permitted in the specified View This value does not need to be unique In the Security Model field enter an SNMP protocol Select one of the following SNMP protocols as the Security Model for this Group Name v1 Select this value to associate the Group Name with the SNMPv1 protocol v2c Select this value to associate the Group Name with the SNMPv2c protocol v3 Select this value to associate the Group Na
101. S Priorities to Egress Queues on page 145 To select a scheduling method click either Strict Priority or Weighted Priority in the Configure Egress Weights section of the tab The default is Strict Priority Skip the next step if you select Strict Priority Queue weights do not apply to Strict Priority scheduling If you selected Weighted Priority use the Queue Weight fields to specify for each queue the number of packets you want a port to transmit before it goes to the next queue For an example refer to Table 4 Table 4 Example of Weighted Round Robin Priority Maximum Number of Port Egress Queue Packets Q3 15 Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide Table 4 Example of Weighted Round Robin Priority Continued Port Egress Queue ean Number of Q2 10 Q1 Qo Leaving the default value of 1 for each queue results in all egress queues being given the same priority 6 Click Apply 7 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Section II Advanced Features 149 Chapter 12 Quality of Service Displaying the CoS Settings To display the CoS settings perform the following procedure 1 From the Home page select Monitoring The
102. S63 Management Software Web Browser Interface User s Guide Configuring TACACS To configure TACACS perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the Server based Authentication tab The Server based Authentication tab is shown in Figure 123 on page 324 3 In lower section of the Server based Authentication tab click TACACS Configuration and click Configure The TACACS Client Configuration page is shown in Figure 124 Global Secret Global Server Timeout 1 300 30 second s 1 0 0 0 0 2 0 0 0 0 3 0 0 0 0 Figure 124 TACACS Client Configuration Page 4 Adjust the following parameters as necessary Global Secret If all of the TACACS servers have the same encryption secret you can enter the key here If the servers have different keys you must specify each key when you specify a server s IP address Global Server Timeout This parameter specifies the maximum amount of time the switch waits for a response from a TACACS server before assuming the server cannot respond If the timeout expires and the server has Section IV Security 325 Chapter 22 TACACS and RADIUS not responded the switch queries the next TACACS server in the list If there are no more servers the switch defaults to the standard Manager
103. SSL Key ID None 375 Appendix A AT S63 Default Settings SSL Default Settings The following table lists the SSL default settings SSL Setting Default Maximum Number of Sessions 50 Session Cache Timeout 300 seconds 376 AT S63 Management Software Web Browser Interface User s Guide PKI Default Settings The following table lists the PKI default settings including the generate enrollment request settings PKI Setting Default Switch Distinguished Name None Maximum Number of Certificates 256 Request Name None Key Pair ID 0 Format PEM Type PKCS10 377 Appendix A AT S63 Default Settings SSH Default Settings 378 The following table lists the SSH default settings SSH Setting Default Status Disabled Host Key ID Not Defined Server Key ID Not Defined Server Key Expiry Time 0 hours Login Timeout 180 seconds AT S63 Management Software Web Browser Interface User s Guide Server Based Authentication Default Settings Server Based Authentication Default Settings RADIUS Default Settings TACACS Client Default Settings This section describes the server based authentication RADIUS and TACACS client default settings The following table describes the server based authentication default settings Server based Authentication Setting Default Server based Authentication Disabled Active Au
104. Section III VLANs AT S63 Management Software Web Browser Interface User s Guide Displaying VLANs To display the current VLANs on a switch perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 on page 94 3 Select the VLAN tab The VLAN tab is shown in Figure 105 VLAN Mode User Configured Management VLAN ID 1 Total VLANs 4 Page lof 1 Uplink Port Default_VLAN Port Based U 1 2 17 23 24 Sales Port Based U 5 10 15 16 Name Type Protocol Tagged T Untagged U Ports Production Port Based Engineering Port Based U 3 4 11 14 18 T 17 Figure 105 VLAN Tab Monitoring The upper part of the tab displays the following information Mode The VLAN mode The possible settings are User Configured This mode supports port based and tagged VLANS Multiple 802 1Q The IEEE 802 1Q compliant multiple VLAN mode Section II VLANs 281 Chapter 17 Virtual LANs 282 Multiple The non IEEE 802 1Q compliant multiple VLAN mode Management VLAN ID VLAN ID of the management VLAN The lower part of the tab displays a table that contains the following columns of information VLAN
105. Section IV Security 323 Chapter 22 TACACS and RADIUS Enabling or Disabling TACACS or RADIUS To enable or disable the authentication protocols perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the Server based Authentication tab The Server based Authentication tab is shown in Figure 123 eting 0 00 00 Server based Authentication C Enable Server based Authentication Authentication Method Tacacs RADIUS TACACS Configuration RADIUS Configuration Figure 123 Server based Authentication Tab Configuration 3 To select an authentication protocol in the Authentication Method section of the tab click either RADIUS or TACACS The default is TACACS Note The switch can support only one authentication protocol at a time Additionally you cannot select a different authenticator protocol when this feature is enabled 4 Toenableor disable the authentication feature on the switch click the Enable Server based Authentication check box A check in the box indicates that this feature is enabled No check indicate the feature is disabled The default is disabled 5 Click Apply To configure TACACS go to Configuring TACACS next To configure RADIUS go to Configuring RADIUS on page 329 324 Section IV Security AT
106. System Name IP Address Marketing 149 35 19 172 Security Subnet Mask C Hep eas Comments 149 35 16 1 Passwords Manager Password Operator Password Confirm Manager Password Confirm Operator Password Configuration BOOTP DHCP MAC Address Aging Time Enable O Disable 300 seconds Figure 5 General Tab Configuration 40 Section Basic Features Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Note This procedure describes the parameters in the Administration section of the tab The Passwords section is described in Configuring the Manager and Operator Passwords on page 46 The DHCP BOOTP option is described in Activating the BOOTP and DHCP Client Software on page 43 The maximum aging timer option is described in Changing the Aging Time on page 97 Note The Defaults button returns all parameters in this tab to their default settings The Reset button resets the switch For instructions refer to Rebooting a Switch on page 48 2 Adjust the following parameters as necessary System Name This parameter specifies a name for the switch for example Sales Ethernet switch The name is displayed at the top of the AT S63 management pages and tabs The name can be from 1 to 39 characters The name can include spaces and special characters such as exclamation points and asterisks The default is no name This parameter is optional Note
107. T seny torpon zaa OOOO Total Ports Selected 3 Page 1of1 Security Mode Intruder Action Participating MAC Limit 2 Limited Send Trap Only Yes 10 3 Limited Send Trap Only Yes 10 4 Limited Send Trap Only Yes 10 Figure 115 Security for Port s Page The Security for Ports page displays a table that contains the following columns of information Port The number of the port Security Mode The active security mode on the switch Intruder Action The column specifies the action taken by the switch if a port receives an invalid packet The possible settings are No Action Discard The port discards invalid packets This is the default Trap The port discards invalid packets and sends a trap Trap Disable The port discards invalid packets sends a trap and disables the port Participating This column applies only when the intrusion action for a portis set to trap or disable This option does not apply when intrusion action is set to No Action discard If this option is set to No when intrusion action is set to trap or disable the port discards invalid packets but it does not send a trap or disable the port MAC Limit This column specifies the maximum number of dynamic MAC addresses the port learns It only applies when a port is operating in the Limited security mode 307 Chapter 19 Port Security 308 Section IV Security Chapter 20 Encryption Keys PKI and SSL This chapter explains how t
108. The following sections in this chapter briefly describe each type of management session 23 Chapter 1 Overview Local Management Session 24 You establish a local management session with an AT 9400 Series switch by connecting a terminal or a PC with a terminal emulator program to the terminal port on the switch using the RJ 45 to RS 232 management cable included with the switch The terminal port is located on the front panel of the AT 9400 Series switch This type of management session is referred to as local because you must be physically close to the switch such as in the wiring closet where the switch is located After the session starts a menu is displayed from which you can make selections to configure and monitor the switch You can configure all of a switch s operating parameters from a local management session using the menus or CLI interface Note For instructions on starting a local management session refer to Chapter 2 Starting a Local or Telnet Management Session in the AT S63 Management Software Menus Interface User s Guide A switch does not need an Internet Protocol IP address for you to manage it locally You can start a local management session on a switch at any time It does not affect the forwarding of frames by the device Assigning an AT 9400 Series switch an IP address and designating it as a master switch allows you to manage more than that switch You can manage all of the switches
109. The range is 1 to 10 retransmissions 6 Click Apply 7 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Section IV Security 339 Chapter 23 802 1x Port based Network Access Control Configuring Supplicant Port Parameters To configure supplicant port parameters perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Security option The Security page is displayed with the 802 1x Port Access tab selected by default as shown in Figure 129 on page 334 3 Click the supplicant port that you want to configure You can select more that one supplicant port at a time The selected port turns white Note A port must already be designated as a supplicant before you can configure its settings For instructions on how to set the role of a port refer to Setting Port Roles on page 334 4 Click Settings The Supplicant Parameters page is shown in Figure 131 Auth Period Held Period 30 e Max Start Start Period B so User Name User Password Figure 132 Supplicant Parameters Page 5 Adjust the following parameters as needed 340 Section IV Secur
110. True EE Command Secondary Trusted True EE Command Figure 118 PKI Tab Monitoring The upper section states the maximum number of certificates that can be configured on the switch The lower section displays a table that lists the currently configured certificates and contains the following columns of information Section IV Security Section IV Security AT S63 Management Software Web Browser Interface User s Guide Name The certificate name State The state of the certificate one of the following Trusted The certificate is from a trusted CA Untrusted The certificate is from an untrusted CA MTrust Manually Trusted The certificate has been manually verified that it is from a trusted or untrusted authority Type The certificate type one of the following EE The certificate was issued by a CA CA The certificate belongs to a CA Self A self signed certificate Source The certificate was created on the switch To view the details about a certificate click the certificate and click View The X509 Certificate Details page is shown in Figure 119 X509 Certificate Details Name State Manually Trusted Type Source Version Serial Number Signature Algorithm Public Key Algorithm Not Valid Before Not Valid After Subject Issuer first Trusted True EE Command V3 0X2 0 0x0 mdd5WithRSAEncryption rsaEncryption May 12 07 39 41 2004 GMT May 12 07 39 41 2006
111. VLAN tab The VLAN tab is shown in Figure 103 on page 272 Click the button next to the name of the VLAN you want to delete You cannot delete the Default_VLAN Click Remove A confirmation prompt is displayed Click OK to delete the VLAN or Cancel to cancel the procedure If you click OK the VLAN is deleted from the switch The untagged ports in the VLAN are returned to the Default_VLAN as untagged ports To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Section III VLANs AT S63 Management Software Web Browser Interface User s Guide Selecting a VLAN Mode Section III VLANs The AT S63 management software features three VLAN modes Q Port based and tagged VLAN Mode default mode Q IEEE 802 1Q compliant Multiple VLAN Mode Q Non lEEE 802 1Q compliant Multiple VLAN Mode For background information on port based and tagged VLANs refer to Chapter 19 Port based and Tagged VLANs in the AT S63 Management Software Menus Interface User s Guide For information on the multiple VLAN modes refer to Chapter 20 Multiple VLANs in the AT S63 Management Software Menus Interface User s Guide Note Any port based or tagged VLANs that you may have created are not retained when you change the VLAN mode from the user configured mode to a multipl
112. With this selection users are authenticated with the SHA authentication protocol after a message is received This algorithm generates the message digest The user is authenticated when the authentication protocol checks the message digest With the SHA selection you can configure a Privacy Protocol None This value represents no authentication protocol When messages are received users are not authenticated With the None selection you cannot configure a Privacy Protocol Note You may want to assign NONE to a super user In the Authentication Password field enter an authentication password of up to 32 alphnumeric characters In the Confirm Authentication Password field re enter the authentication password Note If you have the nonencrypted version of the AT S60 software then the Privacy Protocol field is read only Note You can only configure the Privacy Protocol if you have configured the Authentication Protocol with the MD5 or SHA values In the Privacy Protocol field enter one of the following options Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide DES Select this value to make the DES privacy or encryption protocol the privacy protocol for this User Table entry With this selection messages transmitted between the host and the switch are encrypted with the DES protocol None Select this value if you do not want a privacy protocol for this User Table entry W
113. agement interface defaults 359 management VLAN ID configuring 283 default setting 371 management VLAN specifying 283 AT S63 Management Software Web Browser Interface User s Guide manager access 28 46 manager password configuring 46 default setting 359 master switch assigning 66 defined 66 returning to 71 max age default setting 369 Rapid Spanning Tree Protocol RSTP 176 Spanning Tree Protocol STP 168 max hops Multiple Spanning Tree Protocol MSTP 187 max requests 339 max start 341 maximum multicast groups configuring 155 default setting 367 displaying 158 maximum number of sessions default setting 376 MDI MDIX mode 79 MIBs supported 27 MSTI ID creating 189 deleting 190 modifying 190 MSTI ID association to a VLAN adding 192 modifying 193 MSTI lt italic gt See Multiple Spanning Tree Instance MSTI multicast groups maximum configuring 155 displaying 158 multicast host topology configuring 154 default setting 367 displaying 157 multicast MAC address adding 90 deleting 92 displaying 94 multicast router ports configuring 155 158 default setting 367 multicast routers displaying 160 Multiple Spanning Tree Instance MSTI associating to VLANs 192 disassociating from VLANs 192 modifying association to VLANs 193 383 Index MSTIID creating 189 deleting 190 modifying 190 removing a VLAN association 192 Multiple Spanning Tree Protocol MSTP associating VLANs to MSTI IDs 192 bridge forwarding
114. aging an AT 9400 Series switch using the menus interface refer to the AT S63 Management Software Menus Interface User s Guide Preface To manage the switch using the command line interface refer to the AT S63 Management Software Command Line Interface User s Guide A Caution The software described in this documentation contains certain cryptographic functionality and its export is restricted by U S law As of this writing it has been submitted for review as a retail encryption item in accordance with the Export Administration Regulations 15 C F R Part 730 772 promulgated by the U S Department of Commerce and conditionally may be exported in accordance with the pertinent terms of License Exception ENC described in 15 C F R Part 740 17 In no case may it be exported to Cuba Iran lraq Libya North Korea Sudan or Syria If you wish to transfer this software outside the United States or Canada please contact your local Allied Telesyn sales representative for current information on this product s export status 16 AT S63 Management Software Web Browser Interface User s Guide Document Conventions This document uses the following conventions Note Notes provide additional information Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data Warning Warnings inform you that performing or omitting a specific action may result in bodily injury
115. al support and software development Date and Time The date and time the event occurred Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide Event This item contains two parts The first part is the name of the module within the AT S63 management software that generated the event The second part is a description of the event When you display the events in full mode more information is included Figure 39 shows the same portion of the event log in Figure 38 on page 134 but displayed in full mode Date and Time Filename Line Event 04 20 04 04 20 04 04 20 04 04 20 04 04 20 04 04 20 04 04 20 04 06 56 54 04 20 04 06 56 54 04 20 04 06 56 55 06 56 54 filleapp c 131 file File System initialized webserv c 79 http Server reset to defaults atissh c 535 ssh SSH server disabled 06 56 55 cfgmain c 159 cfg Configuration initialized tacacs c 830 tacacs TACACS initialized 06 56 55 radiusclient c 1280 radius RADIUS initialized 06 56 55 06 56 56 garpmain c 259 garp GARP initialized qosapp c 711 qos Number of Egress Queues setto 8 04 20 04 06 56 56 qosapp c 787 qos Priority 1 mapped to Egress Queue 1 oo 0 O O on 2 32 3260 5 06 56 56 qosapp c 787 qos Priority 0 mapped to Egress Queue 0 Section II Advanced Features Figure 39 Event Log Example Displayed in Full Mode In addition to the information di
116. al tab Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Target Address Table entry takes effect immediately 13 Click Apply to update the SNMPv3 Target Address Table 14 To save your changes return to the General tab and click Save Changes To delete an entry in the SNMPv3 Target Address Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 3 In the SNMPVv3 section click the button next to Configure Target Address Table and then click Configure at the bottom of the tab The SNMPv3 Target Address Table tab is shown in Figure 85 on page 239 4 Click Next or Previous to display the SNMPv3 Target Address Table entry that you want to delete 5 Click Remove A warning message is displayed 6 Click OK 241 Chapter 16 SNMPv3 Modifying Target Address 242 Table Entry 7 To save your changes return to the General tab and click Save Changes To modify an entry in the SNMPv3 Target Address Table perform the following procedure 1 6 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default a
117. ame VLAN You cannot create a trunk of ports that are untagged members of different VLANs To modify a port trunk perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select the Layer 1 option The Layer 1 page opens with the Port Settings tab displayed by default as shown in Figure 18 on page 74 Select the Port Trunking tab The Port Trunking tab is shown in Figure 27 on page 100 Click the button next to the port trunk you want to modify and click Modify 103 Chapter 8 Port Trunking 104 The Modify Trunk page is shown in Figure 29 1 Trunk Name Marketing Trunk Method SAYDA Source amp Dest L2 Address Trunk Port Regular Port Figure 29 Modify Trunk Page Note You cannot change the Trunk ID number or the load distribution method of a port trunk Adjust the following parameter as necessary Trunk Name The name can be up to 16 alphanumeric characters No spaces or special characters such as asterisks and exclamation points are allowed Each trunk must have a unique name To add or remove ports from a trunk click the ports in the graphical image of the switch A selected port changes to white An unselected port is black A port trunk can contain up to eight ports Click Apply Changes to a port trunk are activ
118. ansport Tag parameter to the Tag List parameter in the Target Address Table as desired See Creating a Target Address Table Entry on page 238 In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the SNMPv3 Community Table After making changes to an SNMPv3 Community Table entry with a Volatile storage type Save Changes does not appear on the General tab NonVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 Community Table After making changes to an SNMPv3 Community Table entry with a NonVolatile storage type Save Changes appears on the General tab allowing you to save your changes Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Community Table entry takes effect immediately Click Apply to update the SNMPv3 Community Table To save your changes return to the General tab and click Save Changes 257 Chapter 16 SNMPv3 Displaying SNMPv3 Tables This section contains procedures to display the SNMPv3 Tables The following procedures are provided UY Displaying User Table Entries on page 259 UO Displaying View Table Entries on page 261 Displaying Access Table Entries on page 262 Displaying SecurityToGroup Table Entries on page 263 D
119. any times the switch resends an Inform message The Retries parameter applies to Inform messages only The range is 0 to 255 retries The default is 3 retries In the Tag List field enter a list of tags that you configured in a SNMPVv3 Notify Table with the Notify Tag parameter See Creating a Notify Table Entry on page 233 Enter a Tag List of up to 256 alohanumeric characters Use a space to separate entries for example hwengtag swengtag testengtag In the Target Parameters field enter a Target Parameters name This name can consist of up to 32 alphnumeric characters The value configured here must match the value configured with the Target Parameters Name parameter in the SNMPv3 Target Parameters Table In the Storage Type field enter one of the following storage types for this table entry Section Il Advanced Features Deleting a Target Address Table Entry Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide Volatile Select this storage type if you do not want the ability to save an entry in the Target Address Table After making changes to a Target Address Table entry with a Volatile storage type Save Changes does not appear on the General tab NonVolatile Select this storage type if you want the ability to save an entry in the Target Address Table After making changes to a Target Address Table entry with a NonVolatile storage type Save Changes appears on the Gener
120. apter 12 Quality of Service The Scheduling tab is shown in Figure 42 AT 9424T SP nee Configure CoS Priority to Egress SEE Queues C wyer eee cai Security Q0 QoS Prioritya 0 x a1 QoS Priority 1 x C as CoS 2to PO i CoS 3to PO Hep sd Q2 QoS PriorityQ 2 M Q3 QoS PriorityQ 3 v C logot CoS Atopa o CoS Stea e Q4 QoS PriorityQ 4 Q5 QoS PriorityQ 5 Cos 6to PQ a CoS 7 to PQ Q6 QoS PriorityQ 6 Q7 QoS PriorityQ 7 Configure Egress Weights Select Schedule Strict Priority O Weighted Priority Queue 0 Weight Weighted Queue 4 Weight Weighted 0 0 15 a 0 15 Queue 1 Weight Weighted Queue 5 Weight Weighted 0 0 15 a 0 15 Queue 2 Weight Weighted Queue 6 Weight Weighted 0 0 15 a 0 15 Queue 3 Weight Weighted Queue 7 Weight Weighted 0 0 15 a 0 15 Figure 42 QoS Scheduling Tab Configuration Note The Configure Egress Weights section in the tab is explained in the next procedure Configuring Egress Scheduling on page 148 4 Inthe Configure CoS Queues to Egress Queues section of the tab click the list for a CoS priority whose queue assignment you want to change and select the new queue For example to direct all tagged packets with a CoS priority of 5 to egress queue Q3 you would use the list in CoS 5 to PQ and select Q3 QoS PriorityQ 3 5 If desired repeat Step 4 to change the egress queue assignment of other CoS pr
121. aseiha aes Sart TN A RE A E NGAEN 13 Pr face nnns nanan Sicha desu an a a t a a a a E S aN How This Guide is Organized Document Conventions siesena anena A N RN E N E EEE ENRE E ERE Where to Find Web based G idesinesismnisnancniinieen innii anin n ERNE ER AAR A 18 Contacting Alied Telesyn seccionar a AA A AEE A AEEA A AEA TANA NE ARRA 19 OMI GSU POE rissin tiiin a ia ERA AEE EE i a techs ENE E EEEE aai E A 19 Email and Telephone Support For Sales or Corporate Information 19 Management Software Updates ou ssssssssscssssscessessccssessesssssesssesesssesesssesesssseeesusecesssesessnsesessseessssecesnssesssssecesssceessusesesnseeessnsesesnsesesseeeesssseses 20 Chapter 1 OVEN VI OW sre E AAR EA E ENTA AT ONE E AN EN Management Overview 3 Local Managerment SESSION iss csvvosssesiescerssvdersbecenshsdiensbelennhseneotocosnnbescnsoveselbddennbsechaiecbersbpidnshincdenlvccenshaceeolndesrohadbeelndconnbysesvbdversbsovealeversbadershped 24 Telnet Management Session sasscscciccccciststsssesstotsccsssssectotlccneaebecavasssstescatacacanucisteae ouvece laugh EE uassewe 25 Web Browser Management Session ssssssssssscssssscssssecssssecssseccssssceesssseesssssssssseesssseessusscessusesessscessusccesnsseessnssessnssessssseeesussesssuseeesnsecssnnsessste 26 SNMP Manage MENE SESSIO ccc cucccvsessoscsasectopesssuevioecsbenseqodnsscnsdscnsndcsenvvcssnensesduesaintauacesbenstuvorodeduenedeseab saepsoepsausnssedbesiedessdseetaiesuegeusesbvncatesoee 27
122. ated on the switch To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Reconnect the cables to the ports of the trunk Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Deleting a Port Trunk A Caution Disconnect the cables from the port trunk on the switch before performing the following procedure Deleting a port trunk without first disconnecting the cables can create loops in your network topology Data loops can result in broadcast storms and poor network performance To delete a port trunk from the switch perform the following procedure 1 Section Basic Features From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select the Layer 1 option The Layer 1 page opens with the Port Settings tab displayed by default as shown in Figure 18 on page 74 Select the Port Trunking tab The Port Trunking tab is shown in Figure 27 on page 100 Click the button next to the port trunk you want to delete and click Remove The port trunk is deleted from the switch To permanently save the change return to the General tab on the System page and click Save Changes For more information ab
123. b The DoS tab is shown in Figure 139 DoS LAN Subnet IP DoS LAN Subnet Mask e o o e Ie je de Security DoS Uplink Port 24 Ssuscecscce wa ma SynFlood Figure 139 DoS Tab Configuration 4 Ifyou are implementing the SMURF or Land defense you must provide an IP address and mask for your LAN To do this complete the following procedure Otherwise skip ahead to Step 5 a In the DoS LAN Subnet IP field enter the IP address of one of the devices connected to the switch preferably the lowest IP address 352 Section IV Security AT S63 Management Software Web Browser Interface User s Guide b In the DoS Subnet Mask field enter the LAN s mask enter the mask A binary 1 indicates the switch should filter on the corresponding bit of the IP address while a 0 indicates that it should not As an example assume that the devices connected to a switch are using the IP address range 149 11 11 1 to 149 11 11 50 The mask would be 0 0 0 63 c If you are activating the Land defense in the DoS Uplink Port field enter the number of the port connected to the device e g DSL router that leads outside your network You can specify only one uplink port 5 Click the ports in the switch image where you want to enable or disable a defense mechanism 6 Using the DoS Type list select the type of denial of service attack you want to either enable or disable on the ports The possible se
124. bility to save an entry in the Target Address Table After making changes to an Target Address Table entry with a NonVolatile storage type Save Changes appears on the General tab Allied Telesyn recommends this storage type 13 Click Apply to update the SNMPv3 Target Address Table 14 To save your changes return to the General tab and click Save Changes 244 Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide Configuring the SNMPv3 Target Parameters Table You can create delete and modify an SNMPv3 Target Parameters Table entry See the following procedures OY Creating a Target Address Table Entry on page 238 UY Deleting a Target Address Table Entry on page 241 UO Modifying Target Address Table Entry on page 242 For reference information about the SNMPv3 Target Parameters Table see Chapter 18 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide Creating a To create an entry in the SNMPv3 Target Parameters Table perform the Target following procedure Parameters 1 From the home page select Configuration Table Entry The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 3 In the SNMPv3 section click the button next to Configure Target Parameters Table and then click Configure at the bottom
