3Com 2924-SFP User's Manual
Contents
1. Device Summary Save Configuration Select Aggregation to Modify fi Admimistcotion gt Select ports to add to aggregation or De select ports to remove from aggregaion Device gt Pon Ome a AE R IMP ee A ee Help Selected Ports Deselected Ports Member of the modified aggregation Li Not a member of any aggregation E Member of an existing aggregation or VLAN Summary group ID Member Ports 1 1 3 5 7 9 Help Apply Cancel ElLogout The Link Aggregation Modify Page includes the following fields a Select Aggregation to Modify Selects the Link Aggregation Group ID to modify m Selected Ports Allows the network manager to select ports to be added or removed from a current aggregation The selected or de selected ports are color coded as follows a Blue Displays a member of the modified aggregation a White Not a member of any aggregation a Grey Displays a member of an existing aggregation or VLAN 96 CHAPTER 7 AGGREGATING PORTS Summary Group ID Displays the Link Aggregated Group ID Type Displays the link aggregation type a Member Ports Displays the ports configured to the LAG 2 Define the fields 3 Click Apply Link Aggregation is configured and the application is updated Removing Link The Link Aggregation Remove Page allows the network manager to Aggregation remove group IDs containing member ports Monitor users have no access to this page T2. ElLogout Help The CoS to Queue Summary Page contains the following fields a Class of Service Specifies the CoS priority tag values where zero is the lowest and 7 is the highest Queue Defines the traffic forwarding queue to which the CoS priority is mapped Four traffic priority queues are supported The CoS to Queue Setup Page contains fields for mapping CoS values to traffic queues Four traffic priority queues are supported on the device with 1 representing the lowest queue and four as the highest The highest priority queue functions with strict priority while queues 1 3 function with WRR priority with the following weights 1 2 and 10 respectively CoS 0 5 can t be assigned to queue 4 as it is dedicated to high priority traffic like voice and control messages The monitor user has no access to this page 146 CHAPTER 13 CONFIGURING QUALITY OF SERVICE To configure CoS values to queues Click Policy gt QoS General gt CoS to Queue gt Setup The CoS to Queue Setup Page opens Figure 79 CoS to Queue Setup Page Do Baseline Switch 2924 SFP Plus 30 om Device gt QoS gt CoS to Queue Setup Device Summary Save Configuration Restore Defaults I Administration gt Device hz Port fix Security iz pe BE Ra ba 7 4 Logout aE E Ae RESTS Help Apply Cancel The CoS to Queue Setup Page contains the following fields
3. Select All Select None NOTE You may set different membership types on multiple ports before applying Summary Untagged Membership Tagged Membership 1 5 9 14 19 44 2 3 8 a The Modify VLAN Page contains the following fields m Select a VLAN to Modify Modifies a VLAN Name from a drop down list a Rename Renames the VLAN Name 106 CHAPTER 8 CONFIGURING VLANS A WN Select port to add to the VLAN Adds a selected port to the VLAN a Select Membership Type Displays the membership type for each VLAN The possible field values are a Untagged Indicates the interface is an untagged member of the VLAN a Tagged Indicates the interface is a tagged member of a VLAN VLAN tagged packets are forwarded by the interface The packets contain VLAN information a Nota Member Indicates the interface is not a member of the VLAN a Not Available for Selection Indicates the interface is not available for selection a Select All Allows the user to select all ports to be added to the VLAN a Select None Removes the ports selected To rename VLANs Select a VLAN from the list to be renamed Click Rename The VLANs are renamed and the device is updated To add ports to a VLAN Select a VLAN to modify Select the membership type for the selected port Select ports to be added to the selected VLAN Click Apply The selected ports are added to the VLAN and the device is upda
4. Configuring Ports Provides information for configuring port settings 4 ABOUT THIS GUIDE Aggregating Ports Provides information for configuring Link Aggregation which optimizes port usage by linking a group of ports together to form a single LAG Configuring VLANs Provides information for configuring VLANs VLANs are logical subgroups with a Local Area Network LAN which combine user stations and network devices into a single virtual LAN segment regardless of the physical LAN segment to which they are attached Configuring IP and MAC Address Information Provides information for configuring IP addresses DHCP and ARP Configuring IGMP Snooping Provides information for configuring IGMP Snooping Configuring Spanning Tree Provides information for configuring Classic and Rapid Spanning Tree Configuring SNMP Provides information for configuring the Simple Network Management Protocol SNMP which provides a method for managing network devices Configuring Quality of Service Provides information defining Quality of Service including DSCP and CoS mapping policies and configuring Trust mode Managing System Files Provides information for defining file maintenance Managing System Logs Provides information for viewing system logs and configuring device log servers Viewing Statistics Provides information for viewing RMON and interface statistics Managing Device Diagnostics
5. 1 Click Administration gt Backup amp Restore gt Restore The Restore Page opens Figure 92 Restore Page ez Baseline Switch 2924 SFP Plus Administration gt Backup amp Restore Restore 3c0M SET eso Device Summary Save Configuration Download via TFTP Download via HTTP Auministration Configuration Download Device X TFTP Server IP Address Port gt Source File Name gt Security Monitoring Help ElLogout Help Apply Cancel The Restore Page contains the following fields a Download via TFTP Enables a download from the TFP server a Download via HTTP Enables a download from the HTTP server or HTTPS server Configuration Download m TFTP Server IP Address Specifies the TFTP Server IP Address from which the configuration files are downloaded a Source File Name Specifies the source file from which the configuration file is downloaded 2 Define the relevant fields 3 Click Apply The restore file is defined and the device is updated Upgrade the Firmware Image 165 Upgrade the Firmware Image gt The Restore Image Page permits network managers to upgrade the switch firmware us Note The bootcode can only be upgraded using the Command Line Interface CLI See Upgrading Software using the CLI page 27 a The monitor user has no access to this page To download the software image Click Administration gt Firmware Upgrade gt Res
6. 196 APPENDIX E 3COM CLI REFERENCE GUIDE Automatic Logout Concurrent CLI Sessions 3 Press Enter The Password prompt displays Password The Login information is verified and displays the following CLI menu Select menu option If the password is invalid the following message appears and Login process restarts Incorrect Password The user session is automatically terminated after 30 minutes in which no device configuration activity has occurred The following message is displayed Session closed by automatic logout The command line interface supports one CLI session CLI Commands This Command section contains the following commands a a Ping a Summary ipSetup m Upgrade a Initialize m Reboot m Logout Password CLI Commands 197 The command displays a list of CLI commands on the device Syntax Default Configuration This command has no default configuration User Guidelines There are no user guidelines for this command Example The following displays the list presented for the command Select menu option initialize Reset the device to factory default and reboot ipsetup Configures IP address logout Logout from this session ping Send echo messages reboot Power cycles the device summary Summarizes IP setup and software versions upgrade Software upgrade over TFTP 198 APPENDIX E 3COM CLI REFER
7. Indicates the reason for which the port authentication was terminated Click Apply Port Authentication is enabled and the device is updated The 802 1X Setup Page contains information for configuring 802 1X global settings on the device and defining specific 802 1X setting for each port individually Monitor users have no access to this page Defining Port Based Authentication 802 1X 55 To configure 802 1X Settings Click Security gt 802 1X gt Setup The 802 1X Setup Page opens Figure 27 802 1X Setup Page CAN Baseline Switch 2924 SFP Plus 3C om Security gt 802 1x Setup E r ete 802 1x Global Setti 1x Global Settings S Configurati Ears mae Port Based Authentication State Enable 7 Administration gt Authentication Method Radius z 8 gt Enable Guest VLAN m Device a Guest VLAN ID E Security P 902 1 Port Settings Monitoring I Admin Port Control Force Unauthorized z Hen Guest VLAN Enable Periodic Authentication Enable Reauthentication Period 3600 J Logout Help Apply Cancel The 802 1X Setup Page contains the following fields 802 1X Global Settings a Port Based Authentication State Indicates if Port Authentication is enabled on the device The possible field values are the default value Enable Enables port based authentication on the device Disable Disabl
8. Provides information for managing device diagnostics Intended Audience 5 Intended Audience This guide is intended for network administrators familiar with IT concepts and terminology If release notes are shipped with your product and the information there differs from the information in this guide follow the instructions in the release notes Most user guides and release notes are available in Adobe Acrobat Reader Portable Document Format PDF or HTML on the 3Com Web site a http Awww 3Com com Conventions Table 1 lists conventions that are used throughout this guide Table 1 Notice Icons Icon Notice Type Description Information Information that describes important features or note instructions Caution Information that alerts you to potential loss of data J or potential damage to an application system or device Warning Information that alerts you to potential personal injury Related In addition to this guide other documentation available for the 3Com Documentation Baseline Switch 2916 SFP Plus 2924 SFP Plus include the following a Safety and Support Information Provides installation set up and regulatory compliance information CONTENTS ABOUT THIS GUIDE WSOrIGUIde O VELVIOW 2 5 3 626 con tee aire ciate ade rl ne A ER 3 Mtende Audiences ai O A A 5 GOMVEMUIOMS Anae oa a a lk E T E RAS 5 Related Doc mentati Nia ene ne esna a eo a ad aa d a EEA 5 GETTING STARTED About the Switch 2916 and
9. Provides users with read and write access rights a Monitoring Provides users with read access rights 2 Select a User to be deleted The last user with management access may not be deleted 3 Click Remove The User is deleted and the device is updated 50 CHAPTER 4 MANAGING DEVICE SECURITY Defining RADIUS Remote Authorization Dial In User Service RADIUS servers provide Clients additional security for networks RADIUS servers provide a centralized authentication method for 802 1X The default parameters are user defined and are applied to newly defined RADIUS servers If new default parameters are not defined the system default values are applied to newly defined RADIUS servers Monitor users have no access to this page To configure the RADIUS client 1 Click Security gt RADIUS Client gt Setup The Radius Client Setup Page opens Figure 25 Radius Client Setup Page RAN 3com Device Summary Save Configuration Administration Device Port Security Monitoring Help vvv v Logout Baseline Switch 2924 SFP Plus Security gt Radius Client Setup Setup f q i Primary Server Host IP Address 0 0 0 0 Authentication Pohs SSS Number of Retries Booo Timeout for Reply Booo Sec Dead Time pooo Min Backup Server Host IP Address 0 0 0 0 Authentication Poaha CS Number of Retries BoZ Oo o Timeout for Reply pooo o Sec Dead Time bo o o Y O Min Key
10. Severity Level Message Emergency Highest 0 The system is not functioning Alert 1 The system needs immediate attention Critical 2 The system is in a critical state Error 3 A system error has occurred Warning 4 Asystemwarninghasoccurred Notice 5 The system is functioning properly but a system notice has occurred oO Informational Provides device information N Debug Provides detailed information about the log If a Debug error occurs contact Customer Tech Support This section includes the following topics a Viewing Logs m Configuring Logging 168 CHAPTER 15 MANAGING SYSTEM LOGS Viewing Logs The Logging Display Page contains all system logs in a chronological order that are saved in RAM Cache The monitor user has read only access to this feature To view Logging Click Administration gt Logging gt Display The Logging Display Page opens Figure 95 Logging Display Page N QN 3c0M Device Summary Save Configuration Administration Device Port Security Monitoring Help vwrvvY Logout Baseline Switch 2924 SFP Plus Administration gt Logging Display Display Save Preview Clear Logs Severity Description Error Error HTTP_HTTPS E GETDATEFROMSYS WARNING The ifmodified since date can not be taken from the system so it will be set to 1 1 1970 HTTP_HTTPS E DIAGNOSTICS ERROR in lt RL_vtRepeat gt syntax erro
11. CHAPTER 4 MANAGING DEVICE SECURITY Configuring ACL Binding The ACL Binding Setup Page allows the network administrator to bind specific ports to MAC or IP Based ACLs The monitor user has no access to this page To define ACL Binding Click Device gt ACL gt ACL Binding gt Summary The ACL Binding Summary Page opens Figure 37 ACL Binding Setup Page Q Baseline Switch 2924 SFP Plus Device gt ACL gt ACL Binding Setup 3cC0M Device Summary Save Configuration Select port s Administration Device Port vvv v Ba Bind ACL MAC based ACL IP based ACL Select ACL oe E Logout sa a r G Help Apply Cancel The ACL Binding Setup Page contains the following fields m Select Port s Indicates the ports to be configured a Bind ACL Assigns an Access Control List to a port or LAG a MAC based ACL Displays the MAC based ACL to which the interface is assigned a P based ACL Displays the IP based ACL to which the interface is assigned a Select ACL Contains a list of previously defined Access Control Lists to which the port or LAG can be bound To bind an ACL to a LAG the ACL should be bound to its port members 2 Define the relevant fields 3 Click Apply ACL Binding is defined and the device is updated Removing ACL Binding Defining Access Control Lists 77 The ACL Binding Remove Page allows the network a
12. Defining Spanning Network administrators can assign STP settings to specific interfaces Tree using the Spanning Tree Setup Page The monitor user has no access to this page To configure Spanning Tree Setup 1 Click Device gt Spanning Tree gt Setup The Spanning Tree Setup Page opens Figure 70 Spanning Tree Setup Page CN Baseline Switch 2924 SFP Plus 3 C 0 m Device gt Spanning Tree Setup Summary Device Summary SES assen Global Settings z Spanning Tree State Disable 7 Aarin stration BPDU Handing Flooding z pecs p Path Cost Default Values Shor z Port ENS CE SO Security gt Bridge Settings Monitoring gt Priority 32768 Help Hello Time Sec Max Age Sec C Forward Delay Sec Designated Root Bridge ID Root Bridge ID Root Port Root Path Cost 0 Topology Changes Counts 0 Last Topology Change Logout Help Apply Cancel The Spanning Tree Setup Page contains the following fields a Global Settings m Bridge Settings m Designated Root Global Setting Bridge Setting Defining Spanning Tree 131 Spanning Tree State Indicates whether STP is enabled on the device The possible field values are a Classic Enables STP on the device a RSTP Enables RSTP on the device a Disable Disables STP and RSTP on the device BPDU Handling Determines how BPDU packets are managed when STP is disabled on the port or device BPDUs are used to transmit spann
13. Understanding the 3Com Web Interface The 3Com Web Interface Home Page contains the following views a Tab View Provides the device summary configuration located at the top of the home page a Tree View Provides easy navigation through the configurable device features The main branches expand to display the sub features a Port Indicators Located under the Device View at the top of the home page the port indicators provide a visual representation of the ports on the front panel Understanding the 3Com Web Interface 31 Figure 9 Web Interface Components CAN Baseline Switch 2924 SFP Plus 3C om Device Summary Device View 4 Device View Color Key Device Summary Save Configuration Administration gt Device A Port Security gt Device Summary Information Monitoring gt Product Description 3Com Baseline Switch 2924 SFP Plus System Name Hele System Location System Contact Serial Number YECF5UDA0E380 Product 3C Number 3CBLSG24 System Object ID 1 3 6 1 4 1 43 1 9 61 MAC Address 00 12 A9 A0 E3 80 System Up Time 0 days 0 hours 0 minutes 48 seconds Software Version 3 01 00s56 Boot Version 1 0 0 00 Hardware Version 1 0 0 kal Logout The default polling interval is 60 sec The following table lists the user interface components with their corresponding numbers Table 6 Interface Components View Descr
14. a Force Unauthorized Denies the selected interface system access by moving the interface into unauthorized state The device cannot provide authentication services to the client through the interface Guest VLAN Specifies whether the Guest VLAN is enabled on the port The possible field values are a Enable Enables using a Guest VLAN for unauthorized ports If a Guest VLAN is enabled the unauthorized port automatically joins the VLAN selected from the Guest VLAN ID dropdown list a Disable Disables Guest VLAN on the port This is the default Periodic Reauthentication Enables periodic reauthentication on the port a Enable Enables the periodic reauthentication on the port a Disable Disables the periodic reauthentication on the port Reauthentication Period Displays the time span in seconds in which the selected port is reauthenticated The field default is 3600 seconds 2 Define the fields 3 Click Apply The 802 1X Settings are enabled and the device is updated Defining Access Control Lists 57 Defining Access Control Lists Access Control Lists ACL allow network managers to define classification actions and rules for specific ingress ports Packets entering an ingress port with an active ACL are either admitted or denied entry If they are denied entry the port can be disabled For example an ACL rule is defined states that port number 20 can receive TCP packets however i
15. m Restore Defaults Restores the device factory defaults for mapping CoS values to a forwarding queue a Class of Service Specifies the CoS priority tag values where zero is the lowest and 7 is the highest m Queue Defines the traffic forwarding queue to which the CoS priority is mapped Define the queue number in the Queue field next to the required CoS value Click Apply The CoS value is mapped to a queue and the device is updated Viewing DSCP to Queue 147 Viewing DSCP to The DSCP to Queue Summary Page contains fields for mapping DSCP Queue settings to traffic queues For example a packet with a DSCP tag value of 3 can be assigned to queue 4 To view the DSCP Queue 1 Click Device gt QoS gt DSCP to Queue gt Summary The DSCP to Queue Summary Page opens Figure 80 DSCP to Queue Summary Page ee N Baseline Switch 2924 SFP Plus Device gt QoS gt DSCP to Queue Summary 3C om Summary Device Summary Save Configuration DSCP Queue DSCP Queue 4 16 ps Administration gt Device gt Port wr ajaja o ajaja Security Monitoring Help olafs ajaa N pay ojx ajaja N ajaja is fe fete niy j gaffe e le l Logout Help The DSCP to Queue Summary Page contains the following fields m DSCP Displays the incoming packe
16. 1 3 5 7 9 Help Apply Cancel The Link Aggregation Create Page includes the following fields J Logout a Enter aggregation Group ID Displays the group ID The range is 1 8 groups a Static Selects the link aggregation type to be static a LACP Selects the link aggregation type to be LACP Select ports for the new aggregation Displays the ports for which the link aggregation parameters are defined a Blue Displays a member of the aggregation being created a White Displays a non existent member of any aggregation a Grey Displays a member of an existing aggregation or VLAN Summary m Group ID Displays the Link Aggregated Group ID a Member Ports Displays the ports configured to the LAG 2 Define the fields 3 Click Apply The LAG configuration is defined and the device is updated Modifying Link Aggregation 95 Modifying Link The Link Aggregation Modify Page optimizes port usage by linking a Aggregation group of ports together to form a single LAG Aggregating ports multiplies the bandwidth between the devices increases port flexibility and provides link redundancy Monitor users have no access to this page To modify Link Aggregation 1 Click Ports gt Link Aggregation gt Modify The Link Aggregation Modify Page opens Figure 48 Link Aggregation Modify Page CAN Baseline Switch 2924 SFP Plus oN Port gt Link Aggregation Modify SCOM SEMTE o
17. Depth 173 mm cm 6 81 in Height 44 mm 1 73 in or 1U Weight Switch 2916 SFP Plus Switch 2924 SFP Plus Mounting 2 5 kg 5 5 Ib 2 6 kg 5 7 Ib Free standing or 19 in rack mounted using the supplied mounting kit Electrical 185 Electrical Line Frequency 50 60 Hz Input Voltage 100 240 Vac auto range Current Rating Switch 2916 SFP Plus 1 Amp Max Switch 2924 SFP Plus 1 5 Amp Max Maximum Power Consumption Switch 2916 SFP Plus 58 Watts Switch 2924 SFP Plus 84 Watts Max Heat Dissipation Switch 2916 SFP Plus 198 BTU hr Switch 2924 SFP Plus 286 BTU hr Switch Features This section describes the device features The system supports the following features Table 11 Features of the Baseline Switch 2916 SFP Plus and Switch 2924 SFP Plus Feature Description Auto Negotiation Automatic MAC Addresses Aging The purpose of auto negotiation is to allow a device to advertise modes of operation The auto negotiation function provides the means to exchange information between two devices that share a point to point link segment and to automatically configure both devices to take maximum advantage of their abilities Auto negotiation is performed totally within the physical layers during link initiation without any additional overhead to either the MAC or higher protocol layers Auto negotiation allows the ports to do the following a Advertise their abilities m Acknowledge receipt and understanding of t
18. Enables egress traffic shaping for the interface a Disable Disables egress traffic shaping for the interface a CIR Defines CIR as the interface shaping type The possible field range is 64 1 000 000 000 kbits per second a CbS Defines CbS as the interface shaping type The possible field range is 4096 16 769 020 bytes per second Defining Bandwidth Settings The Bandwidth Setup Page allows network managers to define the bandwidth settings for a specified interface Interface shaping can be based on an interface and is determined by the lower specified value The interface shaping type is selected in the Bandwidth Setup Page The monitor user has no access to this page To configure Bandwidth Settings Click Policy gt QoS General gt Bandwidth gt Setup The Bandwidth Setup Page opens Figure 84 Bandwidth Setup Page CAN Baseline Switch 2924 SFP Plus S Ve Device gt QoS gt Bandwidth Setup j Scom E seu Device Summary Save Configuration Ingress Rate Limit Enable Ingress Rate Limit u Administration gt Ingress Rate Limit E Device gt Egress Shaping Rate Port gt Enable Egress Shaping Rate B Security gt Committed Information Rate CIR Eteper second mn Monitoring Committed Burst Size CbS Help Select ports J Logout Help Apply Cancel 152 CHAPTER 13 CONFIGURING QUALITY OF SERVICE The Bandwidth Setup
19. Enc MAC Address VLAN ID State Port Index Aging Time Logout Help Apply Cancel 118 CHAPTER 9 CONFIGURING IP AND MAC ADDRESS INFORMATION The Address Table Add Page contains the following fields VLAN ID Assigns a VLAN ID to the user defined MAC Address MAC Address Defines a MAC Address to be assigned to the specific port and VLAN ID No Aging Indicates that the MAC address assigned by the user is not aged out a Checked Indicates that the Address Table entry assigned by the user is not aged out a Unchecked Indicates that the Address Table entry assigned by the user is aged out Select a Port Select the port for which the MAC settings are defined MAC Address Displays the current MAC addresses listed in the MAC address table VLAN ID Displays the VLAN ID assigned to the user defined MAC Address State Displays the current MAC Address state Possible values are a Config Static Indicates that the Address Table entry assigned by Port Index Indicates Port Table entry number Aging Time Specifies the amount of time the MAC Address remains in the Dynamic MAC Address table before it is timed out if no traffic from the source is detected The default value is 300 seconds 2 Define the fields 3 Click Apply The MAC address is added to the address table and the device is updated Configuring Address Tables 119 Defining Aging Time The Address Table Setup
20. DST on the switch When checked the DST setup parameters are displayed 84 CHAPTER 5 GENERAL SYSTEM INFORMATION us DST Region Selects USA or European standard DST or customizable DST a USA The device switches to DST at 2 00 a m from the second Sunday in March and reverts to standard time at 2 00 a m on the First Sunday of November a European The device switches to DST at 1 00 am on the last Sunday in March and reverts to standard time at 1 00 am on the last Sunday in October The European option applies to EU members and other European countries using the EU standard a Other The DST definitions are user defined and can be customized to your location If Other is selected the From and To fields must be defined Time Set Offset Sets the amount of time adjusted for DST in minutes The default time is 60 minutes a From Indicates the non recurring time that DST begins when the region is set to Other Enter the Hours Minutes Month day and Year for DST to begin a To Indicates the non recurring time that DST ends when the region is set to Other Enter the Hours Minutes Month day and Year for DST to end a Recurring When the region is set to Other this check box enables user defined DST that is constant from year to year a Recurring From The recurring time that DST begins each year Select or type the Day Week Month and Time a Recurring To The recurring time th
21. Highlight from the list above to rename ID Name 1 VLAN Rename l Logout Help The VLAN Setup Page contains the following fields Create a VLAN IDs Creates a VLAN ID m ID Displays the VLAN ID m Name Displays the user defined VLAN name Rename VLAN m ID Displays the VLAN ID Name Renames the user defined VLAN name 2 Enter a VLAN Number Modifying VLAN Settings 105 3 Click Create The VLANs are configured and the device is updated To rename a VLAN 1 Highlight a VLAN to be renamed from the VLAN list 2 Enter the new name for the VLAN 3 Click Rename The VLAN is renamed and the device is updated Modifying VLAN Settings The Modify VLAN Page allows the network manager to rename VLANs and change VLAN membership The monitor users have no access to this page To edit VLAN Settings 1 Click Device gt VLAN gt Modify VLAN The Modify VLAN Page opens Figure 55 Modify VLAN Page 3C Device Summary Save Configuration No S Ne om Administration Device Port Security Monitoring Help a Logout Baseline Switch 2924 SFP Plus Device gt VLAN Modify VLAN GTI Modify van Modify Port Pon Detail VLAN Detail Select a VLAN to modify Rename optional 1 VLAN1 gt VLAN ONE Rename Select membership type G fl Untagged C E Tagged C E Not A Member Not avaliable for selection Select port to add to this VLAN
22. a OK Indicates that the cable passed the test a Cable Fault Distance Indicates the distance from the port where the cable error occurred A Cable Fault Distance of 0 can result from a short lt 1m cable an open cable or a 2 pair copper cable a Last Update Indicates the last time the port was tested 2 Select a port to be tested 3 Click Apply The ports are tested and the page is updated 3COM NETWORK MANAGEMENT 3Com has a range of network management applications to address networks of all sizes and complexity from small and medium businesses through large enterprises The applications include m 3Com Network Supervisor m 3Com Network Director m 3Com Network Access Manager a 3Com Enterprise Management Suite a Integration Kit with HP OpenView Network Node Manager Details of these and other 3Com Network Management Solutions can be found at www 3com com network management 3Com Network Supervisor 3Com Network Supervisor 3NS is an easy to use management application that graphically discovers maps and monitors the network and links It maps devices and connections so you can easily a Monitor stress levels m Set thresholds and alerts m View network events a Generate reports in user defined formats m Launch embedded device configuration tools 3NS is configured with intelligent defaults and the ability to detect network misconfigurations It can also offer optimization suggestions
23. 113 Removing ARP The ARP Settings Remove Page provides parameters for removing ARP Entries entries from the ARP Table The monitor user has no access to this page To remove ARP entries 1 Click Administration gt IP Addressing gt ARP Settings gt Remove The ARP Settings Remove Page opens Figure 61 ARP Settings Remove Page ALA Baseline Switch 2924 SFP Plus u Administration gt ARP Setting Remove 3COM nae Remove Device Summary Save Configuration Clear ARP Table Entries None x Administration gt Device gt P Interface IP Address MAC Address Status Port gt m VLAN 1 10 6 39 26 00 11 11 6b 3a 1b Dynamic gt gt Security Monitoring Help ElLogout Help Remove Cancel The ARP Settings Remove Page contains the following fields a Clear ARP Table Entries Specifies the types of ARP entries that are cleared The possible values are a None Maintains the ARP entries a All Clears all ARP entries a Dynamic Clears only dynamic ARP entries a Static Clears only static ARP entries a Remove Removes a specific ARP entry The possible field values are a Checked Removes the selected ARP entries a Unchecked Maintains the current ARP entries 114 CHAPTER 9 CONFIGURING IP AND MAC ADDRESS INFORMATION a Interface Indicates the VLAN for which ARP parameters are defined IP Address Indicates the station IP address which is a