125. ble a port and prevent packets from being forwarded if a problem occurs with the node or cable connected to the port After the problem has been fixed you can enable the port again to resume normal operation You might also want to disable a port that is not being used to secure it from unauthorized connections The possible settings are Enabled The port receives and forwards packets This is the default setting 75 Chapter 6 Port Parameters 76 Disabled The port does not receive or forward packets Speed and Duplex You use this selection to configure a port for autonegotiation or to manually set a port s speed and duplex mode If you select Auto Negotiate for autonegotiation which is the default setting the switch sets both speed and duplex mode for the port automatically Note the following about the operation of autonegotiation on the switch port Q In order for a switch port to successfully autonegotiate its duplex mode with an end node the end node should also be using autonegotiation Otherwise a duplex mode mismatch can occur A switch port using autonegotiation defaults to half duplex if it detects that the end node is not using autonegotiation This results in a mismatch if the end node is operating at a fixed duplex mode of full duplex To avoid this problem when connecting an end node with a fixed duplex mode of full duplex to a switch port you should disable autonegotiation on the port and set the
126. bserver Vp Very Anxious Passive Member Ap Anxious Passive Member Qp Quiet Passive Member Va Very Anxious Active Member Aa Anxious Active Member Qa Quiet Active Member La Leaving Active Member 294 Section IIl VLANs Section III VLANs AT S63 Management Software Web Browser Interface User s Guide Table 7 GVRP State Machine Parameters Continued Parameter Meaning App Continued Non Participant Management state Von Very Anxious Observer Aon Anxious Observer Qon Quiet Observer Lon Leaving Observer Vpn Very Anxious Passive Member Apn Anxious Passive Member Qpn Quiet Passive Member Van Very Anxious Active Member Aan Anxious Active Member Qan Quiet Active Member Lan Leaving Active Member The initialized state for the Applicant is Vo Reg Registrar state machine for the GID index on that particular port One of Mt Empty Lv3 Leaving substate 3 final Leaving substate Lv2 Leaving substate 2 Lvi Leaving substate 1 Lv Leaving substate initial Leaving substate In In Fix Registration Fixed For Registration Forbidden The initialized state for the Registrar is Mt 295 Chapter 18 GARP VLAN Registration Protocol GVRP
127. by this GARP application Receive Invalid GARP Packets Number of invalid GARP PDUs received by this GARP application Receive Discarded GARP Disabled Number of received GARP PDUs discarded because the GARP application was disabled Transmit Discarded GARP Disabled Number of GARP PDUs discarded because the GARP application was disabled This counter is incremented when ports are added to or deleted from the GARP application arising from port movements in the underlying VLAN or STP Receive Discarded Port Not Listening Number of GARP PDUs discarded because the port that received the PDUs was not listening that is MODE NONE was set on the port Transmit Discarded Port Not Sending Number of GARP PDUs discarded because the port that the PDUs were to be transmitted on was not sending that is MODE NONE was set on the port Receive Discarded Invalid Port Number of GARP PDUs discarded because the port that received the PDU does not belong to the GARP application Receive Discarded Invalid Protocol Number of GARP PDUs discarded because the GARP PDU contained an invalid protocol Receive Discarded Invalid Format Number of GARP PDUs discarded because the format of the GARP PDU was not recognized Receive Discarded Database Full Number of GARP PDUs discarded because the database for the GARP application was full that is the maximum number of attributes for the
128. cess Table tab is shown in Figure 76 AT 9424T SP System Name Marketing MAC Addr 00 30 84 00 00 00 System SNMPv3 Access Table Total Entries 6 Page 2 of 6 Group Name Security Model testengineering v3 Security Level Context Prefix AuthPriv Read View Context Match internet Exact Write View Storage Type private NonVolatile Notify View Row Status internet Active Section II Advanced Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide Figure 76 SNMPv3 Access Table Tab Configuration 4 Tocreate an SNMPv3 Access Table entry click Add 5 The Add New SNMPv3 Access page is shown in Figure 77 Group Name gt swengineering Context Prefix Read View internet Write View internet Notify View internet Security Model iva iv Security Level Privacy Context Match Exact Storage Type Row Status Figure 77 Add New SNMPv3 Access Page In the Group Name field enter a descriptive name of the group The Group Name can consist of up to 32 alohnumeric characters You are not required to enter a unique value here because the SNMPVv3 Access Table entry is indexed with the Group Name Security Model and Security Level parameter values However a unique group name makes it easier for you to tell the groups apart There are four default values for this field that are reserved for SNMPv1 and SNM
129. col 253 256 configuration file default name 359 console disconnect interval default setting 360 console startup mode default setting 361 D data compression parameter 321 daylight savings time DST default setting 360 default values AT S63 software 357 Denial of Service DoS defense configuring 352 default settings 368 enabling or disabling 354 mirror port 354 settings displaying 355 distinguished name default setting 377 document conventions 17 documentation 18 duplex mode configuring 76 default setting 364 Dynamic Host Control Protocol DHCP activating 43 default setting 361 E edge port default setting 369 Multiple Spanning Tree Protocol MSTP 196 encryption keys displaying 310 enhanced stacking changing switches 68 configuring 66 default switch setting 362 setting switch status 66 event log clearing 138 default settings 365 382 disabling 128 137 displaying 130 enabling 128 saving to a file 139 severity codes 134 software module list 132 F factory defaults list 357 resetting switch 50 flow control configuring 77 default setting 364 force version default setting 369 Multiple Spanning Tree Protocol MSTP 186 Rapid Spanning Tree Protocol RSTP 175 G GARP VLAN Registration Protocol GVRP configuration displaying 289 configuring 286 counters displaying 296 database displaying 292 default settings 372 disabling 288 enabling 288 GIP connected ports ring displaying 300
130. cssscecssseeessssescssscecsssescssscessssseecsssesesssesessseceessseesssneesesseeessnees 312 Displaying the SSL Settings sain on aaa E E E A AE E E 315 Chapter 21 Secure Shell SSH Configuring SSH on eeesssseeeesseeee Displaying the SSH Settings Chapter 22 TACAGS F and RADIUS iis cos t ces utarssrcrtias oiae a a RR 323 Enabling or Disabling TACACS or RADIUS 0 ssssssssessosseseronseronscesonseroroneteronssoronseseroneseronsessonssesonssesoavereronssesousersraneeronsesersnereronsessonees 324 Configuring TACACS ec Scccsstesctaa destelacsasis ctassctieschsctestohacesheduscca ceeds cebesiGcvaasacstaatalssctbulonsh coesbdbatlegcuacdoudedussialcosa etesesisastecsudalowedebacbestatitahencieanly Displaying the TACACS Settings Configuring RADIUS esssseescenees i Displaying thesRADIWS Settings esecsisscssisssesicdsscsizssstsnassaleevescuststssstvcstteccudevssussviussessccscsausasesthenteldedexceaby eusasevssvussiesastovasiaadenatacteuctadectauans Chapter 23 802 1x Port based Network Access Control ou ccccccccscscsssssssscssessessesscssssssssssesscsssssssssssscssessesssssssessesssssssssssssessesssssssssssssessessesseses 333 Setting Port Roles Enabling or Disabling 802 1x Port based Network Access Control sssssscssssccssssccssseccsssecessseeecssececssseecsnseccsssceessseeessneeessseessnees 336 Configuring Authenticator Port Parameters ou cseseccssessccsseeccsssesccsseeecssssecssseecsssssssssssecssscessn
131. csssssscssssscssseccsssssecssssecssseecsssssesssscessuscessseeecsnseeessseesssseceessseeessssseensseessnees Figure 125 Server Based Authentication Tab Monitoring Figure 126 TACACS Client Configuration Page ou Figure 127 RADIUS Client Configuration Page p Figure 128 RADIUS Client Configuration Page ssssssssssscssssscsssesesssssecssscecsssssesssesecsssesesssesesssecessnscesssssecssscecssseeessseceessseeessneseessseeesnees Figure 129 802 1x Port Access Tab Configuration ssssscsssecsssecsssscsssssssscessccessccsssccessccsssccsssecssscessccsssccensesssscesascessscesasecsaeceaseesssees Figure 130 Port Role Configuration Page ssssssscssssccsssssessssescsssscessseccsssseecsuseessnseesssssessssssessnscessnsesesssseessnsesesusecessusesesnsesessusesessseeessees Figure 131 Authenticator Parameters Page sssssssssssscssssssssessssccsssecssscessccssseccsscesssccsssecessecsascessscessccessecessecsssecessceesscessseesaseceasecenseeeasees Figure 132 Supplicant Parameters Page sesscsseeeeenees Figure 133 802 1x Port Access Tab Monitoring Figure 134 Port Access Port Status Page oss Figure 135 Authenticator Port Parameters Page sssssssssssssscssssscssseecssssscsssscecssseeessssessssseecsssceesssecesssssecssscesssseeesssecsesseceesnssesessseeesnees Figure 136 Supplicant Port Parameters Page ssssssssssssscsssesesssssscssseeesssscesssscecssseessnsssecssscecsssecessseeesssscessssecesnseessssscesssseeess
132. ct a port click it again Click Modify 142 Section II Advanced Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide The CoS Setting for Port page is shown in Figure 41 U cos seting torpor O Z o VLAN Id Default Priority Override Priority C T k Priority Level 0 C Override Priority 5 6 Figure 41 CoS Setting for Port Page Use the Priority list to select a value from Level 1 to Level 7 that corresponds to the egress queue where you want all untagged ingress packets on the port to be stored For example if you select Level 4 all untagged packets received on the port are stored in egress queue Q2 of the egress port The default is Level 0 which corresponds to QO If you perform Step 6 and override the priority level in tagged packets the selected egress queue is also used to store all tagged packets The default values are listed in Table 3 Table 3 Default Mappings of IEEE 802 1p Priority Levels to Priority Queues IEEE 802 1p Priority Level Port Priority Queue Oor1 QO lowest 2 or3 Q1 4or5 Q2 6or7 Q3 highest If you are configuring a tagged port and you want the port to ignore the priority tag in egress tagged packets click the Override Priority option A check in the box indicates this feature is activated All tagged packets are directed to the egress queue specified in Step 6 143 Chapter 12
133. ct this value to process messages with the SNMPv2c protocol v3 Select this value to process messages with the SNMPv3 protocol In the Security Model field select one of the following SNMP protocols as the Security Model for this Security Name or User Name Section Il Advanced Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide v1 Select this value to associate the Security Name or User Name with the SNMPv1 protocol v2c Select this value to associate the Security Name or User Name with the SNMPv2c protocol v3 Select this value to associate the Security Name or User Name with the SNMPv3 protocol In the Security Name field enter a User Name that you previously configured with the SNMPv3 User Table See Creating a User Table Entry on page 207 In the Security Level field select one of the following Security Levels Note The value you configure for the Security Level must match the value configured for the User Name in the User Table Menu See Creating a User Table Entry on page 207 No Authentication Privacy This option represents neither an authentication nor privacy protocol Select this security level if you do not want to authenticate SNMP entities and you do not want to encrypt messages using a privacy protocol This security level provides the least security Note If you have selected SNMPv1 or SNMPv2c as the Security Model you must selec
134. cted by default as shown in Figure 133 on page 342 To review the port access settings click OK to close the Port Access Port Status page and return to the 802 1x Port Access tab To see the port settings click the port and click Settings You can select more than one port at a time 343 Chapter 23 802 1x Port based Network Access Control 344 Note To view the settings of multiple ports you must select ports that have the same port role authenticator or supplicant For authenticator port s the Authenticator Port Parameters page is displayed as shown in Figure 135 AuthenticatorPortParameters Total Ports 1 Page 1of1 ReAuthP SuppTO SwTO Port Ouietp TP maxReq fe aw fo fm fom o fo Figure 135 Authenticator Port Parameters Page The Authenticator Port Parameters page displays a table that contains the following columns of information Port The port number PortCtrl The port control setting The possible settings are Force authorized 802 1x port based authentication is disabled Force unauthorized The port is in an unauthorized state ignoring attempts by the client to authenticate Auto 802 1x port based authentication is enabled QuietP The number of seconds the port remains in a quiet state following a failed authentication exchange with the client TxP The number of seconds that the switch waits for a response to an EAP Request packet identity
135. ctive boot configuration file General Select this option if you are downloading a CA certificate or encryption key or a configuration file that you do not want designated as the active boot configuration file Click Apply The management software notifies you after the download is complete A Caution 124 After an AT S63 switch image file is downloaded the switch must decompress it and write it to flash This can require one to two minutes to complete Do not reset or power off the unit while it is decompressing the file After the file has been decompressed the switch automatically resets Your web browser management session ends To continue managing the switch you must reestablish the management session Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide Uploading a File This procedure explains how to upload a file from the switch s file system to a TFTP server on your network using the web browser interface You can upload any of the following files Q Boot configuration file Q Public encryption key Q CA certificate Q CA enrollment request Note The public key CA certificate and CA enrollment request are supported only on the version of AT S63 management software that features SSL PKI and SSH security Note the following before you begin this procedure L You must use TFTP to download a file from a web browser management session Q There must be a n
136. d or Tagged VLAN Modifying a VLAN sssessssscsssccsssccssecessscessceessecesseeese Deleting a VLAN sescsee Selecting a VLAN MO dE aiccii cccseesciesazatsecoduccheeeleasanadacsntacomsescassnsncaseaaschaanssdeasasedssucnovassoSebassasedaqStaaadhacasboieaddasuobiccentacesssinsuneasacnaaitodestbaetesaledete Displaying VLANS scsccivceccsovcsctiasesciovecosnvscoanasscatniscobeieceguovecedovesesesvesdbovessanveecdhassesuonssdovescanadsatenecatoseccohabsabovtcebrandephouseedesedapbousdsdonscdhobgeloyscdonote Specifying a Management VEAN sisseess cus cciucecocctcnccesdscsualecseactaobbczuccuusactsetecaasconsbsalcsosdcodachaatescuatuatctaacecSusdlbugtedgageashacansetassanaucbaabeabesadeaedeees Chapter 18 GARP VLAN Registration Protocol GVRP scscssssssssscsssscsseccsssccssccsscccssccsssccsssccsssccsssccessecsssccssscesascesssecsuseesuscesaceesueeesuccenseesssees 285 CONMMGUMIMG GVRP cscissscsasacsacatadesncsactescssscestssissssttscosasacuevasspuscaskscseyavenssasseasasaeassussausenssasnecchocusoaesceassatn A A E EEEE 286 Enabling or Disabling GVRP on a Port sesssssscssseccsssccseccssccssecessccessccessccsssecssseccssccsssecsuscessscessscessecessecsssecsssecsssccssseessseesasecsuscesaeesaeesseentes 288 Displaying the GVRP Configuration sssssssscsssesccssessecssesecssesecssssecsssesecssscsesssecscsusessssseecssssecsssescsusceessseseesssecesssscssssseeesnsesesnsecessseeessnees 289 AT S63 Management Software Web Browser Int
137. d to the port The possible settings are Up A valid link exists between the port and the end node Down The port and the end node have not established a valid link Neg The status of autonegotiation on the port The possible settings are Auto Indicates that the port is using autonegotiation to set operating speed and duplex mode Manua Indicates that the operating speed and duplex mode have been set manually MDI X The operating configuration of the port The possible settings are MDI and MDI X 82 Section Basic Features Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Speed The operating speed of the port The possible settings are 0010 10 Mbps 0100 100 Mbps 1000 1000 Mbps Duplex The duplex mode of the port The possible settings are half duplex and full duplex PVID The VLAN identifier VID of the VLAN in which the port is an untagged member This column does not include the VIDs of the VLANs where the port is a tagged member Flow Control The port s flow control setting The possible settings are Enabled Flow control is enabled on the port Disabled Flow control is disabled on the port STP State The operating status of the port The possible settings are Forwarding and Disabled Filtering Enables or disables filtering which discards ingress packets of a particular type The possible settings are B Bcast Broadcast packet filtering
138. default You can also set the rate limit in packets per second The range is 0 to 262143 The default is 262143 Section Basic Features Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Unknown Unicast Rate Limit Use this parameter to enable or disable ingress unknown unicast packet limits and specify a rate limit for the ingress unknown unicast packets The possible settings are Enabled Unknown unicast packet ingress rate limiting is enabled Disabled Unknown unicast packet ingress rate limiting is disabled This is the default You can also set the rate limit in packets per second The range is 0 to 262143 The default is 262143 Multicast Rate Limit Use this parameter to enable or disable ingress multicast packet limits and specify a rate limit for the ingress multicast packets The possible settings are Enabled Multicast packet ingress rate limiting is enabled Disabled Multicast packet ingress rate limiting is disabled This is the default You can also set the rate limit in packets per second The range is 0 to 262143 The default is 262143 HOL Blocking HOL blocking sets a threshold on the utilization of a port s egress queue When the threshold for a port is exceeded the switch signals other ports to discard packets to the oversubscribed port The possible settings are Enabled HOL blocking prevention is activated Disabled HOL blocking is inactiva
139. disconnecting the data cables can create a loop in your network topology which can result in broadcast storms To create a port trunk perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Layer 1 option The Layer 1 page opens with the Port Settings tab displayed by default as shown in Figure 18 on page 74 3 Select the Port Trunking tab The Port Trunking tab is shown in Figure 27 AT 9424T SP Home am Trunking system Total Trunks 1 Page 1 of 1 ID Name Type Ports C ayer 1 Server11 SAIDA 12 16 Security C o Ee C Hep C togout Figure 27 Port Trunking Tab Configuration Any existing trunks are shown in a table 4 Click Add 100 Section Basic Features Section Basic Features AT S63 Management Software Web Browser Interface User s Guide The Add New Trunk page is shown in Figure 28 TL AddNewtrnk Trunk ID Trunk Name Trunk Method Trunk Port Regular Port SADA Source amp Dest L2 Address x Sescsscesees n n Figure 28 Add New Trunk Page 5 Adjust the following parameters as necessary Trunk Name The name for the port trunk The name can be up to 16 alphanumeric characters No spaces or special characters such
140. e The VLAN Mode and Uplink Port options are explained in Selecting a VLAN Mode on page 279 The Mgmt VLAN ID option is explained in Specifying a Management VLAN on page 283 The tab displays an existing VLANs on the switch To add a new VLAN click Add The Add New VLAN page is shown in Figure 104 Name Figure 104 Add New VLAN Page 5 Adjust the following parameters as necessary VID Enter a VID value for the new VLAN The range of the VID value is 2 to 4096 The default is the next available VID number on the switch If this VLAN is unique in your network then its VID should also be unique If this VLAN is part of a larger VLAN that spans multiple switches then the VID value for the VLAN should be the same on each switch For example if you are creating a VLAN called Sales that spans three switches you should assign the Sales VLAN on each switch the same VID value Note A VLAN must have a VID It is important to note that the switch is only aware of the VIDs of the VLANs that exist on the device and not those that might already be in use in the network For example if you add a new AT 9400 Series switch to a network that already contains VLANs that use VIDs 2 through 24 the AT S63 management software still uses VID 2 as the default value when you create the first VLAN on the new switch even though that VID number is already being used by another VLAN on 273 Chapter 17 Virtual LANs
141. e Interval The intervals in seconds at which the switch sends interim accounting updates to the RADIUS server The graphical image of the switch and the Status and Settings buttons refer to the 802 1x Port based Network Access Control settings described in Displaying the Port based Network Access Control Parameters on page 342 349 Chapter 23 802 1x Port based Network Access Control 350 Section IV Security Chapter 24 Denial of Service Defense This chapter contains instructions on how to configure the Denial of Service defense feature on the switch The sections include U Configuring Denial of Service Defense on page 352 Q Displaying the DoS Settings on page 355 Note For background information on denial of service defense refer to Chapter 31 Denial of Service Defense in the AT S63 Management Software Menus Interface User s Guide Section IV Security 351 Chapter 24 Denial of Service Defense Configuring Denial of Service Defense To configure the ports on the switch for Denial of Service attack defense perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Security option The Security page is displayed with the 802 1x Port Access tab selected by default as shown in Figure 129 on page 334 3 Select the DoS ta
142. e VLAN mode and at some point reset the switch The user configured VLAN information is lost and you must recreate the information if you later return the switch to the user configured VLAN mode To select a VLAN mode for the switch perform the procedure below 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 23 on page 90 3 Select the VLAN tab The VLAN tab is shown in Figure 103 on page 272 4 Inthe VLAN Mode section select a VLAN mode Only one mode can be active on the switch at a time The modes are User Configured Port based and tagged VLAN Mode Multiple Non IEEE 802 1Q compliant Multiple VLAN Mode Multiple 802 1Q IEEE 802 1Q compliant Multiple VLAN Mode 279 Chapter 17 Virtual LANs 280 5 If you select one of the multiple VLAN modes specify an uplink port in the Uplink Port field This port functions as the uplink port for the VLANs The default is port 1 Click Apply The new mode is automatically activated on the switch To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36
143. e Web Browser Interface User s Guide Quitting a Web Browser Management Session To exit a web browser management session select the Logout option from the main menu Section Basic Features 37 Chapter 2 Starting a Web Browser Management Session 38 Section Basic Features Chapter 3 Basic Switch Parameters This chapter contains the following sections Q 0D ODODO Oo Section Basic Features Configuring an IP Address and Switch Name on page 40 Q Activating the BOOTP and DHCP Client Software on page 43 Displaying System Information on page 44 Configuring the Manager and Operator Passwords on page 46 Rebooting a Switch on page 48 Pinging a Remote System on page 49 Returning the AT S63 Management Software to the Factory Default Values on page 50 39 Chapter 3 Basic Switch Parameters Configuring an IP Address and Switch Name Note For guidelines about when to assign an IP address subnet address and gateway address to an AT 9400 Series switch refer to When Does a Switch Need an IP Address in Chapter 3 Basic Switch Parameters in the AT S63 Management Software Menus Interface User s Guide To set basic switch parameters for an AT 9400 Series switch perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 e L tayr2_
144. e root bridge 6 Click OK to close the page To reset STP to the factory default settings perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab shown by default as shown in Figure 23 on page 90 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 51 on page 164 Click Configure Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide The Configure STP Parameters tab is shown in Figure 52 on page 167 5 Click Defaults The STP defaults are shown in STP RSTP and MSTP Default Settings on page 369 Section II Advanced Features 173 Chapter 14 STP and RSTP Configuring RSTP 174 A Caution The bridge provides default RSTP parameters that are adequate for most networks Changing them without prior experience and an understanding of how RSTP works might have a negative effect on your network You should consult the IEEE 802 1w standard before changing any of the RSTP parameters To configure RSTP perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration
145. e switch port The port sends the password to the authentication server for verification when the port logs on to the network The password can be from 1 to 16 alphanumeric characters A to Z a toz 1 to 9 Do not use spaces or special characters such as asterisks or exclamation points The password is case sensitive Click Apply To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 341 Chapter 23 802 1x Port based Network Access Control Displaying the Port based Network Access Control Parameters You can display information about the port based network access control status and settings of the ports on the switch This section contains the following procedures Q Displaying the Port Status next QO Displaying the Port Settings on page 343 Displaying the To display the port based network access control port status perform Port Status the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 From the Monitoring menu select the Security option The Security page opens with the 802 1x Port Access tab selected by default as shown in Figure 133 n Name Marketing 802 1x Port Access Port Access Parameters Port Acc
146. ed Network Access Control in the AT S63 Management Software Menus Interface User s Guide Section IV Security 333 Chapter 23 802 1x Port based Network Access Control Setting Port Roles 334 To set port roles for port based network access control perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Security option The Security page is displayed with the 802 1x Port Access tab selected by default as shown in Figure 129 AT 9424T SP System Name Marketing C Addr 00 30 84 4B EF CD Authentication Method RADIUS EAP v ClEnable Accounting Trigger Type Start Stop iv Port Number 1813 C Enable Update Figure 129 802 1x Port Access Tab Configuration The graphical image of the switch shows which ports have already been assigned port roles An A indicates that a port is functioning as an authenticator while an S indicates the port is functioning as a supplicant A black port has not been assigned a port role and is not participating in port based access control This is the default setting for a port Section IV Security AT S63 Management Software Web Browser Interface User s Guide 3 To set a port s role click on the port The selected port turns white You can select more than
147. ed by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 23 on page 90 Section Il Advanced Features Modifying a VLAN Association Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 51 on page 164 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 62 on page 185 In the CIST MSTI Table section of the tab the VLAN Associations field remove the VIDs of the VLANS that you no longer want to be associated with this MSTI You can specify more than one VID at atime for example 2 4 7 Click Apply To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Or proceed to the next procedure to configure the CIST priority To modify a VLAN association perform the following procedure From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by defaul
148. efault as shown in Figure 5 on page 40 From the Monitoring menu select the Security option 347 Chapter 23 802 1x Port based Network Access Control 348 The Security page is displayed with the 802 1x Port Access tab selected by default as shown in Figure 138 Security eting 802 1x Port Access Port Access Parameters Port Access is Disabled Authentication Method RADIUS EAP RADIUS Accounting Accounting Trigger Type Disabled Start_Stop Port Number Type 1813 Network Accounting Update Update Interval Disabled Figure 138 802 1x Port Access Tab Monitoring The RADIUS Accounting section provides the following information Accounting The status of RADIUS accounting either Enabled or Disabled Trigger Type The action that causes the switch to send accounting information to the RADIUS server The possible settings are Start_Stop The switch sends accounting information whenever a client logs on or logs off the network This is the default Stop The switch sends accounting information only when a client logs off Port Number The UDP port for RADIUS accounting Type The type of RADIUS accounting The default is Network Section IV Security Section IV Security AT S63 Management Software Web Browser Interface User s Guide Accounting Update Whether or not the switch sends interim accounting updates to the RADIUS server The options are Enabled or Disabled Updat