24. 2924 ces Selita hee heey 12 krontPanel Detalles tusse anana a a 13 MER Stat SINAdI Ca tO S i RE E E E cate E TER 14 Syst mi Specifica tioN Sinse i aa a a a esaeet 15 Installing the SWI e a a A ET EAT O EA NETAN 16 Setting Up for Management sssisssissssiinsiinrerninteintitineirnrinrnnrrnnrr en 17 Methods of Managing a Switch vcs cw ccca cieeticeceees cieeasehs sohede deh odes 17 SWiteh SEED OVEIMIGW case cscaset en ctarteu scaled a e etactne deat 18 Using the Command Line Interface CLI s 02 cco Lie A aes 21 Setting Up Web Interface Management ccccececcceeeceeseeeeteeeeetteeeeees 25 Setting Up SNMP Management V1 or V2 0 ccccccccccceeeseeeeeeeeeeeeeeeeneaees 26 Default Users and Pas SIONS ienas eao e wares aE 27 Upgrading Software using the CUln n tenet yA ele ee es 27 USING THE 3COM WEB INTERFACE Starting the 3Com Web IMG ACe seca sens cesaria cae ceteninnd sanutuaeas Caer 28 Understanding the 3Com Web Interface ccccccseecceseeeeseeeeeeeeseeeeaees 30 Using Screen and Table Options S03 ccsuee slesaccsumenacchcenveend dactueesacep en uneeamnen 33 Saving the Configuration 2s sichiek lect oseheet st curt eh tice ttc 37 Resetting the Device 2 2 8 da lienstars Pict seule deeb ada tevegsba dew eae saealedeashs Ait 38 Restoring Factory Deraults cst ct est Seta heat rieeuieter eS 39 togging Off the Devies seir gi nen Pon nce oe a 40 VIEWING BASIC SETTINGS Viewing Bich al skoo ton 8 1 tyre RRR
25. 3 C 0 m Summary Create Modify Remove Device Summary Save Configuration GrouplD Ports 1 2 4 7 9 10 21 25 Administration Device Port Security Monitoring Help vvv v ElLogout Help The Link Aggregation Summary Page includes the following fields Group ID Displays the Link Aggregated Group ID m Type Displays the type of link aggregation for the Group ID a Ports Displays the member ports included in the specified LAG The Link Aggregation Create Page optimizes port usage by linking a group of ports together to form a single LAG Aggregating ports multiplies the bandwidth between the devices increases port flexibility and provides link redundancy Monitor users have no access to this page 94 CHAPTER 7 AGGREGATING PORTS 1 Click Ports gt Link Aggregation gt Create The Link Aggregation Create Page opens Figure 47 Link Aggregation Create Page nO N Baseline Switch 2924 SFP Plus W Port gt Link Aggregation Create J 3 C 0 m Summary f Create Modify Remove Device Summary Enter aggregation group id 1 8 Save Configuration Administration gt Select ports for the new aggregation cay gt CCE MMe eda ce Monitoring gt hste e irte isine ee Help Selected Ports Deselected Ports l Member of the aggregation being created LJ Not a member of any aggregation E Member of an existing aggregation or VLAN Summary group ID Member Ports 1
26. Hours Minutes and Seconds For example 41 days 2 hours 22 minutes and 15 seconds Software Version Displays the installed software version number Boot Version Displays the current boot version running on the device Hardware Version Displays the current hardware version of the device Poll Now Enables polling the ports for port information including speed utilization and port status Viewing Color Keys 43 Viewing Color Keys The Color Key Page provides information about the RJ45 or SFP port status To view color keys 1 Click Device Summary gt Color Key The Color Key Page opens Figure 20 Color Key Page Baseline Switch 2924 SFP Plus Device Summary Color Key P cence View oe 2 GN 3com Device Summary Save Configuration Te Meaning Administration Device Port Security Monitoring Help vvrvvyY White Unconnected No link detected Yellow Lower speed on 10 100 1000M capable port Green Maximum speed 10 100 1000M RJ45 or RJ45 SFP Link detected Light Gray Port has been set to inactive by User or Protocol Dark Blue Port has been selected by user Red Port or Transceiver has failed POST or Transceiver is not recognized SFP w o A O k A M Liah Bue LYZX SFP Link detected E j l k MA amp Description of port number e Single Port number e Underline Aggregation number The Color Key Page contains
27. Indicates the MAC address is statically configured 116 CHAPTER 9 CONFIGURING IP AND MAC ADDRESS INFORMATION a Contig Dynamic Indicates the MAC address is dynamically configured a Port Index Indicates the Port through which the address was learned a Aging Time Specifies the amount of time the MAC Address remains in the MAC Address before it is timed out if no traffic from the source is detected The default value is 300 seconds Viewing Port The Port Summary Page allows the user to view the MAC addresses Summary Settings assigned to specific ports 1 Click Monitoring gt Address Tables gt Port Summary The Port Summary Page opens Figure 63 Port Summary Page CAN Baseline Switch 2924 SFP Plus 3C om Monitoring gt Address Table Port Summary Il f Summary f Port Summary Add f Setup Port Remove Remove Device Summary Save Configuration Select a Port Administration State All Static C Dynamic MAC Address VLAN ID State Port Index Aging Time l Logout Help The Port Summary Page contains the following fields a Select a Port Displays the current port settings m State Filters the list of MAC Addresses displayed according to the type of MAC Address configuration Possible values are a All Displays all MAC Addresses assigned to the port a Static Displays static MAC Addres
28. Page allows the network manager to define the Address Table Aging Time The Aging Time is the amount of time the MAC Addresses remain in the Dynamic MAC Address Table before they are timed out if no traffic from the source is detected The default value is 300 seconds The monitor users have no access to this page To define the Aging Time Click Monitoring gt Address Tables gt Setup The Address Table Setup Page opens Figure 65 Address Table Setup Page c N Baseline Switch 2924 SFP Plus Monitoring gt Address Table Setup 3C0M Summary Port Summary Add Setup Port Remove Remove Device Summary Save Configuration Aging time seconds 10 1000000 default 300 Administration gt Device Port Security p Monitoring Help ElLogout Help Apply Cancel The Address Table Setup Page contains the following field m Aging Time Specifies the amount of time the MAC Address remains in the Dynamic MAC Address table before it is timed out if no traffic from the source is detected The default value is 300 seconds 2 Enter the desired aging time 3 Click Apply The MAC address table configuration is enabled and the device is updated 120 CHAPTER 9 CONFIGURING IP AND MAC ADDRESS INFORMATION Removing Address The Port Remove Page allows the network manager to remove ports from Table Ports the address tables The monitor users have no access to this page To remove ports
29. Switch 2924 SFP Plus S No Device gt Spanning Tree Modify om modiy Save Configuration STP Enable 7 Administration Device Port Security Monitoring Help Fort Fast Enabled x Root Guard Enable x Default Path Cost Enable 7 Path Cost 100 Priority 128 RSTP Link Type Auto x Select Port s vvv v Logout Help Apply Cancel The Spanning Tree Modify Page contains the following fields STP Indicates if STP is enabled on the port The possible field values are a Enable Indicates that STP is enabled on the port a Disable Indicates that STP is disabled on the port Port Fast Indicates if Fast Link is enabled on the port If Fast Link mode is enabled for a port the Port State is automatically placed in the Forwarding state when the port link is up Fast Link optimizes the STP protocol convergence STP convergence takes 30 seconds and is not dependent on the number of switches in the network The possible field values are 134 CHAPTER 11 CONFIGURING SPANNING TREE a Enabled Indicates fast link is enabled on the port a Auto Enables the device to automatically establish a fast link a Disabled Indicates fast link is disabled on the port a Root Guard Restricts the interface from acting as the root port of the switch The possible field values are a Enable Indicates Root Guard is enabled on the
30. Tables Viewing Address Table Settings Configuring Address Tables 115 The Address Table Summary Page displays the current MAC address table configuration To view Address Table settings Click Monitoring gt Address Tables gt Summary The Address Table Summary Page opens Figure 62 Address Table Summary Page NA Baseline Switch 2916 SFP Plus oe Monitoring gt Address Table Summary SCOM gua Device Summary Save Configuration Port Summary Port Remove State All OStatic O Dynamic Administration Device Port Security Monitoring Help MAC Address VLAN ID State Port Index Aging Time 00 0d 60 60 da 4da t Config dynamic 9 AGING 00 11 22 44 55 66 i Config Static 6 NOT AGED vvv v ElLogout The Address Table Summary Page contains the following fields m State Filters the list of MAC Addresses displayed according to the type of MAC Address configuration Possible values are a All Displays all MAC Addresses a Static Displays the MAC Addresses that were entered by a user a Dynamic Displays the MAC Addresses that were detected by the switch a MAC Address Displays the current MAC addresses listed in the MAC address table filtered by the selected value of the State field VLAN ID Displays the VLAN ID attached to the MAC Address a State Displays a table display based on the type of MAC address Possible values are a Config Static
31. VLAN ID 1 z Device M IGMP Status Disable 7 Port Security gt VLAN Status Monitoring gt 5 Help El ElLogout E a LL LL Lae Help Apply Cancel The GMP Snooping Setup Page contains the following fields a IGMP Snooping Status Indicates if IGMP Snooping is enabled on the device The possible field values are a Disable Indicates that IGMP Snooping is disabled on the device This is the default value a Enable Indicates that IGMP Snooping is enabled on the device Select VLAN ID Specifies the VLAN ID IGMP Status Indicates if IGMP snooping is enabled on the VLAN The possible field values are a Disable Disables IGMP Snooping on the VLAN This is the default value a Enable Enables IGMP Snooping on the VLAN Defining IGMP Snooping 125 2 Select Enable IGMP Snooping 3 Define the fields 4 Click Apply IGMP Snooping is enabled and the device is updated 11 CONFIGURING SPANNING TREE This section contains information for configuring STP The Spanning Tree Protocol STP provides tree topography for any arrangement of bridges STP also provides a single path between end stations on a network eliminating loops Loops occur when alternate routes exist between hosts Loops in an extended network can cause bridges to forward traffic indefinitely resulting in increased traffic and reducing network efficiency While Classic STP prevents Layer 2 forwarding loops in a general network topo
32. a different VLAN or a computer can be blocked from connecting to the network 3Com Network Access Manager leverages the advanced desktop security capabilities of 3Com switches and wireless access points using IEEE 802 1X or RADA desktop authentication to control both user and computer access to the network To find out more about 3Com Network Access Manager go to www 3com com NAM 3Com Enterprise Management Suite 183 3Com Enterprise Management Suite 3Com Enterprise Management Suite EMS delivers comprehensive management that is flexible and scalable enough to meet the needs of the largest enterprises and advanced networks This solution provides particularly powerful configuration and change control functionalities including the capability to a Customize scheduled bulk operations Create a detailed audit trail of all network changes Support multiple distributed IT users with varying access levels and individualized network resource control The client server offering operates on Windows and UNIX Linux and Solaris systems 3Com EMS is available in four packages varying in the maximum number of devices actively managed These include SNMP capable devices such as switches routers security switches the 3Com VCX IP Telephony server and wireless access points m Up to 250 devices m Up to 1 000 devices m Up to 5 000 devices a An unlimited number of devices To find out more about 3Com Enterprise Manag
33. a message and converts it into a fixed string of digits also called a message digest Multicast Switching Out of Band Management Port Authentication Port Mirroring Port Trunk Private VLANs Protected Extensible Authentication Protocol PEAP Remote Authentication Dial in User Service RADIUS 209 A process whereby the switch filters incoming multicast frames for services for which no attached host has registered or forwards them to all ports contained within the designated multicast VLAN group Management of the network from a station not attached to the network See IEEE 802 1X A method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe This allows data on the target port to be studied unobstructively Defines a network link aggregation and trunking method which specifies how to create a single high speed logical link that combines several lower speed physical links Private VLANs provide port based security and isolation between ports within the assigned VLAN Data traffic on downlink ports can only be forwarded to and from uplink ports A protocol proposed by Microsoft Cisco and RSA Security for securely transporting authentication data including passwords over 802 11 wireless networks Like the competing standard Tunneled Transport Layer Security TTLS PEAP makes it possible to authenticate wireless LAN clients without requiring t
34. and the highest is Management a Management Provides users with read and write access rights a Monitor Provides users with read access rights m Password Defines the user password User passwords can contain up to 10 characters a Confirm Password Verifies the password 2 Define the fields 3 Click Apply The Users are created and the device is updated 48 CHAPTER 4 MANAGING DEVICE SECURITY Modifying System Access The System Access Modify Page allows network administrators to modify users passwords and access levels using the System Access Interface Monitor users have no access to this page Click Administration gt System Access gt Modify The System Access Modify Page opens Figure 23 System Access Modify Page AA Baseline Switch 2916 SFP Plus S No Administration gt System Access Modify J 38C0M i Device Summary Save Configuration Users Summary User Name Access Level admin Management Access Level Monitor x ii n ClPassword Modify Password F Confirm Password 10 Character Maximum Administration Device Port Security Monitoring Help vrv vv a Logout Amy J _ Cance The System Access Modify Page contains the following fields m User Name Displays the user name Access Level Displays the user access level The lowest user access level is Monitoring and the highest is Management a Management Provides users with read
35. based input into configuration commands MIB variable settings and other management related settings PIN OUTS Console Cable A Console cable is an 8 conductor RJ45 to DB9 cable One end of the cable has an RJ 45 plug for connecting to the switch s Console port and the other end has a DB 9 socket connector for connecting to the serial port on the terminal as shown in Figure 102 Figure 102 Console cable Main label Direction A Direction B val 1 Table 12 Console cable pinouts RJ 45 Signal Direction DB9 modem DB9 console 1 RTS 7 8 2 DTR 4 6 3 TXD 3 2 4 CD 1 5 5 GND 5 5 6 RXD 2 3 7 DSR 6 4 8 CTS 8 7 190 APPENDIX C PIN OUTS Null Modem Cable RJ 45 to RS 232 25 pin PC Terminal Cable connector RJ 45 female Cable connector 25 pin male female Screen Shell 1 Sereen Cuenta TxD 3 e 3 RxD RxD 2 e 2 TxD always required Ground 5 e e 7 Ground RTS 7 e 4 RTS o CTS 8 e 20 DTR DSR 6 5 CIS required for handshake DCD 1 6 DSR DTR 4 L 8 DCD PC AT Serial Cable RJ 45 to 9 pin PC AT Serial Port Cable connector RJ 45 fema
36. default users and changing default passwords see Default Users and Passwords on page 27 20 CHAPTER 1 GETTING STARTED IP Configuration The switch s IP configuration is determined automatically using DHCP or manually using values you assign Automatic IP Configuration using DHCP By default the switch tries to configure its IP Information without requesting user intervention It tries to obtain an IP address from a DHCP server on the network Default IP Address f no DHCP server is detected the switch will use its default IP information The default IP address is 169 254 x y where x and y are the last two bytes of its MAC address Note The switch s default IP address is listed on a label located on the rear of the switch If you use automatic IP configuration it is important that the IP address of the switch is static otherwise the DHCP server can change the switch s IP addresses and it will be difficult to manage Most DHCP servers allow Static IP addresses to be configured so that you know what IP address will be allocated to the switch Refer to the documentation that accompanies your DHCP server You should use the automatic IP configuration method if m your network uses DHCP to allocate IP information or a flexibility is needed If the switch is deployed onto a different subnet it will automatically reconfigure itself with an appropriate IP address instead of you having to manually reconfigure the s
37. device Syntax reboot Default Configuration This command has no default configuration User Guidelines There are no user guidelines for this command Example Select menu option reboot Are you sure you want to reboot the system yes no no no Select menu option 204 APPENDIX E 3COM CLI REFERENCE GUIDE Logout The Logout command terminates the CLI session Syntax logout Default Configuration This command has no default configuration User Guidelines There are no user guidelines for this command Example Select menu option logout exiting session Username Password CLI Commands 205 The Password command changes the user s password Syntax password Default Configuration This command has no default configuration User Guidelines The user needs to login to the session in order to change the password Example Select menu option password Change password for user username Old password Enter new password Retype password The command line interface password has been successfully changed Select menu option Access Control List ACL Address Resolution Protocol ARP Boot Protocol BOOTP Class of Service CoS Differentiated Services Code Point Service DSCP Domain Name Service DNS Dynamic Host Control Protocol DHCP GLOSSARY ACLs can limit network traffic and restrict access to certain users or devices b
38. device local logs for Cache and servers are enabled Console logs are enabled by default The possible field values are a Checked Enables device logs a Unchecked Disables device logs 170 CHAPTER 15 MANAGING SYSTEM LOGS a Severity level Indicates the minimum severity level for which a message will be logged When a severity level is selected all severity level choices above the selection are selected automatically The possible field values are Emergency The highest warning level If the device is down or not functioning properly an emergency log message is saved to the specified logging location Alert The second highest warning level An alert log is saved if there is a serious device malfunction for example all device features are down Critical The third highest warning level A critical log is saved if a critical device malfunction occurs for example two device ports are not functioning while the rest of the device ports remain functional Error A device error has occurred for example if a single port is offline Warning The lowest level of a device warning The device is functioning but an operational problem has occurred Notice Provides device information Info Provides device information Debug Provides debugging messages Not Active Provides no messages a Enable Syslogging Indicates if device syslogs for Cache and servers are enabled The possible
39. disconnect the serial cable and close the terminal emulator software Setting Up Web Interface Management 25 Setting Up Web Interface Management gt This section describes how you can set up web interface management over the network Prerequisites m Ensure you have already set up the switch with IP information as described in Methods of Managing a Switch on page 17 m Ensure that the switch is connected to the network using a Category 5 twisted pair Ethernet cable with RJ 45 connectors a A suitable Web browser Choosing a Browser To display the web interface correctly use one of the following Web browser and platform combinations Table 4 Supported Web Browsers and Platforms Platform Browser Windows 2000 Windows XP Windows Vista Internet Explorer 6 Yes Yes Yes Internet Explorer 7 Yes Yes Yes Firefox 1 5 Yes Yes Yes Firefox 2 Yes Yes Yes Netscape 8 Yes Yes Yes For the browser to operate the web interface correctly JavaScript and Cascading Style Sheets must be enabled on your browser These features are enabled on a browser by default You will only need to enable them if you have changed your browser settings The switch s Web interface supports both secure HTTPS and non secure HTTP connections 26 CHAPTER 1 GETTING STARTED Web Management Over the Network 1 To manage a switch using the web interface over an IP network Be sure that you know your switch s IP address Se
40. expense f this equipment does cause interference to radio or television reception which can be determined by urning the equipment off and on the user is encouraged to try to correct the interference by one or more of he following measures m Reorient the receiving antenna m Relocate the equipment with respect to the receiver m Move the equipment away from the receiver m Plug the equipment into a different outlet so that equipment and receiver are on different branch circuits If necessary the user should consult the dealer or an experienced radio television technician for additional suggestions The user may find the following booklet prepared by the Federal Communications Commission helpful How to Identify and Resolve Radio TV Interference Problems This booklet is available from the U S Government Printing Office Washington DC 20402 Stock No 004 000 00345 4 In order to meet FCC emissions limits this equipment must be used only with cables which comply with IEEE 802 3 ICES STATEMENT This Class A digital apparatus complies with Canadian ICES 003 Cet appareil num rique de la Classe A est conforme a la norme NMB 003 du Canada CE STATEMENT EUROPE This product complies with the European Low Voltage Directive 73 23 EEC and EMC Directive 89 336 EEC as amended by European Directive 93 68 EEC Warning This is a class A product In a domestic environment this product may cause radio interference in which
41. field values Checked Enables syslogs Unchecked Disables syslogs Configuring Logging 171 a Severity level Indicates the minimum severity level for which a message will be logged When a severity level is selected all severity level choices above the selection are selected automatically The possible field values are Emergency The highest warning level If the device is down or not functioning properly an emergency log message is saved to the specified logging location Alert The second highest warning level An alert log is saved if there is a serious device malfunction for example all device features are down Critical The third highest warning level A critical log is saved if a critical device malfunction occurs for example two device ports are not functioning while the rest of the device ports remain functional Error A device error has occurred for example if a single port is offline Warning The lowest level of a device warning The device is functioning but an operational problem has occurred Note Provides device information Informational Provides device information Debug Provides debugging messages a Syslog IP Address Defines IP Address to upload syslog messages a Syslog Port Defines the UDP Port through which syslog messages are uploaded 2 Define the fields 3 Click Apply The log parameters are set and the device is updated VIEWING STA
42. is the amount of time in seconds a bridge remains in a listening and learning state before forwarding packets The default is 15 seconds 132 CHAPTER 11 CONFIGURING SPANNING TREE Designated Root Bridge ID Identifies the Bridge priority and MAC address Root Bridge ID Identifies the Root Bridge priority and MAC address Root Port Indicates the port number that offers the lowest cost path from this bridge to the Root Bridge This field is significant when the bridge is not the Root Bridge The default is zero Root Path Cost Specifies the cost of the path from this bridge to the Root Bridge Topology Changes Counts Specifies the total amount of STP state changes that have occurred Last Topology Change Indicates the amount of time that has elapsed since the bridge was initialized or reset and the last topographic change that occurred The time is displayed in a day hour minute second format such as 2 days 5 hours 10 minutes and 4 seconds 2 Define the fields 3 Click Apply STP is enabled and the device is updated Modifying Spanning Tree 133 Modifying Spanning Tree TheSpanning Tree Modify Page contains information for modifying Spanning Tree parameters Monitor users have no access to this page To modify Spanning Tree Cl ick Device gt Spanning Tree gt Modify The Spanning Tree Modify Page opens Figure 71 Spanning Tree Modify Page 3C Device Summary CAN Baseline
43. network The monitor user has no access to this page Click Administration gt IP Setup The P Setup Page opens Figure 58 IP Setup Page Qo NV Baseline Switch 2916 SFP Plus Administration gt IP Setup IP Setup 3C 0 m IP Setup Device Summary Save Configuration Configuration Static User enters IP configuration ODHCP IP configuration obtained by DHCP Server Administration gt Device Port gt IP Address 0 1 134 160 Security gt Subnet Mask Monitoring gt Default Gateway Help Logout Apply Cancel 110 CHAPTER 9 CONFIGURING IP AND MAC ADDRESS INFORMATION The P Setup Page contains the following fields Configuration Method Indicates if the IP address has been configured statically or added dynamically The possible field values are a Static Indicates that the IP Interface is configured by the user a DHCP Indicates that the IP Interface is dynamically created IP Address Displays the currently configured IP address Subnet Mask Displays the currently configured subnet mask Default Gateway Displays the currently configured default gateway 2 Select Manual or DHCP mode 3 If Manual has been selected configure the P Address Subnet Mask and Default Gateway Click Apply The IP configuration is enabled and the device is updated Configuring ARP Settings The Address Resolution Protocol ARP converts IP addresses into
44. of the Switch 2916 SFP Plus 16 Port unit Figure 1 Switch 2916 SFP 16 Port front panel Baseline Switch 2816 SFP Plus 3CBI r Port Status 4 RS iO DOOODOD Duplex O O wy OO BDH O win OM O O OO O BA Link Activity Green 1000M Yellow 10 100M Flash Activity POWET Duplex On Full Off Half Console 38400 8 1 N Figure 2 shows the front panel of the Switch 2924 SFP Plus 24 Port unit Figure 2 Switch 2924 SFP Plus 24 Port front panel Baseline Switch 2824 SFP Plus r Por status aer iO ODOODOODDOBHO MKD DOODOOODO OOD Console 22400 8 1 N Mw SC0 808X888 Pula 4 GO 2 O Lini Actiy Green 1000M Yelow 10 1 00M lash ActWirPOWEr 4 Duplex On Full Off Half 14 CHAPTER 1 GETTING STARTED LED Status Indicators The 2916 SFP Plus 16 Port and 24 Port Ethernet switches provide LED indicators on the front panel for your convenience to monitor the switch Table 2 describes the meanings of the LEDs Table 2 Description on the LEDs of the Switch 2916 and 2924 LED Label Status Description Power Power Green The switch starts normally The LED flashes when the system is performing power on self test POST Yellow The system has failed the POST OFF The switch is powered off 10 100 1000 Link Green The port works at the rate of 1000 Mbps the BASE T Activity LED flashes quickly when
45. please contact 3Com and a copy will be provided to you UNITED STATES GOVERNMENT LEGEND If you are a United States government agency then this documentation and the software described herein are provided to you subject to the following All technical data and computer software are commercial in nature and developed solely at private expense Software is delivered as Commercial Computer Software as defined in DFARS 252 227 7014 June 1995 or as a commercial item as defined in FAR 2 101 a and as such is provided with only such rights as are provided in 3Com s standard commercial license for the Software Technical data is provided with limited rights only as provided in DFAR 252 227 7015 Nov 1995 or FAR 52 227 14 June 1987 whichever is applicable You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in or delivered to you in conjunction with this User Guide Unless otherwise indicated 3Com registered trademarks are registered in the United States and may or may not be registered in other countries 3Com and the 3Com logo are registered trademarks of 3Com Corporation ntel and Pentium are registered trademarks of Intel Corporation Microsoft MS DOS Windows and Windows NT are registered trademarks of Microsoft Corporation Novell and NetWare are registered trademarks of Novell Inc UNIX is a registered trademark in the United States and other countries lic
46. port a Disable Indicates Root Guard is disabled on the port Default Path Cost Indicates if Default Path Cost is enabled The possible field values are a Enable Enables the default path cost on the port a Disable Disables the default path cost on the port a Path Cost Indicates the port contribution to the root path cost The path cost is adjusted to a higher or lower value and is used to forward traffic when a path is re routed The field range is 1 200 000 000 a Priority Priority value of the port The priority value influences the port choice when a bridge has two ports connected in a loop The priority value is between 0 240 The priority value is determined in increments of 16 RSTP Link Type Indicates whether a Point to Point link is established or if the device is permitted to establish a Point to Point link The possible field values are a Auto Enables the device to establish automatically Point to Point link a Point to Point Indicates if a Point to Point link is currently established on the port Ports set to Full Duplex modes are considered Point to Point port links a Shared Enables the device to establish a shared link a Select Port s Indicates the ports to be defined 2 Select the ports to be defined 3 Define the fields 4 Click Apply Spanning Tree is modified on the port and the device is updated 12 SNMP v1 and v2c CONFIGURING SNMP Simple Network
47. port forwards traffic while learning MAC addresses Blocking Indicates that the port is currently blocked and cannot forward traffic or learn MAC addresses Blocking is displayed when Classic STP is enabled Listening Indicates that the port is in Listening mode The port cannot forward traffic nor can it learn MAC addresses Learning Indicates that the port is in Learning mode The port cannot forward traffic however it can learn new MAC addresses Forwarding Indicates that the port is in Forwarding mode The port can forward traffic and learn new MAC addresses Discarding Indicates that the port is in Discarding mode The port is listening to BPDUs and discards any other frames it receives a Port Role Displays the port role assigned by the STP algorithm to provide to STP paths The possible field values are Root Provides the lowest cost path to forward packets to the root switch Designated The port or LAG through which the designated switch is attached to the LAN Alternate Provides an alternate path to the root switch from the root interface Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports occur only when two ports are connected in a loop by a Point to Point link or when a LAN has two or more connections connected to a shared segment Disabled The port is not participating in the Spanning Tree m Speed Indicates th
48. router From the frame the device identifies work stations configured for Multicast sessions and which Multicast routers are sending Multicast frames Link Aggregated Groups Link Aggregated Group LAG The system provides up to eight Aggregated Links may be defined each with up to eight member ports to form a single LAGs provide a Fault tolerance protection from physical link disruption a Higher bandwidth connections a Improved bandwidth granularity a High bandwidth server connectivity LAG is composed of ports with the same speed set to full duplex operation Switch Features 187 Table 11 Features of the Baseline Switch 2916 SFP Plus and Switch 2924 SFP Plus continued Feature Description MAC Address Capacity Support The device supports up to 8K MAC addresses The device reserves specific MAC addresses for system use MAC Multicast Support Multicast service is a limited broadcast service which allows one to many and many to many connections for information distribution Layer 2 Multicast service is where a single frame is addressed to a specific Multicast address from where copies of the frame are transmitted to the relevant ports MDI MDIX Support The device automatically detects whether the cable connected to an RJ 45 port is crossed or straight through when auto negotiation is enabled Standard wiring for end stations is Media Dependent Interface MDI and the standard wiring for hubs a
49. saved to the device once the user saves the changes to the flash memory The Save Configuration tab allows the latest configuration to be saved to the flash memory To save the device configuration Click Save Configuration The Save Configuration Page opens Figure 15 Save Configuration Page Dc 9 Baseline Switch 2924 SFP Plus i S Ve save Configuration Save Configuration scom eoa ave Configuration Device Summary Save Configuration Administration gt Device Port Security Monitoring gt p The operation will save your configuration Help A Microsoft Internet Explorer Do you wish to continue Cox J co ElLogout A message appears The operation saves your configuration Do you wish to continue Click OK A Configuration is saved to flash memory successful message appears 3 Click OK The configuration is saved 38 CHAPTER 2 USING THE 3COM WEB INTERFACE Resetting the Device The Reset Page enables resetting the device from a remote location To prevent the current configuration from being lost use the Save Configuration Page to save all user defined changes to the flash memory before resetting the device To reset the device Click Administration gt Reset The Reset Page opens Figure 16 Reset Page As A Baseline Switch 2916 SFP Plus 3C om No Administration gt Reset Reset Reset Device Summary Save Configuration Power Cycle the unit by pressing
50. setup fields Click Apply The ACL rule setup is enabled and the device is updated The P Based ACL Modify Page allows the network administrator to modify IP Based ACLs settings Monitor users have no access to this page Figure 34 IP Based ACL Modify Page AN Baseline Switch 2824 SFP Plus 3C om Device gt ACL gt IP Based ACL Modify Summary Setup Modify Rernove Device Summary Select ACL ACL Name Save Configuration Select Rule Administration gt Flag Set present the flag types in the following order Urg Ack Psh Rst Syn Fin Set is represented as 1 unset as O and dont care as x Devi gt Hath Destination Source Flag ICMP ICMP IGMP Source Destination Destination ch MH CE Tore Port Set Type Code Type Address S MC Mask Address Mask WS 2 ICMP 10 0 2 28 255 255 255 0 10 0 2 28 255 255 255 0 Security Monitoring gt Modify Rule Help Priority fo 28 Protocol Select from List ANY z Protocol ID 1 Source Port Cc gt Any Destination Port C LO Oo yO Any TOP Flags r ugise Aea dren Se Hras Bem Href F ICMP F Select from List Echo Reply 7 ICMP Type Any ICMP Code FM IGMP F Select from List DVMRP c IGMP Tye C Any Source IP Address C EEE Wild Card Mask Re C Any Dest IP Address c NN Wild Card Mask EEN C Any Match DSCP epo ElLogout Match IP Precedence C Seas Action Permit gt Defi
51. statistics are displayed 3 Click Clear All Counters The port statistics counters are cleared and the new Statistics are displayed 17 MANAGING DEVICE DIAGNOSTICS This section contains information for viewing and configuring port and cable diagnostics and includes the following topics m Configuring Port Mirroring a Viewing Cable Diagnostics Configuring Port Mirroring Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from one port to a monitoring port Port mirroring can be used as a diagnostic tool as well as a debugging feature Port mirroring also enables switch performance monitoring Network administrators can configure port mirroring by selecting a specific port from which to copy all packets and other ports to which the packets copied The monitor user has limited access to this page This section contains the following topics a Defining Port Mirroring a Removing Port Mirroring 176 CHAPTER 17 MANAGING DEVICE DIAGNOSTICS Defining Port The Port Mirroring Setup Page contains parameters for configuring port Mirroring mirroring To enable port mirroring 1 Click Monitoring gt Port Mirroring gt Setup The Port Mirroring Setup Page opens Figure 98 Port Mirroring Setup Page CAN Baseline Switch 2924 SFP Plus W Monitoring gt Port Mirroring Setup scomm Device Summary Save Configuration Setup Remove Select port type I Mir
52. that all bits are important For example if the destination IP address 149 36 184 198 and the wildcard mask is 0 0 0 255 the first three bytes of the IP address are matched while the last eight bits are ignored For the destination IP address 149 36 184 198 this wildcard mask matches all IP addresses in the range 149 36 184 0 to 149 36 184 255 A wildcard mask must not contain leading zeroes For example a wildcard mask of 056 022 075 032 is invalid but a wildcard mask of 56 22 75 32 is valid a Match DSCP Matches the packet DSCP value to the ACL Either the DSCP value or the IP Precedence value is used to match packets to ACLs 70 CHAPTER 4 MANAGING DEVICE SECURITY Modifying IP Based ACLs a Match IP Precedence Matches the packet IP Precedence value to the ACE Either the DSCP value or the IP Precedence value is used to match packets to ACLs a Action Indicates the ACL forwarding action In addition the port can be shut down a trap can be sent to the network administrator or packet is assigned rate limiting restrictions for forwarding The options are as follows a Permit Forwards packets which meet the ACL criteria a Deny Drops packets which meet the ACL criteria a Shutdown Drops packet that meets the ACL criteria and disables the port to which the packet was addressed Ports are reactivated from the Port Administration Setup Page Select an ACL from the ACL Name drop down list Define the rule
53. the 3Com Web interface Web Interface To access the 3Com user interface 1 Open an Internet browser 2 Enter the device IP address in the address bar and press Enter The Enter Network Password Page opens Figure 7 Enter Network Password Page Baseline Switch 2924 SFP Plus Lo gin AN 3com Baseline Switch 2924 SFP Plus Login User Name o Password Login 3 Enter your user name and password The device default factory settings is configured with a User Name that is admin and a password that is blank Passwords are case sensitive 4 Click Login The 3Com Web Interface Home Page opens 30 CHAPTER 2 USING THE 3COM WEB INTERFACE Figure 8 3Com Web Interface Home Page es 9 Baseline Switch 2924 SFP Plus a Ne Device Summary 3C om Device View Device Summary Save Configuration Administration gt Device gt Port Security b Device Summary Information Monitoring gt Product Description 3Com Baseline Switch 2924 SFP Plus Help System Name System Location Serial Number YECF5UDA0E380 Product 3C Number 3CBLSG24 System Object ID 1 3 6 1 4 1 43 1 8 61 MAC Address 00 12 A9 A0 E3 80 I System Contact System Up Time 0 days 0 hours 0 minutes 48 seconds Software Version 3 01 00s56 Boot Version 1 0 0 00 Hardware Version 1 0 0 Logout The default polling interval is 60 sec
54. the Queue field next to the required DSCP value 3 Click Apply The DSCP values are mapped to a queue and the device is updated Configuring Trust Settings 149 Configuring Trust Settings The Trust Setup Page contains information for enabling trust on configured interfaces The original device QoS default settings can be reassigned to the interface in the Trust Setup Page To enable Trust Click Device gt QoS gt Trust Setup The Trust Setup Page opens Figure 82 Trust Setup Page CAN Baseline Switch 2924 SFP Plus Device gt QoS gt Trust Setup scom aa Device Summary Save Configuration Trust Mode CoS z Administration Device Port Security Monitoring Help vvv v ElLogout Help Apply Cancel The Trust Setup Page contains the following fields a Trust Mode Defines which packet fields to use for classifying packets entering the device When no rules are defined the traffic containing the predefined packet CoS field is mapped according to the relevant trust modes table Traffic not containing a predefined packet field is mapped to best effort The possible Trust Mode field values are a CoS Classifies traffic based on the CoS tag value a DSCP Classifies traffic based on the DSCP tag value 2 Define the fields 3 Click Apply Trust mode is enabled on the device 150 CHAPTER 13 CONFIGURING QUALITY OF SERVICE Viewing Bandwidth The Bandwidth Summary Pa
55. the port is sending Ethernet port or receiving data salts Yellow The port works at the rate of 10 100 Mbps the LED flashes quickly when the port is sending or receiving data OFF The port is not connected Duplex mode Duplex Yellow The port is in full duplex mode OFF The port is not connected or is in half duplex mode 1000Base SFP SFP Green The SFP module is inserted port status Module OFF The SFP module is not inserted or is not Active recognized System Specifications 15 Specifications Table 3 contains the system specifications of the Switch 2916 and 2924 series switches Table 3 System specifications of the Switch 2916 and 2924 series switches Specification Switch 2916 SFP Plus Switch 2924 SFP Plus 16 Port 3CBLSG16 24 Port 3CBLSG24 Physical dimensions HxWxD Weight 44x440x173 mm 1 73 17 3 6 81 in 2 0 kg 4 4 Ib Console port One Console port Gigabit Ethernet ports on the front panel 16 x 10 100 100 Mbps Ethernet ports Four Gigabit SFP Combo 24 x 10 100 100 Mbps Ethernet ports Four Gigabit SFP Combo ports ports AC Input voltage Rated voltage range 100 240 VAC 50 60 Hz Power consumption 58 W 84 W full load Operating temperature 0 to 40 C 32 to 113 F Relative humidity 10 to 90 noncondensing Additional specifications can be found in Appendix B Device Specifications and Features 16 CHAPTER 1 GETTING STARTED Installing the
56. type determines what speed setting options are available Port speeds can only be configured when auto negotiation is disabled The possible field values are a 10 Indicates the port is currently operating at 10 Mbps a 100 Indicates the port is currently operating at 100 Mbps a 1000 Indicates the port is currently operating at 1000 Mbps a Auto Use to automatically configure the port a Duplex Displays the port duplex mode This field is configurable only when auto negotiation is disabled and the port speed is set to 10M or 100M This field cannot be configured on LAGs The possible field values are a Auto Use to automatically configure the port a Full The interface supports transmission between the device and its link partner in both directions simultaneously a Half The interface supports transmission between the device and the client in only one direction at a time 2 Define the fields 3 Click Apply The ports are enabled and the device is updated AGGREGATING PORTS This section contains information for configuring Link Aggregation which optimizes port usage by linking a group of ports together to form a single LAG A Link Aggregated Group LAG aggregates ports or VLANs into a single virtual port or VLAN Aggregating ports multiplies the bandwidth between the devices increases port flexibility and provides link redundancy Ensure the following a All ports within a LAG must be the same
57. value An IEEE standard for the Multiple Spanning Tree Protocol MSTP which provides independent spanning trees for VLAN groups Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication Defines frame extensions for VLAN tagging Defines Ethernet frame start stop requests and timers used for flow control on full duplex links Listening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members On each subnetwork one IGMP capable device can act as the querier that is the device that asks all hosts to report on the IP multicast groups they wish to join or to which they already belong The elected querier is the device with the lowest IP address in the subnetwork 208 APPENDIX F GLOSSARY Internet Control Message Protocol ICMP Internet Group Management Protocol IGMP In Band Management IP Multicast Filtering IP Precedence Layer 2 Layer 3 Link Aggregated Group LAG Link Aggregation Management Information Base MIB MD5 Message Digest Algorithm A network layer protocol that reports errors in processing IP packets ICMP is also used by routers to feed back information about better routing choices A protocol through which hosts can register with their local router for multicast services If there is more than one multicast switch r
58. 1 Click Monitoring gt Address Tables gt Port Remove The Port Remove Page opens Fig ure 66 Port Remove Page Ca N Baseline Switch 2924 SFP Plus 3 C 0 m Monitoring gt Address Table Port Remove Summary Port Summary Port Remove Device Summary Save Configuration Select a Port Administration gt EEIEIEE EEA zl es BM eZee eres Port b Security gt Monitoring r MAC Address VLAN ID State Port Index Aging Time Help Select All Select None ElLogout Help Remove Cancel The Port Remove Page contains the following fields Select a Port Displays the current port settings MAC Address Displays the current MAC addresses listed in the MAC address table VLAN ID Displays the VLAN ID attached to the MAC Address State Displays the MAC address configuration method Possible values are a Config Static Indicates the MAC address is statically configured a Config Dynamic Indicates the MAC address is dynamically configured Port Index Indicates Port Table entry number Configuring Address Tables 121 m Aging Time Specifies the amount of time the MAC Address remains in the Dynamic MAC Address before it is timed out if no traffic from the source is detected The default value is 300 seconds 2 Select the port s to remove 3 Click Remove The selected ports are removed from the MAC address table and the device is updated Rem
59. 3com con First time users must apply for a user name and password Telephone numbers are correct at the time of publication Find a current directory of 3Com resources by region at http csoweb4 3com com contactus Country Telephone Number Country Telephone Number Asia Pacific Rim Telephone Technical Support and Repair Australia 1800 075 316 Philippines 1800 144 10220 or Hong Kong 2907 0456 029003078 India 000 800 440 1193 PR of China 800 810 0504 Indonesia 001 803 852 9825 Singapore 800 616 1463 Japan 03 3507 5984 South Korea 080 698 0880 Malaysia 1800 812 612 Taiwan 00801 444 318 New Zealand 0800 450 454 Thailand 001 800 441 2152 Pakistan Call the U S direct by dialing 00 800 01001 then dialing 800 763 6780 Sri Lanka Call the U S direct by dialing 02 430 430 then dialing 800 763 6780 Vietnam Call the U S direct by dialing 1 201 0288 then dialing 800 763 6780 You can also obtain non urgent support in this region at this email address apr_technical_support 3com com Or request a return material authorization number RMA by FAX using this number 61 2 9937 5048 or send an email at this email address ap_rma_request 3com com Europe Middle East and Africa Telephone Technical Support and Repair From anywhere in these regions not listed below call 44 1442 435529 From the following countries call the appropriate number Austria 0800 297 468 Luxembourg 800 23625 Belgium 0800 71429 Netherlands 0800 0227788 Den
60. 4 Enter VLAN ID to be assigned to the port 5 Click Apply The VLANs are configured and the device is updated Removing VLANs The VLAN Remove Page allows the network administrator to remove VLANs The monitor users have no access to this page 1 Click Device gt VLAN gt Remove The VLAN Remove Page opens Figure 57 VLAN Remove Page CAN Baseline Switch 2924 SFP Plus S Device gt VLAN Remove 3com Setup Modify VLAN Modify Port Remove Port Detail VIAN Detail Device Summary Save Configuration D Name 1 VLAN Administration gt Device Port I Security gt Monitoring Help Select All El Logout Help Remove Cancel The VLAN Remove Page contains the following fields m ID Displays the VLAN ID a Name Displays the user defined VLAN name m Select All Allows the user to select the entire table to be removed 2 Select the VLAN ID to be deleted 3 Click Remove The selected VLANs are deleted and the device is updated CONFIGURING IP AND MAC ADDRESS INFORMATION This section contains information for defining IP interfaces and includes the following sections a Defining IP Addressing Configuring ARP Settings m Configuring Address Tables Defining IP Addressing The P Setup Page contains fields for assigning an IP address The default gateway is erased when the Default IP address is modified Packets are forwarded to the default gateway when sent to a remote
61. 500 1 000 000 Indicates the maximum rate kilobits per second at which unknown packets are forwarded The range is 3 500 1 000 000 The default value is 3500 2 Define the relevant fields 3 Click Apply Broadcast Storm is defined and the device is updated GENERAL SYSTEM INFORMATION This section contains information about configuring general system parameters and includes the following a Viewing System Description m Configuring System Name Information a Configuring System Time Viewing System Description The Device View Page displays parameters for configuring general device information including the system name MAC Address software and hardware versions and more Click Device Summary The Device View Page opens Figure 40 Device View Page Qo Baseline Switch 2924 SFP Plus S Device Summary 3C om Device View Device Summary Save Configuration Administration gt Device b Port Security Device Summary Information Monitoring Product Description 3Com Baseline Switch 2924 SFP Plus Help System Name System Location System Contact Serial Number YECF5UDA0E380 Product 3C Number 3CBLSG24 System Object ID 1 3 6 1 4 1 43 1 8 61 MAC Address 00 12 49 A0 E3 80 System Up Time 0 days 0 hours 0 minutes 48 seconds Software Version 3 01 00s56 Boot Version 1 0 0 00 Hardware Version 1 0 0 Po
62. 8 Up 1000M Ful Disable 9 Up 1000M Ful Disable 10 Up 1000M Ful Disable 11 Up 1000M Ful Disable 12 Up 1000M Ful Disable 13 Up 1000M Ful Disable 14 Suspended 1000M Ful Disable 15 Up 1000M Ful Disable 16 Up 1000M Ful Disable 17 Up 1000M Ful Disable 18 Up 1000M Ful Disable 19 Up 1000M Ful Disable 20 Up 1000M Ful Disable 21 Suspended 1000M Ful Disable Logout 22 Up 1000M Ful Disable e e 34 CHAPTER 2 USING THE 3COM WEB INTERFACE Adding Configuration Information User defined information can be added to specific 3Com Web Interface pages by opening the P Setup Page For example to configure IP Setup 1 Click Administration gt IP Setup The P Setup Page opens Figure 12 IP Setup Page QN Baseline Switch 2916 SFP Plus 3 C 0 m Administration gt IP Setup IP Setup IP Setup Device Summary Save Configuration P 7 Configuration Static User enters IP configuration Administration Method ODHCP IP configuration obtained by DHCP Server Device Port Security Monitoring Help IP Address 0 1 134 160 Subnet Mask Default Gateway yvyrvvy Logout Help Apply Cancel 2 Enter requisite information in the text field 3 Click Apply The IP information is configured and the device is updated Using Screen and Table Options 35 Modifying Configuration Information 1 Click Administrati
63. ALITY OF SERVICE Quality of Service QoS provides the ability to implement QoS and priority queuing within a network For example certain types of traffic that require minimal delay such as Voice Video and real time traffic can be assigned a high priority queue while other traffic can be assigned a lower priority queue The result is an improved traffic flow for traffic with high demand QoS is defined by a Classification Specifies which packet fields are matched to specific values All packets matching the user defined specifications are classified together a Action Defines traffic management where packets are forwarded are based on packet information and packet field values such as VLAN Priority Tag VPT and DiffServ Code Point DSCP a VPT Classification Information VLAN Priority Tags VPT are used to classify packets by mapping packets to one of the egress queues VPT to Queue assignments are user definable Packets arriving untagged are assigned a default VPT value which is set on a per port basis The assigned VPT is used to map the packet to the egress queue This section contains information for configuring QoS and includes the following topics Viewing CoS Settings Defining CoS Viewing CoS to Queue Defining CoS to Queue Viewing DSCP to Queue Configuring DSCP Queue Configuring Trust Settings Viewing Bandwidth Settings Defining Bandwidth Settings Defining Voice VLAN Viewing CoS Settings 143
64. APTER 8 CONFIGURING VLANS Viewing VLAN Details The VLAN Detail Page provides information and global parameters on VLANS configured on the system Click Device gt VLAN gt VLAN Detail The VLAN Detail Page opens Figure 52 VLAN Detail Page tb EAN Baseline Switch 2924 SFP Plus S W Device gt VLAN VLAN Detail scomm Modify VLAN Modify Pot Remove Port Detail VLAN Detail Device Summary Save Configuration Select a VLAN to display Administration gt Ne H Device gt Port Security Membership type E Monitoring Untagged Tagged Not A Member Help Untagged membership Tagged membership 1 6 15 l Logout Help The VLAN Detail Page contains the following information m Select a VLAN to display Selects a VLAN to be display a Membership Type Displays the membership type for each VLAN The possible field values are a Untagged Indicates the interface is an untagged member of the VLAN a Tagged Indicates the interface is a tagged member of a VLAN VLAN tagged packets are forwarded by the interface The packets contain VLAN information a Nota Member Indicates the interface is not a member of the VLAN Viewing VLAN Port Details 103 Viewing VLAN Port Details The VLAN Port Detail Page provides displays VLAN configured ports To view VLAN Port details Click Device gt VLAN gt Port Detail The VLAN Port Detail Page opens Figure 53 VLAN Po
65. Based ACL Summary Page contains the following fields ACL Name Contains a list of the IP Based ACLs Priority Indicates the ACE priority which determines which ACE is matched to a packet on a first match basis The possible field values are 1 2147483647 with 1 being the highest priority Protocol Indicates the protocol in the ACE to which the packet is matched Destination Port Indicates the destination port that is matched packets Enabled only when TCP or UDP are selected in the Protocol list Source Port Indicates the source port that is matched packets Enabled only when TCP or UDP are selected in the Protocol list Flag Set Indicates the TCP flag to which the packet is mapped ICMP Type Specifies an ICMP message type for filtering ICMP packets 66 CHAPTER 4 MANAGING DEVICE SECURITY Defining IP Based ACLs ICMP Code Specifies an ICMP message code for filtering ICMP packets ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code a IGMP Type IGMP packets can be filtered by IGMP message type Source Address Matches the source IP address to which packets are addressed to the ACL Source Mask Indicates the source IP address mask Destination Address Matches the destination IP address to which packets are addressed to the ACL a Destination Mask Indicates the destination IP address mask a DSCP Matches the p
66. CURITY Defining Port Based Authentication 802 1X Port based authentication authenticates users on a per port basis via an external server Only authenticated and approved system users can transmit and receive data Ports are authenticated via the RADIUS server using the Extensible Authentication Protocol EAP Port based authentication includes a Authenticators Specifies the device port which is authenticated before permitting system access Supplicants Specifies the host connected to the authenticated port requesting to access the system services a Authentication Server Specifies the server that performs the authentication on behalf of the authenticator and indicates whether the supplicant is authorized to access system services Port based authentication creates two access states Controlled Access Permits communication between the supplicant and the system if the supplicant is authorized a Uncontrolled Access Permits uncontrolled communication regardless of the port state This section includes the following topics a Viewing 802 1X Authentication a Defining 802 1X Authentication Defining Port Based Authentication 802 1X 53 Viewing 802 1X The 802 1X Summary Page allows the network administrator to view Authentication port based authentication settings To view Port based Authentication 1 Click Security gt 802 1X gt Summary The 802 7X Summary Page opens Figure 26 802 1X Su
67. Detail OUI Summary OUI Modify Device Summary Save Configuration Voice VLAN Global Settings R VoiceVLAN Status Enabled z p VoiceVLAN ID Device i F Port gt VoiceVLAN Aging Time f1 Day 0 Hour 0 Min 5 Min 30 Day Security Monitoring X Administration Help Help Apply Cancel The Voice VLAN Setup Page contains the following fields a Voice VLAN Status Indicates if Voice VLAN is enabled on the device The possible field values are a Enable Enables Voice VLAN on the device a Disable Disables Voice VLAN on the device This is the default value a Voice VLAN ID Defines the Voice VLAN ID number 156 CHAPTER 13 CONFIGURING QUALITY OF SERVICE Voice VLAN Aging Time Indicates the amount of time after the last IP phone s OUI is aged out for a specific port The port will age out after the bridge and voice aging time The default time is one day The field format is Day Hour Minute The aging time starts after the MAC Address is aged out from the Dynamic MAC Address table The default time is 300 sec For more information on defining MAC address age out time see Defining Aging Time 2 Select Enable in the Voice VLAN State field 3 Define the Voice VLAN and Voice VLAN Aging Time fields 4 Click Apply The Voice VLAN is defined and the device is updated Defining Voice VLAN The Voice VLAN Port Setup Page contains information for defining Voice Port Settings VLAN port LAG setti
68. ENCE GUIDE Ping The Ping command sends ICMP echo request packets to another node on the network Syntax ping IP address URL hostname Parameters P Address IP address to ping a URL URL address to ping a hostname hostname to ping Range 1 158 characters Default Configuration This command has no default configuration User Guidelines There are no user guidelines for this command Example The following displays current IP configuration and software versions running on the device Select menu option ping 10 6 150 75 Pinging 10 6 150 75 with 32 bytes of data Reply from 10 6 150 75 bytes 32 time lt ims TTL 128 Reply from 10 6 150 75 bytes 32 time lt ims TTL 128 Reply from 10 6 150 75 bytes 32 time lt ims TTL 128 Reply from 10 6 150 75 bytes 32 time lt ims TTL 128 Ping statistics for 10 6 150 75 Packets Sent 4 Received 4 Lost 0 0 loss Approximate round trip times in milli seconds Minimum Oms Maximum Oms Average Oms Summary CLI Commands 199 The Summary command displays the current IP configuration and software versions running on the device It is intended for devices that support separate runtime and bootcode Images Syntax summary Default Configuration This command has no default configuration User Guidelines There are no user guidelines for this command Example The following displays current IP configuration and software ver