149. efault Settings Displaying RSTP Settings nrasane N AT E R RE RE Chapter 15 Creating MOTT IDa Rr i a E AE E ER E A IEO E ER AE A RE E A AEAEE EEN S Deleting an MSTI ID Modifying an MSTIID assosiere a Adding Removing or Modifying VLAN Associations to MSTIs Adding a VLAN Association sesionin ina a E E EA a A AE REN EEE Ei r REMOVING a VEAN ASSOCIATION sannin roina EE E RA EAE RA ET ER Modifying a VLAN ASSOCIATION uisi nesen eE A E NNER AA NETO Configuring MSTP Port Parameters ssssscssessccssesscsssesccssscscsssssecssscecssseecssssecssssscessscecsssssesssscessnsceessssescsssceesssseessuseesssssessnesecessseessnnreeesseeses Displaying the MSTP Port Configuration Displaying the MSTP Port Status Resetting MSTP to the Default Settings Chapter 16 SINMIP V3 oiiire aao ANTEA ERA AA Configuring the SNMPv3 Protocol a Enabling or Disabling SNMP Management ssssscsssssssssseecssseecsssesesssssccssseccsssecsssscecssseessnsseesssscesssseesussesssssesesnseeesssecessnseeessneceesnseeesnees 205 Configuring the SNMPV3 User Table euez iir ia aAA EREA A E E E AAN EAEE 207 Creating a User Table Emery acessssesccsassccsstedcscteutesstasesteutcsstedsestnedssetsdbesteetosnsiiestaadeentsddegnnadesntaecgshascestaueetebadcpacaseesssyscegleguegunssbentessegeaagened 207 Deleting a User Table EMI esnea anaa E E EE E E oaauenamadebasantvaeadeonaee 210 Contents Modifying a User Table Entry sssssssssccssss
150. elected by default as shown in Figure 5 on page 40 From the Configuration menu select the Layer 2 option The Layer 2 page opens with the MAC Address tab selected by default as shown in Figure 23 on page 90 In the Delete All Dynamic MAC Addresses section click Delete 93 Chapter 7 MAC Address Table Displaying the MAC Address Tables To view the MAC address table perform the following procedure 1 From the Home page select Monitoring The System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 25 hn i a SS View unicast MAC Addresses O View All View MAC Addresses on Port s S O View Static View MAC Addresses for VLAN Hep O view Dynamic View MAC Address View Multicast MAC Addresses View All O view MAC Addresses on Port s O View Static O View MAC Addresses for VLAN O View Dynamic View MAC Address Figure 25 MAC Address Tab Monitoring The tab contains two sections The upper section displays unicast addresses the lower part displays multicast addresses The options function the same in both sections and are described below You can select only one option at a time View All Displays all dynamic addresses learned on the ports of the switch and all sta
151. ement session is ended To continue managing the switch you must restart your management session after the switch is finished reloading the AT S63 management software If you activated STP go to Configuring STP on page 166 If you activated RSTP go to Configuring RSTP on page 174 If you activated MSTP go to Configuring MSTP on page 184 183 Chapter 15 MSTP Configuring MSTP Configuring MSTP Parameters 184 This section contains the following procedures O Configuring MSTP Parameters on page 184 Q Configuring the CIST Priority on page 187 Q Creating Deleting or Modifying MSTI IDs on page 189 Q Adding Removing or Modifying VLAN Associations to MSTIs on page 192 QO Configuring MSTP Port Parameters on page 195 Note MSTP must be selected as the active spanning tree protocol on the switch before you can configure it For instructions on selecting the active spanning tree refer to Enabling MSTP on page 182 Note When MSTP is enabled the GVRP tab is not shown on the Configuration or Monitoring Layer 2 page To configure MSTP parameters perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default
152. er to Chapter 14 IGMP Snooping in the AT S63 Management Software Menus Interface User s Guide Section Il Advanced Features 153 Chapter 13 IGMP Snooping Configuring IGMP Snooping To configure IGMP snooping perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the IGMP tab The IGMP tab is shown in Figure 46 C Enable IGMP Snooping Host Router Timeout Interval 1 to 86400 Multicast Host Topology 260 seconds Single Host Port Edge Maximum Multicast Groups 1 to 255 Multi Hosts Port Intermediate 64 Multicast Router Ports Mode Auto Detect O Manual Select Figure 46 IGMP Tab Configuration 3 Adjust the following parameters as necessary Enable IGMP Snooping Status Enables and disables IGMP snooping on the switch A check in the box indicates that IGMP is enabled Multicast Host Topology Defines whether there is only one host node per switch port or multiple host nodes per port Possible settings are Edge Single Host Port and Intermediate Multi Host Port The Edge Single Host Port setting is appropriate when there is only one host node connected to each port on the switch This setting causes the switch to immediately stop sending multicast packets out a switch port when a host node signals its desire to leave a multicast gr
153. erface User s Guide Displaying the GVRP Port Configuration seesssssescsssssscssssecssscesssseessssscesssseesssscecsssseesssseesssseecssseccsnseeesssseecsnseeessseeesssenssssesesseeeesssesessees 291 Displaying the GVRP Database ccscscisscsessicss cissscsssescosscausctonsscsessccsdactesieenccstastctiaabenatvausssnecoodstend cansssgeisnscsadndsechansasosbbecadeibestessetadetssonctsapeteaions 292 Displaying the GVRP State Machine sssssssssscsssseecssssccsssseesssscecsssccesssscesssscccssscecssscecsssseecssssesssscecssscessssseecsssecessssssssssceesssceesnsecsesnseessnees 293 Displaying the GVRP COUNTES scenon oane E oabesecnaue tate actabhachaslecaupsconbas RRRA 296 Displaying the GIP Connected Ports RING ssessccssssscssssscsssssesssscccssseecsssscesssssecssscecsssscesssseecssseecssssesssscessssseecsssesessssesssssessnseeessnsesessseeesnees 300 Section IV Security recosscces cates sates tse ec cece case caeee eae tec catches aac asatpcstea cassessmmnaatentaaitaas steams 303 Chapter 19 Port Security aeann n R KNAAR E NAAA 305 Displaying the MAC Address Security Level ssssssessssssseesssssseessssseeesssssseeesssseeeesssseeeessseeeeesssssteeessnseeeessssstersssseteeensseteesssseteessssteeessssteeess 306 Chapter 20 Encryption Keys PKI and SSL yesos sanne na a a a a a a a a aotea aeeoeia aoii rens 309 Displaying the Encryption Keys a Displaying the PKI Settings and Certificates os sssssesssssssecssseccssssesssssesssssc
154. erved Figure 2 AT S63 Login Page 3 Enter a user name and password For manager access enter manager as the user name The default password is friend For operator access enter operator as the user name The default password is operator Login names and passwords are case sensitive For information on the two access levels refer to Management Access in Chapter 1 Overview of the AT S63 Management Software Menus Interface User s Guide You cannot change the user names To change a password refer to Configuring the Manager and Operator Passwords on page 46 Section I Basic Features 33 Chapter 2 Starting a Web Browser Management Session The home page is shown in Figure 3 Copyright 2004 Allied Telesyn Inc All rights reserved Figure 3 Home page The main menu is on the left side of the home page It consists of the following selections Q Enhanced Stacking OY Configuration LY Monitoring Q Logout Note The Enhanced Stacking selection is included in the menu only if the switch is a master switch A web browser management session remains active even if you link to other sites You can return to the management web pages anytime as long as you do not quit the browser 34 Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Web Browser Tools You can use the web browser tools to move around the management
155. es on page 36 115 Chapter 9 Port Mirroring Displaying the Port Mirror To display the port mirror perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 From the Monitoring menu select the Layer 1 option The Layer 1 page is displayed with the Port Settings tab selected by default as shown in Figure 20 on page 81 3 Select the Port Mirroring tab The Port Mirroring tab is shown in Figure 34 System Name Marketing MAC Addr 00 30 84 00 00 00 Fone Por Mirroring system Total Mirrors 1 Page 1 of 1 a be sd Ingress Port s Egress Port s Status PE Ez aoe Figure 34 Port Mirroring Tab Monitoring The Port Mirroring tab displays a table that contains the following columns of information Mirror to Port The destination port to which the traffic is copied and where the network analyzer is located Ingress Port s The source ports whose ingress traffic is mirrored to the destination port Egress Port s The source ports whose egress traffic is mirrored to the destination port Status The status of the mirroring feature The possible settings are 116 Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Enabled Traffic is being copied to the destination port Disab
156. esccssesecsssceecssscesssscecsssceesssscessssecessscecssseeesssscecsseeeessseeeessees 57 Figure 12 Modify SNMPv1 amp SNMPv2c Community Page sssssssessssssessssssseessssseeeesssseeeesseeetessssseeresssteeessssteteressseteressseteessstteessssteeessss 59 Figure 13 SNMP Tab Monitoring sssscsssscsssccsssscsssccsssccsscccssscsssccessccessccsssccssscessscesssccsssccssscessccessccessccessecessecsssccessecsssecsasecsaeceaeecesseeenseesss 62 Figure 14 SNMPv1 amp SNMPv2c Communities Tab Monitoring sssssssscssesccseccsseccssecessccessccessccsssccsssccssecesscecssecssseesseccensecsasecesseesse 63 Figure 15 Enhanced Stacking Tab Configuration 67 Figure 16 Stacking Switches Page ssssssssssccssessecseeeeessees Figure 17 Enhanced Stacking Tab Monitoring a Figure 18 Port Settings Tab Configuration renesse i anan AE AAS NEG Figure 19 Port Configuration Page csssssssssssssscssssscsssssscsssscssseseesssseessseeecssscessseceesssceesssseessuseesssscesssscecsusscessuscessusseecsusecesssesensseeesnsecsessees Figure 20 Port Settings Tab MONItOriNg ssssssssessssessssescssessssesssscsssssssssssssssssssesssessssssssuessseasseessssessneessuassusessneessneessseessneessneessneessneesse Figure 21s POF StAtUs Page nes sais sceseies divs aR A A A RAAR AA ERRANA R ARRE Figure 22 Port Statistics Page ssssssesssssssssesecsceeeeeeesreeseseseeeeee Figure 23 MAC Address Tab Configuration Figure 24 Add MAC Addres
157. esnsesessseesssnseeessssesssees Deleting a Notify Table Entry iscssclszscessescosce ER E ES AART Modifying a Notify Table Entry ou sssssssssssscssssscsssscecssscsesssssccssssecsssssesssssessssseessssessssseessusceessseessnssesssssecesusseessssecesnseessnssesssssecesnseesess Configuring the SNMPv3 Target Address Table 00 esssssesscsssesccssssecssscecsssssecssscsesssccesnseeesssscsessscsesnseessssecssnscessssesssuscesssseeesnssecsnnseessnee 238 Creating a Target Address Table Entry Deleting a Target Address Table Entry 241 Modifying Target Address Table Entry we 242 Configuring the SNMPv3 Target Parameters Table sssssssscssssscsssssecssscecssssesssscessssccesssscesssscesssscessuseeesnseenssnsccesnseeesnssessssseeesnesessate 245 Creating a Target Parameters Table Entry ccsssssssssssssssscsssscsssccssscessssessccsssccssssccssccessecsnsccsssecsasecsacsessccesuccessecessccessecessecenseeeseeesse 245 Deleting a Target Parameters Table Entry sssssssssccssecsssscsssecsssscsssessuscesuccessscsssecsssccessecessccsssecssccessccessecesseceaseesaseesaseesaseesaseeessees 248 Modifying a Target Parameters Table Entry 0 sssssssssssssscssssscsssescsssssccssscecsssscessssessssscesssssesssssecssssesssssceessssesssnseessnseessnssesssnseessne 249 Configuring the SNMPv3 Community Table 0 0 essssessesseeees 252 Creating an SNMPv3 Community Table Entry we 252 Deleting an SNMPv3 Community Table Entry we 255 Modifying an SNMPv3 Comm
158. esoasescoatetosonsessbsustconinicsagsschodbedsbasucoatvtghousadroueaschotsarouesvesanstccostsdesaipiososbetebiess 152 Chapter 13 IGMP SOO Pir sisccsssasccsisscecciscsccisscacaetcncoaasczesiipgcsuassdeabisgesuassdeteusecavesstasencacavesstaualeceavescoouavec sves clouds cuosibeasaubnseus eosabbntaxsavecsssubesibentetbepbesseantos Configuring IGMP Snooping zs Displaying a List of Host Nodes 0 Displaying a List of Multicast Routers Chapter 14 STP and RSTP steiscessessateseschsecsstetcanssfesccteaeschatsusssdvaeatozetars deansbcbeashtesecentlesohscSashaldasetedcteatbeusucccssatalcasudccessadcaabacvastesa cheteccesssbobasdadennsheSbebisduetabendests 163 GOMPIQUIIAG STP ss asssscse sssscsssseonssancascssasessiettusensussteseesSvscasuaseassacuancsdzayasteacsadlaaesadedssesdayeasuosnsbaaceds eatacobsbscnseshdgasnaseanshd duahsavacrsadinsdonssahciaakzatea Displaying the STP Settings 2cxciss cvsssssoatesstaiescssatesseaiesduoasacsouiiadaassstnatiendalancoditacnaistcnodayceadascu abecesbalcnaaansceabeiensaaugresbatentonianciiansouiialaas Resetting STP to the Default Settings eessssssescssssccsssescessssecsnsecssssessssssccessscssssseeesssecesssseessuscessssesessscessnsesesnsecessseesssnsesesseeeesssees CONFIQUTIMNG RSTP sisscncssssesciectescsssusssessssisevusesasnssuscsssvtssndvbers cibvndtsensscbesatissensvosnassognecebersoubenudugsodsnberasebvodspassssessvodopeersdvberadtusendesbenadivsensonsenasniee Resetting RSTP to the D
159. ess is Disabled Authentication Method RADIUS EAP Security E u Aecounang Accounting Trigger Type _ logot Disabled Start_Stop Port Number Type 1813 Network Accounting Update Update Interval Disabled Figure 133 802 1x Port Access Tab Monitoring 342 Section IV Security Displaying the Port Settings Section IV Security AT S63 Management Software Web Browser Interface User s Guide 3 To see the status of the port click the port and click Status You can select more than one port at a time The Port Access Port Status page is shown in Figure 134 Total Ports 1 Page lof 1 Port Role Status Additional Info Authenticator Figure 134 Port Access Port Status Page The Port Access Port Status page displays a table that contains the following columns of information Port The port number Port Role The port role None Authenticator or Supplicant Status The options include Initialize Disconnected and so forth Additional Info More information about the port including the MAC address To display the port based network access control port settings perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 From the Monitoring menu select the Security option The Security page opens with the 802 1x Port Access tab sele
160. essseceanees Figure 101 SNMPv3 Target Parameters Table Tab Monitoring ssssssssesccssesecssseecsssccessscecsnsccesssceesssscecssecesssscsesnsceessnsesessseessnees 266 Figure 102 SNMPv3 Community Table Tab Monitoring ssessssssssccssseecssscecsssececssscccssscecsssscessssceessseecssseecssseecssseesuseccesssceesnsseeessees 267 Figure 103 VLAN Tab Configuration Figure 104 Add New VLAN Page nsss Figure 105 VLAN Tab Monitoring Figure 106 GVRP Tab Configuration Figure 107 GVRP Port Configuration Page sssssscsssccsssscseccssscsssccssescssseesseccssccessscessscesseccsuecesssecsuccessecessccsssccessecssscesssecsaseceaecssseeeasees Figure 108 GVRP Tab Monitoring cceccsccssscsscseatacesacsecnezsacts souctentcsessenaselavsadaaghaasasesstaupssanusduasagaaddacusclaasutcsesousghauasdasuanbasbeaaseciaasanbentaises Figure 109 GVRP Port Configuration Page sssssscsseccsssscsseccsssccsccsssscssscesseesssccessscesssccssscessscesuceessccessecsssccsssccssscessscesssecsaeesaeessseeeasees Figure 1 10 GVRP Database Pageants cscsscvsessissinsssiccuiscasssscscezsascusascadesacuscslesstesis neuatobesseabcssstctentacheslachahcasedoszasbausssavadbeasestipadsaiteddasocouaneteaibns Figure 111 GVRP State Machine for VLAN Page Figure 112 GVRP Counters Page ssssssssseseseseseseseeeeeeeeeeerereee Figure 113 GIP Connected Ports RING Page sesssescseeeene Figure 114 Port Security Tap Monitoring sssss
161. esyn com If you prefer to download new software from the Allied Telesyn FTP server using your workstation s command prompt you need the FTP client software and you must log in to the server Enter anonymous as the user name and your email address for the password Chapter 1 Overview This chapter describes the AT S63 software functions the types of sessions you can use to access the software and the management access levels This chapter contains the following sections LI Management Overview on page 22 Local Management Session on page 24 Telnet Management Session on page 25 Web Browser Management Session on page 26 SNMP Management Session on page 27 Oovo vo Oo Management Access Levels on page 28 21 Chapter 1 Overview Management Overview 22 The AT S63 management software is intended for the AT 9400 Series switches You use the software to monitor and adjust the switch s operating parameters Some of the functions you can perform with the software include Q Enable and disable ports U Configure port parameters such as speed and duplex mode Create virtual LANs VLANs Create port trunks and port mirrors Assign an Internet Protocol IP address and subnet mask Oo vo O Activate and configure the Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP or Multiple Spanning Tree Protocol MSTP Q Activate enhanced stacking functions Q Configure Qualit
162. ettings 357 resetting to factory defaults 50 AT S63 software updates downloading 20 obtaining 20 auth period 341 authentication failure trap default setting 363 authentication protocols enabling or disabling 324 autonegotiation configuring 76 B back pressure configuring 78 default setting 364 Boot Protocol BootP activating 43 default setting 361 bridge forwarding delay default setting 369 Multiple Spanning Tree Protocol MSTP 186 Rapid Spanning Tree Protocol RSTP 176 Spanning Tree Protocol STP 168 bridge hello time default setting 369 Multiple Spanning Tree Protocol MSTP 186 Rapid Spanning Tree Protocol RSTP 176 Spanning Tree Protocol STP 168 bridge identifier Rapid Spanning Tree Protocol RSTP 176 Spanning Tree Protocol STP 169 bridge max age default setting 369 Multiple Spanning Tree Protocol MSTP 186 Rapid Spanning Tree Protocol RSTP 176 Spanning Tree Protocol STP 168 bridge priority default setting 369 Rapid Spanning Tree Protocol RSTP 175 Spanning Tree Protocol STP 167 bridge protocol data unit BPDU 176 broadcast filter default setting 364 browser tools 35 381 Index C ciphers available parameter 321 CIST priority parameter 187 Class of Service CoS configuring 142 mapping to egress queues 145 schedule displaying 152 scheduling configuring 148 settings displaying 150 Common and Internal Spanning Tree CIST configuring 187 community name SNMPv1 and SNMPv2c 57 SNMPVv3 proto
163. everity types D Debug Debug messages provide detailed high volume information that is intended only for technical support personnel E Error Only error messages are displayed Error messages indicate that the switch operation is severely impaired W Warning Only warning messages are displayed These messages indicate that an issue may require manager attention l Information Only informational messages are displayed Informational messages display useful information that you can ignore during normal operation ALL All messages of any type are displayed To select more than one severity use lt Ctrl gt click To choose the chronological order of events in the display for Display Order click one of the following Chronological Displays the events in the order from the oldest event to the most recent event This is the default Reverse Chronological Displays the events in from the most recent event to the oldest event To select the format of the event log for Mode click one of the following 131 Chapter 11 Event Log 132 Normal Displays the time module severity and description for each event This is the default An example of Normal mode is shown in Figure 38 on page 134 Full Displays the same information as Normal plus the file name line number and event ID An example of Full mode is shown in Figure 39 on page 135 To display events of a particular AT S63 software module from t
164. following procedure From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 23 on page 90 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 51 on page 164 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 62 on page 185 In the Configure CIST Parameters section set the CIST Priority the priority number for the bridge This number is used to determine the root bridge of the bridged network This number is analogous to the RSTP bridge priority value The bridge in the network with the lowest priority number is selected as the root bridge If two or more bridges have the same bridge or CIST priority values the bridge with the numerically lowest MAC address becomes the root bridge 187 Chapter 15 MSTP 188 6 Click Apply 7 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide Creating Deleting or Modifying MSTI IDs Creating an MSTI ID Section II
165. fy Table oO Configure Target Address Table oO Configure Target Parameters Table oO Configure Community Table Figure 9 SNMP Tab Configuration 3 Click the Enable SNMP Access checkbox to enable or disable SNMP management A check in the box indicates that the feature is enabled meaning that the switch can be managed from an SNMP management station No check indicates that the feature is disabled The default is disabled 4 Ifyou want the switch to send authentication failure traps click the Enable Authentication Failure Traps checkbox A check in the box indicates that the switch sends the trap 54 Section I Basic Features AT S63 Management Software Web Browser Interface User s Guide 5 Click Apply A change to SNMP access is immediately activated on the switch The community strings that already exist on the switch are displayed in a table 6 To permanently save the change return to the General tab on the System page and click Save Changes Section Basic Features 55 Chapter 4 SNMPv1 and SNMPv2c Creating a New SNMPv1 and SNMPv2c Community To create a new SNMPv1 and SNMPv2c community perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the SNMP tab The SNMP tab is shown in Figure 9 on page 54 3 Inthe SNMPv1 amp SNMPv2c section click Configu
166. ge 40 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 In the SNMPv3 section click the button next to Configure Target Parameters Table and then click Configure at the bottom of the tab The SNMPv3 Target Parameters Table tab is shown in Figure 88 on page 245 Click the button next to the Target Parameters Table entry that you want to change and then click Modify The Modify SNMPv3 Target Parameter page is shown in Figure 90 on page 249 Target Parameters Name snmpy3manager1 00 Message Processing Model iva Security Model 2 v3 v Security Name chitra Security Level Privacy Storage Type NonVolatile Row Status Active Figure 90 Modify SNMPv3 Target Parameter Page Note Enter a value for the Message Processing Model field only if you select SNMPv1 or SNMPv2c as the Security Model If you select the SNMPVv3 protocol as the Security Model then the switch automatically assigns the Message Processing Model to SNMPv3 249 Chapter 16 SNMPv3 250 In the Message Processing Model field enter a Security Model that is used to process messages Select one of the following SNMP protocols v1 Select this value to process messages with the SNMPv1 protocol v2c Select this value to process messages with the SNMPv2c protocol v3 Select this value to process messages with the SNMPv3 protocol In the Security Model field select one of the following
167. gged VLANs as well as management VLANs refer to Chapter 19 Port based and Tagged VLANs inthe AT S63 Management Software Menus Interface User s Guide For more information about the multiple VLAN modes refer to Chapter 20 Multiple VLANs in the AT S63 Management Software Menus Interface User s Guide Section Ill VLANs 271 Chapter 17 Virtual LANs Creating a New Port Based or Tagged VLAN To create a new port based or tagged VLAN perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 23 on page 90 3 Select the VLAN tab The VLAN tab is shown in Figure 103 bayer VLAN Mode Uplink Port User Configured O Multiple Multiple 802 1Q 1 SD ovan o ges Total VLANs 4 Page lof 1 VLANID Client Name ye Protocol Tagged T Untagged U Ports Default_VLAN U 1 2 17 23 24 Sales U 5 10 15 16 Production Engineering U 3 4 11 14 18 T 17 Figure 103 VLAN Tab Configuration Note The Modify and Remove buttons are not shown in the tab if the only VLAN on the switch is the Default_VLAN 272 Section III VLANs Section IIl VLANs AT S63 Management Software Web Browser Interface User s Guid
168. he Module Selections list select one or more of the modules listed in Table 1 To select more than one module use lt Ctrl gt click Table 1 AT S63 Software Modules Name Description ACL Access control lists ALL All modules CFG Configuration file CLI Command line interface commands DOS Denial of Service defense ENCO Encryption keys ESTACK Enhanced stacking EVTLOG Event log FILE File system GARP GARP VLAN Registration Protocol HTTP Web server IGMPSNOOP IGMP snooping IP IP configuration MAC MAC address table MGMTACL Management ACL PACCESS 802 1X Port based Access Control PCFG Port configuration PKI Public Key Infrastructure Section Il Advanced Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide Table 1 AT S63 Software Modules Continued Name Description PMIRR Port mirroring PSEC Port security PTRUNK Port trunking QOS Quality of Service RADIUS RADIUS authentication protocol RRP RRP Snooping SNMP Simple Network Management Protocol SSH Secure Shell protocol SSL Secure Sockets Layer protocol STP Spanning Tree Rapid Spanning Tree and Multiple Spanning Tree protocols SYSTEM Hardware status Manager and Operator log in and log off events TACACS TACACS authentication protocol TELNET TELNET TFTP Trivial File
169. he authentication password Note If you have the nonencrypted version of the AT S60 software then the Privacy Protocol field is read only Note You can only configure the Privacy Protocol if you have configured the Authentication Protocol with the MD5 or SHA values In the Privacy Protocol field enter one of the following options DES Select this value to make the DES privacy or encryption protocol the privacy protocol for this User Table entry With this selection messages transmitted between the host and the switch are encrypted with the DES protocol 209 Chapter 16 SNMPv3 Deleting a User 210 Table Entry 10 11 12 13 None Select this value if you do not want a privacy protocol for this User Table entry With this selection messages transmitted between the host and the switch are not encrypted In the Privacy Password field enter a privacy password of up to 32 alphnumeric characters In the Confirm Privacy Password field re enter the privacy password In the Storage Type field enter one of the following storage options for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the User Table After making changes to an User Table entry with a Volatile storage type Save Changes does not appear on the General tab NonVolatile Select this storage type if you want the ability to save an entry in the User Table After making changes to an U
170. he screen Click OK to continue Manager IP Address1 through Manager IP Address 8 Enter an IP Address of a switch that is permitted SNMP manager access to the current switch You can enter up to 8 Manager IP Addresses Trap Receiver IP Address 1 through Trap Receiver IP Address 8 Use the above selections to specify the IP addresses of up to 8 trap receivers on your network that can receive traps from the switch 6 Click Apply 7 To save your changes return to the General tab and click Save Changes 60 Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Deleting an SNMPv1 and SNMPv2c Community Section Basic Features To delete an existing SNMPv1 and SNMPv2c community perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 Select the SNMP tab The SNMP tab is shown in Figure 9 on page 54 In the SNMPv1 amp SNMPv2c section click Configure The SNMPv1 amp SNMPv2c Communities tab is shown in Figure 10 on page 56 Click the button next to the community name and click Remove A warning message is displayed Click OK To save your changes return to the General tab and click Save Changes 61 Chapter 4 SNMPv1 and SNMPv2c Displaying the SNMPv1 and SNMPv2c Communities To display the SNMPv1 and SNMPv2c communities perform the
171. he AT S63 Management Software Menus Interface User s Guide Note You cannot specify a management VLAN when the switch is operating in a multiple VLAN mode To specify the management VLAN perform the following procedure 1 Section III VLANs From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 23 on page 90 Select the VLAN tab The VLAN tab is shown in Figure 103 on page 272 For the Mgmt VLAN ID parameter enter the VID of the VLAN on the switch that you want to function as the management VLAN The VLAN must already exist on the switch The default is 1 which is the VID of the Default_VLAN Click Apply To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 283 Chapter 17 Virtual LANs 284 Section Ill VLANs Chapter 18 GARP VLAN Registration Protocol GVRP This chapter contains instructions on how to configure GARP VLAN Registration Protocol GVRP This chapter contains the following procedures Q Q Covovo vo Uv Configuring GVRP on page 286 Enabling or Disabling GVRP on a Port
172. he age of stored configuration messages called bridge protocol data units BPDUs For example if you use the default of 20 all bridges delete current configuration messages after 20 seconds The range of this parameter is from 6 to 40 seconds The default is 20 seconds In selecting a value for maximum age the following must be observed MaxAge must be greater than 2 x HelloTime 1 MaxAge must be less than 2 x ForwardingDelay 1 Section Il Advanced Features Configuring the CIST Priority Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide Bridge Max Hops MSTP regions use this parameter to discard BPDUs The Max Hop counter in a BPDU is decremented every time the BPDU crosses an MSTP region boundary After the counter reaches zero the BPDU is deleted Revision Level The revision level of an MSTP region This is an arbitrary number that you assign to a region The revision level must be the same on all bridges in a region Different regions can have the same revision level without conflict The range is 0 zero to 255 Click Apply To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Or proceed to the next procedure to configure the CIST priority To configure the CIST priority perform the
173. he web browser interface The Active value indicates the SNMPv3 SecurityToGroup Table entry takes effect immediately 7 Click Apply to update the SNMPv3 SecurityToGroup Table 8 To save your changes return to the General tab and click Save Changes 232 Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide Configuring the SNMPv3 Notify Table Creating a Notify Table Entry Section II Advanced Features You can create delete and modify an SNMPv3 Notify Table entry See the following procedures Q Creating a Notify Table Entry on page 233 Q Deleting a Notify Table Entry on page 235 U Modifying a Notify Table Entry on page 236 For reference information about the SNMPv3 Notify Table see Chapter 18 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide To create an entry in the SNMPv3 Notify Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 3 Inthe SNMPv3 section click the button next to Configure Notify Table and then click Configure at the bottom of the tab 233 Chapter 16 SNMPv3 The SNMPv3 Notify Table tab is shown in Figure 82 AT 9424T SP Home SNMPvs Notify Table _