69. EXIST PGPRCS Trying to set tag submitButton y which does not exist in the page Frror HTTP_HTTPS E The Logging Display Page contains the following fields and buttons Save Preview Saves the displayed Log table Clear Logs Deletes all logs from the Log table Log Time Displays the time at which the log was generated Severity Displays the log severity Description Displays the log message text Click Clear Logs The selected logs are cleared and the device is updated Configuring Logging 169 Configuring The Logging Setup Page contains fields for defining which events are Logging recorded to which logs It contains fields for enabling logs globally and parameters for defining logs Log messages are listed from the highest severity to the lowest severity level The monitor users have no access to this page To define Log Parameters 1 Click Administration gt Logging gt Setup The Logging Setup Page opens Figure 96 Logging Setup Page D N Baseline Switch 2924 SFP Plus om Administration gt Logging Setup 3C E o Device Summary Save Configuration I Enable Local Logging Emergency I Enable Syslogging Emergency gt Administration gt Device gt Syslog IP Address Port Syslog Port bia Security gt Monitoring Logout The Logging Setup Page contains the following fields a Enable Local Logging Indicates if
70. Fast Guard State Role Cost Transitions Administration gt 5 14096 Dake gt 1 Disable Enable Disable F orwarding Root 1000M 4 128 N A 00 00 b0 f28 00 128 40 4 1 Port 7 2 Disable Enable Disable Forwarding Root 1000M 4 128 NA Gee b0 f28 00 128 40 4 1 r gt 00 X Secuty 1096 Monitoring gt 3 Disable Enable Disable Forwarding Root 1000M 4 128 N A 00 00 b0 f28 00 128 40 4 1 hen 4 Disable Enable Disable Forwarding Root 1000M 4 128 N A Ke eao 128 40 4 1 5 _ Disable Enable Disable Forwarding Root 1000M 4 128 N A NA NA NA NA 6 _ Disable Enable Disable Forwarding Root 1000M 4 128 N A NA NA NA NA z __ Disable Enable Disable Forwarding Root 1000M 4 128 N A NA WA NA NA B _ Disable Enable Disable F orwarding Root 1000M j4 128 N A NA NA NA NA 9 Disable Enable Disable F orwarding Root 1000M 4 128 N A N A NA N A N A 10 STP Enable Disable Forwarding Root 1000M 4 128 NWA NA NA NA NA 11 STP__ Enable Disable F orwarding Root 1000M 4 128 N A NA NA NA NA 12 _ STP__ Enable Disable F orwarding Root 1000M 4 128 __ N A NA NA NA NA 13 STP__ Enable Disable F orwarding Root 1000M 4 128 N A NA NA NA NA 14 STP __ Enable Disable F orwarding Root 1000M 4 128 NWA NA NA NA NA 15 STP _ Enable Disable Forwarding Root 1000M 4 128 WA NA NA NA NA 16 STP _ Enable Disable Forwarding Root 1000M 4 128 N A NA NA NA NA 17 STP__ Enable Disable Forwarding Root 1000M 4 128 N A NA NA NA NA ElLogout 18 RSTP Enable Disable
71. Forwarding Root 1000M 4 128 Shared NA NA NA NA 19 RSTP Enable Disable Forwarding Root 1000M 4 128 Shared NA NA NA NA 20 RSTP Enable Disable Forwarding Root 1000M 4 128 Shared N A NA NA N A The Spanning Tree Summary Page contains the following fields m Port The interface for which the information is displayed a STP Indicates if STP is enabled on the port The possible field values are a S7P Indicates that STP is enabled on the port a RSTP Indicates that RSTP is enabled on the port a Disable Indicates that neither STP nor RSTP is enabled on the port m Port Fast Indicates if Fast Link is enabled on the port If Fast Link mode is enabled for a port the Port State is automatically placed in the Forwarding state when the port link is up Fast Link optimizes the STP protocol convergence STP convergence takes 30 seconds and is not dependent on the number of switches in the network 128 CHAPTER 11 CONFIGURING SPANNING TREE a Root Guard Restricts the interface from acting as the root port of the switch The possible field values are Enable Indicates Root Guard is enabled on the port Disable Indicates Root Guard is disabled on the port a Port State Displays the current STP state of a port If enabled the port state determines what action is taken on traffic Possible port States are Disable Indicates that STP is currently disabled on the port The
72. HY ee Device Summary Information Product Description 3Com Baseline Switch 2924 SFP Plus System Name System Location System Contact Serial Number NECFSUDA0E380 3CBLSG24 System Object ID 1 3 6 1 4 1 43 1 8 61 Product 3C Number MAC Address System Up Time 00 12 49 A0 E3 80 0 days 0 hours 0 minutes 48 seconds Software Version 3 01 00556 1 0 0 00 Boot Version Hardware Version 1 0 0 The default polling interval is 60 sec The Device Summary Page contains the following fields 42 CHAPTER 3 VIEWING BASIC SETTINGS Product Description Displays the device model number and name System Name Defines the user defined device name The field range is 0 160 characters System Location Defines the location where the system is currently running The field range is 0 160 characters System Contact Defines the name of the contact person The field range is 0 160 characters Serial Number Displays the device serial number Product 3C Number Displays the 3Com device 3C number System Object ID Displays the vendor s authoritative identification of the network management subsystem contained in the entity MAC Address Displays the device MAC address System Up Time Displays the amount of time since the most recent device reset The system time is displayed in the following format Days
73. Management Protocol SNMP provides a method for managing network devices The device supports the following SNMP versions a SNMP version 1 a SNMP version 2c The SNMP agents maintain a list of variables which are used to manage the device The variables are defined in the Management Information Base MIB The SNMP agent defines the MIB specification format as well as the format used to access the information over the network Access rights to the SNMP agents are controlled by access strings This section contains the following topics a Defining SNMP Communities a Removing SNMP Communities a Defining SNMP Traps a Removing SNMP Traps 136 CHAPTER 12 CONFIGURING SNMP Defining SNMP Access rights are managed by defining communities in the SNMP Communities Communities Setup Page When the community names are changed access rights are also changed SNMP communities are defined only for S NMP v1 and SNMP v2c Monitor users have no access to this page To define SNMP communities 1 Click Administration gt SNMP gt Communities gt Setup The SNMP Communities Setup Page opens Figure 72 SNMP Communities Setup Page A Baseline Switch 2916 SFP Plus oN Administration gt SNMP gt Communities Setup 3C om Setup Remove f Device Summary Si Configuratii r ml aiak rehia SNMP Status Enable E Administration Device b Yl Insert New Community Port a Security gt SNMP Management M
74. N You can only manage the switch through a port that is an untagged member of VLAN7 VLANs have no minimum number of ports and can be created per unit per device or through any other logical connection combination since they are software based and not defined by physical attributes VLANs function at Layer 2 Since VLANs isolate traffic within the VLAN a Layer 3 router working at a protocol level is required to allow traffic flow between VLANs Layer 3 routers identify segments and coordinate with VLANs VLANs are Broadcast and Multicast domains Broadcast and Multicast traffic is transmitted only in the VLAN in which the traffic is generated 101 VLAN tagging provides a method of transferring VLAN information between VLAN groups VLAN Tis the default VLAN All ports are untagged members of VLAN1 by default If any port becomes an untagged member of a different VLAN then the port is removed from untagged membership of VLAN1 For example If port 24 is made an untagged member of VLAN 5 the port will no longer be a member of VLAN1 However if the port is made an tagged member of VLANS it still remains untagged in VLAN1 A port can only be an untagged member of one VLAN By default it is untagged member of VLAN1 If its untagged membership from another VLAN is removed it will default to untagged membership in VLAN1 There is no restriction on tagged membership A port can be a tagged member of any number of multiple VLANs 102 CH
75. NMP on page 135 Default Users and Passwords 27 Default Users and Passwords Upgrading gt Software using the CLI gt 1 If you intend to manage the switch or to change the default passwords you must log in with a valid user name and password The switch has one default user name The default user is listed in Table 5 Table 5 Default Users Default User Name Password Access Level admin no password Management The user can access and change all manageable parameters Use the admin default user name no password to login and carry out initial switch setup This section describes how to upgrade software to your Switch from the Command Line Interface CLI Note You can also upgrade the software using the switch Web user interface See Upgrade the Firmware Image page 165 Bootcode can only be upgraded using the CLI To download the runtime application file enter upgrade aaa aaa aaa aaa rrr runtime where aaa aaa aaa aaa is the IP address of the TFTP server and rrr is the source runtime filename To download the bootcode file enter upgrade aaa aaa aaa aaa bbb bootcode where aaa aaa aaa aaa is the IP address of the TFTP server and bbb is the source bootcode filename The bootcode firmware may not require upgrading for every software upgrade therefore there may not be a new bootcode file to download To set the switch to boot from the new software you have downloaded enter the
76. Page contains the following fields Ingress Rate Limit a Enable Ingress Rate Limit Enables setting an Ingress Rate Limit m Ingress Rate Limit Indicates the traffic limit for the port The possible field value is 3 500 1 000 000 kbps per second Egress Shaping Rate a Enable Egress Shaping Rate Enables Egress Shaping Rates Committed Information Rate CIR Defines CIR as the interface shaping type The possible field value is 64 7 000 000 000 kbps per second Committed Burst Size CbS Defines Cbs as the interface shaping type The possible field value is 4096 76 769 020 bytes per second a Select ports Indicates the ports to be configured 2 Select the ports to be configured 3 Define the fields 4 Click Apply The bandwidth is defined and the device is updated Defining Voice VLAN 153 Defining Voice VLAN Voice VLAN allows network administrators enhance VoIP service by configuring ports to carry IP voice traffic from IP phones on a specific VLAN VoIP traffic has a preconfigured OUI prefix in the source MAC address Network Administrators can configure VLANs on which voice IP traffic is forwarded Non VolP traffic is dropped from the Voice VLAN in auto Voice VLAN secure mode Voice VLAN also provides QoS to VoIP ensuring that the quality of voice does not deteriorate if the IP traffic is received unevenly The system supports one Voice VLAN There are two operational modes for IP Phones m P p
77. Remove scom Summary Setup Modify Remove Device Summary Save Configuration ACL Name acl2 z Remove ACL Administration gt Device l Port Security gt Source Destination m E Address Address oji 11 cc dd 11 ee 22 33 11 cc dd 11 ee 22 33 1 Permit Monitoring Help Help Remove The MAC Based ACL Remove Page contains the following fields a ACL Name Contains a list of the MAC based ACLs a Remove ACL Enables the ACL to be removed 64 CHAPTER 4 MANAGING DEVICE SECURITY U FB WwW N a Priority Indicates the rule priority which determines which rule is matched to a packet on a firstmatch basis Source Address Matches the source MAC address to which packets are addressed to the ACE Destination Address Matches the destination MAC address to which packets are addressed to the ACE a VLAN ID Matches the packet s VLAN ID to the ACE The possible field values are 1 to 4093 a CoS Classifies Class of Service of the packet a CoS Mask Defines the wildcard bits to be applied to the CoS m Ethertype Provides an identifier that differentiates between various types of protocols a Action Indicates the ACL forwarding action In addition the port can be shut down a trap can be sent to the network administrator or packet is assigned rate limiting restrictions for forwarding The options are as follows a Permit Forwards pack
78. Renee terse p aeons ree nse nce er ene ee cee ene ee er 41 Viewing Color Keys anea a n aa aaa 43 MANAGING DEVICE SECURITY Configuring Systemi ACCESS enote y a a a a age ae en a 45 Defining RADIUS Clients ht lt 4in cits hott us Ak st sated Soles tia atte 50 Defining Port Based Authentication 802 1X ccccccccceccesssseceeeeetteeeeeeeens 52 Defining Access Control LISS eee ieee eee Seek 57 Enabling Broadcast SON MNase ea a art ta ete lo ce 78 GENERAL SYSTEM INFORMATION Viewing System IDESCHOUOMs cxuees oo eae ere eae ee ee es 80 Configuring System Name Information 0cccccccccsececccssseeeeeeeesseeeeees 82 Configuring System Time et in et ak ol te ate te et ese 83 CONFIGURING PORTS Viewing Port Settings haf Sa a saa ae I a 85 Defining Port SLUNG Sa 26 i 26 0 56 420 Gee UG oh OU et al 88 Viewing P rtDetailS oii sesiuck ai h a ah ieee Aewevah adie anak she 90 AGGREGATING PORTS Viewing Link Aggregation wecuteundec neta ide Gs aiea tS atte hited 93 Configuring Link Aggregation lf xi ic8 ooo he ceil Boke saest ces eecacest Go teeresl aioe eke 93 Modifying Link Aggregation yaiei ci tas eee ew te Rael ala Ra alo es 95 Removing Link AG GregatlOnnn act oudatha teats cee el etats Ge alae ceestsaee heat 96 WALELA M WAG tii ioh sicec title ete as ed eaeca kd asia AN ot 97 Modifying LACP sranda uaaa Bauch sates al callie asad 98 CONFIGURING VLANS Viewing VLAN Details 0cccccecccsesss
79. S Defining Port The Port Administration Setup Page allows network managers to Settings configure port parameters for specific ports Monitor users have no access to this page To configure Port Settings 1 Click Port gt Administration gt Setup The Port Administration Setup Page opens Figure 44 Port Administration Setup Page es N Baseline Switch 2924 SFP Plus 3 C 0 Mm Port gt Administration Setup Summary J Device Summary Port State No Change x Speed No Change x Duplex No Change x SOE ete Flow Control No Change Reactivate No Change x Administration gt Select ports Device Port Security d ETE Monitoring ie A fis Help Logout Selected Ports Note Setting up large numbers of ports may take some time e Enabling Flow Control may affect the switch s ability to meet QoS requirements of real time applications under some rare _ conditions For more information please refer to the User Guide The Port Administration Setup Page contains the following fields Port State Defines the port state The possible values are a No Change Retains the current port status a Enable Enables the port a Disable Disables the port m Speed Defines the configured rate for the port The port speed determines what speed setting options are available Port speeds can only be configured when auto negotiation is disabl
80. SGOMT Network Directois Je e Aa TE A L a rte 182 3Com Network Access Manager 0 cccceeeeeeeeeeeeeeeeeeeeeeeeeteeeeeeneeneees 182 3Com Enterprise Management Suite cccccceeeeeeeeeeeeeeeeenneeeaeeees 183 Integration Kit with HP OpenView Network Node Managet 6 183 DEVICE SPECIFICATIONS AND FEATURES Related Standards siisii aion moiin ede beaters aaa 184 UVIE COMMING Gale Se cietsvoes eae Ss Pras Soe oes Pe a aha ARR EDs 184 el Yes ra Renee tee ee eee ee np ene cee eed re ee Pe een Peeper ery Pe Peer 184 REE A E fatal oh cee ee he os Re ee ee ee ee 185 Switch Features ao ad chs neha ea eah led yeah facades gush idea ah aria iaki 185 PIN OUTS Console OF 10 soe eee eT ea ae CLR NET LON ONCE nr er caer Pere eh eee 189 NGM Modem Ca De a a aa a aa raa a a a aai aiid ats 190 PGAT Serial Cable Aarena anihi aL 190 Modem Cables ccanore e e iae Gas ln Ae a ee 190 Ethernet Port RJ 45 Pin ASSIQGNMENS ccccccessesseceeeeeeceeeeceeetststssaaees 191 TROUBLESHOOTING Problem Management 22 c c1ss certs eect Rae eae ene do 192 Troubleshooting SOLUTIONS cei ea rea a a ete 192 3COM CLI REFERENCE GUIDE Getting Started with the Command Line Interface 0 0 ceceeteeeeees 195 CUS TUT TVS oN a esc saa nh ay 196 GLOSSARY Jne aape Ty oa hc Sanh lene eet AAR heats a ae BN 206 OBTAINING SUPPORT FOR YOUR 3COM PRODUCTS Register Your Product to Gain Service Benefits 0 0 0 ccc
81. Self test exceeds 15 seconds Faulty serial cable Software settings The device may not be correctly installed Replace the serial cable Reconfigure the emulation software connection settings Remove and reinstall the device If that does not help consult your technical support representative No connection is established and the port LED is on Wrong network address in the workstation No network address set Wrong or missing protocol Faulty ethernet cable Faulty port Faulty module Incorrect initial configuration Configure the network address in the workstation Configure the network address in the workstation Configure the workstation with IP protocol Replace the cable Replace the module Replace the module Erase the connection and reconfigure the port 194 APPENDIX D TROUBLESHOOTING Table 12 Troubleshooting Solutions continued Problems Possible Cause Solution Device is in a reboot loop No connection and the port LED is off Software fault Incorrect ethernet cable e g crossed rather than straight cable or vice versa split pair incorrect twisting of pairs Fiber optical cable connection is reversed Bad cable Wrong cable type Download and install a working or previous software version from the console Check pinout and replace if necessary Change if necessary Check Rx and Tx on fiber optic cable Replace with a tested cable Verify that all 10 Mbps c
82. String Alpha Numeric Key String Alpha Numeric Help Apply Cancel The Radius Client Setup Page contains the following fields Primary Server Defines the RADIUS Primary Server authentication fields Backup Server Defines the RADIUS Backup Server authentication fields Host IP Address Defines the RADIUS Server IP address Defining RADIUS Clients 51 a Authentication Port Identifies the authentication port The authentication port is used to verify the RADIUS server authentication The authenticated port default is 1812 a Number of Retries Defines the number of transmitted requests sent to the RADIUS server before a failure occurs Possible field values are 1 10 The default value is 3 Timeout for Reply Defines the amount of time in seconds the device waits for an answer from the RADIUS server before retrying the query or switching to the next server Possible field values are 1 30 The default value is 3 Dead Time Defines the default amount of time in minutes that a RADIUS server is bypassed for service requests The range is 0 2000 The default value is O a Key String Defines the default key string used for authenticating and encrypting all RADIUS communications between the device and the RADIUS server This key must match the RADIUS encryption 2 Define the fields 3 Click OK The RADIUS client is enabled and the system is updated 52 CHAPTER 4 MANAGING DEVICE SE
83. Switch AN AN A AN AN AN AN This section contains information that you need to install and set up your 3Com switch WARNING Safety Information Before you install or remove any components from the Switch or carry out any maintenance procedures you must read the 3Com Switch Family Safety and Regulatory Information document enclosed AVERTISSEMENT Consignes de securite Avant d installer ou d enlever tout composant de Switch ou d entamer une procedure de maintenance lisez les informations relatives a la securite qui se trouvent dans 3Com Switch Family Safety and Regulatory Information VORSICHT Sicherheitsinformationen Bevor Sie Komponenten aus dem Switch entfernen oder den Switch hinzufugen oder Instandhaltungsarbeiten verrichten lesen Sie die 3Com Switch Family Safety and Regulatory Information ADVERTENCIA Informacion de seguridad Antes de instalar o extraer cualquier componente del Switch o de realizar tareas de mantenimiento debe leer la informacion de seguridad facilitada en el 3Com Switch Family Safety and Regulatory Information AVVERTENZA Informazioni di sicurezza Prima di installare o rimuovere qualsiasi componente dal Switch o di eseguire qualsiasi procedura di manutenzione leggere le informazioni di sicurezza riportate 3Com Switch Family Safety and Regulatory Information OSTRZE ENIE Informacje o zabezpieczeniach Przed instalacj lub usuni ciem jakichkolwiek element w z product lub przeprowadzeniem pr
84. TISTICS This section contains information about viewing port statistics Viewing Port The Port Statistics Summary Page contains fields for viewing information Statistics about device utilization and errors that occurred on the device To view RMON statistics 1 Click Ports gt Statistics gt Summary The Port Statistics Summary Page opens Figure 97 Device Summary Save Configuration Administration Device Port Security Monitoring Help vvv v a Logout Summary Port Statistics Summary Page Baseline Switch 2924 SFP Plus Port gt Statistics Summary Select Port s MA ee Cs oY Refresh Rate No Refresh 7 Received Bytes Octets Received Packets Broadcast Packets Received Multicast Packets Received CRC amp Align Errors Undersize Packets Oversize Packets Fragments Jabbers Collisions Frames of 64 Bytes Frames of 65 to 127 Bytes Frames of 128 to 255 Bytes Frames of 256 to 511 Bytes Frames of 512 to 1023 Bytes Frames of 1024 to 1622 Bytes Clear All Counters 3739 6785 9131 52410 The Port Statistics Summary Page contains the following fields m Select Port s Defines the specific port for which RMON statistics are displayed Viewing Port Statistics 173 Refresh Rate Defines the amount of time that passes before the interface statistics are refreshed The possible field values are a No Refresh Indicates that the port statist
85. The varnish is environmentally friendly and the inks are vegetable based with a low heavy metal content ABOUT THIS GUIDE This guide provides information about the Web user interface for the 3Com Baseline Switch 2916 SFP Plus and Baseline Switch 2924 SFP Plus The Web interface is a network management system that allows you to configure monitor and troubleshoot your switch from a remote web browser The Web interface web pages are easy to use and easy to navigate User Guide This section provides an overview to the User Guide The User Guide Overview provides the following sections m Getting Started Provides introductory information about the Switch 2916 and 2924 and how they can be used in your network It covers summaries of hardware and software features m Using the 3Com Web Interface Provides information for using the Web interface including adding editing and deleting device configuration information a Viewing Basic Settings provides information for viewing and configuring essential information required for setting up and maintaining device settings a Managing Device Security Provides information for configuring both system and network security including traffic control ACLs and device access methods General System Information Provides information for configuring general system information including the user defined system name the user defined system location and the system contact person
86. Viewing CoS The CoS Summary Page displays CoS default settings assigned to ports Settings To view CoS Settings 1 Click Device gt QoS gt CoS gt Summary The CoS Summary Page opens Figure 76 CaM 3com Device Summary Save Configuration Administration gt Device gt Port b Security Monitoring L Help Logout CoS Summary Page Baseline Switch 2924 SFP Plus Device gt QoS gt CoS Summary Summary Interface Default CoS Interface 1 0 13 Default CoS N o 14 15 16 17 18 19 20 21 22 wolals ala o jojojojojojo ojo ojojojojojojo 23 ojojo 24 ojojo Help The CoS Summary Page contains the following fields m Interface Displays the interface for which the CoS default value is defined a Default CoS Displays the default CoS value for incoming packets for which a VLAN priority tag is not defined The possible field values are 0 7 144 CHAPTER 13 CONFIGURING QUALITY OF SERVICE Defining CoS The CoS Setup Page contains information for enabling QoS globally Monitor users have no access to this page To configure CoS Settings 1 Click Device gt QoS gt CoS Setup The CoS Setup Page opens Figure 77 CoS Setup Page As A Baseline Switch 2924 SFP Plus SL Ne Device gt Qos gt CoS Setup 300M Sr sw Device Summary Save Configuration QoS Mode Disabl
87. Web Interface Configuration Buttons Button Button Name Description Clear Logs Clears system logs Clear Logs z Create Creates configuration Create entries Apply Applies configuration Apply changes to the device Delete Deletes configuration Remove settings Table 8 3Com Web Interface Information Tabs Tab Tab Name Description Help Opens the online help Help Logout Logs the user out and Logout terminates the current session Using Screen and Table Options 33 Using Screen and 3Com contains screens and tables for configuring devices This section Table Options contains the following topics a Viewing Configuration Information a Adding Configuration Information m Modifying Configuration Information m Removing Configuration Information Viewing Configuration Information To view configuration information 1 Click Port gt Administration gt Summary The Port Settings Summary Page opens Figure 11 Port Settings Summary Page AoA Baseline Switch 2924 SFP Plus 23 Up 1000M Ful Disab 24 Up 1000M Ful Disab 3 c om eo Port gt Administration Summary Summary Detail Device Summary ordain SS 1 Up 1000M Ful Disable Administration gt 2 Up 1000M Ful Disable Device l 3 Up 1000M Ful Disable Port gt 4 Up 1000M Ful Disable Security gt 5 Up 1000M Ful Disable Monitoring gt 6 Up 1000M Fu Disable 7 Up 1000M Ful Disable bed
88. a Device is in a reboot loop a No connection and the port LED is off m Lost Password Table 12 Troubleshooting Solutions Problems Possible Cause Troubleshooting Solutions 193 Solution Switch does not run power LED is off Power is disconnected Verify that the power cord is properly connected to the switch and to the mains supply Cannot connect to management using Console connection Cannot connect to switch management using HTTP SNMP etc Be sure the terminal emulator program is set to VT 100 compatible 38400 baud rate no parity 8 data bits and one stop bit Use the included cable or be sure that the pin out complies with a standard null modem cable Be sure the switch has a valid IP address subnet mask and default gateway configured Check that your cable is properly connected with a valid link light and that the port has not been disabled Ensure that your management station is plugged into the appropriate VLAN to manage the device If you cannot connect using the web the maximum number of connections may already be open Please try again at a later time No response from the terminal emulation software Faulty serial cable Incorrect serial cable Software settings Replace the serial cable Replace serial cable for a pin to pin straight flat cable Reconfigure the emulation software connection settings Response from the terminal emulations software is not readable
89. a Wild Card Mask Defines the source IP address wildcard mask Wildcard masks specify which bits are used and which bits are ignored A mask of 255 255 255 255 indicates that no bit is important A mask of 0 0 0 0 indicates that all the bits are important For example if the source IP address is 149 36 184 198 and the wildcard mask is 255 255 255 00 the first three bytes of the IP address are ignored while the last eight bits are used Destination IP Address Matches the destination IP address to which packets are addressed to the ACL a Wild Card Mask Indicates the destination IP Address wildcard mask Wildcards are used to filter a destination IP Address Masks specify which bits are used and which bits are ignored A wildcard mask of 255 255 255 255 indicates that no bit is important A wildcard mask of 0 0 0 0 indicates that all bits are important For example if the destination IP address 149 36 184 198 and the wildcard mask is 255 255 0 0 the first two bytes of the IP address are used while the last two bytes are ignored Removing IP Based ACLs Defining Access Control Lists 73 a Match DSCP Matches the packet DSCP value to the ACL Either the DSCP value or the IP Precedence value is used to match packets to ACLs a Match IP Precedence Matches the packet IP Precedence value to the ACE Either the DSCP value or the IP Precedence value is used to match packets to ACLs a Action Indicates the ACL forwardi
90. ac konserwacyjnych nale y zapozna si z informacjami o bezpiecze stwie zawartymi w 3Com Switch Family Safety and Regulatory Information CAUTION Opening the switch or tampering with the warranty sticker can void your warranty Setting Up for Management 17 Setting Up for Management To make full use of the features offered by your switch and to change and monitor the way it works you have to access the management software that resides on the switch This is known as managing the switch Managing the switch can help you to improve the efficiency of the switch and therefore the overall performance of your network This section explains the initial set up of the switch and the different methods of accessing the management software to manage a switch It covers the following topics m Methods of Managing a Switch a Switch Setup Overview a Manually set the IP Address using the Console Port a Viewing IP Information using the Console Port Setting Up Web Interface Management a Setting Up SNMP Management V1 or V2 m Default Users and Passwords Methods of Managing a Switch Web Interface Management To manage your switch you can use one of the following methods Web Interface Management a SNMP Management In addition you can use the Command Line Interface through the Console port for basic operations of the switch including setting and viewing the IP address configuring user accounts upgrading switch firmware and m
91. acket DSCP value to the ACL Either the DSCP value or the IP Precedence value is used to match packets to ACLs a IP Prec Indicates matching ip precedence with the packet IP precedence value a Action Indicates the ACL forwarding action In addition the port can be shut down a trap can be sent to the network administrator or packet is assigned rate limiting restrictions for forwarding The options are as follows a Permit Forwards packets which meet the ACL criteria a Deny Drops packets which meet the ACL criteria a Shutdown Drops packet that meets the ACL criteria and disables the port to which the packet was addressed Ports are reactivated from the Port Administration Setup Page Access Control Lists ACL allow network managers to define classification actions and rules for specific ingress ports Your switch supports up to 256 ACLs Packets entering an ingress port with an active ACL are either admitted or denied entry If they are denied entry the user can disable the port ACLs are composed of access control entries ACEs that are made of the filters that determine traffic classifications The total number of ACEs that can be defined in all ACLs together is 256 Monitor users have no access to this page Defining Access Control Lists 67 To configure IP Based Access Control Lists 1 Click Device gt ACL gt IP Based ACL gt Setup The P Based ACL Setup Page opens Figure 33 IP Based ACL Se
92. age 32 82 CHAPTER 5 GENERAL SYSTEM INFORMATION Configuring System Name Information The System Name Page allows the Network Administrator to provide a user defined system name location and contact information for the device Monitor users have read only permissions on this page To configure the System Name Click Administration gt System Name The System Name Page opens Figure 41 System Name Page No A Baseline Switch 2924 SFP Plus a7 We Administration gt System Name System Name Device Summary Save Configuration System Name SS System Locatin i S C System Contact Administration Device Port Security Monitoring Help vrvvy Help Apply Cancel The System Name Page includes the following fields m System Name Defines the user defined device name The field range is 0 100 characters m System Location Defines the location where the system is currently running The field range is 0 100 characters System Contact Defines the name of the contact person The field range is 0 100 characters 2 Define the fields 3 Click Apply The System Name is enabled and the device is updated 4 Be sure to save your configuration or you changes will be lost when the switch is rebooted To save the configuration refer to Saving the Configuration on page 37 Configuring System Time 83 Configuring System Time The System Time Setup Page contains f
93. and write access rights a Monitor Provides users with read access rights a Password Modify Changes a password for an existing user a Password Defines the local user password Local user passwords can contain up to 8 characters a Confirm Password Verifies the password 2 Select a User Name to be modified 3 Modify the fields 4 Click Apply The User settings are modified and the device is updated Configuring System Access 49 Removing System The System Access Remove Page allows network administrators to Access remove users from the System Access Interface Monitor users have no access to this page To remove users 1 Click Administration gt System Access gt Remove The System Access Remove Page opens Figure 24 System Access Remove Page CAN Baseline Switch 2924 SFP Plus Administration gt System Access Remove 3com Device Summary Save Configuration Summary Remove User s User Name Access Level Administration Management monitor Monitor Select user s frorn the list above and click Remove to remove the User s lt 4 Logout Help Remove Cancel The System Access Remove Page contains the following fields a Remove User s Select user s from the list below to be removed a User Name Displays the user name m Access Level Displays the user access level The lowest user access level is Monitoring and the highest is Management a Management
94. are for your chosen method of management Switch Setup Overview 19 Figure 5 Initial Switch Setup and Management Flow Diagram Power Up the Switch Is a DHCP server present Plug and Play Setup lt lt v IP Information is automatically The switch uses its default IP configured using DHCP information See page 20 See page 20 v v Do you want to manually Yes q configure the IP information gt No Qa 2 v z A a a How do you want to view the automatically s How do you want to connect to the Switch configured IP information 2 li 9 E a Connect to the Connect to a front panel Refer to the label on Connect to the T console port and use port and use the Web the rear of the switch console port and use B the Command Line Interface which details the the Command Line Interface See page 25 default IP address Interface See page 21 See page 23 l i How do you want to manage your Switch See page 17 Command Line Interface SNMP Web Interface basic setup only See page 26 Connect over the network Connect using the console port See page 21 See page 26 CAUTION To protect your switch from unauthorized access you must change the default password as soon as possible even if you do not intend to actively manage your switch For more information on
95. at DST ends each year Select or type the Day Week Month and Tim 2 Define the local Time and Date 3 Enable or disable automatic DST by clicking the Daylight Savings box 4 Configure the region Time Set Offset Recurring From and To fields as appropriate for your location 5 Click Apply The DST settings are saved and the device is updated 6 Be sure to save your configuration or you changes will be lost when the switch is rebooted To save the configuration refer to Saving the Configuration on page 37 CONFIGURING PORTS This section contains information for configuring Port Settings and includes the following sections Viewing Port Settings Defining Port Settings Viewing Port Details Viewing Port Settings The Port Administration Summary Page permits the network manager to view the current port and LAG setting configuration The Port Administration Summary Page also displays to which LAGs the port belongs When configuring the port speed and port Duplex mode please note the following Setting the port speed to 10 100 1000 and the Duplex mode to Half admin speed is 10 100 1000 half and no advertisement Setting the port speed to 10 100 1000 and the Duplex mode to Full admin speed is 10 100 1000 full and no advertisement Setting the port speed to 10 100 1000 and the Duplex mode to Auto admin speed is Admin Advertisement 10 100 1000 full and half Setting the port speed to Auto and Duplex
96. at accompanies the terminal emulation software for more information Power up the switch The Power on Self Test POST will be performed The Switch 2916 and 2924 takes approximately one minute to boot You are now ready to manually set up the switch with IP information using the command line interface m You need to have the following information a P address a subnet mask a default gateway Viewing IP Information using the Console Port Using the Command Line Interface CLI 23 Connect to the switch Console port as described in Connecting to the Console Port page 21 The command line interface login sequence begins as soon as the switch detects a connection to its console port When the process completes the Login prompt displays At the login prompt enter admin as your user name and press Return The Password prompt displays Press Return If you have logged on correctly Select menu option should be displayed Enter the IP address and subnet mask for the switch as follows ipSetup XXX XXX XXX XXX MMm mmm mmm mmm and then press Enter Note XXXx XXX XxxX xxx is the IP address and mmm mmm mmm mmm is the subnet mask of the switch Enter the Logout command to terminate the CLI session The initial setup of your switch is now complete and the switch is ready for you to set up your chosen management method See Methods of Managing a Switch on page 17 This section describes how to view the automatica
97. ates the port is selected and Voice VLAN settings are applied to the port a Unselected Indicates the port is not selected and the Voice VLAN settings are not applied to the port This is the default value m Port Displays the Voice VLAN Port Details for a selected port a Voice VLAN Port Security Indicates if port security is enabled on the Voice VLAN Port Security ensures that packets arriving with an unrecognized MAC address are dropped a No Changes Maintains the current Voice VLAN port security settings a Enable Enables port security on the Voice VLAN a Disable Disables port security on the Voice VLAN This is the default value Voice VLAN Port Mode Defines the Voice VLAN mode The possible field values are a No Changes Maintains the current Voice VLAN port settings This is the default value a None Indicates that the selected port will not be added to a Voice VLAN a Manual Adding a selected port to a Voice VLAN a Auto Indicates that if traffic with an IP Phone MAC Address is transmitted on the port the port joins the Voice VLAN The port is aged out of the voice VLAN if the IP phone s MAC address with an OUI prefix is aged out and exceeds the defined If the MAC Address of the IP phones OUI was added manually to a port in the Voice VLAN the user cannot add it to the Voice VLAN in Auto mode only in Manual mode Defining Voice VLAN 159 To view Voice VLAN Por
98. ation Destination VLAN Cos Priority Aade Source Mask P Mask ID CoS Mask Ethertype action i FR ARAL FEAL AT 255 255 255 0 FRR REE 255 255 2650 Permit Help Apply Cancel The MAC Based ACL Setup Page contains the following fields m Selection ACL Lists previously defined Access Control Lists a Create ACL Create a new user defined MAC based ACL 60 CHAPTER 4 MANAGING DEVICE SECURITY Add Rules to ACL a Priority Indicates the ACE priority which determines which ACE is matched to a packet on a first match basis The possible field values are 1 2147483647 Source MAC Address Matches the source MAC address to which packets are addressed to the ACE Source Mask Indicates the source MAC Address wildcard mask Wildcards are used to mask all or part of a source MAC address Wildcard masks specify which bits are used and which are ignored A wildcard mask of FF FF FF FF FF FF indicates that no bit is important A wildcard of 00 00 00 00 00 00 00 indicates that all bits are important For example if the source MAC address is 00 AB 22 11 33 00 and the wildcard mask is 00 00 00 00 00 FF the first five bytes of the MAC are used while the last byte is ignored For the source MAC address 00 AB 22 11 33 00 this wildcard mask matches all MAC addresses in the range 00 AB 22 11 33 00 to 00 AB 22 11 33 FF Destination MAC Address Matches the destination MAC address to which packets are address
99. bles diagnostics Click Monitoring gt Cable Diagnostics gt Summary The Cable Diagnostics Summary Page opens Figure 100 Cable Diagnostics Summary Page EAN Baseline Switch 2924 SFP Plus S Ve Monitoring gt Cable Diagnostics Summary 3com a al ummary Diagnostics 3 Device Summary Feature Summary Sao conganta Ports Test Result Cable Fault Distance Last Update 1 Administration Device Port Security Monitoring Help vvv v Logout 21 Configuring Cable Diagnostics Viewing Cable Diagnostics 179 The Cable Diagnostics Summary Page contains the following fields m Ports Specifies the port to which the cable is connected Test Result Displays the cable test results Possible values are a No Cable Indicates a cable is not connected or the cable is connected on only one side or the cable is shorter than 1 meter a Short Cable Indicates that a short has occurred in the cable a OK Indicates that the cable passed the test a Cable Fault Distance Indicates the distance from the port where the cable error occurred in meters a Last Update Indicates the last time the port was tested Click Apply The test results are displayed The Diagnostics Page contains fields for performing tests on copper cables Cable testing provides information about where errors occurred in the cable the last time a cable test was performed and the type of cable e
100. ca 3CO m C7 3Com Baseline Switch 2916 SFP Plus and Baseline Switch 2924 SFP Plus User Guide 3CBLSG16 3CBLSG24 www 3Com com Part Number 10016143 Rev AA Published May 2007 3Com Corporation 350 Campus Drive Marlborough MA 01752 3064 Copyright 2007 3Com Corporation All rights reserved No part of this documentation may be reproduced n any form or by any means or used to make any derivative work such as translation transformation or adaptation without written permission from 3Com Corporation 3Com Corporation reserves the right to revise this documentation and to make changes in content from time o time without obligation on the part of 3Com Corporation to provide notification of such revision or change 3Com Corporation provides this documentation without warranty term or condition of any kind either implied or expressed including but not limited to the implied warranties terms or conditions of merchantability satisfactory quality and fitness for a particular purpose 3Com may make improvements or changes in the product s and or the program s described in this documentation at any time f there is any software on removable media described in this documentation it is furnished under a license agreement included with the product as a separate document in the hard copy documentation or on the removable media in a directory file named LICENSE TXT or LICENSE TXT If you are unable to locate a copy
101. case the user may be required to take adequate measures A copy of the signed Declaration of Conformity can be downloaded from the Product Support web page for the Baseline Switch 2916 2924 SFP Plus family 3CBLSG16 and 3CBLSG24 at http Wwww 3Com com Also available at http support 3com com doc BL_SWITCH_2916 2924_SFP_EU_DOC pdf VCCI STATEMENT TOREJ FRUBRESERESREMABBS VCC 0 BOC VIAATRRHNRECT CORB tRBA CHAT b EERIE BISH OF CEMBHVES COBMSICHAAMBUIEWREBT O k JER ENMECEMHVYVET
102. cccceeseeeeeeenees 212 Solv Problems Online prenon ae need a ree ote 212 Purchase Extended Warranty and Professional Services 0ccccccceeeee 212 Access Software DownloadS ccccccccceccecesseeeeeecceseeeeeeesesaeeeeeeensaeees 213 Contact USt mrs ue e nant gee ee ARE A N 213 REGULATORY NOTICES GETTING STARTED This chapter contains introductory information about the 3Com Baseline Switch 2916 SFP Plus and the Baseline Switch 2924 SFP Plus and how they can be used in your network It covers summaries of hardware and software features and also the following topics m About the Switch 2916 and 2924 a Front Panel Detail m LED Status Indicators m System Specifications a Installing the Switch a Setting Up for Management a Methods of Managing a Switch a Switch Setup Overview a Using the Command Line Interface CLI a Setting Up Web Interface Management a Setting Up SNMP Management V1 or V2 m Default Users and Passwords m Upgrading Software using the CLI 12 CHAPTER 1 GETTING STARTED About the Switch 2916 and 2924 Summary of Hardware Features The Switch 2916 and Switch 2924 are Gigabit Ethernet switching products that deliver flexible three speed performance 10 100 1000 and advanced voice optimized features such as auto QoS and auto voice VLAN This makes the switches ideal for medium businesses and small enterprises seeking to build a secure converged network The Switch 2916 and 2924 includes th
103. dated The Port Mirroring Remove Page permits the network manager to terminate port mirroring or monitoring The monitor users have no access to this page Click Monitoring gt Port Mirroring gt Remove The Port Mirroring Remove Page opens Figure 99 Port Mirroring Remove Page AoA Baseline Switch 2924 SFP Plus AV ae a 3 C om Monitoring gt Port Mirroring Remove TE eno Device Summary Monitor Mirror In Mirror Out Save Configuration 1 23 3 Administration gt Device r Port gt Security gt Monitoring Help Logout Help Remove Cancel 178 CHAPTER 17 MANAGING DEVICE DIAGNOSTICS The Port Mirroring Remove Page contains the following fields a Monitor Displays the monitor port m Mirror In Displays ports that are monitored on the RX a Mirror Out Displays ports that are monitored on the TX 2 Select the ports to be removed Click Remove Port mirroring is removed and the device is updated Viewing Cable Diagnostics The Cable Diagnostics Summary Page contains fields for viewing tests on copper cables Cable testing provides information about where errors occurred in the cable the last time a cable test was performed and the type of cable error which occurred The tests use Time Domain Reflectometry TDR technology to test the quality and characteristics of a copper cable attached to a port The monitor users have limited access to this page To view ca
104. device with the factory default settings but maintains the current IP Address subnet mask and default gateway address a nitialize with Default IP Address Resets the device with the factory default settings including the factory default IP Address 2 Click the Initialize button The system is restored to factory defaults 40 CHAPTER 2 USING THE 3COM WEB INTERFACE Logging Off the To log off the device Device 1 Click Logout The Logout Page opens 2 The following message appears Microsoft Internet Explorer ES re you sure you want to log off cei 3 Click OK The 3Com Web Interface Home Page closes 3 VIEWING BASIC SETTINGS This section contains information about viewing basic settings available from the Web interface home page including the Device Summary page and the Color Keys page Viewing Device The Device Summary Page displays general information including the Settings system name location and contact the system MAC address System Object ID System Up Time and software boot and hardware versions To view the Device Summary Settings 1 Click Device Summary The Device Summary Page opens Figure 19 Device Summary Page sony RAN 3com Device Summary Save Configuration Administration Device Port Security Monitoring Help vrv v v Logout Baseline Switch Device Summary 2924 SFP Plus Device View Color Key TAA ACNE Ae 8 ew
105. dministrator to remove user defined ACLs from a selected interface Monitor users have no access to this page To remove ACL Binding Click Device gt ACL gt ACL Binding gt Remove The ACL Binding Remove Page opens Figure 38 ACL Binding Remove Page CAN Baseline Switch 2924 SFP Plus S lt Ne Device gt ACL gt ACL Binding Remove 3COM s Device Summary Save Configuration ACL Name Administration gt Device gt Port gt Security Monitoring Help FWAYAAAyAyAyAyAyAyAyAy 4 P 5 7 al F ElLogout Help Remove Cancel G The ACL Binding Remove Page contains the following fields m Interface Displays the port interface to which the ACL is bound ACL Name Displays the name of ACL to be removed from the selected port 2 Select an ACL to be removed 3 Click Apply The selected ACLs are removed and the device is updated 78 CHAPTER 4 MANAGING DEVICE SECURITY Enabling Broadcast Storm Broadcast Storm limits the amount of Multicast and Broadcast frames accepted and forwarded by the device When Layer 2 frames are forwarded Broadcast and Multicast frames are flooded to all ports on the relevant VLAN This occupies bandwidth and loads all nodes on all ports A Broadcast Storm is a result of an excessive amount of broadcast messages simultaneously transmitted across a network by a single port F
106. e IP Configuration on page 20 and Viewing IP Information using the Console Port on page 23 Check that your management workstation is on the same subnet as your switch Check you can communicate with the switch by entering a ping command at the DOS or CMD prompt in the following format c ping xxx xxx xxx xxx where xxx xxx xxx xxx is the IP address of the switch If you get an error message check that your IP information has been entered correctly and the switch is powered up Open your web browser and enter the IP address of the switch that you wish to manage in the URL locator for example in the following format http XXX XXX XXX XXX At the login and password prompts enter admin as your user name and press Return at the password prompt or the password of your choice if you have already modified the default passwords The main Web interface page is displayed Setting Up SNMP Management V1 or V2 You can use any network management application running the Simple Network Management Protocol SNMP to manage the switch 3Com offers a range of network management applications to address networks of all sizes and complexity See 3Com Network Management on page 181 Be sure the management workstation is connected to the switch using a port in VLAN 1 the Default VLAN By default all ports on the switch are in VLAN 1 To display and configure SNMP management parameters refer to Configuring S
107. e following models a Baseline Switch 2916 SFP Plus 16 Port a Baseline Switch 2924 SFP Plus 24 Port The Switch 2916 and 2924 feature the following advantages a Full Gigabit speed access ports a Jumbo frames a Port security a Link aggregation control protocol LACP a Up to 256 VLANs Access control lists ACLs a Port based mirroring Table 1 summarizes the hardware features supported by the Switch 2916 and 2924 Table 1 Hardware Features Feature Switch 2916 and 2924 Addresses Up to 8 000 supported Auto negotiation Supported on all ports Forwarding Modes Store and Forward Duplex Modes Half and full duplex on all front panel ports Auto MDI MDIX Supported on all ports If fiber SFP transceivers are used Auto MDIX is not supported Flow Control In full duplex operation all ports are supported The Switch 2916 and 2924 ports are capable of receiving but not sending pause frames Traffic Prioritization Supported using the IEEE Std 802 ID 1998 Edition Eight traffic queues per port Front Panel Detail 13 Table 14 Hardware Features continued Feature Switch 2916 and 2924 Ethernet Fast Ethernet Auto negotiating 10 100 1000BASE T ports and Gigabit Ethernet Ports SFP Ethernet Ports Supports fiber Gigabit Ethernet long wave LX and fiber Gigabit Ethernet short wave SX transceivers in any combination Mounting 19 inch rack or standalone mounting Front Panel Detail Figure 1 shows the front panel
108. e opens Figure 50 LACP Summary Page E N Baseline Switch 2924 PWR Plus Port gt LACP Summary 3C om Summary if Device Summary Save Configuration LACP Timeout Administration Device z i xrv vv ElLogout 98 CHAPTER 7 AGGREGATING PORTS The LACP Summary Page contains the following fields m Port Displays the port number to which timeout and priority values are assigned a Port Priority Displays the LACP priority value for the port The field range is 1 65535 as LACP Timeout Displays the administrative LACP timeout The possible field values are a Long Specifies the long timeout value a Short Specifies the short timeout value Modifying LACP LAG ports can contain different media types if the ports are operating at the same speed Aggregated links can be set up manually or automatically established by enabling LACP on the relevant links Aggregate ports can be linked into link aggregation port groups The LACP Modify Page contains fields for modifying LACP LAGs Click Port gt LACP gt Summary The LACP Modify Page opens Figure 51 LACP Modify Page D N Baseline Switch 2924 PWR Plus S Ve Port gt LACP Modify 3com Modify Device Summary Save Configuration LACP System Priority Administration Device gt Select Port gt Port gt Security Mo
109. e sequence numbers and aborts the session between the sender and receiver a Syn Synchronize Initial Sequence Numbers ISNs This is used to initialize a new connection a Fin Finish This indicates there is no more data from the sender This marks a normal closing of the session between the sender and receiver For each TCP flag the possible field values are a Set Enables the TCP flag a Unset Disables the TCP flag a Don t Care Does not check the packet s TCP flag ICMP If checked enables filtering ICMP packets for an ICMP message type The possible values are a Select from List Selects an ICMP message type from a list a CMP Type Specifies an ICMP message type a Any Does not filter for an ICMP message type ICMP Code If checked enables specifying an ICMP message code for filtering ICMP packets ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code IGMP If checked enables filtering IGMP packets for an IGMP message type The possible values are Select from List Selects an IGMP message type from a list Defining Access Control Lists 69 a GMP Type Specifies an IGMP message type a Any Does not filter for an IGMP message type Source IP Address If selected enables matching the source port IP address to which packets are addressed to the ACE according to a wildcard mask The field value is either user defi
110. e speed at which the port is operating Viewing Spanning Tree 129 Path Cost Indicates the port contribution to the root path cost The path cost is adjusted to a higher or lower value and is used to forward traffic when a path is re routed Priority Priority value of the port The priority value influences the port choice when a bridge has two ports connected in a loop The priority range is between 0 240 The priority value is determined in increments of 16 RSTP Link Type Indicates whether a Point to Point link is established or if the device is permitted to establish a Point to Point link The possible field values are a Auto Enables the device to establish automatically point to point link a Point to Point Indicates if a point to point link is currently established on the port Ports set to Full Duplex modes are considered Point to Point port links a Shared Enables the device to establish a shared link Designated Bridge ID Indicates the bridge priority and the MAC Address of the designated bridge Designated Port ID Indicates the selected port priority and interface Designated Cost Indicates the cost of the port participating in the STP topology Ports with a lower cost are less likely to be blocked if STP detects loops Forward Transitions Indicates the number of times the port has changed from Forwarding state to Blocking state 130 CHAPTER 11 CONFIGURING SPANNING TREE
111. e x Administration Device Port Security Monitoring Help Select Port s Y CEECEE RRR eee AA Set Default 0 x C Restore Default Logout Help Apply Cancel The CoS Setup Page contains the following fields QoS Mode Determines the QoS mode on the device a Disable Disables QoS on the device a Enable Enables QoS on the device Select Port s Indicates the ports to be configured Set Default Sets the default user priority The possible field values are 0 7 The default CoS value is 0 With the default settings O is the lowest and 7 is the highest priority Restore Default Restores the device factory defaults for CoS values 2 Define the fields 3 Click Apply CoS is enabled on the device and the device is updated Viewing CoS to Queue 145 Viewing CoS to Queue Defining CoS to Queue The CoS to Queue Summary Page contains a table that displays the CoS values mapped to traffic queues To view CoS Values to Queues Click Device gt QoS gt CoS to Queue gt Summary The CoS to Queue Summary Page opens Figure 78 CoS to Queue Summary Page N Baseline Switch 2824 SFP Plus Device gt QoS gt CoS to Queue Summary 3C om Summary Device Summary Save Configuration Class of Service Queue 1 Administration gt Device gt Port gt 0 Security Monitoring Help wjofjajs fwj ajojn jojn
112. ed The possible field values are Defining Port Settings 89 a 10 Indicates the port is currently operating at 10 Mbps a 100 Indicates the port is currently operating at 100 Mbps a 1000 Indicates the port is currently operating at 1000 Mbps a Auto Use to automatically configure the port a No Change Retains the current port speed a Duplex Displays the port duplex mode This field is configurable only when auto negotiation is disabled and the port speed is set to 10M or 100M This field cannot be configured on LAGs The possible field values are a Auto Use to automatically configure the port a Full The interface supports transmission between the device and its link partner in both directions simultaneously a Half The interface supports transmission between the device and the client in only one direction at a time a No Change Retains the current port duplex mode a Flow Control Displays the flow control status on the port Operates when the port is in full duplex mode The possible field values are a Enable Enables flow control on the port a Disable Disables flow control on the port a No Change Retains the current flow control status on port a Reactivate Reactivates a port if the port has been shutdown through a device security option The possible field values are a Reactivate Reactivates a port a No Change Retains the current port status a Se
113. ed out if no traffic from the source is detected The default value is 300 seconds 2 Select the MAC addresses to remove 3 Click Remove The selected MAC addresses are removed from the MAC address table and the device is updated 10 CONFIGURING IGMP SNOOPING Introduction This section contains information for configuring IGMP Snooping When IGMP Snooping is enabled globally all IGMP packets are forwarded to the CPU The CPU analyzes the incoming packets and determines a Which ports want to join which Multicast groups a Which ports have Multicast routers generating IGMP queries a Which routing protocols are forwarding packets and Multicast traffic Ports requesting to join a specific Multicast group issue an IGMP report specifying that Multicast group is accepting members This results in the creation of the Multicast filtering database This section contains the following topic a Defining IGMP Snooping 124 CHAPTER 10 CONFIGURING IGMP SNOOPING Defining IGMP The IGMP Snooping Setup Page allows network managers to define Snooping IGMP Snooping parameters The monitor users have read only access to this page 1 Click Device gt IGMP Snooping gt Setup The GMP Snooping Setup Page opens Figure 68 IGMP Snooping Setup Page CAN Baseline Switch 2924 SFP Plus Device gt IGMP Snooping Setup SCOM a Device Summary Save Configuration IGMP Snooping Status Enable 7 Administration gt Select
114. ed to the ACE a Destination Mask Indicates the destination MAC Address wildcard mask Wildcards are used to mask all or part of a destination MAC address Wildcard masks specify which bits are used and which are ignored A wildcard mask of FF FF FF FF FF FF indicates that no bit is important A wildcard mask of 00 00 00 00 00 00 indicates that all bits are important For example if the destination MAC address is 00 AB 22 11 33 00 and the wildcard mask is 00 00 00 00 00 FF the first five bytes of the MAC are used while the last byte is ignored For the destination MAC address 00 AB 22 11 33 00 this wildcard mask matches all MAC addresses in the range 00 AB 22 11 33 00 to 00 AB 22 11 33 FF a VLAN ID Matches the packet s VLAN ID to the ACE The possible field values are 1 to 4093 a CoS Classifies traffic based on the CoS tag value a CoS Mask Defines the CoS mask used to classify network traffic m Ethertype Provides an identifier that differentiates between various types of protocols a Action Indicates the ACL forwarding action In addition the port can be shut down a trap can be sent to the network administrator or Modifying MAC Based ACLs Defining Access Control Lists 61 packet is assigned rate limiting restrictions for forwarding The options are as follows a Permit Forwards packets which meet the ACL criteria a Deny Drops packets which meet the ACL criteria a Shutdown Drops pack