174. his parameter refer to Point to Point and Edge Ports in Chapter 16 STP and RSTP in the AT S63 Management Software Menus Interface User s Guide Point to Point This parameter defines whether the port is functioning as a point to point port The possible settings are Yes No and Auto Detect For an explanation of this parameter refer to Point to Point and Edge Ports in Chapter 16 STP and RSTP in the AT S63 Management Software Menus Interface User s Guide Port External Path Cost The port cost of the port if the port is connected to a bridge which is a member of another MSTP region or is running STP or RSTP The range is 0 to 200 000 000 The default setting is 200 000 After adjusting the parameters click Apply To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Repeat this procedure to configure MSTP parameters for other switch ports Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide Displaying the MSTP Port Configuration Section II Advanced Features To display the MSTP port configuration perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44
175. how to display the MAC address security levels on the ports on the switch It contains the following section Q Displaying the MAC Address Security Level on page 306 Note For background information on port security refer to Chapter 23 Port Security in the AT S63 Management Software Menus Interface User s Guide Note You cannot configure the MAC address security feature using the web browser interface You can only configure this feature using the menus or CLI interfaces 305 Chapter 19 Port Security Displaying the MAC Address Security Level To display the MAC address security level of a port perform the following procedure 1 From the Home page select Monitoring The System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 25 on page 94 3 Select the Port Security tab The Port Security tab is shown in Figure 114 Figure 114 Port Security Tab Monitoring 4 Click the port whose port security level you want to view A selected port turns white You can select more than one port at a time 5 Click View 306 Section IV Security Section IV Security AT S63 Management Software Web Browser Interface User s Guide The Security for Port s page is shown in Figure 115
176. ic Switch Parameters Rebooting a Switch 48 Note Any parameters changes that have not been saved are discarded when a system is reset To save parameter changes refer to Saving Your Parameter Changes on page 36 To reboot a switch perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 Click Reset A confirmation prompt is displayed Click OK to reset the switch or Cancel to cancel the procedure Note The switch does not forward packets while it reloads the AT S63 management software a process that takes approximately 20 seconds to complete Resetting the switch ends your web browser management session You must restart the session to continue managing the switch Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Pinging a Remote System You can instruct the switch to ping a node on your network This procedure is useful in determining whether a valid link exists between the switch and another device To ping a network device perform the following procedure 1 From the home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 Select the Ping Client tab The Ping Client tab is shown in Figure 7 Ping Client System IP Address
177. ication messages between the client and the authentication server Each client that attempts to access the network is uniquely identified by the switch using the client s MAC address Quiet Period Sets the number of seconds that the port remains in the quiet state following a failed authentication exchange with the client The default value is 60 seconds The range is 0 to 65 535 seconds TX Period Sets the number of seconds that the switch waits for a response to an EAP request identity frame from the client before retransmitting the request The default value is 30 seconds The range is 1 to 65 535 seconds Reauth Period Enables periodic reauthentication of the client which is disabled by default The default value is 3600 seconds The range is 1 to 65 535 seconds Supplicant Timeout Sets the switch to client retransmission time for the EAP request frame The default value for this parameter is 30 seconds The range is 1 to 600 seconds Server Timeout Sets the timer used by the switch to determine authentication server timeout conditions The default value for this parameter is 10 seconds The range is 1 to 60 seconds Section IV Security AT S63 Management Software Web Browser Interface User s Guide Max Requests Specifies the maximum number of times that the switch retransmits an EAP Request packet to the client before it times out the authentication session The default value for this parameter is 2 retransmissions
178. ify table is used to send inform messages With this message type the switch expects a response from the host In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Notify Table After making changes to a Notify Table entry with a Volatile storage type Save Changes does not appear on the General tab NonVolatile Select this storage type if you want the ability to save an entry in the Notify Table After making changes to a Notify Table entry with a NonVolatile storage type Save Changes appears on the General tab Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Notify Table entry takes effect immediately Click Apply to update the SNMPv3 Notify Table To save your changes return to the General tab and click Save Changes To delete an entry in the SNMPv3 Notify Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 In the SNMPv3 section click the button next to Configure Notify Table and then click Configure at the bottom of the tab The SNMPv3 Notify Table tab i
179. interface For more information about encryption keys refer to the AT S63 Management Software Menus Interface User s Guide To display the encryption keys perform the following procedure 1 Security From the Home page select Monitoring The System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 From the Monitoring menu select the Security option The Security page is displayed with the 802 1x Port Access tab displayed by default as shown in Figure 116 System Name Marketing MAC Addr 00 30 84 00 00 00 802 1x Port Access Port Access Parameters Port Access is Disabled Authentication Method RADIUS EAP RADIUS Accounting Accounting Trigger Type Disabled Start_Stop Port Number Type 1813 Network Accounting Update Update Interval Disabled 60 3 310 Figure 116 802 1x Port Access Tab Monitoring Select the Keys tab Section IV Security AT S63 Management Software Web Browser Interface User s Guide The Keys tab is shown in Figure 117 Total Keys 1 Page lof 1 Key ID Algorithm Length Digest Description 243 RSAPrivate 512 E8DD94FB Local key Security iL Figure 117 Keys Tab Monitoring The Keys tab displays a table that contains the following columns of information ID The identification number of the key Algorithm The algorithm used in creating the encryption Thi
180. iorities 6 Click Apply 146 Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide 7 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Section II Advanced Features 147 Chapter 12 Quality of Service Configuring Egress Scheduling This procedure explains how to select and configure a scheduling method for QoS Scheduling determines the order in which the ports handle packets in their egress queues For an explanation of the two scheduling methods refer to Scheduling in Chapter 13 Quality of Service in the AT S63 Management Software Menus Interface User s Guide Scheduling is set at the switch level You cannot set this at the port level To change scheduling perform the following procedure 1 148 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select the QoS option The QoS page is displayed with the CoS tab selected by default as shown in Figure 40 on page 142 Select the Scheduling tab The Scheduling tab is shown in Figure 42 on page 146 Note The Configure CoS Queues to Egress Queues section in the tab is explained in the previous procedure Mapping Co
181. is name must be unique Enter a value of up to 32 alphnumeric characters Note Do not use a value configured with the User Name parameter in the SNMPv3 User Table In the Transport Tag field enter a name of up to 32 alphnumeric characters The Transport Tag parameter links an SNMPv3 Community Table entry with an SNMPv3 Target Address Table entry Add the value you configure for the Transport Tag parameter to the Tag List parameter in the Target Address Table as desired See Creating a Target Address Table Entry on page 238 In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the SNMPv3 Community Table After making changes to an SNMPv3 Community Table entry with a Volatile storage type Save Changes does not appear on the General tab NonVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 Community Table After making changes to an SNMPv3 Community Table entry with a NonVolatile storage type Save Changes appears on the General tab Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Community Table entry takes effect immediately Section Il Advanced Features Deleting an SNMPv3 Community Table Entry Modifying an SNMPv3 Community Table Ent
182. isplaying 116 modifying 113 port parameters configuring basic 74 Multiple Spanning Tree Protocol MSTP 184 Rapid Spanning Tree Protocol RSTP 174 Spanning Tree Protocol STP 166 port priority default setting 369 Multiple Spanning Tree Protocol MSTP 195 Rapid Spanning Tree Protocol RSTP 177 Spanning Tree Protocol STP 169 port role default setting 374 port security default settings 373 displaying 306 intrusion action 307 port speed configuring 76 default setting 364 port trunk creating 100 deleting 105 displaying 106 modifying 103 port based VLAN creating 272 deleting 278 displaying 281 modifying 276 Public Key Infrastructure PKI default settings 377 settings displaying 312 Q Quality of Service QoS default settings 366 quiet period configuring 338 R RADIUS configuring 329 default settings 379 disabling 324 displaying settings 331 enabling 324 server timeout 332 RADIUS accounting configuring 346 settings displaying 347 RADIUS server encryption secret 330 encryption secret configuring 326 IP address configuring 330 Rapid Spanning Tree Protocol RSTP bridge forwarding delay 176 bridge hello time 176 bridge identifier 176 bridge max age 176 bridge priority 175 bridge settings configuring 174 default settings 369 disabling 164 182 edge port configuring 177 enabling 164 182 force version 175 parameters displaying 170 197 point to point port configuring 177 port cost 177 port priority
183. isplaying Notify Table Entries on page 264 Displaying Target Address Table Entries on page 265 Displaying Target Parameters Table Entries on page 266 CO oO oF Oo oO fo Displaying SNMPv3 Community Table Entries on page 267 258 Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide Displaying User To display entries in the SNMPv3 User Table perform the following Table Entries procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 Select the SNMP tab The SNMP tab is shown in Figure 94 C ayer SNMP Access Disabled Security Authentication Failure Trap Disabled snweviivac View SNMPv12c Communities SNMPv3 SNMP Engine ID 80 00 00 CF 03 00 30 84 AB EF CD View User Table O View View Table Oview Access Table Oview SecurityToGroup Table O View Notify Table O View Target Address Table Oview Target Parameters Table Oview Community Table Figure 94 SNMP Tab Monitoring 3 Inthe SNMPv3 section click the button next to View User Table and then click View at the bottom of the tab Section II Advanced Features 259 Chapter 16 SNMPv3 260 The SNMPv3 User Table tab is shown in Figure 95 AT 9424T SP System SNMPv3 User Table Total Entries 7 Page 1of 2 User Name Authentication
184. ith this selection messages transmitted between the host and the switch are not encrypted 9 In the Privacy Password field enter a privacy password of up to 32 alphnumeric characters 10 In the Confirm Privacy Password field re enter the privacy password 11 In the Storage Type field enter one of the following storage options for this User Table entry Volatile Select this storage type if you do not want the ability to save an entry in the SNMPv3 User Table After making changes to an SNMPv3 User Table entry with a Volatile storage type Save Changes does not appear on the General tab NonVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 User Table After making changes to an SNMPv3 User Table entry with a NonVolatile storage type Save Changes appears on the General tab Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 User Table entry takes effect immediately 12 Click Apply to update the SNMPv3 User Table 13 To save your changes return to the General tab and click Save Changes Section II Advanced Features 213 Chapter 16 SNMPv3 Configuring the SNMPv3 View Table You can create delete and modify an SNMPv3 View Table entry See the following procedures Q Creating a View Table Entry on page 214 Q Deleting a View Table Entry on page 217
185. ity Section IV Security 6 7 AT S63 Management Software Web Browser Interface User s Guide Auth Period Specifies the period of time in seconds that the supplicant waits for a reply from the authenticator after sending an EAP Response frame The range is 1 to 60 seconds The default is 30 seconds Held Period Specifies the amount of time in seconds the supplicant is to refrain from retrying to re contact the authenticator in the event the end user provides an invalid username and or password After the time period has expired the supplicant can attempt to log on again The range is 0 to 65 535 seconds The default value is 60 seconds Max Start Specifies the maximum number of times the supplicant sends EAPOL Start frames before assuming that there is no authenticator present The range is 1 to 10 The default is 3 Start Period Specifies the time period in seconds between successive attempts by the supplicant to establish contact with an authenticator when there is no reply The range is 1 to 60 The default is 30 User Name Specifies the username for the switch port The port sends the name to the authentication server for verification when the port logs on to the network The username can be from be from 1 to 16 alphanumeric characters A to Z a toz 1 to 9 Do not use spaces or special characters such as asterisks or exclamation points The username is case sensitive User Password Specifies the password for th
186. k Enable to enable the SNMP community Click Disable to disable the SNMP community Access Mode Click Read Only to allow read access to the SNMP community To allow read write access to the SNMP community click Read Write Allow Any Station Click this option to allow any SNMP manager to access the switch When you click this option a warning message appears on the screen Click OK to continue 57 Chapter 4 SNMPv1 and SNMPv2c Manager IP Address1 through Manager IP Address 8 Enter an IP Address of a switch that is permitted SNMP manager access to the current switch You can enter up to 8 Manager IP Addresses Trap Receiver IP Address 1 through Trap Receiver IP Address 8 Use the above selections to specify the IP addresses of up to 8 trap receivers on your network that can receive traps from the switch 6 Click Apply 7 To save your changes return to the General tab and click Save Changes 58 Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Modifying an SNMPv1 and SNMPv2c Community Section Basic Features To modify an SNMPv1 and SNMPv2c community perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 Select the SNMP tab The SNMP tab is shown in Figure 9 on page 54 In the SNMPv1 amp SNMPv2c section click Configure The SNMPv1
187. layed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 23 on page 90 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 61 AT 9424T SP Tree system tayera E Active Protocol Version CI Enable Spanning Tree STP ORSTP O MSTP Security J Ss Apply Help _ toot Configure Spanning Tree Parameters Configure Figure 61 Spanning Tree Tab Configuration Note If you do not want to change the active spanning tree protocol and just want to enable or disable it go to Step 5 182 Section II Advanced Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide To change the active spanning tree protocol on the switch click STP RSTP or MSTP in the Active Protocol Version section of the tab The default is RSTP Note Only one spanning tree protocol can be active on the switch at a time To enable or disable the active spanning tree protocol on the switch click the Enable Spanning Tree check box A check indicates that the spanning tree is enabled while no check indicates that spanning tree is disabled The default is disabled Click Apply Note If you changed the active spanning tree protocol the switch resets and your manag
188. lections are Syn Flood attack Smurf attack Land attack Tear drop attack COovo vw Oo Ping of death attack IP Options 7 Click Modify To configure all the ports click Modify All The DoS Configuration for Ports page opens as shown in Figure 140 Status Disabled O Enabled Action o Mirror Port Block M 0 Mirror Port Figure 140 DoS Configuration for Ports Page Section IV Security 353 Chapter 24 Denial of Service Defense 8 Adjust the settings as needed The parameters are described below Status Click Enable or Disable to enable or disable DoS on the selected ports Action The action a port takes when an intruder packet is received Although five possible selections are shown in the Action list box they all do the same thing block the packet record the event and drop the packet Mirror Port This option applies to the Land Tear Drop Ping of Death and IP Options You can use this option to copy offending traffic to another port on the switch You can specify only one mirror port Specifying a mirror port is not required 9 Click Apply The defense is immediately activated on the ports 10 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 354 Section IV Security AT S63 Management Software Web Brow
189. led No traffic is being mirrored Section Basic Features 117 Chapter 9 Port Mirroring 118 Section Basic Features Section I Advanced Features The chapters in this section explain additional switch management features of the AT S63 management software The chapters include OY Chapter 10 File Downloads and Uploads on page 121 Chapter 11 Event Log on page 127 Chapter 12 Quality of Service on page 141 Chapter 14 STP and RSTP on page 163 Q Q Q Chapter 13 IGMP Snooping on page 153 Q Q Chapter 15 MSTP on page 181 120 Section Il Advanced Features Chapter 10 File Downloads and Uploads This chapter contains the procedure for downloading a new AT S63 image file onto the switch This chapter also contains procedures for uploading and downloading system files such as a boot configuration file from the file system in the switch This chapter contains the following sections QO Downloading a File on page 122 Q Uploading a File on page 125 Section Il Advanced Features 121 Chapter 10 File Downloads and Uploads Downloading a File This procedure explains how to download a file from a TFTP server on your network to the switch using the web browser interface You can download any of the following files Q AT S63 image file Q Boot configuration file Q Public key Q CAcertificate Note The public key and CA certificate are supported only on
190. lowing information Port Number The port number Mode The port mode either Normal or None 291 Chapter 18 GARP VLAN Registration Protocol GVRP Displaying the GVRP Database To display the GVRP database perform the following procedure 1 292 From the Home page select Monitoring The System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 25 on page 94 Select the GVRP tab The GVRP tab is shown in Figure 108 on page 289 In the View GVRP Parameters section click View GVRP Database Click View The GVRP Database page is shown in Figure 110 Page 1of0 GID Index Used ves Figure 110 GVRP Database Page The GVRP Database page provides the following information GID Index The value of the GID index corresponding to the attribute VLAN ID The value of the attribute Used Whether the GID index is currently being used by any port in the GARP application Section Ill VLANs AT S63 Management Software Web Browser Interface User s Guide Displaying the GVRP State Machine Section III VLANs To display the GVRP state machine perform the following procedure 1 From the Home page select Monitoring The System page is displayed with the General tab selected by default as shown
191. m yourself click Manual Select and enter the ports in the field Host Router Timeout Interval Specifies the time period in seconds after which the switch determines that a host node has become inactive An inactive host node is a node that has not sent an IGMP report during the specified time interval The range is from 1 second to 86 400 seconds 24 hours The default is 260 seconds This parameter also specifies the time interval used by the switch in determining whether a multicast router is still active The switch makes the determination by watching for queries from the router If the switch does not detect any queries from a multicast router during the specified time interval it assumes that the router is no longer active on the port Maximum Multicast Groups Specifies the maximum number of multicast groups the switch learns The range is 1 to 255 groups The default is 64 multicast groups This setting is useful with networks that contain a large number of multicast groups You can use the parameter to prevent the switch s MAC address table from filling up with multicast 155 Chapter 13 IGMP Snooping 156 addresses leaving no room for dynamic or static MAC addresses The range is 1 address to 2048 addresses The default is 256 multicast addresses Click Apply To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes but
192. me with the SNMPv3 protocol In the Security Level field enter a security level Select one of the following security levels No Authentication Privacy This option represents neither an authentication nor privacy protocol Select this security level if you do not want to Section Il Advanced Features Section II Advanced Features 11 AT S63 Management Software Web Browser Interface User s Guide authenticate SNMP entities and you do not want to encrypt messages using a privacy protocol This option provides the least security Note If you have selected SNMPv1 or SNMPv2c N NoAuthNoPriv is the only security level you can select Authentication This option permits an authentication protocol but not a privacy protocol Select this security level if you want to authenticate SNMP users but you do not want to encrypt messages using a privacy protocol You can select this value if you configured the Security Model parameter with the SNMPv3 protocol Privacy This option represents authentication and the privacy protocol Select this security level to allow authentication and encryption This level provides the greatest level of security You can select this value if you configured the Security Model parameter with the SNMPv3 protocol Note The Context Match field is a read only field The Context Match field is always set to Exact In the Storage Type field select one of the following storage types for this table entry
193. meter settings for the individual ports on a switch Examples of the parameters that you can adjust include port speed and duplex mode This chapter contains the following procedures Q Configuring Port Parameters on page 74 D Displaying Port Status on page 81 Q Displaying Port Statistics on page 85 U Resetting a Port to the Default Settings on page 88 Note For further information about port parameters refer to Chapter 6 Port Parameters in the AT S63 Management Software Menus Interface User s Guide Section Basic Features 73 Chapter 6 Port Parameters Configuring Port Parameters To configure the parameter settings of a port on the switch perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select the Layer 1 option Select the Port Settings tab The Port Settings tab is shown in Figure 18 Layer 1 Port Settings 74 Figure 18 Port Settings Tab Configuration Click the port in the graphical switch image that you want to configure The selected port turns white You can select more than one port at a time to configure To deselect a port click it again Click Modify To configure all the ports click Modify All Note If you select Modify All you cannot configure the port name or set
194. n specify up toa maximum of three servers You can leave the encryption field blank if you entered the server s key in the Global Secret field 5 Click Apply 6 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 330 Section IV Security AT S63 Management Software Web Browser Interface User s Guide Displaying the RADIUS Settings To display the RADIUS settings on the switch perform the following procedure 1 Section IV Security From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 Select the Server based Authentication tab The Server based Authentication tab is shown in Figure 125 on page 327 The upper part of the page shows if server based authentication is enabled or disabled and the authentication method The lower part of the page allows you to view either the settings for the current authentication method In the lower portion of the page click RADIUS Settings Click View The RADIUS Client Configuration page is shown in Figure 126 Global Encryption Key Global Server Timeout 1 60 ATI 30 second s Port IP Address 1 65535 Encryption Key 149 11 11 11 1812 s24aa 149 22 22 22 1812 s45nnn 0 0 0 0 1812 Not Defined
195. n the web browser interface The Active value indicates the SNMPv3 Target Parameters Table entry takes effect immediately Click Apply to update the SNMPv3 Target Parameters Table To save your changes return to the General tab and click Save Changes To delete an entry in the SNMPv3 Target Parameters Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 In the SNMPv3 section click the button next to Configure Target Parameters Table and then click Configure at the bottom of the tab The SNMPv3 Target Parameters Table tab is shown in Figure 88 on page 245 Click the button next to the Target Parameters Table entry that you want to delete and then click Remove A warning message is displayed Click OK Section Il Advanced Features Modifying a Target Parameters Table Entry Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide 6 To save your changes return to the General tab and click Save Changes To modify an entry in the SNMPv3 Target Parameters Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on pa
196. nagement Software Web Browser Interface User s Guide Trap Indicates this notify table is used to send traps With this message type the switch does not expects a response from the host Inform Indicates this notify table is used to send inform messages With this message type the switch expects a response from the host In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Notify Table After making changes to an Notify Table entry with a Volatile storage type Save Changes does not appear on the Configuration Tab NonVolatile Select this storage type if you want the ability to save an entry in the Notify Table After making changes to an Notify Table entry with a NonVolatile storage type Save Changes appears on the Configuration Tab Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Notify Table entry takes effect immediately Click Apply to update the SNMPv3 Notify Table To save your changes return to the General tab and click Save Changes 237 Chapter 16 SNMPv3 Configuring the SNMPv3 Target Address Table You can create delete and modify an SNMPv3 Target Address Table entry See the following procedures Q Creating a Target Address Table Entry on page 238 OY
197. neral tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 23 on page 90 3 Select the Enhanced Stacking tab 66 Section Basic Features AT S63 Management Software Web Browser Interface User s Guide The Enhanced Stacking tab is shown in Figure 15 Enhanced Stacking Switch State Master Unavailable Layer 2 Figure 15 Enhanced Stacking Tab Configuration 4 Click the desired enhanced stacking status for the switch The default is Slave 5 Click Apply The new enhanced stacking status is immediately activated on the switch 6 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Section I Basic Features 67 Chapter 5 Enhanced Stacking Selecting a Switch in an Enhanced Stack 68 Before you perform any procedure on a switch in an enhanced stack check to be sure that you are performing it on the correct switch If you assigned system names to your switches identifying your switches is easy The AT S63 management software displays the name of the switch being managed at the top of every management menu When you start a web browser management session
198. nfiguration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 3 In the SNMPVv3 section click the button next to Configure View Table and then click Configure The SNMPv3 View Table tab is shown in Figure 73 on page 215 4 Click the button next to the View Table entry that you want to delete and then click Remove A warning message is displayed 5 Click OK 6 To save your changes return to the General tab and click Save Changes 217 Chapter 16 SNMPv3 218 Modifying a View Table Entry To modify an entry in the SNMPv3 View Table perform the following procedure 1 5 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 In the SNMPv3 section click the button next to Configure View Table and then click Configure at the bottom of the tab The SNMPv3 View Table tab is shown in Figure 73 on page 215 Click the button next to the SNMPv3 View Table entry that you want to change and then click Modify The Modify SNMPv3 View page is shown in Figure 75 T ModiysnMpvsview View Name mgmt Subtree OID gt 1 3 6 1 2 Subtree Mask View Type Included Storage Type NonVolatile Ro