115. eeeeceeeeeceeseessssstssseeeeeeeeeeeeeeeeneeneas 102 Viewing VLAN Port Details cccccccccccccccccceesesssssessseeeeeeceeseceeeeeeneeeeas 103 Cre GtING VW UANS casa tcp eh etna e A ane gat Oe tee ae 104 10 11 12 13 Modifying VLAN Settings oe ial ot ca ce ae eo 105 Modifying Port VLAN Settings cite ies ces a sie ett sa ae Actes 107 Removing VLAN S sia naar a A Sud E Sint te dupa T A ead 108 CONFIGURING IP AND MAC ADDRESS INFORMATION Defining lP Addriessin gsassuasesrengenn e a a arr cette 109 Configuring ARP SUING S eaan a n R TTA 110 Configuring Address TABLES deheevx cxxcewtecciadaas ccoauashanaweeauh bgdtne aude ea aes 114 CONFIGURING IGMP SNOOPING sr iole 0 aie eq peemme ner oy ee tence e a nee nen Coen PCE renee eT rer 123 Defining IGMP SHOCGING cece csurce at ceedteoseS aca uneSecotccaulesa tine une ceMcdueoeceny 124 CONFIGURING SPANNING TREE Viewing Spanning Tree auktee entree tee eee reer ea ener ener eer ee ne eee er eee eerar reer 127 Defining Spanning Teises eaae e ANE NEEN 130 Modifying Spanning Tree s ssssiissesssniinseiiinirsrenrinsrssrirrrsrrrirrrrsrrrrnnrnn 133 CONFIGURING SNMP Defining SNMP Communities suc cct tse tis oat cote tna sae tthe 136 Removing SNMP COmmrmmurmites ct s2 2205 3 2 5 dessus liege devvestcdasdacsasecbablewiesbseass 138 Defining SNMP Traps inneni nesoni r o aa Pa ETERS ear 139 Removing SNMP Traps sepsis ea a aaa ee eae at 140 CONFIGURING QUALITY OF SERVICE Vi
116. efer to 3Com CLI Reference Guide on page 195 This section describes how to connect to your switch through the Console port Prerequisites m A workstation with terminal emulation software installed such as Microsoft Hyperterminal This software allows you to communicate with the switch using the console port directly m Documentation supplied with the terminal emulation software m The console cable RJ 45 supplied with your switch You can find pin out diagrams for the cable in Appendix C on page 189 22 CHAPTER 1 GETTING STARTED Manually set the IP Address using the Console Port Connecting the Workstation to the Switch Connect the workstation to the console port using the console cable as shown in Figure 6 Figure 6 Connecting a Workstation to the Switch using the Console Port Workstation with terminal emulation Switch software installed a Bw ao Console Por E onnection N Console Cable 4 To connect the cable a Attach the cable s RJ 45 connector to the Console port of the switch b Attach the other end of the cable to the workstation Open your terminal emulation software and configure the COM port settings to which you have connected the cable The settings must be set to match the default settings for the switch which are a 38 400 baud bits per second a 8 data bits no parity a 1 stop bit no hardware flow control Refer to the documentation th
117. ement Suite go to www 3com com ems Integration Kit with HP OpenView Network Node Manager 3Com Integration Kit for HP OpenView Network Node Manager offers businesses the option of managing their 3Com network directly from HP OpenView Network Node Manager The kit includes Object IDs icons MIBs and traps for 3Com devices The package supports both Windows platforms and UNIX or Solaris platforms It can be installed as a standalone plug in to HP OpenView or used with a 3Com management application such as 3Com Enterprise Management Suite EMS To find out more about 3Com Integration Kit for HP OpenView Network Node Manager go to www 3com com hpovintkit DEVICE SPECIFICATIONS AND FEATURES Related Standards The 3Com Baseline Switch 2916 SFP Plus and Baseline Switch 2924 SFP Plus have been designed to the following standards Function Safety EMC Emissions EMC Immunity 8802 3 IEEE 802 3 Ethernet IEEE 802 3u Fast Ethernet IEEE 802 3ab Gigabit Ethernet IEEE 802 1D Bridging UL 60950 1 EN 60950 1 CSA 22 2 No 60950 1 IEC 60950 1 EN55022 Class A CISPR 22 Class A FCC Part 15 Subpart B Class A ICES 003 Class A VCCI Class A EN61000 3 2 EN61000 3 3 EN55024 Environmental Operating Temperature Storage Temperature 0 to 40 C 32 to 104 F 40 to 70 C 40 to 158 F Humidity 0 95 non condensing Standard EN 60068 IEC 68 Physical l Width 440 mm 17 3 in
118. ensed exclusively hrough X Open Company Ltd EEE and 802 are registered trademarks of the Institute of Electrical and Electronics Engineers Inc All other company and product names may be trademarks of the respective companies with which they are associated ENVIRONMENTAL STATEMENT It is the policy of 3Com Corporation to be environmentally friendly in all operations To uphold our policy we are committed to Establishing environmental performance standards that comply with national legislation and regulations Conserving energy materials and natural resources in all operations Reducing the waste generated by all operations Ensuring that all waste conforms to recognized environmental standards Maximizing the recyclable and reusable content of all products Ensuring that all products can be recycled reused and disposed of safely Ensuring that all products are labelled according to recognized environmental standards Improving our environmental record on a continual basis End of Life Statement 3Com processes allow for the recovery reclamation and safe disposal of all end of life electronic components Regulated Materials Statement 3Com products do not contain any hazardous or ozone depleting material Environmental Statement about the Documentation The documentation for this product is printed on paper that comes from sustainable managed forests it is fully biodegradable and recyclable and is completely chlorine free
119. es cannot be made to the community a Read Write Management access is read write and changes can be made to the device configuration but not to the community 2 Select the SNMP Community to be removed 3 Click Remove The SNMP Community is removed and the device is updated Defining SNMP Traps The SNMP Traps Setup Page contains information for defining filters that determine whether traps are sent to specific users and the trap type sent Monitor users have no access to this page To define SNMP traps Click Administration gt SNMP gt Traps The SNMP Traps Setup Page opens Figure 74 SNMP Traps Setup Page Qo N Baseline Switch 2924 SFP Plus Administration gt SNMP gt Traps Setup 3 C 0 m Setup Remove Device Summary Save Configuration Recipient IP Address Community String Trap Version SNMPv1 z Administration gt Device gt Port Security Monitoring gt Help Apply Cancel Recipient IP Trap Community String ElLogout 140 CHAPTER 12 CONFIGURING SNMP Removing SNMP Traps The SNMP Traps Setup Page contains the following fields a Recipients IP Address Defines the IP address to which the traps are sent a Community String Defines the community string of the trap manager Trap Version Defines the trap type The possible field values are a SNMP V1 Indicates that SNMP Version 1 traps are sent a SNMP V2c Indicates that SNMP Version 2
120. es port based authentication on the device This is Authentication Method Specifies the authentication method used for port authentication The possible field values are RADIUS Provides port authentication using the RADIUS server RADIUS None Provides port authentication first using the RADIUS server If the port is not authenticated then no authentication method is used and the session is permitted authenticate the port None Indicates that no authentication method is used to Enable Guest VLAN Provides limited network access to authorized ports If a port is denied network access via port based authorization but the Guest VLAN is enabled the port receives limited network 56 CHAPTER 4 MANAGING DEVICE SECURITY access For example a network administrator can use Guest VLANs to deny network access via port based authentication but grant Internet access to unauthorized users Guest VLAN ID Specifies the guest VLAN ID 802 1X Port Settings a Admin Port Control Displays the admin port authorization state a Auto Enables port based authentication on the device The interface moves between an authorized or unauthorized state based on the authentication exchange between the device and the client a Force Authorized Places the interface into an authorized state without being authenticated The interface re sends and receives normal traffic without client port based authentication
121. et that meets the ACL criteria and disables the port to which the packet was addressed Ports are reactivated from the Port Administration Setup Page 2 Define the fields 3 Click Apply The Rule Setup settings are configured and the device is updated The MAC Based ACL Modify Page allows the network administrator to modify MAC Based ACLs settings Monitor users have no access to this page Click Device gt ACL gt MAC Based ACL gt Modify The MAC Based ACL Modify Page opens Figure 30 MAC Based ACL Modify Page Ao N Baseline Switch 2924 SFP Plus oN Device gt ACL gt MAC Based ACL Modify f 8com Mody EES Device Summary Save Configuration Select ACL ACL Name Administration gt Select Rule pase 4 Source Destination Destination VLAN Cos Port gt Priority TETA Source Mask Adarast Mask ID CoS Mask Ethertype Action Security 1 FRA AAR 255 255 255 0 fife fr fA 255 255 255 0 Permit Monitoring SS S Help Modify Priority Source MAC Address C Source Mask C Any Destination MAC Address C Destination Mask C Any VLAN ID Cos Cos Mask Ethertype Action permit z Cal Logout Help Apply Cancel The MAC Based ACL Modify Page contains the following fields m Select ACL Selects the ACL to be bound a Select Rule Indicates the rule for which Access Control Entries are defined 62 CHAPTER 4 MANAGING DEVICE SECURITY Modify a Priority Indicates the rule priority whic
122. ets which meet the ACL criteria a Deny Drops packets which meet the ACL criteria a Shutdown Drops packet that meets the ACL criteria and disables the port to which the packet was addressed Ports are reactivated from the Port Administration Setup Page Select the ACL Name to be deleted Select the ACL to be removed from the table Click the Remove checkbox Click Apply The selected ACLs are deleted and the device is updated Defining Access Control Lists 65 Viewing IP Based The P Based ACL Summary Page displays information regarding IP Based ACLs ACLs configured on the device To view IP Based ACLs 1 Click Device gt ACL gt IP Based ACL gt Summary The P Based ACL Summary Page opens Figure 32 P Based ACL Summary Page 3com Monitoring Help No Baseline Switch 2924 SFP Plus a Device gt ACL gt IP Based ACL Summary Summary o Setup Modify Remove Device Summary Save Configuration ACL Name 1 7 Flag Set present the flag types in the following order Urg Ack Psh Rst Syn Fin Set is represented as 1 unset as 0 and dont care as x Destination Source Flag ICMP ICMP IGMP Source Source Mask Destination Destination DSCP Port Port Set Type Code Type Address Address Mask 2 ICMP 10 0 2 28 255 255 255 0 10 0 2 28 255 255 255 0 Administration Device Port Security Priority Protocol vyv v v ElLogout Help The P
123. evice Ports are reactivated from the Interface Configuration Page To view MAC Based ACLs Click Device gt ACL gt MAC Based ACL gt Summary The MAC Based ACL Summary Page opens Figure 28 MAC Based ACL Summary Page CAN Baseline Switch 2924 SFP Plus U 3C om Device gt ACL gt MAC Based ACL Summary Summary Setup Modify Remove Device Summary Save Configuration ACL Name acl2 Administration gt Source Destination Destination VLAN P Daes 5 Priority Aiea Source Mask Address Mask ID CoS Ethertype Action Port gt 1 FR ARAL LAT 255 255 255 0 fn LAR 255 255 255 0 Permit Security d Monitoring I Help Logout Help The MAC Based ACL Summary Page contains the following fields a ACL Name Contains a list of the MAC based ACLs a Priority Indicates the rule priority which determines which rule is matched to a packet on a first match basis Source Address Indicates the source MAC address Source Mask Indicates the source MAC address Mask a Destination Address Indicates the destination MAC address a Destination Mask Indicates the destination MAC address Mask a VLAN ID Matches the packet s VLAN ID to the ACE The possible field values are 1 to 4095 m CoS Classifies traffic based on the CoS tag value a CoS Mask Displays the CoS mask used to filter CoS tags Configuring MAC Based ACLs Defining Acces
124. ewing COS SGEUNGS scores cases ae te danas nth neki hehe aa 143 Dv Fag 8 ia COS eee ee mE em em a 144 Viewing CoS to Queue 2 56 05 5h cet esha hE hts el el ells 145 Defining COS tO QU CU Se elsia a ceed a a akidi 145 VIEWING DSGP to QUEUE taccctesucutee sets a E O a gs Comets 147 Configuring DSCP Qu Ue es ee ene meee ve rere nee Reentry ver ert eee eeet ee 148 Configuring Trust SOUS 31 cero dco tsacituccaden cram whiendelacirutiead haSintinasl se umoarctrS 149 Viewing Bandwidth Settings ccccccesssssssseeeeeeceeceeeseeeseesssssseeeeees 150 14 15 16 17 Defining Bandwidth Settings utes ki ive eve ii nates 151 Defining VON PN enasi fet ah te te ie aa aint AE Pea 153 MANAGING SYSTEM FILES Backing Up System Files ce can 55k ote ae Be ak ads ih ek aes a ak ade ae 163 PR SCI hy INNS sect ca cet creche les cen E O celta Cub aces 164 Upgrade the Firmware IMage cccecccsssseeeceeeceeeeeeeessssssseeeaeeeeeeees 165 A tiv ting MAGS FeS naonana a e ena OEA e AS EE 166 MANAGING SYSTEM LOGS VIEWING lOS a A Oe tee rae ce a Cee ee 168 Configuring Logging se sosea eea ie ea a aa nee naveasen atures 169 VIEWING STATISTICS NPV PCN Ser DS BS 2c ot aa a E AA E 172 MANAGING DEVICE DIAGNOSTICS Configuring Port Mirroring a ere es ata ve eee eg aa 175 Viewing Cable Diagnostics iiccrsicsa sere as ct es ee ea ce eee 178 3COM NETWORK MANAGEMENT 3CoMm Network SUPEVISO nieee eaea esi a a E ame engines 181
125. f a UDP packet is received the packet is dropped ACLs are composed of access control entries ACEs that are made of the filters that determine traffic classifications The following are examples of filters that can be defined as ACEs a Source Port IP Address and Wildcard Mask Filters the packets by the Source port IP address and wildcard mask a Destination Port IP Address and Wildcard Mask Filters the packets by the Source port IP address and wildcard mask a ACE Priority Filters the packets by the ACE priority m Protocol Filters the packets by the IP protocol a DSCP Filters the packets by the DiffServ Code Point DSCP value a IP Precendence Filters the packets by the IP Precedence m Action Indicates the action assigned to the packet matching the ACL Packets are forwarded or dropped In addition the port can be shut down a trap can be sent to the network administrator or packet is assigned rate limiting restrictions for forwarding This section includes the following topics m Viewing MAC Based ACLs m Configuring MAC Based ACLs m Removing MAC Based ACLs a Viewing IP Based ACLs m Defining IP Based ACLs m Modifying IP Based ACLs m Removing IP Based ACLs m Viewing ACL Binding m Configuring ACL Binding m Removing ACL Binding 58 CHAPTER 4 MANAGING DEVICE SECURITY Viewing MAC Based ACLs The MAC Based ACL Summary Page displays information regarding MAC Based ACLs configured on the d
126. following reboot The following prompt displays Are you sure you want to reboot the system yes no Enter yes and press Return The system reboots the switch USING THE 3COM WEB INTERFACE This section provides an introduction to the user interface and includes the following topics m Starting the 3Com Web Interface m Understanding the 3Com Web Interface Saving the Configuration a Resetting the Device m Restoring Factory Defaults m Logging Off the Device Starting the 3Com Web Interface Multi Session Web Connections This section includes the following topics a Multi Session Web Connections m Accessing the 3Com Web Interface The Multi Session web connections feature enables 10 users to be created and access the switch concurrently Access levels provide read or read write permissions to users for configuring the switch Users and access levels are described in Configuring System Access Section Login information is always handled in the local database A unique password is required of each user Two access levels exist on the 3Com Web Interface a Management access level Provides the user with read write access There is always one management level user configured for the switch The factory default is be username admin with no Password a Monitor access level Provides the user with read only access Starting the 3Com Web Interface 29 Accessing the 3Com This section contains information on starting
127. ge displays bandwidth settings for a specified Settings interface To view Bandwidth Settings 1 Click Device gt QoS gt Bandwidth gt Summary The Bandwidth Summary Page opens Figure 83 Bandwidth Summary Page Qo N Baseline Switch 2924 SFP Plus Device gt QoS gt Bandwidth Summary l 3C om Summary A Device Summary Save Configuration Interf Ingress Rate Limit Egress Shaping Rates Interi Ingress Rate Limit Egress Shaping Rates oe ertace Status Rate Limit Status CIR CbS Status Rate Limit Status CIR ChS Administration gt 1 13 Device gt 2 14 Port gt 3 15 Security 4 16 Monitoring gt i ins 7 19 8 20 9 21 10 22 11 23 12 24 ElLogout Help The Bandwidth Summary Page contains the following fields a Interface Displays the interface for which rate limit and shaping parameters are defined Ingress Rate Limit a Status Indicates if rate limiting is defined on the interface The possible field values are a Enable Enables ingress rate limiting on the interface a Disable Disables ingress rate limiting on the interface a Rate Limit Indicates the traffic limit for the port The field range is 3 500 1 000 000 kbps per second Defining Bandwidth Settings 151 Egress Shaping Rates a Status Defines the shaping status The possible field values are a Enable
128. gement and firmware upgrading The CLI is not intended as the main interface for the switch Configuration File Management The device configuration is stored in a configuration file The Configuration file includes both system wide and port specific device configuration The system can display configuration files in the form of a collection of CLI commands which are stored and manipulated as text files DHCP Clients Fast Link Dynamic Host Client Protocol DHCP enables additional setup parameters to be received from a network server upon system startup DHCP service is an On going process STP can take up to 30 60 seconds to converge During this time STP detects possible loops allowing time for status changes to propagate and for relevant devices to respond 30 60 seconds is considered too long of a response time for many applications The Fast Link option bypasses this delay and can be used in network topologies where forwarding loops do not occur Full 802 1Q VLAN Tagging Compliance IGMP Snooping IEEE 802 1Q defines an architecture for virtual bridged LANs the services provided in VLANs and the protocols and algorithms involved in the provision of these services An important requirement included in this standard is the ability to mark frames with a desired Class of Service CoS tag value IGMP Snooping examines IGMP frame contents when they are forwarded by the device from work stations to an upstream Multicast
129. h 2924 SFP Plus oN Device gt QoS gt VoIP Traffic Setting OUI Summary 3com Device Summary Save Configuration Summary PortSetup Port Detail OUI Summary ever OUI List Administration gt Telephony OUI s Description Device gt Port gt Security gt Monitoring gt Help J Logout Help The Voice VLAN OUI Summary Page contains the following fields OUI List a Telephony OUl s Lists the OUls currently enabled on the Voice VLAN The following OUls are enabled by default 00 E0 BB Assigned to 3Com IP Phones 00 03 68 Assigned to Cisco IP Phones a 00 E0 75 Assigned to Polycom Veritel IP Phones 00 D0 1E Assigned to Pingtel IP Phones 00 01 E3 Assigned to Siemens IP Phones 00 60 89 Assigned to NEC Philips IP Phones a 00 0F E2 Assigned to H3C IP Phones a Description Provides an OUI description up to 32 characters Modifying OUI Definitions Defining Voice VLAN 161 The Voice VLAN OUI Modify Page allows network administrators to add new OUls or to remove previously defined OUls from the Voice VLAN The OUI is the first half on the MAC address and is manufacture specific While the last three bytes contain a unique station ID The packet priority derives from the source destination MAC prefix The packet gets higher priority when there is a match with the OUI list Using the OUI network managers can add specific manufacture s MAC addres
130. h determines which rule is matched to a packet on a firstmatch basis Source MAC Address Matches the source MAC address to which packets are addressed to the ACE Source Mask Indicates the source MAC Address wildcard mask Wildcards are used to mask all or part of a source address by specifying which bits are used and which are ignored A wildcard mask of FF FF FF FF FF FF indicates that no bit is important A wildcard of 00 00 00 00 00 00 00 indicates that all bits are important For example if the source MAC address is E0 3B 4A C2 CA E2 and the wildcard mask is 00 00 00 00 00 FF the first five bytes of the MAC are used while the last byte is ignored For the source MAC address E0 3B 4A C2 CA E2 this wildcard mask matches all MAC addresses in the range E0 3B 4A C2 CA 00 to E0 3B 4A C2 CA FF Destination MAC Address Matches the destination MAC address to which packets are addressed to the ACE Destination Mask Indicates the destination MAC Address wildcard mask Wildcards are used to mask all or part of a destination address by specifying which bits are used and which are ignored A wildcard mask of FF FF FF FF FF indicates that no bit is important A wildcard mask of 00 00 00 00 00 00 indicates that all bits are important For example if the destination MAC address is E0 3B 4A C2 CA E2 and the wildcard mask is 00 00 00 00 00 FF the first five bytes of the MAC are used while the last byte is ignored For the destina
131. he common modes of operation that both devices share Reject the use of operational modes that are not shared by both devices Configure each port for the highest level operational mode that both ports can support MAC addresses from which no traffic is received for a given period are aged out This prevents the Bridging Table from overflowing Back Pressure On half duplex links the receiver may employ back pressure i e occupy the link so it is unavailable for additional traffic to temporarily prevent the sender from transmitting additional traffic This is used to prevent buffer overflows 186 APPENDIX B DEVICE SPECIFICATIONS AND FEATURES Table 11 Features of the Baseline Switch 2916 SFP Plus and Switch 2924 SFP Plus continued Feature Description Address Resolution Protocol ARP ARP converts between IP addresses and MAC i e hardware addresses ARP is used to locate the MAC address corresponding to a given IP address This allows the switch to use IP addresses for routing decisions and the corresponding MAC addresses to forward packets from one hop to the next Class Of Service CoS Provide traffic belonging to a group preferential service in terms of allocation of system resources possibly at the expense of other traffic Command Line Interface The Command Line Interface CLI is an interface using a serial connection that allows basic features to be configured including IP address mana
132. he network administrator or packet is assigned rate limiting restrictions for forwarding The options are as follows a Permit Forwards packets which meet the ACL criteria a Deny Drops packets which meet the ACL criteria Defining Access Control Lists 75 a Shutdown Drops packet that meets the ACL criteria and disables the port to which the packet was addressed Ports are reactivated from the Port Administration Setup Page 2 Select an ACL to be removed 3 Click Apply The selected ACLs are deleted and the device is updated Viewing ACL Binding The ACL Binding Summary Page displays the user defined ACLs mapped to the interfaces To view ACL Binding 1 Click Device gt ACL gt ACL Binding gt Summary The ACL Binding Summary Page opens Figure 36 ACL Binding Summary Page Baseline Switch 2924 SFP Plus Device gt ACL gt ACL Binding Summary Summary RAN 3com Device Summary Save Configuration Administration gt Device gt Port Security Monitoring Help Logout ACL ACL Interface Nama Interface Name 1 13 2 14 3 15 4 16 5 17 6 18 7 19 8 20 g 21 10 22 11 23 12 24 Help The ACL Binding Summary Page contains the following fields m Interface Displays the port or LAG number to which the ACL is bound m ACL Name Displays the name of ACL which is bound to a selected port 76
133. hem to have certificates simplifying the architecture of secure wireless LANs Protocol Independent Multicasting PIM This multicast routing protocol floods multicast traffic downstream and calculates the shortest path back to the multicast source network via reverse path forwarding PIM uses the router s IP routing table rather than maintaining a separate multicast routing table as with DVMRP PIM Sparse Mode is designed for networks where the probability of a multicast client is low such as on a Wide Area Network PIM Dense Mode is designed for networks where the probability of a multicast client is high and frequent flooding of multicast traffic can be justified RADIUS is a logon authentication protocol that uses software running on a central server to control access to RADIUS compliant devices on the network 210 APPENDIX F GLOSSARY Remote Monitoring RMON Rapid Spanning Tree Protocol RSTP Secure Shell SSH Routing Information Protocol RIP Simple Network Management Protocol SNMP Spanning Tree Protocol STP Terminal Access Controller Access Control System Plus TACACS Trivial File Transfer Protocol TFTP User Datagram Protocol UDP RMON provides comprehensive network monitoring capabilities It eliminates the polling required in standard SNMP and can set alarms on a variety of traffic conditions including specific error types RSTP reduces the convergence time for network topology cha
134. hones are configured with VLAN mode as enabled ensuring that tagged packets are used for all communications a If the IP phone s VLAN mode is disabled the phone uses untagged packets The phone uses untagged packets while retrieving the initial IP address through DHCP The phone eventually use the Voice VLAN and start sending tagged packets This section contains the following topics a Viewing Voice VLANs m Defining Voice VLAN m Defining Voice VLAN Port Settings a Viewing Voice VLAN Port Definitions m Viewing the OUI Summaries m Modifying OUI Definitions 154 CHAPTER 13 CONFIGURING QUALITY OF SERVICE Viewing Voice VLANs The Voice VLAN Summary Page contains information about the Voice VLAN currently enabled on the device including the ports enabled and included in the Voice VLAN To view Voice VLAN Settings Click Device gt QoS gt VoIP gt Traffic Setting gt Summary The Voice VLAN Summary Page opens Figure 85 Voice VLAN Summary Page Baseline Switch 2924 SFP Plus Device gt Qos gt VoIP Traffic Setting Summary smy Sey 7 Pon Sep Pen Daas OUSiminy CUM Voice VLAN Global Settings Voice VLAN State Enabled Voice VLAN ID Voice VLAN Aging Time 1 Day 0 Hour 0 Min Ports Enabled for Voice VLAN 8 P zj tive 5 atic Menbers y BEE The Voice VLAN Summary Page contains the following fields a Voice VLAN State Indicates if Voice VLAN is enabled on the device The possible fie
135. ics are not refreshed a 75 Sec Indicates that the port statistics are refreshed every 15 seconds a 30 Sec Indicates that the port statistics are refreshed every 30 seconds a 60 Sec Indicates that the port statistics are refreshed every 60 seconds Received Bytes Octets Displays the number of octets received on the interface since the device was last refreshed This number includes bad packets and FCS octets but excludes framing bits Received Packets Displays the number of packets received on the interface including bad packets Multicast and broadcast packets since the device was last refreshed Broadcast Packets Received Displays the number of good broadcast packets received on the interface since the device was last refreshed This number does not include Multicast packets Multicast Packets Received Displays the number of good Multicast packets received on the interface since the device was last refreshed CRC amp Align Errors Displays the number of CRC and Align errors that have occurred on the interface since the device was last refreshed Undersize Packets Displays the number of undersized packets less than 64 octets received on the interface since the device was last refreshed Oversize Packets Displays the number of oversized packets over 1522 octets received on the interface since the device was last refreshed Fragments Displays the number of fragments packe
136. ields for defining system time parameters for the local hardware clock Daylight Savings Time can be enabled on the device Monitor users have limited permissions on this page Country specific times need to be added manually To configure the System Time Click Administration gt System Time The System Time Setup Page opens Figure 42 System Time Setup Page Baseline Switch 2924 SFP Plus n oN Administration gt System Time Setup 3com Setup Device Summary Save Configuration Local Settings Hours Month Time Zone Offset GMT 12 00 x Administration gt Device Port Day Security Monitoring Help Time Set Offset eo Min From Hours Minutes Month Day To Hours Minutes Month Day I Recurring Year Year Logout Week First To Day Sun Help M Daylight Saving C USA C European Other From Day Sun Week First 7 Month Jan Minutes Seconds Year Time 00 00 HH MM Month Jan Z Time 20 00 HH MM Apply Cancel The System Time Setup Page contains the following sections m Local Settings Displays the system time in the following format a Time Indicates the system time You can configure the Hours in 24 hour format Minutes and Seconds a Date Displays the month of the year You can configure the Month Day and Year a Daylight Saving This check box enables and disables automatic Daylight Saving Time
137. ing tree information The possible field values are a Filtering Filters BPDU packets when spanning tree is disabled on an interface This is the default value Flooding Floods BPDU packets when spanning tree is disabled on an interface Path Cost Default Values Specifies the method used to assign default path cost to STP ports The possible field values are a Short Specifies 1 through 65 535 range for port path cost This is the default value a Long Specifies 1 through 200 000 000 range for port path cost The default path cost assigned to an interface varies according to the selected method Hello Time Max Age or Forward Delay Priority Specifies the bridge priority value When switches or bridges are running STP each is assigned a priority After exchanging BPDUs the device with the lowest priority value becomes the Root Bridge The field range is 0 61440 The default value is 32768 The port priority value is provided in increments of 4096 Hello Time Specifies the device Hello Time The Hello Time indicates the amount of time in seconds a Root Bridge waits between configuration messages The default is 2 seconds Max Age Specifies the device Maximum Age Time The Maximum Age Time is the amount of time in seconds a bridge waits before sending configuration messages The default Maximum Age Time is 20 seconds Forward Delay Specifies the device Forward Delay Time The Forward Delay Time
138. iption 1 Tree View Tree View provides easy navigation through the configurable device features The main branches expand to display the sub features 2 Tab View The Tab Area enables navigation through the different device features Click the tabs to view all the components under a specific feature 3 Web Interface Provides access to online help and contains information about Information the Web Interface This section provides the following additional information Device Representation Provides an explanation of the user interface buttons including both management buttons and task icons m Using the Web Interface Management Buttons Provides instructions for adding modifying and deleting configuration parameters 32 CHAPTER 2 USING THE 3COM WEB INTERFACE Device The 3Com Web Interface Home Page contains a graphical panel Representation representation of the device that appears within the Device View Tab To access the Device Representation 1 Click Device Summary gt Device View Figure 10 Device Representation CT 2 RN us ia ache 2 By selecting a specific port with your mouse you can view the port Statistics For detailed information on configuring ports please refer to Configuring Ports page 85 Using the Web Configuration Management buttons and icons provide an easy method Interface of configuring device information and include the following Management Buttons fable 7 3Com
139. irectional Data A Bidirectional Data A Bidirectional Data D Bidirectional Data D Bidirectional Data C Bidirectional Data C TROUBLESHOOTING This section describes problems that may arise when installing the and how to resolve these issue This section includes the following topics m Problem Management Provides information about problem management Troubleshooting Solutions Provides a list of troubleshooting issues and solutions for using the device Problem Management Problem management includes isolating problems quantifying the problems and then applying the solution When a problem is detected the exact nature of the problem must be determined This includes how the problem is detected and what are the possible causes of the problem With the problem known the effect of the problem is recorded with all known results from the problem Once the problem is quantified the solution is applied Solutions are found either in this chapter or through customer support If no solution is found in this chapter contact Customer Support Troubleshooting Solutions Listed below are some possible troubleshooting problems and solutions These error messages include m Switch does not run power LED is off Cannot connect to management using Console connection Cannot connect to switch management using HTTP SNMP etc m Self test exceeds 15 seconds a No connection is established and the port LED is on
140. ld values are a Enable Enables Voice VLAN on the device a Disable Disables Voice VLAN on the device This is the default value Voice VLAN ID Defines the Voice VLAN ID number a Voice VLAN Aging Time Indicates the amount of time after the last IP phone s OUI is aged out for a specific port The port will age out after the bridge and voice aging time The default time is one day The field format is Day Hour Minute The aging time starts after the MAC Address is aged out from the Dynamic MAC Address table The default time is 300 sec For more information on defining MAC address age out time see Defining Aging Time Ports Enabled for Voice VLAN Displays the ports on which Voice VLAN is enabled Defining Voice VLAN 155 a Ports in the Voice VLAN Displays the ports which are included in the Voice VLAN The possible values are a Active Members Displays dynamic ports added to the Voice VLAN in Auto mode a Static Members Displays static ports that were manually added to the Voice VLAN Defining Voice VLAN The Voice VLAN Setup Page provides information for enabling and defining Voice VLAN globally on the device To configure Voice VLAN Settings 1 Click Device gt QoS gt VoIP gt Traffic Setting gt Setup The Voice VLAN Setup Page opens Figure 86 Voice VLAN Setup Page ee N Baseline Switch 2924 SFP Plus 3C om Device gt QoS gt VolP Traffic Setting Setup Setup Port Setup Port
141. le Cable connector 9 pin female Screen Shell Shell Screen my reqiredifscreen DTR 4 e 1 DCD Required for handshake TxD 3 e e 2 RxD Always required RxD 2 e e 3 TxD CTS 8 4 DTR required for handshake Ground 5 e 5 Ground always required DSR 6 6 DSR RTS 7 e 7 RTS required for handshake DCD 1 8 CTS Modem Cable RJ 45 to RS 232 25 pin RS 232 Modem Port Cable connector RJ 45 female Cable connector 25 pin male Screen Shell 1 Screen TxD 3 e 2 TxD RxD 2 e 3 RxD RTS 7 e 4 RTS CTS 8 e e 5 CTS DSR 6 e 6 DSR Ground 5 e 7 Ground DCD 1 e e 8 DCD DTR 4 e 20 DTR Ethernet Port RJ 45 Pin Assignments 191 Ethernet Port RJ 45 10 100 and 1000BASE T RJ 45 connections Pin Assignments Table 10 Pin assignments Pin Number 10 100 1000 Ports configured as MDI Transmit Data Transmit Data Receive Data Not assigned Not assigned Receive Data Not assigned ON DUN A WN Not assigned Table 11 Pin assignments Pin Number 10 100 Bidirectional Data A Bidirectional Data A Bidirectional Data B Bidirectional Data C Bidirectional Data C Bidirectional Data B Bidirectional Data D Bidirectional Data D 1000 Ports configured as MDIX Receive Data Receive Data Transmit Data Not assigned Not assigned Transmit Data Not assigned ON DUN A WN gt Not assigned Bidirectional Data B Bidirectional Data B Bid
142. lect Ports Displays the ports to be configured 2 Define the fields 3 Click Apply The ports are enabled and the device is updated 90 CHAPTER 6 CONFIGURING PORTS Viewing Port Details The Port Detail Page displays current port parameters for specific ports Monitor users have no access to this page To view Port Details 1 Click Port gt Administration gt Detail The Port Detail Page opens Figure 45 Port Detail Page PN 3com Device Summary Save Configuration Administration Device Port Security Monitoring Help vvv v l Logout Baseline Switch 2924 SFP Plus Port gt Administration Detail Derai Select a port Port State Enable PVID 1 Flow Control Disable Link Type Trunk Speed Auto 10M Duplex Auto El Values in brackets indicate the current operating value for the chosen port Help The Port Detail Page contains the following fields a Select a Port Displays the current port settings m Port State Indicates the port state The possible field values are a Enable Enables the port a Disable Disables the port a Flow Control Displays the flow control status on the port Operates when the port is in full duplex mode The possible field values are a Enable Enables flow control on the port a Disable Disables flow control on the port Viewing Port Details 91 m Speed Displays the configured rate for the port The port
143. les secure transactions of data through privacy authentication and data integrity It relies upon certificates and public and private keys Static MAC Entries MAC entries can be manually entered in the Bridging Table as an alternative to learning them from incoming frames These user defined entries are not subject to aging and are preserved across resets and reboots TCP Transport Control Protocol TCP TCP connections are defined between 2 ports by an initial synchronization exchange TCP ports are identified by an IP address and a 16 bit port number Octets streams are divided into TCP packets each carrying a sequence number TFTP Trivial File Transfer Protocol The device supports boot image software and configuration upload download via TFTP Virtual Cable Testing VLAN Support VCT detects and reports copper link cabling occurrences such as open cables and cable shorts VLANs are collections of switching ports that comprise a single broadcast domain Packets are classified as belonging to a VLAN based on either the VLAN tag or based on a combination of the ingress port and packet contents Packets sharing common attributes can be grouped in the same VLAN Web based Management With web based management the system can be managed from any web browser The system contains a Web Server which serves HTML pages through which the system can be monitored and configured The system internally converts web
144. ll Now The default polling interval is 60 sec al Logout Viewing System Description 81 The Device View Page contains the following fields Product Description Displays the device model number and name Not user editable System Name Displays the user defined device name See Configuring System Name Information page 82 System Location Displays the location where the system is currently running See page 82 System Contact Displays the name of the contact person See Configuring System Name Information page 82 Serial Number Displays the device serial number Not editable Product 3C Number Displays the 3Com device model number Not editable System Object ID Displays the vendor s authoritative identification of the network management subsystem contained in the entity Not editable MAC Address Displays the device MAC address Not editable System Up Time Displays the amount of time since the device was reset Software Version Displays the installed software version number Boot Version Displays the current boot version running on the device Hardware Version Displays the current hardware version of the device Poll Now This button immediately polls the switch ports for information including speed use and status The information is displayed by clicking the port icons at the top of the Device View tab Device Representation p
145. lly allocated IP information using the command line interface The automatic IP configuration process usually completes within one minute after the switch is connected to the network and powered up Connect to the switch Console port as described in Connecting to the Console Port page 21 The automatic IP configuration process usually completes within one minute The command line interface login sequence begins as soon as the switch detects a connection to its console port At the login prompt enter admin as your user name and press Return 4 At the password prompt press Return If you have logged on correctly Select menu option is displayed 24 CHAPTER 1 GETTING STARTED 5 Enter summary to view a summary of allocated IP addresses The following is an example of the display from the Summary command Select menu option summary IP Method default IP address 169 254 99 51 Subnet mask 255 255 0 0 Runtime version 00_00_38 date 01 Apr 2007 time 15 31 29 Bootcode version 1 0 0 12 date 01 Apr 2007 time 17 44 52 Select menu option The initial set up of your switch is now complete and the switch is ready for you to set up your chosen management method See Methods of Managing a Switch on page 17 For more information about the CLI refer to 3Com CLI Reference Guide on page 195 If you do not intend to use the command line interface using the console port to manage the switch you can logout
146. logy convergence can take between 30 60 seconds Rapid Spanning Tree Protocol RSTP detects and uses network topologies that allow a faster STP convergence without creating forwarding loops The device supports the following STP versions a Classic STP Provides a single path between end stations avoiding and eliminating loops Rapid STP Detects and uses network topologies that provide faster convergence of the spanning tree without creating forwarding loops While Classic STP prevents Layer 2 forwarding loops in a general network topology convergence can take between 30 60 seconds Rapid Spanning Tree Protocol RSTP detects and uses network topologies that allow a faster STP convergence without creating forwarding loops This section contains the following topics a Viewing Spanning Tree a Defining Spanning Tree m Modifying Spanning Tree Viewing Spanning Tree 127 Viewing Spanning The Spanning Tree Summary Page displays the current Spanning Tree Tree parameters for all ports To view Spanning Tree Summary 1 Click Device gt Spanning Tree gt Summary The Spanning Tree Summary Page opens Figure 69 Spanning Tree Summary Page ALA Baseline Switch 2924 SFP Plus 3C om Device gt Spanning Tree Summary Summary Device Summary Save Configuration Port STP Port Root Port Designated Designated Forward
147. ly The SNMP Communities are defined and the device is updated 138 CHAPTER 12 CONFIGURING SNMP Removing SNMP The SNMP Communities Remove Page allows the system manager to Communities remove SNMP Communities Monitor users have no access to this page To remove SNMP communities 1 Click Administration gt SNMP gt Communities gt Remove The SNMP Communities Remove Page opens Figure 73 SNMP Communities Remove Page EAN Baseline Switch 2924 SFP Plus l C om Administration gt SNMP gt Communities Remove _ 3 st eoe Device Summary Save Configuration r Management Station Community String Access Mode Administration gt l o Read Only Device Port gt Security Monitoring Help l Logout Help Remove Cancel The SNMP Communities Remove Page contains the following fields Remove Removes a community The possible field values are a Checked Removes the selected SNMP community a Unchecked Maintains the SNMP communities Management Station Displays the management station IP address for which the SNMP community is defined Community String Displays the user defined text string which authenticates the management station to the device Defining SNMP Traps 139 Access Mode Displays the access rights of the community The possible field values are a Read Only Management access is restricted to read only and chang
148. making this application ideal for network managers with all levels of experience To find out more about 3Com Network Supervisor and to download a trial version go to www 3com com 3ns 182 APPENDIX A 3COM NETWORK MANAGEMENT 3Com Network Director 3Com Network Access Manager 3Com Network Director 3ND is a standalone application that allows you to carry out key management and administrative tasks on midsized networks By using 3ND you can discover map and monitor all your 3Com devices on the network It simplifies tasks such as backup and restore for 3Com device configurations as well as firmware and agent upgrades 3ND makes it easy to roll out network wide configuration changes with its intelligent VLAN configuration tools and the powerful template based configuration tools Detailed statistical monitoring and historical reporting give you visibility into how your network is performing To find out more about how 3Com Network Director can help you manage your 3Com network and to download a trial version go to www 3com com 3nd 3Com Network Access Manager is installed seamlessly into Microsoft Active Directory and Internet Authentication Service IAS It simplifies the task of securing the network perimeter by allowing the administrator to easily control network access directly from the Users and Computers console in Microsoft Active Directory With a single click a user or even an entire department can be moved to
149. mark 800 17309 Norway 800 11376 Finland 0800 113153 Poland 00800 4411 357 France 0800 917959 Portugal 800 831416 Germany 0800 182 1502 South Africa 0800 995 014 Hungary 06800 12813 Spain 900 938 919 Ireland 1 800 553 117 Sweden 020 795 482 Israel 180 945 3794 Switzerland 0800 553 072 Italy 800 879489 U K 0800 096 3266 Country Telephone Number Country Contact Us 215 Telephone Number You can also obtain support in this region using this URL http emea 3com com support email htm You can also obtain non urgent support in this region at these email addresses Technical support and general requests customer support 3com com Return material authorization warranty repair 3com com Contract requests emea_contract 3com com Latin America Telephone Technical Support and Repair Antigua 1 800 988 2112 Guatemala Argentina 0 810 444 3COM Haiti Aruba 1 800 998 2112 Honduras Bahamas 1 800 998 2112 Jamaica Barbados 1 800 998 2112 Martinique Belize 52 5 201 0010 Mexico Bermuda 1 800 998 2112 Nicaragua Bonaire 1 800 998 2112 Panama Brazil 0800 13 3COM Paraguay Cayman 1 800 998 2112 Peru Chile AT amp T 800 998 2112 Puerto Rico Colombia AT amp T 800 998 2112 Salvador Costa Rica AT amp T 800 998 2112 Trinidad and Tobago Curacao 1 800 998 2112 Uruguay Ecuador AT amp T 800 998 2112 Venezuela Dominican Republic AT amp T 800 998 2112 Virgin Islands You can also obtain support in this region in the following ways m Spa
150. mary Save Configuration Active Image After Reset ONAEMIMECE Administration Device D a rvv v ElLogout Help Apply Cancel The Active Image Page contains the following fields a Active Image After Reset The Image file which is active on the unit after the device is reset The possible field values are a Current Image Activates the current image after the device is reset a Backup Image Activates backup image after the device is reset 2 Select the active image to be activated after reset 3 Click Apply The active image file is defined and the device is updated 15 MANAGING SYSTEM LOGS This section provides information for managing system logs The system logs enable viewing device events in real time and recording the events for later usage System Logs record and manage events and report errors and informational messages Event messages have a unique format as per the Syslog protocols recommended message format for all error reporting For example Syslog and local device reporting messages are assigned a severity code and include a message mnemonic which identifies the source application generating the message It allows messages to be filtered based on their urgency or relevancy Each message severity determines the set of event logging devices that are sent per each event message The following table lists the log severity levels Table 10 System Log Severity Levels
151. media type a All ports added to an existing LAG which are part of a tagged VLAN inherit the existing VLAN tags a Auto negotiation mode is not configured on the port a The port is in full duplex mode a All ports in the LAG have the same ingress filtering and tagged modes a All ports in the LAG have the same back pressure and flow control modes a All ports in the LAG have the same priority a All ports in the LAG have the same transceiver type m The device supports up to eight LAGs and eight ports in each LAG m Ports added to a LAG lose their individual port configuration When ports are removed from the LAG the original port configuration is applied to the ports This section contains the following topics a Viewing Link Aggregation m Configuring Link Aggregation m Modifying Link Aggregation m Removing Link Aggregation a Viewing LACP m Modifying LACP Viewing Link Aggregation 93 Viewing Link Aggregation Configuring Link Aggregation The Link Aggregation Summary Page displays port usage by linking a group of ports together to form a single LAG Aggregating ports multiplies the bandwidth between the devices increases port flexibility and provides link redundancy To view Link Aggregation Click Ports gt Link Aggregation gt Summary The Link Aggregation Summary Page opens Figure 46 Link Aggregation Summary Page EAN Baseline Switch 2924 SFP Plus i Ne Port gt Link Aggregation Summary
152. mmary Page ALA Baseline Switch 2924 SFP Plus Security gt 802 1x Summary 3C0M Summary Device Summary see COM PULSER Port user Admin Current Guest Periodic Reauthentication Authenticator Termination Name Port Control Port Control VLAN Reauthentication Period State Cause Administration 1 Auto Authorized Disable Disable 360 Force Port a Device gt Authorized initialize 5 Force Port re gt Port 2 Auto Authorized Disable Disable 3600 Authorized initialize Security Maa gt 3 Auto Authorized Disable Disable 3601 ae rote WED 4 Auto Authorized Disable Disable 360 Fore Pole Authorized initialize 5 Auto Authorized Disable Disable 360 pore Forre Authorized initialize 6 Auto Authorized Disable Disable 360 Force i Port re Authorized initialize 7 Auto Authorized Disable Disable 360 rooe Portin Authorized initialize 8 Auto Authorized Disable Disable 3600 ree Fane Authorized initialize 9 Auto Authorized Disable Disable 360 Force R Port re Authorized initialize F gt Force Fort re 10 Auto Authorized Disable Disable 360 Authorized initialize A i Force Port re ElLogout 11 Auto Authorized Disable Disable 3600 Authorized initialize 12 Auto Authorized Disable Disable 360 Force i Port 4g Authorized initialize The 802 1X Summary Page contains the following fields a P
153. mode to Half Admin Advertisement 10 100 1000 half Setting the port speed to Auto and Duplex mode to Full Auto Admin Advertisement 10 100 1000 and Full Setting the port speed to 10 100 1000 and the Duplex mode to Auto Admin Advertisement 10 100 1000 Full Half 86 CHAPTER 6 CONFIGURING PORTS To view Port Settings 1 Click Port gt Administration gt Summary The Port Administration Summary Page opens Figure 43 Port Administration Summary Page CAN Baseline Switch 2924 SFP Plus 3 C 0 m Port gt Administration Summary Summary Device Summary Save Configuration Port Port Status Port Speed Duplex Mode Flow Control aaa aa 1 Up 1000M Fu Disable Administration gt 2 u 1000M Ful Disable Device 3 U 1000M Ful Disable Port 4 U 000M Ful Disable Security gt 5 U 00M Ful Disable Monitoring 6 U 00M Ful Disable 7 U 00M Ful Disable U o S 2 2 2 3 8 82 82 2 p p p 1 p 1 p 1 p 1 ees 8 p 1000M Ful Disable i 9 Up 1000M Ful Disable 10 Up 1000M Ful Disable p 1 p 1 p 1 u 1 p p p 20 Up 1000M Ful Disable 21 Suspended 1000M Ful Disable Logout 22 Up 1000M Ful Disable 23 Up 1000M Ful Disable 24 Up 1000M Ful Disable The Port Administration Summary Page contains the following fields a Port Indicates the selected port number a Port Status Indicates whether the port is currently operational or n
154. moves an ACL The possible field values are a Checked Removes the selected IP based ACL a Unchecked Maintains the IP based ACL Priority Indicates the ACL priority which determines which ACL is matched to a packet on a first match basis The possible field values are 1 2147483647 Protocol Indicates the protocol in the ACE to which the packet is matched Destination Port Defines the TCP UDP destination port Source Port Defines the TCP UDP source port to which the ACL is matched Flag Set Sets the indicated TCP flag matched to the packet ICMP Type Specifies an ICMP message type for filtering ICMP packets ICMP Code Specifies an ICMP message code for filtering ICMP packets ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code IGMP Type IGMP packets can be filtered by IGMP message type Source Address Indicates the source IP address Source Mask Indicates the source IP address mask Destination Address Indicates the destination IP address Destination Mask Indicates the destination IP address mask DSCP Matches the packet DSCP value to the ACL Either the DSCP value or the IP Precedence value is used to match packets to ACLs IP Prec Indicates matching ip precedence with the packet IP precedence value Action Indicates the ACL forwarding action In addition the port can be shut down a trap can be sent to t
155. nabled on device and allows 10 users to be created and access the switch concurrently Access levels provide read or read write permissions to users for configuring the switch Login information is managed in the local database A unique password is required of each user Two access levels exist on the 3Com Web Interface a Management access level Provides the user with read write access There is always one management level user configured for the switch The factory default is be user name admin with no Password a Monitor access level Provides the user with read only system access This section contains the following topics a Viewing System Access Settings m Defining System Access m Modifying System Access m Removing System Access 46 CHAPTER 4 MANAGING DEVICE SECURITY Viewing System The System Access Summary Page displays the current users and access Access Settings levels defined on the device To view System Access settings 1 Click Administration gt System Access gt Summary The System Access Summary Page opens Figure 21 System Access Summary Page Mo Baseline Switch 2924 SFP Plus AV M 3 C om Administration gt System Access Summary Summary Remove Device Summary Save Configuration Users Summary User Name Access Level Administration gt admin Management Device gt monitor Monitor Port gt Security Monitoring Help Logout Help The System Access Summar
156. nd switches is known as Media Dependent Interface with Crossover MDIX Password Management Password management provides increased network security and improved password control Passwords for HTTP HTTPS and SNMP access are assigned security features For more information on Password Management see Default Users and Passwords page 27 Port based Authentication Port based authentication enables authenticating system users on a per port basis via an external server Only authenticated and approved system users can transmit and receive data Ports are authenticated via the Remote Authentication Dial In User Service RADIUS server using the Extensible Authentication Protocol EAP Port based Virtual LANs Port based VLANs classify incoming packets to VLANs based on their ingress port Port Mirroring RADIUS Clients Rapid Spanning Tree Remote Monitoring Self Learning MAC Addresses Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from a monitored port to a monitoring port Users specify which target port receives copies of all traffic passing through a specified source port RADIUS is a client server based protocol A RADIUS server maintains a user database which contains per user authentication information such as user name password and accounting information Spanning Tree can take 30 60 seconds for each host to decide whether its ports are ac
157. ned or Any If Any is selected accepts any source IP address and disables wildcard mask filtering a Wild Card Mask Defines the source IP address wildcard mask Wildcard masks specify which bits are used and which bits are ignored A wildcard mask of 255 255 255 255 indicates that no bit is important A wildcard mask of 0 0 0 0 indicates that all the bits are important For example if the source IP address is 149 36 184 198 and the wildcard mask is 0 0 0 255 the first three bytes of the IP address are matched while the last eight bits are ignored For the source IP address 149 36 184 198 this wildcard mask matches all IP addresses in the range 149 36 184 0 to 149 36 184 255 A wildcard mask must not contain leading zeroes For example a wildcard mask of 010 010 011 010 is invalid but a wildcard mask of 10 10 11 10 is valid a Destination IP Address If selected enables matching the destination port IP address to which packets are addressed to the ACE according to a wildcard mask The field value is either user defined or Any If Any is selected accepts any destination IP address and disables wildcard mask filtering a Wild Card Mask Indicates the destination IP Address wildcard mask Wildcards are used to mask all or part of a destination IP Address Wildcard masks specify which bits are used and which bits are ignored A wildcard mask of 255 255 255 255 indicates that no bit is important A wildcard mask of 0 0 0 0 indicates
158. ng action In addition the port can be shut down a trap can be sent to the network administrator or packet is assigned rate limiting restrictions for forwarding The options are as follows a Permit Forwards packets which meet the ACL criteria a Deny Drops packets which meet the ACL criteria a Shutdown Drops packet that meets the ACL criteria and disables the port to which the packet was addressed Ports are reactivated from the Port Administration Setup Page The P Based ACL Remove Page allows the user to remove IP Based ACLs Monitor users have no access to this page Click Device gt ACL gt IP Based ACL gt Remove The P Based ACL Remove Page opens Figure 35 IP Based ACL Remove Page D N Baseline Switch 2824 SFP Plus j 3C om Device gt ACL gt IP Based ACL Remove Summary Setup Modify Remove Device Summary Save Configuration ACL Name 1 z c Remove ACL F pea TE e R A aaa Device Port Flag Set present the flag types in the following order Urg Ack Psh Rst Syn Fin Set is represented as 1 unset as O and dont care as x Security gt Destination Destination DS gt Mask 255 255 255 0 Source Mask Monitoring Help 10 0 2 28 255 255 255 0 10 0 2 28 Help Remove 74 CHAPTER 4 MANAGING DEVICE SECURITY The P Based ACL Remove Page contains the following fields ACL Name Contains a list of the IP based ACLs Remove ACL Re
159. nges to about 10 of that required by the older IEEE 802 1D STP standard A secure replacement for remote access functions including Telnet SSH can authenticate users with a cryptographic key and encrypt data connections between management clients and the switch The RIP protocol seeks to find the shortest route to another device by minimizing the distance vector or hop count which serves as a rough estimate of transmission cost RIP 2 is a compatible upgrade to RIP It adds useful capabilities for subnet routing authentication and multicast transmissions The application protocol in the Internet suite of protocols which offers network management services A technology that checks your network for any loops A loop can often occur in complicated or backup linked network systems Spanning Tree detects and directs data along the shortest available path maximizing the performance and efficiency of the network TACACS is a logon authentication protocol that uses software running on a central server to control access to TACACS compliant devices on the network Transmission Control Protocol Internet Protocol TCP IP Protocol suite that includes TCP as the primary transport protocol and IP as the network layer protocol A TCP IP protocol commonly used for software downloads UDP provides a datagram mode for packet switched communications It uses IP as the underlying transport mechanism to provide access to IP like services UDP