199. nform messages only The range is from 0 to 2 147 483 647 milliseconds The default value is 1500 milliseconds In the Retries field enter the number of times the switch retries or resends an Inform message When an Inform message is generated it requires a response from the switch This parameter determines how many times the switch resends an Inform message The Retries parameter applies to Inform messages only The range is 0 to 255 retries The default is 3 retries In the Tag List field enter a list of tags that you configured with the Notify Tag parameter in a Notify Table entry See Creating a Notify Table Entry on page 233 Enter a Tag List of up to 256 alphanumeric characters Use a space to separate entries for example hwengtag swengtag testengtag In the Target Parameters field enter a Target Parameters name This name can consist of up to 32 alphnumeric characters The value configured here must match the value configured with the Target Parameters Name parameter in the Target Parameters Table In the Storage Type field enter one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Target Address Table After making changes to a Target Address Table entry with a Volatile storage type Save Changes does not appear on the General tab 243 Chapter 16 SNMPv3 NonVolatile Select this storage type if you want the a
200. ng is Automatic detect which sets port cost depending on the speed of the port Default values are 2 000 000 for 10 Mbps ports 200 000 for a 100 Mbps ports and 20 000 for one gigabit ports Point to Point This parameter defines whether the port is functioning as a point to point port The possible settings are Yes No and Auto Detect For an explanation of this parameter refer to Point to Point and Edge Ports in Chapter 16 STP and RSTP in the AT S63 Management Software Menus Interface User s Guide Edge Port This parameter defines whether the port is functioning as an edge port The possible settings are Yes and No For an explanation of this parameter refer to Point to Point and Edge Ports in Chapter 16 STP and RSTP in the AT S63 Management Software Menus Interface User s Guide 9 After you have configured the parameters click Apply 177 Chapter 14 STP and RSTP Resetting RSTP 178 to the Default Settings Displaying RSTP Settings 10 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Note All changes to a port s RSTP settings with the exception of port cost are activated immediately A change to the port cost value requires you to reset the switch A new port cost value is not implemented until the unit is rese
201. ngs 361 system time default setting 360 T TACACS configuring 325 default settings 379 disabling 324 displaying settings 327 enabling 324 server timeout 329 379 tagged VLAN creating 272 deleting 278 displaying 281 modifying 276 Telnet management session defined 25 Telnet default setting for remote management 359 TFTP default setting for remote management 359 tx period configuring 338 U unavailable status defined 66 uplink port configuring 280 default setting 371 user name configuring 341 default 33 user password configuring 341 UTC offset default setting 360 Vv versions supported SSH parameter 320 virtual LAN VLAN associating to MSTI IDs 192 creating 272 default settings 371 deleting 278 displaying 281 mode selecting 279 modifying 276 VLAN name default setting 371 w web browser management session defined 26 limitations 26 quitting 37 starting 32 web server default settings 375 AT S63 Management Software Web Browser Interface User s Guide 387 Index 388
202. nte 369 Spanning Tree Switch Settings uu ssssssccsssssccsssccsssesessseessssscessssseesnsscesssssessussessnsesssnsssesssscseasecessssesssnsesessseeessnsesssstecesssseessnseessnseesese 369 STP Default Settings 0 w 369 RSTP Default Settings MSTP Default Settings VLAN Default Settings sssssscsassscissssacsssessvossuscsssasccassadsucascateasseshoassatesuseneaucssnisestesuceasnisesbeusesrauscoteuecesbniseatounteatandephosvcesbandephouscasovescatouecetovecsoneiels 371 GVRP Default Stein S csecseissicz dussatsusinscasasabsuslgntacteacaiecdetasosebastatadesddnassbababescnbeshapuosscbovestodasn E A A N 372 Port Security Default Settings on sssssscssssscsssssccssssccssssscssnsscesssscesssesesssseessssesesssesessuseesssseessssesssnsesesssecessusecessseeessseeessesesesnseseennsesessseeseseeees 373 802 1x Port Based Network Access Control Default Settings 0 ssssscsssssscsssesesssescsssssscssssecssssscssseccsssseesscecssssseessseeesnsessssseeesseeeees 374 Web Server Default Settings SSL Default Settings PKI Default Settings SSH Default Settings Server Based Authentication Default Settings 0 ssessscssssscsssssecsessccssssecsssssecssscesssssecsssssesssssessssessussecsssscessssseessssecesssecsssseeesnereessseeesss 379 Server Based Authentication Default Settings os ssssssseccssssscsssssccssssccssssscssseeesssssecsnscesssseessssssessusccssscecsssesssusesssnseessneseessnseessne 379 RADIUS Default Settings sicicccsc ccscsitciel arrr
203. nter a value that you configured with the View Name parameter in the View Table This parameter allows the users assigned to this Group Name to view the information specified by the View Table entry This value does not need to be unique In the Write View Name field enter a value that you configured with the View Name parameter in the View Table This parameter allows the users assigned to this Security Group to write or modify the information in the specified View Table This value does not need to be unique In the Notify View Name field enter a value that you configured with the View Name parameter in the View Table This parameter allows the users assigned to this Group Name to send traps permitted in the specified View This value does not need to be unique 225 Chapter 16 SNMPv3 226 9 10 11 Note The Context Match field is a read only field The Context Match field is always set to Exact In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Access Table After making changes to an Access Table entry with a Volatile storage type Save Changes does not appear on the General tab NonVolatile Select this storage type if you want the ability to save an entry in the Access Table After making changes to an Access Table entry with a NonVolatile storage type Save Changes appears on
204. ntrol on the port This is the default Enabled Flow control is activated For further information about flow control refer to Chapter 6 Port Parameters in the AT S63 Management Software Menus Interface User s Guide Back Pressure Use this parameter to set back pressure on a port This option only appears for ports operating in half duplex mode A switch port uses back pressure to control the flow of ingress packets The possible settings are Enabled Back pressure is enabled Disabled Back pressure is disabled This is the default For further information about back pressure refer to Chapter 6 Port Parameters in the AT S63 Management Software Menus Interface User s Guide Flow Control Back Pressure Limit Use this parameter to specify the maximum number of ingress packets that a port receives within a one second period before initiating flow control or back pressure The range is 1 to 7935 cells The default is 561 The following three parameters allow you to set rate limiting the maximum number of ingress packets a port accepts each second Packets exceeding the threshold are discarded Broadcast Rate Limit Use this parameter to enable or disable ingress broadcast packet limits and specify a rate limit for the ingress broadcast packets The possible settings are Enabled Broadcast packet ingress rate limiting is enabled Disabled Broadcast packet ingress rate limiting is disabled This is the
205. o Chapter 2 Starting a Local or Telnet Management Session in the AT S63 Management Software Menus Interface User s Guide A Telnet management session provides access to nearly all of a switch s operating parameters You can perform nearly all the same functions from a Telnet management session as you can from a local management session 25 Chapter 1 Overview Web Browser Management Session 26 You can also use a web browser to manage a switch This too is referred to as remote management just like a Telnet management session You can manage a switch from any workstation on your network that has a web browser It also uses the enhanced stacking feature This means there needs to be just one switch on the subnet with an Internet Protocol IP address for you to be able to manage all the switches with a web browser For instructions on starting this type of management session refer to Chapter 2 Starting a Web Browser Management Session on page 31 AT S63 Management Software Web Browser Interface User s Guide SNMP Management Session Another way to remotely manage the switch is with an SNMP management program A familiarity with using management information base MIB objects is necessary for this type of management The AT S63 software supports the following MIBs Q SNMP MIB II RFC 1213 UO Bridge MIB RFC 1493 Interface Group MIB RFC 1573 Ethernet MIB RFC 1643 Remote Network MIB RFC 1757 Oo vo
206. o view the encryption keys PKI based certificates and SSL settings and includes the following sections Q Displaying the Encryption Keys on page 310 Q Displaying the PKI Settings and Certificates on page 312 UY Displaying the SSL Settings on page 315 Note To configure encryption keys PKI or SSL you must use the AT S63 menus or CLI interface For information about or to configure encryption keys using the menus interface refer to Chapter 26 Encryption Keys in the AT 63 Management Software Menus Interface User s Guide To configure encryption keys using the CLI refer to Chapter 28 Encryption Key Commands in the AT S63 Management Software Command Line Interface User s Guide For information about or to configure PKI and SSL using the menus interface refer to Chapter 27 PKI Certificates and SSL in the AT S63 Management Software Menus Interface User s Guide To configure PKI using the CLI refer to Chapter 29 Public Key Infrastructure PKI Certificate Commands in the AT S63 Management Software Command Line Interface User s Guide To configure SSL using the CLI refer to Chapter 30 Secure Sockets Layer SSL Commands in the AT S63 Management Software Command Line Interface User s Guide Section IV Security 309 Chapter 20 Encryption Keys PKI and SSL Displaying the Encryption Keys To configure the encryption keys you must use the AT S63 menus or command line
207. oGroup Table entry creating 227 deleting 230 displaying 263 modifying 230 SNMPv3 Target Address Table entry creating 238 deleting 241 displaying 265 modifying 242 SNMPv3 Target Parameters Table entry creating 245 deleting 248 displaying 266 modifying 249 SNMPv3 User Table entry creating 207 deleting 210 displaying 259 modifying 211 SNMPv3 View Table entry creating 214 deleting 217 displaying 261 modifying 218 SNTP server default setting 360 SNTP See Simple Network Time Protocol SNTP software information 44 Spanning Tree Protocol STP bridge forwarding delay 168 bridge hello time 168 bridge identifier 169 bridge max age 168 bridge parameters configuring 166 bridge priority 167 default settings 369 disabling 164 182 enabling 164 182 parameters displaying 197 parameters displaying 170 port cost 170 port priority 169 port settings displaying 200 resetting to defaults 172 386 spanning tree default setting 369 static MAC address adding 90 deleting 92 static unicast MAC address displaying 94 STP ID 300 subnet mask configuring 42 default setting 361 supplicant port start period 341 supplicant timeout 338 switch hardware information 44 software information 44 switch name configuring 40 switch state default setting 362 switch rebooting 48 system date default setting 360 system file downloading 122 uploading 125 system name configuring 41 default setting 361 system software default setti
208. ode on your network that contains the TFTP server software Q You should start the TFTP server before you begin the upload procedure To upload a file perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default 2 Select the System Utilities tab The System Utilities tab is shown in Figure 35 on page 123 Note The top portion of the tab is used to return the switch to its factory default settings For instructions refer to Returning the AT S63 Management Software to the Factory Default Values on page 50 3 Inthe TFTP Server IP Address field enter the IP address of the network node that contains the TFTP server software Section II Advanced Features 125 Chapter 10 File Downloads and Uploads 4 Inthe TFTP Operation field click Upload 5 Inthe TFTP Remote Filename field enter a name for the file This is the name that the file is stored as on the TFTP server 6 Inthe TFTP Local Filename field enter the name of the file in the switch s file system that you want to upload to the TFTP server Note The TFTP File Type options are not used when uploading a file 7 Click Apply The management software notifies you when the upload is complete 126 Section Il Advanced Features Chapter 11 Event Log This chapter describes the event log that allows you to view information about network activity Sections in the
209. odify Mirror page is shown in Figure 32 on page 111 5 Click the Enable Mirror checkbox to remove the check and disable the mirror 6 Click Apply 7 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 114 Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Deleting a Port Mirror To delete a port mirror perform the following procedure 1 po eG NN OD Section Basic Features From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select the Layer 1 option The Layer 1 page opens with the Port Settings tab displayed by default as shown in Figure 18 on page 74 Select the Port Mirroring tab The Port Mirroring tab is shown in Figure 31 on page 110 Click Modify The Modify Mirror page is shown in Figure 32 on page 111 Click the Enable Mirror checkbox to remove the check and disable the mirror Click Apply Click the destination port which is white so that it is black Click Apply To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Chang
210. of the tab The SNMPv3 Target Parameters Table tab is shown in Figure 88 em Name Marketing C Addr 00 30 84 00 00 00 System SNMPv3 Target Parameters Table Total Entries 11 Page 3 of 3 Message Params Name Processing Model Security Security Security Storage Model Name Level chitra Active Active Figure 88 SNMPv3 Target Parameters Table Tab Configuration 4 Click Add Section II Advanced Features 245 Chapter 16 SNMPv3 a 246 The Add New SNMPVv3 Target Parameter page is shown in Figure 89 Target Parameters Name gt snmpv3manager50 Message Processing Model iv3 Security Model v S Security Name debashi Security Level Privacy Storage Type volatile Row Status Active Figure 89 Add New SNMPv3 Target Parameters Page In the Target Parameters Name field enter a name of the SNMP manager or host Enter a value of up to 32 alphnumeric characters Note Enter a value for the Message Processing Model parameter only if you select SNMPv1 or SNMPv2c as the Security Model If you select the SNMPv3 protocol as the Security Model then the Message Processing Model is automatically assigned to SNMPv3 In the Message Processing Model field enter a Security Model that is used to process messages Select one of the following SNMP protocols v1 Select this value to process messages with the SNMPv1 protocol v2c Sele
211. ollowing 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the Event Log tab The Event log tab is shown in Figure 36 on page 128 3 Inthe Log Settings section click the Clear Log checkbox 4 Click the button next to the location of the log you want to clear either Permanent or Temporary 5 Click Apply to activate the settings on the switch 138 Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide Saving the Event Log to a File Section II Advanced Features You can save the event log to a file to review later The file is saved as an ASCII file so that you can also email the file to someone else for troubleshooting To save the event log to a file perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 Select the Event Log tab The Event log tab is shown in Figure 36 on page 128 In the Filter Settings and Actions section select the type of events you want to save to the file In the Save Filename field enter a name for the file with a 10g file name extension Click Save The log file is saved on the switch as an ASCII file To upload the file to your management station for viewing or sending with an email refer to Uploading
212. ollowing sections Q Configuring SSH on page 318 Q Displaying the SSH Settings on page 320 Note For background information on SSH refer to Chapter 28 Secure Shell SSH in the AT S63 Management Software Menus Interface User s Guide Section IV Security 317 Chapter 21 Secure Shell SSH Configuring SSH 318 To display the MAC address security level of a port perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 From the Configuration menu select the Security option The Security page is displayed with the 802 1x Port Access tab displayed by default as shown in Figure 129 on page 334 Select the Secure Shell tab The Secure Shell tab is shown in Figure 121 C ayeri e Secure Shell Configuration a Status Disabled ee Help oe server Key sl Not Defined Key Size 1024 Bits Not Defined Key Size 768 Bits Server Expiry Time Login Timeout 0 hours 0 5 180 seconds 60 600 Figure 121 Secure Shell Tab Configuration 4 Adjust the following parameters as necessary Key ID Enter a host key ID The default is Not Defined Enter a value that you configured in the encryption menus using the AT S63 menus interface Server Key ID Enter a server key ID The default is Not Defined Enter a value that
213. om of the tab 227 Chapter 16 SNMPv3 The SNMPv3 SecurityToGroup Table tab is shown in Figure 79 AT 9424T SP SNMPvs3 SecurityToGroup Table layer ts Total Entries 19 Page 5 of 5 R Security L layer2 Security Model Name Group Name Storage Type Row Status Hep jenny swengineering NonVolatile Active L togat chitra testengineering NonVolatile Active debashis swengineering NonVolatile Active Figure 79 SNMPv3 SecurityToGroup Table Tab Configuration 4 Tocreate an SNMPv3 SecurityToGroup Table entry click Add The Add New SNMPv3 SecurityToGroup page is shown in Figure 80 Add New SNMPVS SecurityToGroup Security Model Diva M Security Name chitra Group Name testengineering Storage Type NonVolatile v Row Status Active Figure 80 Add New SNMPv3 SecurityToGroup Page 5 Inthe Security Model field select the SNMP protocol that was configured for this User Name Choose from the following v1 Select this value to associate the Group Name with the SNMPv1 protocol 228 Section II Advanced Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide v2c Select this value to associate the Group Name with the SNMPv2c protocol v3 Select this value to associate the Group Name with the SNMPv3 protocol In the Security Name field enter the User Name that you want
214. om their current untagged VLAN assignment Section Ill VLANs AT S63 Management Software Web Browser Interface User s Guide The new user configured VLAN is now ready for network operations 8 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Section III VLANs 275 Chapter 17 Virtual LANs Modifying a VLAN This procedure explains how to add or remove ports from a VLAN When modifying a VLAN note the following Q You cannot change the VID of a VLAN OY You cannot change the name of a VLAN from a web browser management session but you can from a local or Telnet session Q You cannot modify VLANs when the switch is operating in one of the multiple VLAN modes To modify a VLAN perform the following procedure 1 276 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 23 on page 90 Select the VLAN tab The VLAN tab is shown in Figure 103 on page 272 Click the button next to the name of the VLAN you want to modify Click Modify The Modify VLAN page for the VLAN is displayed To add o
215. onfiguring the SNMPv3 Community Table Creating an SNMPv3 Community Table Entry 252 You can create delete and modify an SNMPv3 Community Table entry See the following procedures Q Creating an SNMPv3 Community Table Entry on page 252 Q Deleting an SNMPv3 Community Table Entry on page 255 Q Modifying an SNMPv3 Community Table Entry on page 255 For reference information about the SNMPv3 Community Table see Chapter 18 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide Note Use the SNMPv3 Community Table only if you are configuring the SNMPv3 protocol with an SNMPv1 or an SNMPv2c implementation Allied Telesyn does not recommend this configuration To create an entry in the SNMPv3 Community Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 In the SNMPv3 section click the button next to Configure Community Table and then click Configure at the bottom of the tab Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide The SNMPv3 Community Table tab is shown in Figure 91 AT 9424T SP SNMPv3 Community Table C yerr Total Entries 4 Page lof 1 F Community Security Transport C layer2 k Comm
216. ontains the following procedures Q Q Q Q 0D ODODO Oo Enabling MSTP on page 182 Configuring MSTP on page 184 Creating Deleting or Modifying MSTI IDs on page 189 Adding Removing or Modifying VLAN Associations to MSTIs on page 192 Configuring MSTP Port Parameters on page 195 Displaying the MSTP Port Configuration on page 197 Displaying the MSTP Port Status on page 200 Displaying the MSTP Port Status on page 200 Resetting MSTP to the Default Settings on page 202 Note For background information on STP and RSTP refer to Chapter 16 STP and RSTP in the AT S63 Management Software Menus Interface User s Guide For background information on MSTP refer to Chapter 17 MSTP in the AT S63 Management Software Menus Interface User s Guide 181 Chapter 15 MSTP Enabling MSTP The AT 9400 Series switch can support the three spanning tree protocols STP RSTP and MSTP However only one spanning tree protocol can be active on the switch at a time So before you can enable a spanning tree protocol you must first select it as the active spanning tree protocol After you select it you can then enable or disable it To select MSTP as the active spanning tree protocol and to enable or disable it perform the following procedure Note Changing the active spanning tree protocol resets the switch 1 From the home page select Configuration The Configuration System page is disp
217. oring menu select the QoS option The QoS page is displayed with the CoS tab selected by default as shown in Figure 43 on page 150 3 Select the Scheduling tab The Scheduling tab is shown in Figure 45 AT 9424T SP System Name Marketing d Scheduling CoS Priority to Egress Queues CoS 0to PO CoS 1to PQ QoS Priority 0 QoS Priority 1 CoS 2to PQ CoS 3to PQ QoS PriorityQ 2 QoS PriorityQ 3 CoS 4to PQ CoS 5to PQ QoS PriorityQ 4 QoS PriorityQ 5 CoS 6to PQ CoS 7toPQ QoS PriorityQ 6 QoS PriorityQ 7 Egress Weights Select Schedule Strict Priority Queue 0 Weight Weighted Weight 0 Queue 1 Weight Weighted Weight 0 Queue 2 Weight Weighted Weight 0 Queue 3 Weight Weighted Weight 0 Queue 4 Weight Weighted Weight 0 Queue 5 Weight Weighted Weight 0 Queue 6 Weight Weighted Weight 0 Queue 7 Weight Weighted Weight 0 Figure 45 QoS Scheduling Tab Monitoring The upper section displays the CoS priority to egress queue assignments The lower section displays the egress weight settings 152 Section II Advanced Features Chapter 13 IGMP Snooping This chapter describes how to configure the IGMP snooping feature on the switch The sections in the chapter include Q Configuring IGMP Snooping on page 154 Q Displaying a List of Host Nodes on page 157 Q Displaying a List of Multicast Routers on page 160 Note For background information ref
218. ote If you activated BOOTP DHCP the switch immediately begins to query the network for a BOOTP or DHCP server The switch continues to query the network for its IP configuration until it receives a response If you manually assigned the switch and IP address that address is deleted and replaced by the IP address received from the BOOTP DHCP server 4 Click Save Changes to permanently save your changes This button is not displayed if there are no changes to save 43 Chapter 3 Basic Switch Parameters Displaying System Information To view basic information about the switch perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 AT 9424T SP General General System Name IP Address Marketing 149 35 19 158 Administrator Subnet Mask Joe B 255 255 252 0 Comments Default Gateway 3rd Floor 149 35 16 1 BOOTP DHCP Enabled MAC Address Aging Time System Up Time 300 second s 52Days 0 Hours 25 Minutes 12 Seconds System Software Application Software ATS63 v1 0 0 Mar 12 2004 15 43 53 Bootloader ATS63_LOADER v1 0 0 Feb 12 2004 10 52 33 Hardware Upper Temp Temperature p Threshold Deg C Deg C RPM RPM AT 9424TISP sossasaozaoo00 36 fao 3970 Fan 1 Speed Fan 2 Speed Model Name Serial Number r r Figure 6 General Tab Monitoring The
219. oup by sending a leave request or when the host node stops sending reports and times out The switch 154 Section II Advanced Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide forwards the leave request to the router and simultaneously ceases transmission of any further multicast packets out the port where the host node is connected The Intermediate Multi Host setting is appropriate if there is more than one host node connected to a switch port such as when a port is connected to an Ethernet hub to which multiple host nodes are connected With this setting selected the switch continues sending multicast packets out a port even after it receives a leave request from a host node on the port This ensures that the remaining active host nodes on the port continue to receive the multicast packets Only after all of the host nodes connected to a switch port have transmitted leave requests or have timed out does the switch stop sending multicast packets out the port If a switch has a mixture of host nodes that is some connected directly to the switch and others through an Ethernet hub you should select the Intermediate Multi Host Port selection Multicast Router Ports Mode Specifies whether the router ports are determined automatically or if you enter them manually If you want the switch to determine the ports automatically select Auto Detect which is the default To enter the
220. out what the Save Changes button does refer to Saving Your Parameter Changes on page 36 105 Chapter 8 Port Trunking Displaying the Port Trunks To display the port trunks perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 From the Monitoring menu select the Layer 1 option The Layer 1 page is displayed with the Port Settings tab selected by default as shown in Figure 20 on page 81 3 Select the Port Trunking tab The Port Trunking tab is shown in Figure 30 System Name Marketing MAC Addr 00 30 84 00 00 00 Port Home ae ae aa Total Trunks 1 Page 1 of 1 ID Name Type Ports tayer2 1 Server11 SAIDA 12 16 Security qos Er C Hep C toot Figure 30 Port Trunking Tab Monitoring The Port Trunking tab displays a table that contains the following columns of information ID The ID number of the trunk Name The name of the trunk Type The load distribution method The possible settings are SA Source MAC address Layer 2 DA Destination MAC address Layer 2 SA DA Source MAC address destination MAC address Layer 2 106 Section Basic Features Section Basic Features AT S63 Management Software Web Browser Interface User s Guide SI Source IP address Layer 3 DI Destination IP address
221. oving or Modifying VLAN Associations to MSTIs Adding a VLAN 192 Association Removing a VLAN Association This section explains how to add or remove VLANs associated to MSTI IDs To add a VLAN association perform the following procedure From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 23 on page 90 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 51 on page 164 4 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 62 on page 185 5 Inthe CIST MSTI Table section of the tab the VLAN Associations field enter the VIDs of the VLANS to be associated with this MSTI You can specify more than one VID at a time for example 2 4 7 6 Click Apply 7 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Or proceed to the next procedure to configure the CIST priority To remove a VLAN association perform the following procedure From the home page select Configuration The Configuration System page is displayed with the General tab select
222. owing procedure 1 From the Home page select Monitoring The System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 From the Configuration menu select the Security option The Security page is displayed with the 802 1x Port Access tab displayed by default as shown in Figure 6 on page 44 3 Select the Secure Shell tab The Secure Shell tab is shown in Figure 122 System Name Marketing dr 00 30 84 00 00 00 a ae Secure Shell system tayert Secure Shell Settings tayer2 SSH Versions Supported 1 3 1 5 2 0 Status Disabled Qos Server Port 22 Help logout Host Keyld Not Defined Server Key ID Not Defined Server Key Expiry Time 0 Login Timeout 180 Authentication Available Password Ciphers Available 3DES 128 bit AES 192 bit AES 256 bit AES Arcfour RC4 MAC s Available hmac sha1 hmac md5 Data Compression Available Figure 122 Secure Shell Tab Monitoring The Secure Shell tab provides the following information SSH Versions Supported The versions of SSH which are supported by the AT S63 management software Status Whether or not the SSH server is enabled or disabled 320 Section IV Security Section IV Security AT S63 Management Software Web Browser Interface User s Guide Server Port The well known port for SSH The default is port 22 Host Key ID The host key ID defined for SSH Server Key
223. page is shown in Figure 68 STP Port Status Por 17 Total Ports Selected 1 Page 1of1 Port State CISTMSTI ID Role P2P Version Port Cost 17 Disabled 0 m Figure 68 MSTP Port Status Port s Page The MSTP Port Status page displays a table that contains the following columns of information Port The port number State The MSTP state of the port The possible states are Discarding The port is discarding received packets and is not submitting forwarded packets for transmission Learning The port is enabled for receiving but not forwarding packets Forwarding Normal operation 200 Section Il Advanced Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide Disabled The port has not established a link with its end node Role The MSTP role of the port The possible roles are Root The port that is connected to the root switch directly or through other switches with the least path cost Alternate The port offers an alternate path in the direction of the root switch Backup The port on a designated switch that provides a backup for the path provided by the designated port Designated The port on the designated switch for a LAN that has the least cost path to the root switch This port connects the LAN to the root switch Master Similar to the root port When the port is a boundary po
224. panning Tree tab 170 Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide The Spanning Tree tab is shown in Figure 54 AT 9424T SP Spanning Tree Active Protocol Version STP View Spanning Tree Parameters View Figure 54 Spanning Tree Tab Monitoring Spanning Tree is Disabled 4 Click View The Monitor STP Parameters tab is shown in Figure 55 Heme TII Tree Monitor STP Parameters Bridge Priority Bridge Max Age SHADDRE 33766 zh Security Bridge Hello Time Bridge Identifier L s J 2 00 30 84 00 00 00 C Hep ch 15 Figure 55 Monitor STP Parameters Tab Monitoring 5 To view port settings click a port in the switch and click Status or Settings Section II Advanced Features 171 Chapter 14 STP and RSTP Resetting STP to 172 the Default Settings The STP Settings page is shown in Figure 56 T S sengs Poro is OOOO Total Ports Selected 1 Page 1 of 1 Port State Cost Priority 15 Disabled 128 Figure 56 STP Settings Page The STP Settings page displays a table that contains the following columns of information Port Port number State Current state of the port The possible states are Enabled or Disabled Cost Port cost of the port The default is Auto Update Priority The number used as a tie breaker when two or more ports have equal costs to th
225. pe if you want the ability to save an entry in the View Table After making changes to a View Table entry witha NonVolatile storage type Save Changes appears on the General tab Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 View Table entry takes effect immediately 8 Click Apply 9 To save your changes return to the General tab and click Save Changes Section II Advanced Features 219 Chapter 16 SNMPv3 Configuring the SNMPv3 Access Table You can create delete and modify an SNMPv3 Access Table entry See the following procedures Q Creating an Access Table on page 220 OY Deleting an Access Table Entry on page 224 Q Modifying an Access Table Entry on page 224 For information about the SNMPv3 Access Table see Chapter 18 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide Creating an To create an entry in the SNMPv3 Access Table perform the following Access Table procedure 220 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 3 Inthe SNMPVv3 section click the button next to Configure Access Table and then click Configure at the bottom of the tab The SNMPv3 Ac
226. pter 23 802 1x Port based Network Access Control RADIUS Accounting 346 Configuring RADIUS Accounting The AT S63 management software supports RADIUS accounting for ports operating in the Authenticator role The accounting information sent by the switch to a RADIUS server includes the date and time when clients log on and log off as well as the number of packets sent and received by a switch port during a client session For background information on this feature refer to Chapter 29 802 1x Port based Network Access Control in the AT S63 Management Software Menus Interface User s Guide This feature is disabled by default on the switch To configure RADIUS accounting perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Security option The Security page is displayed with the 802 1x Port Access tab selected by default as shown in Figure 137 802 1x Port Access Authentication Method RADIUS EAP x ClEnable Accounting Trigger Type Start Stop iv Port Number Type 1813 Network v Enable Update Update Interval Figure 137 802 1x Port Access Tab Configuration Section IV Security Displaying the RADIUS Accounting Settings Section IV Security 3 AT S63 Management Software Web Browser Interface User
227. pter 4 SNMPv1 and SNMPv2c This chapter explains how to activate SNMP management on the switch and how to create modify and delete SNMPv1 and SNMPv2c community strings This chapter contains the following procedures Q Enabling or Disabling SNMP Management on page 54 Q Creating a New SNMPv1 and SNMPv2c Community on page 56 D Modifying an SNMPv1 and SNMPv2c Community on page 59 Q Deleting an SNMPv1 and SNMPv2c Community on page 61 O Displaying the SNMPv1 and SNMPv2c Communities on page 62 Note For background information about SNMPv1 and SNMPv2c refer to Chapter 4 SNMPv1 and SNMPv2c in the AT S63 Management Software Menus Interface User s Guide Section Basic Features 53 Chapter 4 SNMPv1 and SNMPv2c Enabling or Disabling SNMP Management To enable or disable SNMP management on the switch perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the SNMP tab The SNMP tab is shown in Figure 9 AT 9424T SP tayer2 Enable SNMP Access Security C Enable Authentication Failure Trap SR er Configure SNMPv1v2c Communities SNMPv3 SNMP Engine ID 80 00 00 CF 03 00 30 84 AB EF CD Configure User Table O Configure View Table O Configure Access Table oO Configure SecurityToGroup Table Configure Noti
228. r not the port is functioning as a point to point port The possible settings are Yes No and Auto Detect External Cost The port cost of the port if the port is connected to a bridge which is amember of another MSTP region or is running STP or RSTP Internal Cost The port cost of the port if the port is connected to a bridge which is part of the same MSTP region The possible settings are Auto detect Port cost is automatically set depending on the speed of the port Default values 2 000 000 for 10 Mbps ports 200 000 for a 100 Mbps ports and 20 000 for one gigabit ports Priority This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the regional root bridge 5 Click OK to close the page 199 Chapter 15 MSTP Displaying the MSTP Port Status To display MSTP port status perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 From the Monitoring menu select the Layer 2 option The Monitoring Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 on page 94 3 Select the Spanning Tree tab The Monitoring Spanning Tree tab for the active protocol MSTP is shown in Figure 66 4 Click a port in the switch and click Status You can select more than one port The MSTP Port Status Port s
229. r remove ports from the VLAN click on the appropriate ports in the switch image Clicking repeatedly on a port toggles the port through the following possible settings Untagged port Ss Tagged port a Port not a member of the VLAN Section III VLANs AT S63 Management Software Web Browser Interface User s Guide 7 Click Apply Note Untagged ports that are added to a VLAN are automatically removed from their current untagged VLAN assignment Untagged ports that are removed from a VLAN are returned to the Default_VLAN Removing an untagged port from the Default_VLAN without assigning it to another VLAN leaves the port as an untagged member of no VLAN The modified VLAN is now ready for network operations 8 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Section III VLANs 277 Chapter 17 Virtual LANs Deleting a VLAN To delete a port based or tagged VLAN from the switch perform the following procedure 1 278 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 23 on page 90 Select the
230. ral tab selected by default as shown in Figure 5 on page 40 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 In the SNMPv3 section click the button next to Configure User Table and then click Configure The SNMPv3 User Table tab is shown in Figure 70 on page 208 Click the button next to the SNMPv3 user that you want to change and then click Modify The Modify SNMPv3 User page is shown in Figure 72 T amsi user Engine ID 80 00 00 cf 03 00 30 84 fd 57 da User Name debashis Authentication Protocol MD5 Authentication Password Confirm Authentication Password Privacy Protocol DES w Privacy Password Confirm Privacy Password Storage Type Nonvolatile v Row Status Active Apply Cancel Figure 72 Modify SNMPv3 User Page 211 Chapter 16 SNMPv3 212 5 8 In the Authentication Protocol field enter an authentication protocol This is an optional parameter Select one of the following MD5 This value represents the MD5 authentication protocol With this selection users SNMP entities are authenticated with the MD5 authentication protocol after a message is received This algorithm generates the message digest The user is authenticated when the authentication protocol checks the message digest With the MD5 selection you can configure a Privacy Protocol SHA This value represents the SHA authentication protocol
231. re The SNMPv1 amp SNMPv2c Communities tab is shown in Figure 10 eting 0 00 00 SNMPv1 amp SNMPv2c Communities L ayeri e Total Entries 3 Page 1 of 1 _tayer2 k Community Name jae Manager Stations Trap Receivers Security lemondrop19 Read Only Law rootbeert 4 Read Only 198 1 1 9 198 1 1 9 Help 198 1 1 1 198 1 1 1 O sassafras12 Read WWrite 198 20 2 2 198 20 2 2 Figure 10 SNMPv1 amp SNMPv2c Communities Tab 4 Click Add 56 Section l Basic Features Section Basic Features AT S63 Management Software Web Browser Interface User s Guide The Add New SNMPv1 amp SNMPv2c Community page is shown in Figure 11 Lay ti zs Community Name Status Enable O Disable Access Mode Read Only O Read Write Managers Trap Receivers DAllow Any Station Manager IP Address 1 Trap Receiver IP Address 1 Manager IP Address 2 Trap Receiver IP Address 2 Manager IP Address 3 Trap Receiver IP Address 3 Manager IP Address 4 Trap Receiver IP Address 4 Manager IP Address 5 Trap Receiver IP Address 5 Manager IP Address 6 Trap Receiver IP Address 6 Manager IP Address 7 Trap Receiver IP Address 7 Manager IP Address 8 Trap Receiver IP Address 8 Figure 11 Add New SNMPv1 amp SNMPv2c Community Page 5 Configure the following parameters Community Name Enter an SNMP community name that consists of up to 15 alphanumeric characters Status Clic
232. re Notify Table oO Configure Target Address Table oO Configure Target Parameters Table oO Configure Community Table Figure 69 SNMP Tab Configuration 205 Chapter 16 SNMPv3 206 Click the Enable SNMP Access checkbox to enable or disable SNMP management A checkin the box indicates that the feature is enabled meaning that the switch can be managed from an SNMP management station No check indicates that the feature is disabled The default is disabled Use this parameter to enable the switch to be remotely managed with an SNMP application program Note If the Enable SNMP Access check box is not checked the switch cannot be managed through SNMP This is the default If you want the switch to send authentication failure traps click the Enable Authentication Failure Traps checkbox A check in the box indicates that the switch sends the trap Click Apply To save your changes return to the General tab and click Save Changes Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide Configuring the SNMPv3 User Table Creating a User Table Entry Section II Advanced Features You can create delete and modify an SNMPv3 User Table entry See the following procedures Q Creating a User Table Entry on page 207 OY Deleting a User Table Entry on page 210 Q Modifying a User Table Entry on page 211 For reference information about the SNMPv
233. rface User s Guide 3 To add a static unicast address in the View Add Unicast MAC Addresses section click Add To add a static multicast address in the View Add Multicast MAC Addresses section click Add The Add MAC Address page is shown in Figure 24 MAC Address Port Number VLAN ID Figure 24 Add MAC Address Page 4 Adjust the following parameters as necessary MAC Address The new static unicast or multicast MAC address Port Number The number of the port on the switch where you want to assign the static address If you are adding a static unicast address you can enter only one port If you are entering a static multicast address you must specify the port when the multicast application is located as well as the ports where the host nodes are connected Assigning the address only to the port where the multicast application is located results in the failure of the multicast packets to be properly forwarded to the host nodes You can specify the ports individually e g 1 4 5 asa range e g 11 14 or both e g 15 17 22 24 VLAN ID The VLAN ID where the port is a member 5 Click Apply 6 Repeat this procedure to add other static addresses to the switch 7 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 91 Chap
234. rityToGroup Table tab is shown in Figure 98 System SNMPv3 SecurityToGroup Table Total Entries 5 Page 1 of 2 Security Security Model Name Group Name Storage Type hoa luke jenny chitra debashis swengineering NonVolatile testengineering NonVolatile swengineering NonVolatile testengineering NonVolatile swengineering NonVolatile Figure 98 Section II Advanced Features SNMPv3 SecurityToGroup Table Tab Monitoring 263 Chapter 16 SNMPv3 Displaying To display entries in the SNMPv3 Notify Table perform the following Notify Table procedure Entries 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 Select the SNMP tab The SNMP tab is shown in Figure 94 on page 259 3 Inthe SNMPVv3 section click the button next to View Notify Table and then click View at the bottom of the tab The SNMPv3 Notify Table tab is shown in Figure 99 SNMPvs Notify Table L ayeri Total Entries 6 Page 1of2 a eT Notify Name Notify Tag Notify Type Storage Type hwenginform hwenginformtag Inform Nonvolatile Security k hwengtrap Non olatile Help swenginform swenginformtag Inform Nonvolatile logout swengtrap Nonvolatile testenginform testenginformtag Inform NonVolatile Figure 99 SNMPv3 Notify Table Tab Monitoring 26
235. rm the following Access Table procedure Entries 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 Select the SNMP tab The SNMP tab is shown in Figure 94 on page 259 3 Inthe SNMPv3 section click the button next to View Access Table and then click View at the bottom of the tab The SNMPv3 Access Table tab is shown in Figure 97 System SNMP SNMPv3 Access Table Total Entries 5 Page lof 5 Group Name techpubs Context Prefix Read View internett Write View internett Notify View internett Security Model v3 Security Level AuthPriv Context Match Exact Storage Type NonVolatile Row Status Active Figure 97 SNMPv3 Access Table Tab Monitoring 262 Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide Displaying To display entries in the SNMPv3 SecurityToGroup Table perform the SecurityToGroup following procedure Table Entries 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 Select the SNMP tab The SNMP tab is shown in Figure 94 on page 259 3 In the SNMPv3 section click the button next to the View SecurityToGroup Table and then click View at the bottom of the tab The SNMPv3 Secu
236. round information on MAC address tables refer to Chapter 7 MAC Address Table in the AT S63 Management Software Menus Interface User s Guide Section Basic Features 89 Chapter 7 MAC Address Table Adding Static Unicast and Multicast MAC Addresses This section contains the procedure for assigning a static unicast or multicast address to a port on the switch You can assign up to 255 static MAC addresses per port To add a static address to the MAC address table perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Layer 2 option The Layer 2 page opens with the MAC Address tab selected by default as shown in Figure 23 AT 9424T SP aa aa SS View Add unicast MAC Addresses View All View MAC Addresses on Port s So O View Static O View MAC Addresses for VLAN Help O View Dynamic O View MAC Address View Add Multicast MAC Addresses O View All O View MAC Addresses on Port s O View Static O View MAC Addresses for VLAN O View Dynamic O View MAC Address Delete All Dynamic MAC Addresses Click Delete ta Remove All Dynamic MAC Addresses Figure 23 MAC Address Tab Configuration 90 Section Basic Features Section Basic Features AT S63 Management Software Web Browser Inte
237. rt 157 Chapter 13 IGMP Snooping Multicast Router Ports Mode How the router ports are determined The possible settings are Auto Detect The switch determines the ports automatically Port number The selected router ports Host Router Timeout Interval The time period in seconds after which the switch determines that a host node has become inactive Maximum Multicast Groups The maximum number of multicast groups the switch learns 3 To view the multicast addresses and the host nodes click View Multicast Hosts List and then click View The View Multicast Hosts List is shown in Figure 48 Total Multicast Groups 4 Page 1 of 1 Multicast Group VLAN ID Member Port Host IP Status 1 6 1 01 00 5E 00 01 01 172 16 10 51 Active 01 00 5E 7F FF FA 5 149 35 200 75 Active 149 35 200 65 Active 01 00 5E 00 00 02 1 17 149 35 200 69 Active 01 00 5E 00 00 09 149 35 200 61 Active Figure 48 View Multicast Hosts List Page The View Multicast Hosts List page displays a table that contains the following columns of information Multicast Group The multicast address of the group VLAN ID The VID of the VLAN in which the port is an untagged member Member Port The port s on the switch to which one or more host nodes of the multicast group are connected Host IP The IP address es of the host node s connected to the port 158 Section Il Advanced Features AT S63 Management Software Web Brow
238. rt the MSTI port roles follow the CIST port roles The MSTI port role is called master when the CIST role is root P2P Whether or not the port is functioning as a point to point port The possible settings are Yes No and Auto Detect Version Whether the port is operating in MSTP mode or STP compatible mode Internal Port Cost The port cost when the port is connected to a bridge in the same MSTP region 5 Click OK to close the page 201 Chapter 15 MSTP Resetting MSTP to the Default Settings To reset MSTP to the factory default settings perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 23 on page 90 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 61 on page 182 4 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 62 on page 185 5 Click Defaults The MSTP defaults are shown in STP RSTP and MSTP Default Settings on page 369 202 Section Il Advanced Features Chapter 16 SNMPv3 This chapter provides the following procedures for configuring SNMPv3 parameters using a web browser management session Q Covovwoo O0 DOD Section Il
239. ry Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide 10 Click Apply 11 To save your changes return to the General tab and click Save Changes To delete an entry in the SNMPv3 Community Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 In the SNMPv3 section click the button next to Configure Community Table and then click Configure at the bottom of the tab The SNMPv3 Community Table tab is shown in Figure 91 on page 253 Click the button next to the SNMPv3 Community Table entry that you want to delete and then click Remove A warning message is displayed Click OK To save your changes return to the General tab and click Save Changes To modify an entry in the SNMPv3 Community Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 In the SNMPv3 section click the button next to Configure Community Table and then click Configure at the bottom of the tab The SNMPv3 Community Table tab is shown in Figure 91 on page 253
240. s 372 This section provides the default settings for GVRP GVRP Setting Default Status Disabled GIP Status Enabled Join Timer 20 centiseconds Leave Timer 60 centiseconds Leave All Timer 1000 centiseconds Port Mode Normal AT S63 Management Software Web Browser Interface User s Guide Port Security Default Settings The following table lists the port security default settings Port Security Setting Default Security Mode Automatic no security Intrusion Action Discard Participating No MAC Limit No Limit 373 Appendix A AT S63 Default Settings 802 1x Port Based Network Access Control Default Settings The following table describes the 802 1x Port based Network Access Control default settings 802 1x Port based Network Access Control Settings Detault Port Access Control Disabled Authentication Method RADIUS EAP Port Role None The following table lists the default settings for RADIUS accounting 374 RADIUS Accounting Settings Default Status Disabled Port 1813 Type Network Trigger Type Start_Stop Update Status Disabled Update Interval 60 AT S63 Management Software Web Browser Interface User s Guide Web Server Default Settings The following table lists the web server default settings Web Server Configuration Setting Default Status Enabled Mode HTTP Port Number 80
241. s Page o sesssssscssseccseeceseesees i Figure 25 MAC Address Tab Monitoring sssscssssccssscssssccssecsssccsssecsssccssccessccsssccsssccsssecessecssseesuscessecessecessecensecsssccessecssscesasecesseesasecesseests Figure 26 View MAC Addresses Page sssssssssessssscssessssecsssscssecessccsssecsssecsuscesascesuccessecessecessecesseessccsssecessecessecensecssseceasecssseeeaseceasecsssecesseesss Figure 27 Port Trunking Tab Configuration Figure 28 Add New Trunk Page sicaire a odencenonoasepeeadgbsbadbschoaygecbaasschodascbaboshodvgdboassihodvsdboboadensusecrodbesebaspechouzedeoiees Figure 29 Modify Trunk Page sessssssccssecsseccssecessecesseeesees Figure 30 Port Trunking Tab Monitoring ssssssesssssseees Figure 31 Port Mirroring Tab Configuration y Figure 32 Modify Mirror Fage ssania E A E EEA A EE E A E OA AEEA Figure 33 Example of a Modify Mirror Page sssssssssssssecsssscsssscsssecsssscssscessccessscssscesssccsssccesscessscesssecssccessecessccsssecsssseesscessseesaseeeaeesaseeessees Figure 34 Port Mirroring Tab MOMITOFING sses ia raa ea EE EAEE Figure 35 System Utilities Tab Configuration sssssesssssssesssssseeessssseeessssseesssseseeesseeeeessseeeecessseeeessseeeesssssteeensseteeessseterensseteesssstteessssteeess 123 Figure 36 Event Log Tab Configuration Figure 37 Event Log Tab Monitoring ssssssssssssssssssseeess Figures Figure 38 Figure 39 Figure 40 Figure 41 Figure 42 Figure
242. s Received Number of multicast frames received on the port Multicast Frames Sent Number of multicast frames transmitted from the port Frames 64 Bytes Frames 65 127 Bytes Frames 128 255 Bytes Frames 256 511 Bytes Frames 512 1023 Bytes Frames gt 1024 Bytes Number of frames transmitted from the port grouped by size CRC Error Number of frames with a cyclic redundancy check CRC error but with the proper length 64 1518 bytes received on the port Jabber Number of occurrences of corrupted data or useless signals appearing on the port No of Rx Errors Total number of frames received on the port containing errors Undersize Frames Number of frames that were less than the minimum length specified by IEEE 802 3 64 bytes including the CRC received on the port Oversize Frames Number of frames exceeding the maximum specified by IEEE 802 3 1518 bytes including the CRC received on the port Fragments Number of undersized frames frames with alignment errors and Section Basic Features AT S63 Management Software Web Browser Interface User s Guide frames with frame check sequence FCS errors CRC errors received on the port Dropped Frames Number of frames successfully received and buffered by the port but discarded and not forwarded 5 To clear all the counters for the selected port click Clear To clear the counters for all ports on the switch click Clear All Section Basic Features
243. s is always RSA Private Length The length of the key in bits Digest The CRC32 value of the MD5 digest of the public key Description The key s description You use these keys when you configure Secure Sockets Layer SSL or Secure Shell SSH To configure SSL you must use the AT S63 menus or CLI interface To configure SSH refer to Chapter 21 Secure Shell SSH on page 317 Section IV Security 311 Chapter 20 Encryption Keys PKI and SSL Displaying the PKI Settings and Certificates 312 You can view the current PKI settings and certificates on the switch To configure the PKI settings and certificates you must use the AT S63 menus or command line interface For more information about PKI refer to the AT S63 Management Software Menus Interface User s Guide To display the PKI settings and certificates perform the following procedure 1 From the Home page select Monitoring The System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 From the Monitoring menu select the Security option The Security page is displayed with the 802 1x Port Access tab displayed by default as shown in Figure 116 on page 310 3 Select the PKI tab The PKI tab is shown in Figure 118 Security AT 9424T SP eting 0 00 00 Maximum Number of Certificates is 256 Total Certificates 2 Page lof 1 State MTrust Type Source Local Trusted
244. s shown in Figure 5 on page 40 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 In the SNMPv3 section click the button next to Configure Target Address Table and then click Configure at the bottom of the tab The SNMPv3 Target Address Table tab is shown in Figure 85 on page 239 Click Next or Previous to display the Target Address Table entry that you want to change Click Modify The Modify SNMPv3 Target Address page is shown Figure 87 Target Address Name snmpy3host50 IP Address 192 1 1 1 UDP Port Number 162 Timeout Retries Tag List swengtag hwengtag Target Parameters gt snmpv3manager50 Storage Type Volatile Row Status Figure 87 Modify SNMPv3 Target Address Page In the IP Address field enter the IP address of the host Section Il Advanced Features Section II Advanced Features 10 11 12 AT S63 Management Software Web Browser Interface User s Guide Use the following format for an IP address XXX XXX XXX XXX In the UDP Port Number field enter a UDP port number You can enter a UDP port in the range of 0 to 65 535 The default UDP port is 162 In the Timeout field enter a timeout value in milliseconds When an Inform message is generated it requires a response from the switch The timeout value determines how long the switch considers the Inform message an active message This parameter applies to I
245. s shown in Figure 59 AT 9424T SP Home Spanning Tree a Monitor RSTP Parameters Force Version Bridge Max Age Bio Security Bridge Priority Bridge Identifier yl 8 4096 32768 00 30 84 00 00 00 Bridge Hello Time Help 2 Logout Bridge Forwarding 15 Figure 59 Monitor RSTP Parameters Tab Monitoring 5 To view port settings click a port in the switch and click Status or Settings The RSTP Settings page is shown in Figure 60 Total Ports Selected 1 Page lof 1 Point to Point Cost Priority Auto Detect Auto Update 128 Figure 60 RSTP Settings Page Section Il Advanced Features 179 Chapter 14 STP and RSTP The RSTP Settings page displays a table that contains the following columns of information Port The port number Edge Port Whether or not the port is operating as an edge port The possible settings are Yes and No Point to Point Whether or not the port is functioning as a point to point port The possible settings are Yes No and Auto Detect Cost Port cost of the port The default is Auto Update Priority The number used as a tie breaker when two or more ports have equal costs to the root bridge 6 Click OK to close the page 180 Section Il Advanced Features Chapter 15 MSTP Section Il Advanced Features This chapter explains how to configure MSTP parameters on an AT 9400 Series switch using a web browser management session It c
246. s shown in Figure 82 on page 234 235 Chapter 16 SNMPv3 236 Click the button next to the Notify Table entry that you want to delete and then click Remove A warning message is displayed Click OK To save your changes return to the General tab and click Save Changes Modifying a To modify an entry in the SNMPv3 Notify Table perform the following Notify Table procedure Entry 6 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 In the SNMPv3 section click the button next to Configure Notify Table and then click Configure at the bottom of the tab The SNMPv3 Notify Table tab is shown in Figure 82 on page 234 Click the button next to the table entry that you want to change and then click Modify The Modify SNMPv3 Notify page is shown in Figure 84 T voa swevs nouv o Notify Name swenginform Notify Tag swenginformtag Notify Type Inform x Storage Type g NonVolatile xi Row Status Active Figure 84 Modify SNMPv3 Notify Page In the Notify Tag field enter a description name of the Notify Tag Enter a name of up to 32 alphnumeric characters In the Notify Type field enter one of the following message types Section Il Advanced Features Section II Advanced Features AT S63 Ma
247. scssssscssssesssssssessssccesssesesnsscesssscessssesssnsecessssesssnsecssnsecesnsseessnsesesssseessnsesesnsecessnsesssnseessnseesese Configuring the SNMPV3 View Table ssssssssssccssesscssssescssecssssseessssecsssssesssseceessssesssscsesnsssesssscesssecesssscessusesssnseesssnsesssssecessssesesnseceenssesseee Creating a View Table Entry c sccccstsssscsscssccsvcccavecsasssvssssuecocossvssscsstssctesscsnevcssscsedesanecounsccossstugasnssctascessdcccsuisiacenevesevbevecnssstsstaugsebssccsveseds Deleting a View Table EMtry acsscacsiasscsrctascsassulescsccssases AS S ESAS Modifying a View Table Entry Configuring the SNMPv3 Access Table Creating an Access Table 0 Deleting an Access Table Entry sonerien ae E EE AAA Modifying an Access Table Entry enssins a EAA Ei AaS Configuring the SNMPv3 SecurityToGroup Table sssssesssssseesssseseesssssseeessssseeesssseeessssseeeessseeeesssseeeeessseeeeeesssseeeesssseteressssteeessseteesssstteesss 227 Creating a SecurityToGroup Table Entry ssssssssssssseesssssseessssssecesssseessssseeeeesssseeesssssteeessseeeesssseeeesssseeeteessseteesssseeeesssseeeesssseeeeessseeteessss Deleting a SecurityToGroup Table Entry ssssssssssssesssssseesss Modifying a SecurityToGroup Table Entry Configuring the SNMPv3 Notify Table sssssssssssssesssssssrsssssseessssse Creating a Notify Table Entry 00 ssssssssssssssssssscsnseccssseccsnsscesssecessssesssnseecsnsesesssssessnsecesssssssssecesssecessnsesssssecessuses
248. ser Interface User s Guide Displaying the DoS Settings To display the DoS settings perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 From the Monitoring menu select the Security option The Security page opens with the 802 1x Port Access tab selected by default as shown in Figure 133 on page 342 Select the DoS tab The DoS tab is shown in Figure 141 Security MAC Addr 00 30 84 00 00 00 DoS LAN Subnet IP DoS LAN Subnet Mask 0 0 0 0 0 0 0 0 DoS Uplink Port 24 SSos soosoo wx wa Syn Flood ka gt A D Section IV Security Figure 141 DoS Tab Monitoring Click the port whose DoS settings you want to view You can select more than one port at a time Using the DoS Type list select the type of denial of service defense whose settings you want to view Click View 355 Chapter 24 Denial of Service Defense The DoS Monitor for Port page opens as shown in Figure 142 ies Monitor tor Pons 5 Mirror Port Port Status Type Action 5 Disable SYN_FLOOD Block Figure 142 DoS Monitor for Ports Page The page displays a table that contains the following columns of information Port The port number Status Whether DoS is enabled or disabled on the port Type The type of
249. ser Interface User s Guide Status Indicates IGMP group status of the port The possible settings are Active The port is active in the IGMP group Left Group The port is not active in the IGMP group Section II Advanced Features 159 Chapter 13 IGMP Snooping Displaying a List of Multicast Routers To view multicast routers perform the following procedure 1 160 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 Select the IGMP tab The IGMP tab is shown in Figure 47 on page 157 To view the multicast routers click View Multicast Router List and then click View The View Multicast Routers List is shown in Figure 49 Total Multicast Routers 1 Page 1of1 Port VLAN ID Router IP 1 1 172 16 10 1 Figure 49 View Multicast Routers List Page The View Multicast Routers List page displays a table that contains the following columns of information Port The port on the switch where the multicast router is connected VLAN ID The VID of the VLAN in which the port is an untagged member Router IP The IP address of the port on the router Section Il Advanced Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide If the routers are static routers specified with the Manual Select option on the Configuration IGMP page then the View
250. ser Table entry with a NonVolatile storage type Save Changes appears on the General tab Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 User Table entry takes effect immediately Click Apply to update the SNMPv3 User Table 14 To save your changes return to the General tab and click Save Changes To delete an entry in the SNMPv3 User Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 In the SNMPv3 section click the button next to Configure User Table and then click Configure The SNMPv3 User Table tab is shown in Figure 70 on page 208 Section Il Advanced Features Modifying a User Table Entry Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide Click the button next to the User Table entry that you want to delete and then click Remove A warning message is displayed Click OK To save your changes return to the General tab and click Save Changes To modify an entry SNMPv3 User Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the Gene
251. sescssseecsssseesssssessssceesssceesuscessuseecsuseenssssesesssceesnseessnsseeesseess Modify SNMPv3 Target Parameter Page sssssscsssssccssssecsssesecssseecssscecssseesssseeessssceessseccssscessusecessseccesssesessseeessssecsssseessnseeess SNMPv3 Community Table Tab Configuration Add New SNMPv3 Community Page sssccseccseeeee AT S63 Management Software Web Browser Interface User s Guide Figure 93 Modify SNMPv3 Community Page ssscssssscssessecsscccsssceesssseesssscecssseesssssecssseecssscecsssscessssessusssecsssceesssesessssceesssceessseeeessseeesnees Figure 94 SNMP Tab MOnitOring lt ccscisesssssccesssiscucseacscutscoucsatetuesenscnsscetonsecstabsnesccaboinaicabetasdebvoseidsobiebcscasesubscabetadsadusesdseaacenctecietadssabecosiebee eds Figure 95 SNMPv3 User Table Tab Monitoring sssssssssssssssssecsssccssccesecssseccuscesssccsssccsssccssccsascesscecssccensccensccssscessscesssecsaseesaseceaseesssees Figure 96 SNMPv3 View Table Tab Monitoring essssssssssscsssecsssscsssscssccessecessccesscccssccsssccsssecssscesuseessccsssecessccsssceesscessscesaseesssecsaseesssees Figure 97 SNMPv3 Access Table Tab Monitoring Figure 98 SNMPv3 SecurityToGroup Table Tab Monitoring Figure 99 SNMPv3 Notify Table Tab Monitoring ssescsseeeee Figure 100 SNMPv3 Target Address Table Tab Monitoring ssessssessccssssccssscecsssscccssscccssscecsnsecsssscesssscesusecssssceessseeessnece
252. seseessseesanees Figure 137 802 1x Port Access Tab Configuration esssscsssscsssecsescsssscsssscsssccessccssscccsecsssccsssecssscessccsssccsssccssssessscessscesaseesaseesaseesssees Figure 138 802 1x Port Access Tab Monitoring ssssssssssssecssssccsseccssscssscessccessccessccsssecesscesssccesscesscecssccessccsssccsssceesscessscesasecsaseeeaseesssees Figure 139 DoS Tab Configuration sscssssscsseeccseessees Figure 140 DoS Configuration for Ports Page Figure 141 DoS Tab Monitoring essssescssesccseccsseccseeceees 3 Figure 142 DOS Monitor for Ports Page sissscicsssscescasssscsssvecssssosssasecossevoscavccosnsesoatonsodavbcnodbedsodbubonsiotchotvedesuostchotvedsousadesbin ohovbsbessip onovbedenioas Figures Tables Table 1 AT S63 Software Modules ou esssssssccssesecsssssessssccssssssesssscesssssessssecesssscesssecessssssessscessusesssssecssnseceessseessusecesssecessnsesssssesessnseesssseesese Table 2 Event Severity Levels Table 3 Default Mappings of IEEE 802 1p Priority Levels to Priority Queues Table 4 Example of Weighted Round Robin Priority sseesssssssscssssscsssesecssssecsssssessssecssssecesssssesssscessssecssssessssscessunseessssceesnseessssseesans Table 5 Bridge Priority Value Increments ou cesssssssccsssecsseescsssecesssscecssssscsssssessuseecssssesssssecsssscesssecsssscessnssecssuscessussessssscsssnsceessssesensseessns Table 6 Port Priority Value INCreMent
253. shed managing a slave switch and want to manage another switch in the stack return to the Home page of the switch and select Disconnect from the menu This returns you to the Enhanced Stacking page in Figure 16 on page 69 When you see that page you are again addressing the master switch from which you started the management session You can select another switch in the list to manage or if you want to manage the master switch select Home to return to the master switch s home page 71 Chapter 5 Enhanced Stacking Displaying the Enhanced Stacking Status To display the enhanced stacking status of the switch perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 From the Monitoring menu select Layer 2 The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 25 on page 94 3 From the Layer 2 page select the Enhanced Stacking tab The Enhanced Stacking tab is shown Figure 17 Enhanced Stacking The current switch mode is Master Layer 2 Figure 17 Enhanced Stacking Tab Monitoring The information in the tab states the current enhanced stacking status of the switch as master slave or unavailable 72 Section Basic Features Chapter 6 Port Parameters This chapter explains how to view and change the para
254. splayed in Normal mode the Full mode also displays additional columns in the table as described below Event ID A unique random number assigned to each event Filename Line The AT S63 software source file name and the line number in that source file that produced the event Click one of the following buttons to scroll through the event log Last Last page First First page Next Next page Previous Previous page Close Closes the log 135 Chapter 11 Event Log To clear the current event log go to Clearing the Event Log on page 138 136 Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide Disabling the Event Log Section II Advanced Features To activate or deactivate the event log perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the Event Log tab The Event log tab is shown in Figure 36 on page 128 In the Log Settings section for the Status click Disabled Click Apply to activate the settings on the switch Select the General tab SE Click Save Changes to permanently save your changes This button is not displayed if there are no changes to save 137 Chapter 11 Event Log Clearing the Event Log You can clear the event log to remove old events and start fresh To clear the event log do the f
255. ssscsssccsscccssccssseccsescssscesseccsscesscesseccssccsssecessecenscccusecssscesssecsaecsasecsaecsaseessees Configure MSTP Parameters Tab Configuration sessssscsssscssssccsesccsecesssecsssccesccsscessccessccessccessccessecsasecsssecsssecesseessees 185 Add New MSTI Page ssessscssssscsseesecsssseccssesccssssensnseeeessees Modify MSTI Page MSTP Settings Port s Page Monitor MSTP Parameters Tab Monitoring sesssssscsssecsssscsssscsssscssscesseccsseccssccessecessccessccesscessccessccesuccessecessccessecessceesseesses 198 MS TP Settings Port s Page ninenin nii AAR ERA E E a E ieie MSTP Port Status POrt s Page csccccssecccssaseccssssncsanvecovssneccbesesssanncshessdseansdcovcsndcabesessacauchussesspssedsnbeansenasedavacnscensvessstaccesesnessdase s gt SNMP Tab CONFIG UTALION sass ca sescecclavecaasescussesassccalcusedsdinys20ssctdaduchs decks ccusssuteatdadsuansdaatgenssteatespebunsans cen E Ea a ii SNMPv3 User Table Tab Configuration Add New SNMPv3 User Page Modify SNMPv3 User Page ssssessccssessecseeseesseeeessees SNMPv3 View Table Tab Configuration c sssscsssscssecsesccssscsssscssscesssccssscesssccsssccssscessscessccensccessecsaseessscesssecsaseesaceesaeeessees Add New SNMPv3 View Page rossii nirna iaa E ER RENE ENEN A AAAA M dify SNMPvV3 View Page i sc sciitisssssccelsccsnsecsesasecsisvestosecssssetsalesedestseseactuvceseuesdesbecdleutescasbectesibeseyaecseutteteybveeventectosedsaoscseseeveede SNMPv3
256. sssesssseccsssceesssseesssseeessseecesssecessseeesssseeesseees 337 Configuring Supplicant Port Parameters uu cssecssssccssecsseccseccsscccssecessccesscsessecsssccsssccssssssssecsssccsssecsuccessccessccessccessccesscesseecsascesaceesseesseeeses 340 Displaying the Port based Network Access Control Parameters sseesscssssccsssesccssssscssscecssscecsssceesssecessseceesseesssscecsssceessseseessseeessees 342 Displaying the Port Status on sssesscssssscsssesecssessessssecssseecsseeecesseeees Displaying the Port Settings RADIUS ACCOUNTING eesessesseeeseeneesseeee Configuring RADIUS ACCOUNTING sssssscsssesccsssssesssescssssecssseecsssssecssscecsssseesssseesssscessssseesssscessssecsssssecsssecesssseessssecsssscessnsseceaneeeesnseeess 346 Displaying the RADIUS Accounting Settings ssessscsssssessssccssseecsssscesssccessssscssssccesnsceessseeesssesecssseesssesesssscsessseeesnseecsseeessneeessnsees 347 Chapter 24 Denial of Service Defense Configuring Denial of Service Defense Displaying the DOS Settings sismi ninen aiaiai iaeiiai cbancendea aaeeea ase an aesa a teers Appendix A AT S63 Default Settings s issicscssscccsisccccissvecssssescsscsasciscoscsaceesisocedavsescisgcodatsesvsvaghosssgsouciberassgeouctberascsgvadesuesassvenasivocodapbcsuspuessssberadsvaesecsieteionted Basic Switch Default Settings carnin ieia a E E TEE E RANE Boot Configuration File Default Setting sssssssssssssses
257. sssssesccssssecsssccesssscesssscecsssceesssscecssscessnsscesssscecsssecssssceesusssessnscecsusssesssscessnsesesssseeessseessnees Figure 115 Security for Port s Page sssssssssssscsssssecssssssssssessssesesssssessssecesssscesssssessusecesssseesssecessssecssnsecesssseessnsesesnseessusesesnsecessnseesssseesssees Figure 116 802 1x Port Access Tab Monitoring ssesssssscsssecssseccssscsssecsuscessccessccessccesscccsscesssccessecsucccssccessceessccenscessseessseesasecessecssseeessees 310 Figure 117 Keys Tab Monitoring ssssssssscssssccsssssesssscccssscecsssscesssscesssscecssssessssscecsssseessssessssssesssssecsnscessusseessssesesssesesssssecssseeesssecsessseesssees Figure 118 PKI Tab Monitoring essssescsseeccseccssecesseeeeees Figure 119 X509 Certificate Details Page Figure 120 SSL Tab Monitoring sessssesccsseccseecsseeesseeceees 7 Figure 121 Secure Shell Tab Configuration sesscssccsssecsssccssccssccssccssccssscessccessscesseccssscesuccessccessccessecessccsssecesseessscessscesaseeeaecsaseesasees 318 Figure 122 Secure Shell Tab Monitoring esssssscssseccseecsssccsssccsssccsssccssccessccssscesssccsssccsssccesscessscessccessccsssecesscesssecesseessscesssecsaseceasecssseesssees 320 Figure 123 Server based Authentication Tab Configuration sssssssscsssecsssecsseccsseccssccessccsssecsstecsuccessccessccsncesseecsaeesaeeccaseeessees 324 Figure 124 TACACS Client Configuration Page ssssssscsssss
258. sssssseeesssseeessssseeeesssseeeessssteeesssseeeessseeeeessssetecesssseterensseteeessseteeessseteesssseteessssttees Management Access Default Settings 0 Management Interface Default Settings RJ 45 Serial Terminal Port Default Settings SNTP Default Settings lt assscsssssscussiscansssscessibcsssuscsschaguediscndeasciedasacedessuesasacedsscshsosbehdoaagvonsgbehdoasonedabgcedodbeusbuancesbidenvaabeueabaosniantoissousniebon Contents Switch Administration Default Settings sssssesscsssesccssssecssseccssssessssecssssceessscessssssesssseessnscessnseessusecsssscessssceesuseessnscessnsseessnseessne 361 System Software Default Settings 02 ssssssccssssccsessecsssscsnssccessesesssssessnscesssssessnsssssssssesssscsssnssssssscessnsesesnteesssnsesssnsecessnseessnteesenssesess 361 Enhanced Stacking Default Setting SNMP Default Settings ouuo aer E es eutecnassuscheaveciousesseauectoue T ER Port Configuration Default Settings Event Log Default Settings Quality Of Service ee cseescssseecesseeeees IGMP Snooping Defsult Settings massoni E A N Denial of Service Prevention Default Settings sssssssssssssesssssseeesssssseesssseeeessssseeeessssteeesssseeeessseeeeessnsseeeesssseeeeessseteesssseteesssseeeeessssteessssstees 368 STP RSTPzand MSTP Default SQ teins civziscictss scssecasasiceusscicccosssdestiatscscvscchessscsssacasdsnasssdavschdashasatesdeadegsccvasschatsasaiscobeictsutesa hdesdinanscabasetaube
259. st and Multicast MAC Addresses Deleting Unicast and Multicast MAC Addresses 0 92 Deleting All Dynamic MAC Addresses ssssssessssssseessssseeeessssseeesssseeeesssseeecssseeeeeessssteeessseteeesssstteessseteeeeessseeeeessseetesssssteeessseteesssseteesssseteessstteessss 93 Displaying the MAC Address Tables jcs scssccs sscavesscsacssssuscastenseceousvasoesssedodsscdouccesbussconbehsipaiesloatebeonstetonsentGassvadnssvseenssesdphiSteavestcouevetbesedteoaceerSas 94 Changing the Aging Time ussssowincasiiesnaipiii iiini irati ton AA AARAA EATA AAAA R 97 Chapter 8 Port Trunking oei A A N E RAN RA E T ENO ark eas Ul Cr ating a Prt TrUNK sis cecestscccnsnssscisucscsussscssecouvetedeabdecenhedccntessuenadcsath coonaesbssttedasandsbesVeccbdecldecaducegnndesasesdaudseddaabOucconbedcaxbecdtgardatessedcensncctcvendee Modifying a FOr TUTE aesrsuna aE ice E O E a a hl utd hlenal laces Rast Deleting a Port Trunk Displaying the Port Trunks Chapter 9 Port Mirroring eenander ee reei ae ea e S ENEL denctacndsuants lest La ai akah E Teraa E aasa Creating a Port Mirror Modifying a Port Mirror Disabling a Port Mirror ssavccsscsccessosccchoveccseanscechovecosnsncshoussesovssssesvcsstovedsdevecesnansecaesecesnanesebonbcenavecsbovecesnaneeatevbcensanddphouscedeas dphouscstoneceatenetelovecedneses Deleting a Part Miro ososan EAA E E Displaying the Port Mitton arnein AT N A A ata 116 Section Il Advanced Feat
260. t To reset RSTP to the default settings perform the following procedure From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select Layer 2 The Layer 2 page is displayed with the MAC Address tab shown by default as shown in Figure 23 on page 90 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 51 on page 164 Click Configure The Configure RSTP Bridge Parameters tab is shown in Figure 57 on page 175 Click Defaults The RSTP defaults are shown in STP RSTP and MSTP Default Settings on page 369 To display RSTP parameter settings perform the following procedure From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 From the Monitoring menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab displayed by default as shown in Figure 25 on page 94 Select the Spanning Tree tab Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide The Spanning Tree tab is displayed as shown in Figure 54 on page 171 This tab displays information on whether spanning tree is enable or disabled and which protocol version STP or RSTP is active 4 Click View The Monitor RSTP Parameters tab i
261. t snmpv3host50 IP Address 192 1 1 1 UDP Port Number 162 Timeout 1500 Retries 7 Tag List gt swengtag hwengtag Target Parameters gt snmpv3manager50 Storage Type Volatile vi Row Status Active Figure 86 Add New SNMPv3 Target Address Page 5 Inthe Target Address Name field enter the name of the SNMP manager or host that manages the SNMP activity on your switch Section II Advanced Features 239 Chapter 16 SNMPv3 240 10 11 12 You can enter a name of up to 32 alphnumeric characters In the IP Address field enter the IP address of the host Use the following format for an IP address XXX XXX XXX XXX In the UDP Port Number field enter a UDP port number You can enter a UDP port in the range of 0 to 65 535 The default UDP port is 162 In the Timeout field enter a timeout value in milliseconds When an Inform message is generated it requires a response from the switch The timeout value determines how long the switch considers the Inform message an active message This parameter applies to Inform messages only The range is from 0 to 2 147 483 647 milliseconds The default value is 1500 milliseconds In the Retries field enter the number of times the switch retries or resends an Inform message When an Inform message is generated it requires a response from the switch This parameter determines how m
262. t as shown in Figure 23 on page 90 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 51 on page 164 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 62 on page 185 In the CIST MSTI Table section of the tab the VLAN Associations field modify the VIDs of the VLANS that you no longer want to be associated with this MSTI You can specify more than one VID at atime e g 2 4 7 Click Apply To permanently save the change return to the General tab on the System page and click Save Changes 193 Chapter 15 MSTP For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 194 Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide Configuring MSTP Port Parameters Section II Advanced Features To configure MSTP port parameters perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 23 on page 90 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 61 on page 182 4 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 62 on page
263. t as shown in Figure 5 on page 40 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab shown by default as shown in Figure 23 on page 90 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 51 on page 164 4 Click Configure 166 Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide The Configure STP Parameters tab is shown in Figure 52 eting L ayeri Configure STP Parameters Bridge Priority 0 15 Bridge Max Age 6 40 Sf 1000 22700 zt Los Bridge Hello Time 1 10 Bridge Identifier l2 00 30 84 00 00 00 logout Bridge Forwarding 4 30 15 Figure 52 Configure STP Parameters Tab Configuration Note The Defaults button returns all STP settings to the default settings 5 Adjust the following parameters as necessary Bridge Priority The priority number for the bridge This number is used in determining the root bridge for RSTP The bridge with the lowest priority number is selected as the root bridge If two or more bridges have the same priority value the bridge with the numerically lowest MAC address becomes the root bridge When a root bridge goes off line the bridge with the next priority number automatically takes over as the root bridge This Section II Advanced Features 167 Chapter 14 STP and RSTP 168 parameter can be from 0 zero
264. t No Authentication Privacy as the Security Level Authentication This option represents authentication but no privacy protocol Select this security level if you want to authenticate SNMP users but you do not want to encrypt messages using a privacy protocol You can select this value if you configured the Security Model parameter with the SNMPv3 protocol Privacy This option represents authentication and the privacy protocol Select this security level to allow authentication and encryption This level provides the greatest level of security You can select this value if you configured the Security Model parameter with the SNMPv3 protocol 247 Chapter 16 SNMPv3 248 Deleting a Target Parameters Table Entry 10 11 12 In the Storage Type parameter select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Target Parameters Table After making changes to a Target Parameters Table entry with a Volatile storage type then Save Changes does not appear on the Configuration Tab NonVolatile Select this storage type if you want the ability to save an entry in the Target Parameters Table After making changes to a Target Parameters Table entry with a NonVolatile storage type then Save Changes appears on the Configuration Tab Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field i
265. t want to encrypt messages using a privacy protocol You can select this value if you configured the Security Model parameter with the SNMPv3 protocol Privacy This option represents authentication and the privacy protocol Select this security level to allow authentication and encryption This level provides the greatest level of security You can select this value if you configured the Security Model parameter with the SNMPv3 protocol 9 Inthe Storage Type parameter select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Target Parameters Table After making changes to an Target Parameters Table entry with a Volatile storage type Save Changes does not appear on the General tab NonVolatile Select this storage type if you want the ability to save an entry in the Target Parameters Table After making changes to an Target Parameters Table entry with a NonVolatile storage type Save Changes appears on the General tab Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Target Parameters Table entry will take effect immediately 10 Click Apply to update the SNMPv3 Target Parameters Table 11 To save your changes return to the General tab and click Save Changes Section II Advanced Features 251 Chapter 16 SNMPv3 C
266. tatus ee Be ala Figure 31 Port Mirroring Tab Configuration This tab displays any port mirror already existing on the switch If the Mirror to Port column contains a 0 zero there is no port mirror 4 Click Modify 110 Section Basic Features AT S63 Management Software Web Browser Interface User s Guide The Modify Mirror page is shown in Figure 32 TL MediyMiror C Enable Mirror Sesesscseess n n D Mirror Ingress Port Mirror Egress Port Mirror Ingress Egress Port Mirror To Port Figure 32 Modify Mirror Page 5 Clickthe ports of the port mirror Clicking a port toggles it through the possible settings which are as follows The destination mirror port There can be only one destination port T A source port The port s ingress traffic is mirrored to the LEJ destination port rE A source port The port s egress traffic is mirrored to the destination port TE A source port The port s ingress and egress traffic is mirrored to the destination port You can mirror just one port a few ports or all of the ports on the switch with the exception of course of the destination port Note When a transceiver is inserted into an uplink slot and a link is established that slot becomes a primary uplink port and the corresponding backup port 23R or 24R automatically transitions to redundant uplink status Any settings for port mirroring remain intact when
267. tayerrt e Total Entries 16 Page 40f 4 e Notify Name Notify Tag Notify Type Storage Type swenginform swenginformtag Inform Nonvolatile Sake O swengtrap NonVolatile L logot O testenginform NonvVolatile O testengtrap NonvVolatile Figure 82 SNMPv3 Notify Table Tab Configuration 4 Click Add The Add New SNMPv3 Notify page is shown in Figure 83 __ AddNewsnMPvSNotfy Notify Name gt swengtrap Notify Tag gt swengtag Notify Type Trap Storage Type NonVolatile v Row Status Active Figure 83 Add New SNMPv3 Notify Page 5 Inthe Notify Name field enter the name associated with this trap message Enter a descriptive name of up to 32 alphnumeric characters For example you might want to define a trap message for hardware engineering and enter a value of hardwareengineeringtrap for the Notify Name 6 Inthe Notify Tag field enter a description name of the Notify Tag Enter a name of up to 32 alphnumeric characters 234 Section II Advanced Features Deleting a Notify Table Entry Section II Advanced Features 7 9 10 AT S63 Management Software Web Browser Interface User s Guide In the Notify Type field enter one of the following message types Trap Indicates this notify table is used to send traps With this message type the switch does not expects a response from the host Inform Indicates this not
268. te 5 Click Remove A warning message is displayed Click OK to remove the Access Table entry 6 To save your changes return to the General tab and click Save Changes To modify an entry in the SNMPv3 Access Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the SNMP tab The SNMP tab is shown in Figure 69 on page 205 3 Inthe SNMPv3 section click the button next to Configure Access Table and then click Configure at the bottom of the tab The SNMPv3 Access Table tab is shown in Figure 76 on page 221 4 Click Next or Previous to display the Access Table entry that you want to change 5 Click Modify Section Il Advanced Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide The Modify SNMPv3 Access page is shown in Figure 78 T Modifysnmpvsaccess Group Name testengineering Context Prefix H Read View internet Write View private Notify View internet Security Model 2 3 Security Level AuthPriv Context Match Exact Storage Type NonVolatile Row Status Active 6 Figure 78 Modify SNMPv3 Access Page Note The Context Prefix field is a read only field The Context Prefix field is always set to null In the Read View Name field e
269. ted on this port You also set the rate limit in number of cells The range is 1 to 8191 The default is 8191 For more information about HOL blocking refer to Chapter 6 Port Parameters in the AT S63 Management Software Menus Interface User s Guide MDI MDIX Crossover The wiring configuration of the port The possible settings are Auto The port automatically configures itself as MDI or MDIX depending upon the end node This is the default MDI The port uses straight through cable MDIX The port uses a crossover cable 79 Chapter 6 Port Parameters 80 Note Ports 23 and 24 are always set to Auto and you cannot change the setting Note The Auto setting is not available if you set a port s speed and duplex mode manually 7 After you have made the desired changes click Apply The switch activates the parameter changes on the port 8 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Displaying Port Status To display the status of a switch port perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2
270. tem page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Inthe Configuration section for the MAC Address Aging Time item enter a new value in seconds The range is 8 to 512 seconds The default is 300 seconds 5 minutes 3 Click Apply 4 To permanently save the change click Save Changes 97 Chapter 7 MAC Address Table 98 Section Basic Features Chapter 8 Port Trunking This chapter contains the procedure for creating modifying or deleting a port trunk The sections in this chapter are Q Creating a Port Trunk on page 100 Modifying a Port Trunk on page 103 Q U Deleting a Port Trunk on page 105 Q Displaying the Port Trunks on page 106 Note For background information on port trunking refer to Chapter 8 Port Trunking in the AT S63 Management Software Menus Interface User s Guide Section Basic Features 99 Chapter 8 Port Trunking Creating a Port Trunk Caution Do not connect the cables of a port trunk to the ports on the switch until after you have configured the ports on both the switch and the end node Connecting the cables prior to configuring the ports can create loops in your network topology Loops can result in broadcast storms which can adversely effect the operation of your network If you are deleting a port trunk disconnect the cables from the ports before you delete the trunk Deleting the trunk without first
271. ter 7 MAC Address Table Deleting Unicast and Multicast MAC Addresses To delete a static or dynamic unicast or multicast MAC address from the switch perform the following procedure 1 92 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select the Layer 2 option The Layer 2 page opens with the MAC Address tab selected by default as shown in Figure 23 on page 90 Display the MAC addresses on the switch by selecting one of the options For detailed instructions refer to Displaying the MAC Address Tables on page 94 Click the button next to the MAC address that you want to delete from the switch Click Remove Note You cannot delete a switch s MAC address an STP BPDU MAC address or a broadcast address To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Deleting All Dynamic MAC Addresses Section Basic Features To delete all the dynamic MAC addresses unicast or multicast perform the following procedure 1 3 From the Home page select Configuration The System page is displayed with the General tab s
272. that consists of up to 32 alphnumeric characters 6 Inthe Authentication Protocol field enter an authentication protocol This is an optional parameter 208 Section II Advanced Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide Select one of the following MD5 This value represents the MD5 authentication protocol With this selection users SNMP entities are authenticated with the MD5 authentication protocol after a message is received This algorithm generates the message digest The user is authenticated when the authentication protocol checks the message digest With the MD5 selection you can configure a Privacy Protocol SHA This value represents the SHA authentication protocol With this selection users are authenticated with the SHA authentication protocol after a message is received This algorithm generates the message digest The user is authenticated when the authentication protocol checks the message digest With the SHA selection you can configure a Privacy Protocol None This value represents no authentication protocol When messages are received users are not authenticated With the None selection you cannot configure a Privacy Protocol Note You may want to assign NONE to a super user In the Authentication Password field enter an authentication password of up to 32 alphnumeric characters In the Confirm Authentication Password field re enter t
273. the backup port makes the transition to a redundant uplink state Section Basic Features 111 Chapter 9 Port Mirroring Figure 33 shows an example of the Modify Mirror page configured for a port mirror The egress traffic on ports 11 and 12 is being mirrored to the destination port 5 Enable Mirror Mirror Ingress Port Mirror Egress Port Mirror Ingress Egress Port Mirror To Port Figure 33 Example of a Modify Mirror Page 6 After selecting the destination and source ports click the Enable Mirror check box 7 Click Apply The port mirror is now active on the switch You can connect a data analyzer to the destination port to monitor the traffic on the source ports 8 To permanently save the change return to the General tab on the System page and click Save Changes For more information about what the Save Changes button does refer to Saving Your Parameter Changes on page 36 112 Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Modifying a Port Mirror To modify a port mirror perform the following procedure 1 Section Basic Features From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 From the Configuration menu select the Layer 1 option The Layer 1 page opens with the Port Settings tab displayed by default as shown in Figure
274. the page Section IV Security AT S63 Management Software Web Browser Interface User s Guide Displaying the SSL Settings To configure the SSL settings you must use the AT S63 menus or command line interface For information refer to the AT S63 Management Software Menus Interface User s Guide and the AT S63 Management Software Command Line Interface User s Guide To display the SSL settings perform the following procedure 1 From the Home page select Monitoring The System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 From the Monitoring menu select the Security option The Security page is displayed with the 802 1x Port Access tab displayed by default as shown in Figure 116 on page 310 3 Select the SSL tab The SSL tab is shown in Figure 117 AT 9424T SP System Name Marketing Maximum Number of Sessions is 50 Session Cache Timeout is 600 seconds Security Figure 120 SSL Tab Monitoring The SSL tab provides the following information Maximum Number of Sessions The maximum number of SSL sessions allowed at one time Session Cache Timeout The length of time before the session cache times out in seconds Section IV Security 315 Chapter 20 Encryption Keys PKI and SSL 316 Section IV Security Chapter 21 Secure Shell SSH This chapter explains how to configure the Secure Shell SSH protocol and contains the f
275. thentication Method TACACS The following table lists the RADIUS configuration default settings RADIUS Configuration Setting Default Global Encryption Key ATI Global Server Timeout Period 30 seconds RADIUS Server 1 Configuration 0 0 0 0 RADIUS Server 2 Configuration 0 0 0 0 RADIUS Server 3 Configuration 0 0 0 0 Auth Port 1812 Encryption Key Not Defined The following table lists the TACACS client configuration default settings TACACS Client Configuration Setting Default TAC Server 1 0 0 0 0 TAC Server 2 0 0 0 0 TAC Server 3 0 0 0 0 TAC Server Order 123 TAC Global Secret None TAC Timeout 30 seconds Appendix A AT S63 Default Settings Management Access Control List Default Setting The following table lists the default setting for the Management Access Control List Management ACL Setting Default Status Disabled 380 Index Numerics 802 1x Port based Network Access Control access role configuring 334 authenticator port configuring 337 configuring 334 default settings 374 disabling 336 enabling 336 port parameters displaying 343 port role configuring 334 port status displaying 342 supplicant port configuring 340 A administrator name configuring 41 default setting 361 aging time changing 97 default setting 361 app applicant state machine 294 associations VLANs to MSTI IDs 192 AT S63 software default s
276. tic addresses that have been assigned to the ports 94 Section I Basic Features Section Basic Features AT S63 Management Software Web Browser Interface User s Guide View Static Displays just the static addresses assigned to the ports on the switch View Dynamic Displays only the dynamic addresses learned on the ports on the switch View MAC Addresses on Port Displays the dynamic and static MAC addresses of a particular port You can specify more than one port at a time View MAC Addresses for VLAN Displays the static and dynamic addresses learned on the tagged and untagged ports of a specific VLAN You specify the VLAN by entering the VLAN ID number You can specify only one VLAN ata time View MAC Address Displays the port number on which a MAC address was assigned or learned In some situations you might want to know on which port a particular MAC address was learned You could display the MAC address table and scroll through the list looking for the MAC address But if the switch is part of a large network finding the address could prove difficult The View MAC Address option allows you to specify the MAC address and let the AT S63 management software automatically locate the port on the switch where the device is connected 3 After you select an option click View 95 Chapter 7 MAC Address Table 96 Figure 26 shows an example of viewing all unicast MAC addresses T Miewmacaddresses
277. ties Tab Monitoring The SNMPv1 amp SNMPv2c Communities tab displays a table that contains the following columns of information Community Name The SNMP community name Access Mode The access mode for access to that community The possible settings are Read Only and Read Write Manager Stations The IP addresses of the management stations that are allowed SNMP access to the switch Trap Receivers The IP addresses of up to 8 trap receivers on your network that can receive traps from the switch Open Access The status of access to the SNMP community by a management station one of the following settings Yes Any management station can access the SNMP community No Access to the SNMP community is only available to a management station configured within this community 63 Chapter 4 SNMPv1 and SNMPv2c 64 Status The community status one of the following settings Enabled The community is enabled Disabled The community is disabled Section Basic Features Chapter 5 Enhanced Stacking This chapter contains the following procedures for setting up enhanced stacking Q Setting a Switch s Enhanced Stacking Status on page 66 Selecting a Switch in an Enhanced Stack on page 68 Q Q Returning to the Master Switch on page 71 Q Displaying the Enhanced Stacking Status on page 72 Note For background information on enhanced stacking refer to Chapter 5 Enhanced Stacking
278. tion click the button next to the View Target Parameters Table and then click View at the bottom of the tab The SNMPv3 Target Parameters Table tab is shown in Figure 100 AT 9424T SP SNMPv3 Target Parameters Table L ayeri Total Entries 6 Page 1of2 Message 5 gt C m no ar Securky Tg Params Name Processing Model Name Level Storage Type Security manager50 v3 jenny AuthPriv Nonvolatile Help snmpmanager65 v3 murthy AuthPriv NonVolatile L togat snmpmanager75 v3 teresa AuthPriv NonVolatile snmpv3manager120 v3 hoa AuthNoPriv NonVolatile snmpv3manager220 luke AuthNoPriv NonVolatile Figure 101 SNMPv3 Target Parameters Table Tab Monitoring 266 Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide Displaying To display entries in the SNMPv3 Community Table perform the SNMPv3 __ following procedure Community A 1 From the Home page select Monitoring Table Entries The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 2 Select the SNMP tab The SNMP tab is shown in Figure 94 on page 259 3 Inthe SNMPv3 section click the button next to View Community Table and then click View at the bottom of the tab The SNMPv3 Community Table tab is shown in Figure 102 AT 9424T SP eting if SNMPv3 Community Table tayerri Total Entries 5 Page 1of2
279. tions on how to set the role of a port refer to Setting Port Roles on page 334 4 Click Settings The Authenticator Parameters page is shown in Figure 131 __AuthenticatorParameters6 Port Control Quiet Period Auto 60 Tx Period Reauth Period 30 3600 Supplicant Timeout Server Timeout 30 30 Max Requests 2 Figure 131 Authenticator Parameters Page 5 Adjust the following parameters as necessary 337 Chapter 23 802 1x Port based Network Access Control 338 Port Control The possible settings are Force authorized Disables IEEE 802 1X port based authentication and causes the port to transition to the authorized state without any authentication exchange required The port transmits and receives normal traffic without 802 1x based authentication of the client This is the default setting Force unauthorized Causes the port to remain in the unauthorized state ignoring all attempts by the client to authenticate The switch cannot provide authentication services to the client through the interface Auto Enables 802 1x port based authentication and causes the port to begin in the unauthorized state allowing only EAPOL frames to be sent and received through the port The authentication process begins when the link state of the port changes or the port receives an EAPOL Start packet from a supplicant The switch requests the identity of the client and begins relaying authent
280. to associate with a group Enter a User Name that you configured in Creating a User Table Entry on page 207 In the Group Name field enter a Group Name that you configured in l the Access Table See Creating an Access Table on page 220 There are four default values for this field that are reserved for SNMPv1 and SNMPv2c implementations Q defaultV1GroupReadOnly Q defaultV1GroupReadWrite Q defaultV2cGroupReadOnly Q defaultV2cGroupReadWrite In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the SecurityToGroup Table After making changes to a SecurityToGroup Table entry with a Volatile storage type Save Changes does not appear on the General tab NonVolatile Select this storage type if you want the ability to save an entry in the SecurityToGroup Table After making changes to a SecurityToGroup Table entry with a NonVolatile storage type Save Changes appears on the General tab Allied Telesyn recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 SecurityToGroup Table entry takes effect immediately 229 Chapter 16 SNMPv3 Deleting a SecurityToGroup Table Entry Modifying a SecurityToGroup 230 Table Entry 9 Click Apply 10 To save your changes return to the
281. to 61 440 in increments of 4096 with 0 being the highest priority For a list of the increments refer to Table 5 Table 5 Bridge Priority Value Increments Increment shai Increment af 0 0 8 32768 1 4096 9 36864 2 8192 10 40960 3 12288 11 45056 4 16384 12 49152 5 20480 13 53248 6 24576 14 57344 7 28672 15 61440 Bridge Hello Time The time interval between generating and sending configuration messages by the bridge This parameter can be from 1 to 10 seconds The default is 2 seconds Bridge Forwarding Delay The waiting period in seconds before a bridge changes to a new state for example becomes the new root bridge after the topology changes If the bridge transitions too soon not all links may have yet adapted to the change resulting in network loops The range is 4 to 30 seconds The default is 15 seconds Bridge Max Age The length of time after which stored bridge protocol data units BPDUs are deleted by the bridge All bridges in a bridged LAN use this aging time to test the age of stored configuration messages called bridge protocol data units BPDUs For example if you use the default value 20 all bridges delete current configuration messages after 20 seconds This parameter can be from 6 to 40 seconds In selecting a value for maximum age the following rules must be observed MaxAge must be greater than 2 x HelloTime 1 Section Il Advanced Features
282. ton does refer to Saving Your Parameter Changes on page 36 Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide Displaying a List of Host Nodes Section II Advanced Features You can use the AT S63 management software to display a list of the multicast groups on a switch as well as the host nodes You can also view the multicast routers A multicast router is a router that is receiving multicast packets from a multicast application and transmitting the packets to host nodes To view host nodes perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 6 on page 44 Select the IGMP tab The IGMP tab is shown in Figure 47 IGMP Snooping Status Host Router Timeout Interval C wyer Disable 260 seconds Security Snoop Topology Maximum Multicast Groups Multicast Router Ports Mode CE tuto select View Multicast Hosts List View Multicast Routers List Figure 47 IGMP Tab Monitoring The IGMP tab provides the following information Enable IGMP Snooping Status The IGMP snooping status on the switch Possible settings are Enabled and Disabled Snoop Topology Whether there is only one host node per switch port or multiple host nodes per port The possible settings are Edge Single Host Port and Intermediate Multi Host Po
283. trunk on the switch The port trunk is ready for network operations 102 Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Modifying a Port Trunk Section Basic Features This section contains the procedure for modifying a port trunk on the switch You can change the name of a trunk and the ports that constitute the trunk You cannot change the load distribute method Be sure to review the guidelines in Chapter 8 Port Trunking in the AT S63 Management Software Menus Interface User s Guide before you perform the procedure Caution If you are adding or removing ports from the trunk you should disconnect all data cables from the ports of the trunk on the switch before performing the procedure Adding or removing ports from a port trunk without first disconnecting the cables may result in loops in your network topology Loops can produce broadcast storms and poor network performance Note Before you modify a port trunk examine the speed duplex mode and flow control settings of the lowest numbered port that are to be in the trunk Check to be sure that the settings are correct for the end node to which the trunk is to be connected When you modify a trunk the AT S63 management software copies the settings of the lowest numbered port in the trunk to the other ports so that all the settings are the same You should also check to be sure that the ports are untagged members of the s
284. ttings 360 Management Interface Setting Default Console Disconnect Timer Interval 10 minutes Note Login names and passwords are case sensitive The following table lists the RJ 45 serial terminal port default settings RJ 45 Port Setting Default Data Bits 8 Stop Bits 1 Parity None Flow Control None Baud Rate 9600 bps The following table lists the SNTP default settings SNTP Setting Default System Time 00 00 00 on January 1 1970 SNTP Status Disabled SNTP Server 0 0 0 0 UTC Offset 0 Daylight Savings Time DST Enabled Poll Interval 600 seconds Switch Administration Default Settings System Software Default Settings AT S63 Management Software Web Browser Interface User s Guide The following table describes the switch administration default settings Administration Setting Default IP Address 0 0 0 0 Subnet Mask 0 0 0 0 Gateway Address 0 0 0 0 System Name None Administrator None Comments None BOOTP DHCP Disabled MAC Address Aging Time 300 seconds The following table lists the system software default settings System Software Setting Default Console Startup Mode CLI 361 Appendix A AT S63 Default Settings Enhanced Stacking Default Setting The following table lists the enhanced stacking default setting Enhanced Stacking Setting Default Switch
285. ture Fan 1 Speed RPM Fan 2 Speed RPM The speed of the system fan s The Voltage section provides the current voltage of the six power supplies in the switch identified as 2 5 V 3 3 V 5 V 1 8 V 1 25 V and 12 V 45 Chapter 3 Basic Switch Parameters Configuring the Manager and Operator Passwords There are two levels of management access on an AT 9400 Series switch manager and operator When you log in as a manager you can view and configure all of a switch s operating parameters When you log in as an operator you can only view the operating parameters you cannot change any values You log in as a manager or an operator by entering the appropriate username and password when you start an AT S63 management session The default password for manager access is friend The default password for operator access is operator Passwords are case sensitive To change the manager or operator password perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Inthe Passwords section enter the new values The parameters are described below Manager Password Confirm Manager Password You use these parameters to change the manager s login password for the switch The password can be from 0 to 16 characters in length The same password is used for both local and remote management sessions
286. unity Index Name Name Tag Storage Type Row Status Help California SantaClara456 wilson swengtag NonVolatile Active O alabama birmingham123 jenny swengtag NonVolatile Active O carolina raleigh998 chitra testengtag NonVolatile Active bismarck 78 hwengtag Nonvolatile Active swengtag Figure 91 SNMPv3 Community Table Tab Configuration 4 Click Add The Add New SNMPv3 Community page is shown in Figure 92 T Mda New SNWPvS Community Community Index i 0456 Community Name SantaClaraCA333 Security Name murthy Transport Tag swengtag swenginform Storage Type NonVolatile x Row Status Active Figure 92 Add New SNMPv3 Community Page 5 Inthe Community Index field enter a numerical value for this Community This parameter is used to index the other parameters in an SNMPv3 Community Table entry Enter a value of up to 32 alphanumeric characters 6 Inthe Community Name field enter a Community Name of up to 64 alphanumeric characters Section II Advanced Features 253 Chapter 16 SNMPv3 254 The value of the Community Name parameter acts as a password for the SNMPv3 Community Table entry This parameter is case sensitive Note Allied Telesyn recommends that you select SNMP Community Names carefully to ensure these names are known only to authorized personnel In the Security Name field enter a name of an SNMPv1 and SNMPv2c user Th
287. unity Table Entry ou ssessssssesscssesccsssseccsssccesssseesssscessssecesssscsssssceesnseessssceessssesssnsesssnsceessssessnnseessne 255 Displaying SNMPV3 Ta Ble sceciciiscsssvsestecsscsseyucesgescsscuadessrosessensusternsestcnusa arose lonysetesitealendclspnsed le A R OAA 258 Displaying User Table Entries 0 0 0 ssssssssccsssssccssssccsssssecssssccssscessssscesusecesssssecssseessssseesssesesssecssnsesesssseeesssecessnssessusesessssesssnsesesnseesesesess 259 Displaying View Table Entries t ssssissozcicssscsctsactovsesciessesuoasecesanacadenscecousasestevteneutectonsegheostosausapovesceceuseenonbaseten AA 261 Displaying Access Table Entries 0 ssssssssssccsseseesseeeeeseees wa 262 Displaying SecurityToGroup Table Entries a 263 Displaying Notify Table Entries ssssssssssssesssssssssssserssssssssssssse wa 264 Displaying Target Address Table Entries ssssssssssssscssccssscsssccssecsssscsssccsssscssccsssccessecessccessccssseceseceaseessseessssesascessscesseesaeeesaeesssees 265 Displaying Target Parameters Table Entries c sssssssssscsssscsseccssecsssecssccsssccssccsssccessecessccessecessecessecssecessccssscceaseesaseesaecsaeesaeesasees 266 Displaying SNMPv3 Community Table Entries 0 esssssssscsssssecssscecsssssesssssecssscecsssssesssecesssscecssscessnssscsssceessssecsssseesssseessnsseeessseees 267 Section Ill Chapter 17 Virtual LANS 255i ccc iaaiscdso sc innat EE E E E desi cubana dead cobs deveceata AAR E Creating a New Port Base
288. uration you do not want to retain as the active boot configuration file The latter procedure is described in the same chapter Note The AT S63 management software default values are listed in Appendix A AT S63 Default Settings on page 357 To return the AT S63 management software to the default settings perform the following procedure 1 50 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 Select the System Utilities tab Section Basic Features AT S63 Management Software Web Browser Interface User s Guide The System Utilities tab is shown in Figure 8 AT 9424T SP Utilities System _ _ Cwen CI Reboot Switch After Resetting to Defaults Hep TFTP File Uploads and Downloads logout TFTP Server IP Address TFTP Operation 0 o o p Download Upload TFTP Remote Filename TFTP Local Filename TFTP FileType Image Default Config O General Figure 8 System Utilities Tab Configuration 3 Click the Reboot Switch After Setting Defaults checkbox 4 Click Apply The web browser displays the following prompt This page may no longer be available while the switch reboots Do you want to continue 5 Click OK to continue or Cancel to cancel the procedure Section I Basic Features 51 Chapter 3 Basic Switch Parameters 52 Section Basic Features Cha
289. ure 6 on page 44 You can also display events by selecting Configuration from the home page and then the Event Log tab The tab contains the same Filter Settings and Actions section as described in this procedure The Event log tab is shown in Figure 37 System AT 9424T SP Filter Settings and Actions Log Location Temporary RAM Permanent NVs Severity Selections D Debug a E Error WWarming Hnformation v Display Order Chronological O Reverse Chronological Mode Normal OFull Module Selections SYSTEM Al CLI m EVTLOG MAC m Figure 37 Event Log Tab Monitoring 3 Inthe Filter Settings and Actions section for Log Location click one of the following 130 Section II Advanced Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide Temporary Memory Displays the events stored in temporary memory This selection stores approximately 4 000 events If the switch has been running for some time without a reset or power cycle select Temporary This is the default Permanent NVS Displays events stored in nonvolatile memory which stores no more than 2 000 events If the switch was recently reset or power cycled and you want to view the events that occurred prior to the reset select Permanent To display events of a selected severity in the Severity Selections list select one or more of the following s
290. ures esssssseosssseseeresssssseeossssscereosseereeossssseereessserreosssssroessssserreosssereessssseereees 119 Chapter 10 File Downloads and Uploads nnonsosssssssssssssssssssssssssssssssssssssrsrsssessssesssrsrsrsrsssrsrsrsrsrsrsreerrrerererrerrsrererererereererersrsrsrerrrrrererrrerersrsrerrrrerre 121 Downloading a File Uploading a File AT S63 Management Software Web Browser Interface User s Guide Chapter 11 Event LOG fe isssssiccsssssssesszaisossencsbisonsssooonesasases Enabling or Disabling the Event Log Displaying Events ssessssssssccseeeecsseeeeesees Disabling the Event Log Clearing the Event Log a Savingthe Event Log tO S Fie isssrsisseicasiiseeni iei aA E Chapter 12 Quality Of Service EREE EE E E E O Aine EEA A E E S A ET 141 COMPIQUITING GOS EAE E E EEE E EEE AAA 142 Mapping CoS Priorities to Egress QUEUES sesssssssssesssssssessesssssssssssssssesssesssesssssssssssesssesssssssessesssesssssssessssssseessesssessseesseesseessssssessesssees 145 Configuring Egress Scheduling iscczsiccvassssasissnaesstuteviciatecstatesssnccsbenasccasuvbasLovbasceanotoueotseddsyentevbascesposctenpSedavpnscvenpbedausstauccnonsiposasueonaserpeneaveer 148 Displaying the CoS Settings sss ccccsscscsssetesssscestevoncssissccastvecoas ccoatovssoasvessavsctoatseconuevososbes cbasbusoade cheater ANAA O 150 Displaying the QoS SEMed ules zcsccccsesceresassssasedsosdsssnoasedssddsvesoast
291. w Status Active Figure 75 Modify SNMPv3 View Page In the Subtree Mask field enter a subtree mask in hexidecimal format This is an optional parameter that is used to further refine the value of the Subtree OID parameter The Subtree OID parameter defines a MIB View and the Subtree Mask parameter further restricts a user s view to a specific the column and row of the MIB View The value of the Subnet Mask parameter is dependent on the subtree you select For example if you configure the View Subtree parameter as MIB ifEntry 0 3 it has the following value 1 3 6 1 2 1 2 2 1 0 3 Section Il Advanced Features AT S63 Management Software Web Browser Interface User s Guide To restrict the user s view to the third row all columns of the MIB ifEntry 0 3 enter the following value for the Subtree Mask parameter ff bf 6 In the View Type field enter one of the following view types Included Enter this value to permit the View Name to see the subtree specified above Excluded Enter this value to not permit the View Name to see the subtree specified above 7 Inthe Storage Type field enter a storage type for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Target Parameters Table After making changes to an Target Parameters Table entry with a Volatile storage type Save Changes does not appear on the General tab NonVolatile Select this storage ty
292. w either the settings for the current authentication method 3 Inthe lower portion of the tab click TACACS Settings 4 Click View Section IV Security 327 Chapter 22 TACACS and RADIUS 328 The TACACS client configuration page is shown in Figure 126 Global Secret Global Server Timeout 1 300 Winner 30 second s 149 32 14 237 RC Corp 149 32 14 248 RC Corp 149 32 14 248 Figure 126 TACACS Client Configuration Page The upper portion of the page provides the following information Global Secret The TACACS server encryption secret Global Server Timeout The maximum amount of time the switch waits for a response from a TACACS server before assuming the server cannot respond The lower portion of the page displays a table that contains the following columns of information Server The server number one of three IP Address IP addresses of up a network server containing TACACS server software Encryption Key Encryption key for the server This parameter is blank if all the TACACS servers have the same encryption secret Section IV Security AT S63 Management Software Web Browser Interface User s Guide Configuring RADIUS Section IV Security To configure RADIUS perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Select the Server
293. wn in Figure 35 AT 9424T SP m Name Marketing dr 00 30 84 4B8 EF CD Utilities bayer C Reboot Switch After Resetting to Defaults Hep _ TFTP File Uploads and Downloads logout TFTP Server IP Address TFTP Operation 0 o o g Download O Upload TFTP Remote Filename TFTP Local Filename TFTP FileType Image Default Config O General Figure 35 System Utilities Tab Configuration Note You use the top portion of the tab to return the switch to its factory default settings For instructions refer to Returning the AT S63 Management Software to the Factory Default Values on page 50 3 Inthe TFTP Server IP Address field enter the IP address of the network node that contains the TFTP server software 4 Inthe TFTP Operation field click Download 5 Inthe TFTP Remote Filename field enter the filename of the file on the TFTP server to be downloaded to the switch 6 Inthe TFTP Local Filename field enter a name for the file This is the name that the switch uses to store the file in its file system If you are downloading the AT S63 image file enter ats62 img as the filename 7 Forthe TFTP File Type select one of the following 123 Chapter 10 File Downloads and Uploads Image Select this option if you are downloading the AT S63 image file Default Config Select this option if you are downloading a configuration file and you want the file to be designated as the a
294. ximum age the following must be observed MaxAge must be greater than 2 x HelloTime 1 MaxAge must be less than 2 x ForwardingDelay 1 Bridge Identifier The MAC address of the bridge The bridge identifier is used as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority value This value cannot be changed After you have made your changes click Apply Toadjust RSTP port settings click on the port in the switch image and click Modify You can select more than one port at a time Section Il Advanced Features Section II Advanced Features AT S63 Management Software Web Browser Interface User s Guide The RSTP Settings Port s page is shown in Figure 58 Port Priority 0 15 Point To Point 8 16 128 Auto Detect v Port Cost 0 200000000 Edge Port os 0 Auto Update Yes v Figure 58 RSTP Settings Port s Page 8 Adjust the following parameters as necessary Port Priority This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge The range is 0 to 240 in increments of 16 The default value is 8 priority value 128 For a list of the increments refer to Table 6 on page 169 Port Cost The spanning tree algorithm uses the cost parameter to decide which port provides the lowest cost path to the root bridge for that LAN The range is 0 to 20 000 000 The default setti
295. y of Service QoS Enable and configure Internet Group Management Protocol IGMP snooping OY Download and upload image configuration and system files Q Configure port security The AT S63 management software is preinstalled on the switch with default settings for all operating parameters If the default settings are adequate for your network you can use the device as an unmanaged switch by connecting it to your network as explained in the hardware installation guide and powering on the switch Note The default settings for the management software can be found in Appendix A AT S63 Default Settings on page 357 To actively manage a switch by adjusting its operating parameters you must access the AT S63 management software The AT S63 management software provides a menu interface that makes it very easy to use see the AT S63 Management Software Menus Interface User s Guide and an interface for managing a switch using a web browser described in this guide It also features a command line interface see the AT S63 Management Software Command Line Interface User s Guide AT S63 Management Software Web Browser Interface User s Guide There are four ways to access the management software on an AT 9400 Series switch These methods are referred to in this guide as management sessions They are Q Local management session Q Telnet management session Q Web browser management session Q SNMP management session
296. you intend to remotely manage the switch from a management station that is separated from the switch by a router The address must be entered in the format XXX XXX XXX XXX The default value is 0 0 0 0 3 Click Apply to activate your changes on the switch Note A change to any of the above parameters is immediately activated on the switch A change to the IP address of the switch results in the loss of a remote management session You can restart the management session using the switch s new IP address 4 Click Save Changes to permanently save your changes This button is not displayed if there are no changes to save Section Basic Features AT S63 Management Software Web Browser Interface User s Guide Activating the BOOTP and DHCP Client Software Section Basic Features For background information on BOOTP and DHCP refer to Chapter 3 Basic Switch Parameters in the AT S63 Management Software Menus Interface User s Guide To activate or deactivate the BOOTP and DHCP client software on the switch from a web browser management session perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 5 on page 40 2 Inthe BOOTP DHCP section click either Enable to activate the client software or Disable to disable it The default is disabled 3 Click Apply to activate your change on the switch N
Download Pdf Manuals
Related Search