160. ngs To configure Voice VLAN port settings 1 Click Device gt QoS gt VoIP gt Traffic Setting gt Port Setup The Voice VLAN Port Setup Page opens Figure 87 Voice VLAN Port Setup Page M Baseline Switch 2924 SFP Plus oN Device gt Qos gt VoIP Traffic Setting Port Setup 3com Summary Setup Port Setup Device Summary Save Configuration ou Summary 3COM Voice VLAN Port Settings VoiceVLAN Port Mode No Changes VoiceVLAN Port Security No Changes z Select Port e i securis mee MAMA ZZ RIMM mae E vwwvey Selected Ports The Voice VLAN Port Setup Page contains the following fields Voice VLAN Port Mode Defines the Voice VLAN mode The possible field values are a No Changes Maintains the current Voice VLAN port LAG settings This is the default value Defining Voice VLAN 157 a None Indicates that the selected port LAG will not be added to a Voice VLAN a Manual Adding a selected port LAG to a Voice VLAN a Auto Indicates that if traffic with an IP Phone MAC Address is transmitted on the port LAG the port LAG joins the Voice VLAN The port LAG is aged out of the voice VLAN if the IP phone s MAC address with an OUI prefix is aged out and exceeds the defined If the MAC Address of the IP phones OUI was added manually to a port LAG in the Voice VLAN the user cannot add it to the Voice VLAN in Auto mode only in Man
161. nhancements incremental functionality and bug fixes but they do not include software that is released by 3Com as a separately ordered product Separately orderable software releases and licenses are listed in the 3Com Price List and are available for purchase from your 3Com reseller Contact Us Telephone Technical Support and Repair 3Com offers telephone internet and e mail access to technical support and repair services To access these services for your region use the appropriate telephone number URL or e mail address from the table in the next section To obtain telephone support as part of your warranty and other service benefits you must first register your product at http eSupport 3com com When you contact 3Com for assistance please have the following information ready a Product model name part number and serial number m A list of system hardware and software including revision level m Diagnostic error messages a Details about recent configuration changes if applicable 214 APPENDIX G OBTAINING SUPPORT FOR YOUR 3COM PRODUCTS To send a product directly to 3Com for repair you must first obtain a return materials authorization number RMA Products sent to 3Com without authorization numbers clearly marked on the outside of the package will be returned to the sender unopened at the sender s expense If your product is registered and under warranty you can obtain an RMA number online at http eSupport
162. ning Access Control Lists 71 The P Based ACL Modify Page contains the following fields a Selection ACL Selects the ACL to be modified Modify Rule m Priority Defines the ACL priority ACLs are checked on the first fit basis The ACL priority defines the ACL order in the ACL list a Protocol Indicates the protocol in the ACE to which the packet is matched a Select from List Selects a protocol from a list on which ACE can be based a Protocol ID Adds user defined protocols by which packets are matched to the ACE Each protocol has a specific protocol number which is unique The possible field range is 0 255 Source Port Enables creating an ACL based on a specific protocol a Any Enables creating an ACL based on any protocol a Destination Port Indicates the destination port that is matched packets Enabled only when TCP or UDP are selected in the Protocol list a Any Enables creating an ACL Based on any protocol a TCP Flags If checked enables configuration of TCP flags matched to the packet The possible fields are a Urg Urgent pointer field significant The urgent pointer points to the sequence number of the octet following the urgent data a Ack Acknowledgement field significant The acknowledgement field is the byte number of the next byte that the sender expects to receive from the receiver a Psh Push send the data as soon as possible without buffering This i
163. nish speakers enter the URL http lat 3com com lat support form html a Portuguese speakers enter the URL http lat 3com com br support form htm a English speakers in Latin America send e mail to lat_support_anc 3com com US and Canada Telephone Technical Support and Repair All locations Network Jacks Wired or Wireless Network Interface Cards All other 3Com products AT amp T 800 998 2112 57 1 657 0888 AT amp T 800 998 2112 1 800 998 2112 571 657 0888 01 800 849CARE AT amp T 800 998 2112 AT amp T 800 998 2112 54 11 4894 1888 AT amp T 800 998 2112 1 800 998 2112 AT amp T 800 998 2112 1 800 998 2112 AT amp T 800 998 2112 AT amp T 800 998 2112 57 1 657 0888 1 800 876 3266 1 800 876 3266 REGULATORY NOTICES FCC STATEMENT INFORMATION TO THE USER This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to part 15 of the FCC rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications Operation of this equipment in a residential area is ikely to cause harmful interference to radio communications in which case the user will be required to correct the interference at their own
164. nitoring Help LACP Port Priority f1 LACP Timeout Long 7 Logout Help Apply Modifying LACP 99 The LACP Modify Page contains the following fields m LACP System Priority Specifies system priority value The field range is 1 65535 The field default is 1 Select Port Displays the port number to which timeout and priority values are assigned LACP Port Priority Displays the LACP priority value for the port The field range is 1 65535 m LACP Timeout Displays the administrative LACP timeout The possible field values are a Long Specifies the long timeout value a Short Specifies the short timeout value 2 Define the fields 3 Click Apply Link Aggregation is modified and the application is updated VLAN Overview CONFIGURING VLANS This section contains the following topics VLAN Overview Viewing VLAN Details Viewing VLAN Port Details Creating VLANs Modifying VLAN Settings Modifying Port VLAN Settings Removing VLANs VLANs are logical subgroups with a Local Area Network LAN which combine user stations and network devices into a single unit regardless of the physical LAN segment to which they are attached VLANs allow network traffic to flow more efficiently within subgroups VLANs use software to reduce the amount of time it takes for network changes additions and moves to be implemented VLANs restrict traffic within the VLAN VLAN1 is the management VLA
165. ntry 112 CHAPTER 9 CONFIGURING IP AND MAC ADDRESS INFORMATION Defining ARP Settings The ARP Settings Setup Page allows network managers to define ARP parameters for specific interfaces The monitor users have no access to this page To configure ARP entries Click Administration gt ARP Settings gt Setup The ARP Settings Setup Page opens Figure 60 ARP Settings Setup Page No Baseline Switch 2924 SFP Plus a Ne Administration gt ARP Setting Setup sC om Summary f Setup Remove Device Summary Save Configuration VLAN g5 IP Address 0 0 0 0 Administration gt MAC Address Device gt _ _ _ Port ARP Entry Age Out 300 Sec Security gt Monitoring Help Logout Help Apply Cancel The ARP Settings Setup Page contains the following fields a VLAN Indicates the VLAN for which ARP parameters are defined a IP Address Indicates the station IP address which is associated with the MAC address a MAC Address Displays the station MAC address which is associated in the ARP table with the IP address ARP Entry Age Out Specifies the amount of time in seconds that passes between AAP Table entry requests Following the ARP Entry Age period the entry is deleted from the table The range is 1 40000000 The default value is 300 seconds 2 Define the fields 3 Click Apply The ARP parameters are defined and the device is updated Configuring ARP Settings
166. o remove Link Aggregation 1 Click Ports gt Link Aggregation gt Remove The Link Aggregation Remove Page opens Figure 49 Link Aggregation Remove Page Mo Baseline Switch 2924 SFP Plus a Ne Port gt Link Aggregation Remove 3C0M Device Summary Save Configuration Summary Create Modify Remove Select Aggregation s to Remove Group group ID Member Ports 1 3 5 7 9 Administration Device Port Security Monitoring Help vvv v Logout Help Remove Cancel Viewing LACP 97 The Link Aggregation Remove Page includes the following fields m Select Aggregation s to Remove Displays the Link Aggregation table Each row corresponds to a Link Aggregated Group ID The fields in the table are a Group ID Displays the Link Aggregated Group ID a Type Displays the Link Aggregation type a Member Ports Displays the ports for which the link aggregation parameters are defined 2 Select a group ID to be removed 3 Click Remove The Link aggregation is removed and the device is updated Viewing LACP LAG ports can contain different media types if the ports are operating at the same speed Aggregated links can be set up manually or automatically established by enabling LACP on the relevant links Aggregate ports can be linked into link aggregation port groups The LACP Summary Page contains fields for viewing LACP LAGs Click Port gt LACP gt Summary The LACP Summary Pag
167. ocol in the ACE to which the packet is matched The possible fields are a Select from List Selects a protocol on which ACE can be based a Protocol ID Adds user defined protocols by which packets are matched to the ACE Each protocol has a specific protocol number which is unique The possible field range is 0 255 Source Port Indicates the source port that is used for matched packets Enabled only when TCP or UDP are selected in the Protocol list The field value is either user defined or Any If Any is selected the IP based ACL is applied to any source port 68 CHAPTER 4 MANAGING DEVICE SECURITY Destination Port Indicates the destination port that is used for matched packets Enabled only when TCP or UDP are selected in the Protocol list The field value is either user defined or Any If Any is selected the IP based ACL is applied to any destination port TCP Flags If checked enables configuration of TCP flags matched to the packet The possible fields are a Urg Urgent pointer field significant The urgent pointer points to the sequence number of the octet following the urgent data a Ack Acknowledgement field significant The acknowledgement field is the byte number of the next byte that the sender expects to receive from the receiver a Psh Push send the data as soon as possible without buffering This is used for interactive traffic a Rst Reset the connection This invalidates th
168. on gt System Access gt Modify The System Access Modify Page opens Figure 13 System Access Modify Page CAN Baseline Switch 2916 SFP Plus 3 C om Administration gt System Access Modify Summary i Remove Device Summary Save Configuration Users Summary Administration gt User Name Access Level Device gt admin Management Port b Security gt Monitoring gt Help Access Level Monitor E El Password Modify Password Confirm Password e 10 Character Maximum Logout a meee 2 Modify the fields 3 Click Apply The access fields are modified 36 CHAPTER 2 USING THE 3COM WEB INTERFACE Removing Configuration Information 1 Click Administration gt System Access gt Remove The System Access Remove Page opens Figure 14 GAN 3com Device Summary Save Configuration Administration Device Port Security Monitoring Help vvv v Logout System Access Remove Page Baseline Switch 2924 SFP Plus Administration gt System Access Remove Summary Remove Remove User s User Name Access Level Management monitor Monitor Select user s from the list above and click Remove to remove the User s Help Remove Cancel 2 Select the user account to be deleted 3 Click Remove The user account is deleted and the device is updated Saving the Configuration 37 Saving the Configuration Configuration changes are only
169. on operational The possible field values are a Up Indicates the port is currently operating a Down Indicates the port is currently not operating Suspended Indicates the port has been shutdown through a device security option m Port Speed Displays the configured rate for the port The port type determines what speed setting options are available Port speeds can only be configured when auto negotiation is disabled The possible field values are Viewing Port Settings 87 a 10M Indicates the port is currently operating at 10 Mbps a 100M Indicates the port is currently operating at 100 Mbps a 1000M Indicates the port is currently operating at 1000 Mbps a Duplex Mode Displays the port duplex mode This field is configurable only when auto negotiation is disabled and the port speed is set to 10M or 100M or 1000M per second This field cannot be configured on LAGs The possible field values are a Full The interface supports transmission between the device and its link partner in both directions simultaneously a Half The interface supports transmission between the device and the client in only one direction at a time a Flow Control Displays the flow control status on the port Operates when the port is in full duplex mode The possible field values are a Enable Enables flow control on the port a Disable Disables flow control on the port 88 CHAPTER 6 CONFIGURING PORT
170. onitoring gt O Management Station a Help Open Access 0 0 0 0 Community String Standard public O User Defined Access Mode Read Only Apply Cancel Management Station Community String Access Mode l Logout Help The SNMP Communities Setup Page contains the following fields SNMP Status Defines SNMP on the device The possible field values are a Enable Enables SNMP on the device a Disable Disables SNMP on the device Insert New Community Adds a SNMP community Defining SNMP Communities 137 SNMP Management a Management Station Displays the management station IP address for which the SNMP community is defined Open Access 0 0 0 0 Provides SNMP access to all the stations Community String a Standard Displays pre defined community strings The possible field values are a Public Displays the pre defined public community string name a Private Displays the pre defined private community string name m User Defined Defines a user defined community string name Access Mode Defines the access rights of the community The possible field values are a Read Only Management access is restricted to read only and changes cannot be made to the community a Read Write Management access is read write and changes can be made to the device configuration but not to the community 2 Define the relevant fields 3 Click App
171. onnections use a Cat 5 cable Check the port LED or zoom screen in the NMS application and change setting if necessary Lost Password Contact 3Com E 3COM CLI REFERENCE GUIDE This section describes using the Command Line Interface CLI to manage the device The device is managed through the CLI from a direct connection to the device console port Getting Started Using the CLI network managers enter configuration commands and with the Command parameters to configure the device Using the CLI is very similar to Line Interface entering commands on a UNIX system Console Port To start using the CLI via a console port 1 Connect the RJ 45 cable to the Console port of the switch to the serial port of the terminal or computer running the terminal emulation application Set the baud rate to 38400 Set the data format to 8 data bits 1 stop bit and no parity Set Flow Control to none Under Properties select VT100 for Emulation mode au AUN Select Terminal keys for Function Arrow and Ctrl keys Ensure that the setting is for Terminal keys not Windows keys Logging on to the CLI The Login process requires a User Name and Password The default user name for first time configuration is admin No password is required User names and passwords are case sensitive To logon to the CLI Interface 1 Press Enter without typing in a username The Login prompt displays Login 2 Enter your User Name at the Login prompt
172. ore Refer to 3Com CLI Reference Guide on page 195 Each switch has an internal set of web pages that allow you to manage the switch using a Web browser remotely over an IP network see Figure 3 18 CHAPTER 1 GETTING STARTED SNMP Management Figure 3 Web Interface Management over the Network Switch Workstation OTTO OOE pe Connect over Network via web browser J q Refer to Setting Up Web Interface Management on page 25 You can manage a switch using any network management workstation running the Simple Network Management Protocol SNMP as shown in Figure 4 For example you can use the 3Com Network Director software available from the 3Com website Figure 4 SNMP Management over the Network SNMP Network Management Switch Workstation py OONAN E 8 mmm m gt J __ Connect over Network using SNMP lt Refer to Setting Up SNMP Management V1 or V2 on page 26 Switch Setup Overview This section gives an overview of what you need to do to get your switch set up and ready for management when it is in its default state The whole setup process is summarized in Figure 5 Detailed procedural steps are contained in the sections that follow In brief you need to Configure IP information manually for your switch or view the automatically configured IP information m Prep
173. ort Displays a list of interfaces a User Name Displays the supplicant user name Admin Port Control Displays the admin port authorization state a ForceUnauthorized Indicates that either the port control is force Unauthorized and the port link is down or the port control is Auto but a client has not been authenticated via the port a ForceAuthorized Indicates that the port control is Forced Authorized and clients have full port access a Auto Indicates that the port control is Auto and a single client has been authenticated via the port a Current Port Control Displays the current port authorization state 54 CHAPTER 4 MANAGING DEVICE SECURITY Defining 802 1X Authentication a Guest VLAN Indicates whether an unauthorized port is allowed to join the Guest VLAN The possible field values are a Enable Enables an unauthorized port to join the Guest VLAN a Disable Disables an unauthorized port to join the Guest VLAN a Periodic Reauthentication Enables periodic reauthentication on the port a Enable Enables the periodic reauthentication on the port a Disable Disables the periodic reauthentication on the port This is the default a Reauthentication Period Displays the time span in seconds in which the selected port is reauthenticated The field default is 3600 seconds a Authenticator State Displays the current authenticator state a Termination Cause
174. ort engineers Purchase Extended Warranty and Professional Services To enhance response times or extend your warranty benefits you can purchase value added services such as 24x7 telephone technical support software upgrades onsite assistance or advanced hardware replacement Experienced engineers are available to manage your installation with minimal disruption to your network Expert assessment and implementation services are offered to fill resource gaps and ensure the success of your networking projects For more information on 3Com Extended Warranty and Professional Services see http www 3com com Access Software Downloads 213 Contact your authorized 3Com reseller or 3Com for additional product and support information See the table of access numbers later in this appendix Access Software Downloads You are entitled to bug fix maintenance releases for the version of software that you initially purchased with your 3Com product To obtain access to this software you need to register your product and then use the Serial Number as your login Restricted Software is available at http eSupport 3com com To obtain software releases that follow the software version that you originally purchased 3Com recommends that you buy an Express or Guardian contract a Software Upgrades contract or an equivalent support contract from 3Com or your reseller Support contracts that include software upgrades cover feature e
175. orwarded message responses are heaped onto the network straining network resources or causing the network to time out Broadcast Storm is enabled for all Gigabit ports by defining the packet type and the rate the packets are transmitted The system measures the incoming Broadcast and Multicast frame rates separately on each port and discards the frames when the rate exceeds a user defined rate Packet threshold is ignored if Broadcast Storm Control is Disabled Monitor users have no access to this page Click Device gt Broadcast Storm gt Setup The Broadcast Storm Setup Page opens Figure 39 Broadcast Storm Setup Page Ac A Baseline Switch 2924 SFP Plus Ne Device gt Broadcast Storm Setup f scom Device Summary Save Configuration Broadcast Storm Control Disada Packet Rate Threshold 3500 1000000 1000000 Kbits sec Administration gt Port gt gt Note Packet threshold is ignored if Broadcast Storm Control is Disabled Help Apply Cancel Enabling Broadcast Storm 79 The Broadcast Storm Setup Page contains the following fields Broadcast Storm Control Indicates if forwarding Broadcast packet types is enabled on the interface a Disabled Disables broadcast control on the selected port a Broadcast Enables broadcast control on the selected port a Broadcast amp Multicast Enables broadcast and multicast control on the selected port a Packet Rate Threshold 3
176. outer on a given subnetwork one of the devices is made the querier and assumes responsibility for keeping track of group membership Management of the network from a station attached directly to the network A process whereby this switch can pass multicast traffic along to participating hosts The Type of Service ToS octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic The eight values are mapped one to one to the Class of Service categories by default but may be configured differently to suit the requirements for specific network applications Data Link layer in the ISO 7 Layer Data Communications Protocol This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses Network layer in the ISO 7 Layer Data Communications Protocol This layer handles the routing functions for data moving from one open system to another Aggregates ports or VLANs into a single virtual port or VLAN See Port Trunk An acronym for Management Information Base It is a set of database objects that contains information about a specific device An algorithm that is used to create digital signatures It is intended for use with 32 bit machines and is safer than the MD4 algorithm which has been broken MD5 is a one way hash function meaning that it takes
177. oving Address The Address Table Remove Page allows the network manager to remove Tables current MAC addresses from the Address Table The monitor users have no access to this page To remove Address Tables 1 Click Monitoring gt Address Table gt Remove The Address Table Remove Page opens Figure 67 om N Vv 3com Device Summary Save Configuration Administration Device Port Security Monitoring Help Logout vvv v Address Table Remove Page Baseline Switch 2916 SFP Plus Monitoring gt Address Table Remove Summary Port Summary Add Setup Port Remove Remove MAC Address VLAN ID State Port Index Aging Time 00 11 22 44 55 66 1 Config Static 6 NOT AGED Select All Select None Nex Remove _Canea The Address Table Remove Page contains the following fields a MAC Address Displays the current MAC addresses listed in the MAC address table a VLAN ID Displays the VLAN ID attached to the MAC Address m State Displays the MAC address configuration method Possible values are 122 CHAPTER 9 CONFIGURING IP AND MAC ADDRESS INFORMATION a Config Static Indicates the MAC address is statically configured a Contig Dynamic Indicates the MAC address is dynamically configured a Port Index Indicates Port Table entry number a Aging Time Specifies the amount of time the MAC Address remains in the Dynamic MAC Address before it is tim
178. packets are delivered just like IP packets connection less datagrams that may be discarded before reaching their targets UDP is useful when TCP would be too complex too slow or just unnecessary Virtual LAN VLAN XModem 211 A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a logical workgroup with no physical barriers and allows users to share information and resources as though located on the same LAN A protocol used to transfer files between devices Data is grouped in 128 byte blocks and error corrected Register Your Product to Gain Service Benefits OBTAINING SUPPORT FOR YOUR 3COM PRODUCTS 3Com offers product registration case management and repair services through eSupport 3com com You must have a user name and password to access these services which are described in this appendix To take advantage of warranty and other service benefits you must first register your product at http eSupport 3com com 3Com eSupport services are based on accounts that are created or that you are authorized to access Solve Problems Online 3Com offers the following support tool m 3Com Knowledgebase Helps you to troubleshoot 3Com products This query based interactive tool is located at http knowledgebase 3com com It contains thousands of technical solutions written by 3Com supp
179. physical addresses and maps the IP address to a MAC address ARP allows a host to communicate with other hosts when only the IP address of its neighbors is known This section includes the following sections Viewing ARP Settings Defining ARP Settings Removing ARP Entries Viewing ARP Settings Configuring ARP Settings 111 The ARP Settings Summary Page displays the current ARP settings To view ARP Settings Click Administration gt ARP Settings gt Summary The ARP Settings Summary Page opens Figure 59 ARP Settings Summary Page Do Baseline Switch 2924 SFP Plus oN Administration gt ARP Setting Summary 3com m mmay ummary Setup Remove Device Summary Save Configuration Interface IP Address MAC Address VLAN 1 10 56 39 26 00 11 11 6b 3a 1b Status Dynamic Administration Device gt Port Security Monitoring Help Logout Help The ARP Settings Summary Page contains the following fields m Interface Indicates the VLAN for which ARP parameters are defined a IP Address Indicates the station IP address which is associated with the MAC Address a MAC Address Displays the station MAC address which is associated in the ARP table with the IP address a Status Displays the ARP table entry type Possible field values are a Dynamic Indicates the ARP entry is learned dynamically a Static Indicates the ARP entry is a static e
180. r in calculating expression Filter rIPhDPortsModuleNumber 1 amp 8 ifOperStatus 6 vt name S TPPortTable Error Error HTTP_HTTPS E DIAGNOSTICS ERROR in lt RL_vtRepeat gt syntax error in calculating expression Filter IPhDPortsModuleNumber 1 amp amp swifTransceiverlype 2 swifTransceiverlype 4 vt name PortInfo HTTP_HTTPS E DIAGNOSTICS ERROR in lt RL_vtRepeat gt syntax error in calculating expression Filter lIPhDPortsModuleNumber 1 amp amp swifTransceiverlype 2 swifTransceiverType 4 vt name Portinfo Error HTTP_HTTPS E DIAGNOSTICS ERROR in lt RL_vtRepeat gt syntax error in calculating expression Filter PhDPortsModuleNumber 1 amp amp swiffransceiverlype 2 swifTransceiverType 4 vt name PortInfo Error Error HTTP_HTTPS E DIAGNOSTICS ERROR in lt RL_vtRepeat gt syntax error in calculating expression Filter rIPhDPortsModuleNumber 1 amp amp swifTransceiverlype 2 swifTransceiverType 4 vt name Portlnfo HTTP_HTTPS E GETDATEFROMSYS WARNING The if modified since date can not be taken from the system so it will be set to 1 1 1970 Error HTTP_HTTPS E SETTAGDOESNTEXIST PGPRCS Trying to set tag submitButton y which does not exist in the page Error Error HTTP_HTTPS E SETTAGDOESNTEXIST PGPRCS Trying to set tag submitButton x which does not exist in the page HTTP_HTTPS E SETTAGDOESNT
181. ror In Q Monitor C Mirra E ae O T IZ Mirror Out Select port Administration Device Port Security Monitoring Help rvv v Not avaliable for selection Summary Monitor Mirror In Mirror Out 2 Logout Help Apply Cancel The Port Mirroring Setup Page contains the following fields m Select Port Type Defines the port that will be the monitor port destination port and the port that will be mirrored source port The possible values are a Monitor Defines the port as the monitor port the destination port a Mirror Defines the port as the mirrored port to be monitored and indicates the traffic direction to be monitored If selected the possible values are a Mirror In Enables port mirroring on the port RX a Mirror Out Enables port mirroring on the port TX Removing Port Mirroring u FB WwW N Configuring Port Mirroring 177 m Select port Selects the port for mirroring or monitoring A port unavailable for mirroring is colored grey Summary Displays the current monitor and mirror ports The fields displayed are a Monitor Displays the monitor port a Mirror In Displays ports that are monitored on the RX a Mirror Out Displays ports that are monitored on the TX Select a port type If the Mirrored port type is selected select Mirror In and or Mirror Out Select the ports to be monitored Click Apply Port mirroring is enabled and the device is up
182. rror which occurred The tests use Time Domain Reflectometry TDR technology to test the quality and characteristics of a copper cable attached to a port When performing cable tests consider the following m During the tests ports are in the down state m The minimum cable length resolution is one meter so if the cable is shorter than 1 meter the test will display no cable m An open cable or a 2 pair copper cable will display a cable fault distance of 0 m The maximum cable length is 120 meters 180 CHAPTER 17 MANAGING DEVICE DIAGNOSTICS To test cables Click Monitoring gt Cable Diagnostics gt Diagnostics The Diagnostics Page opens Figure 101 Diagnostics Page Ds A Baseline Switch 2924 SFP Plus a W Monitoring gt Cable Diagnostics Diagnostics acom Diagnostics Device Summary Save Configuration sasons Administration Help Test Result OK Cable Fault Distance o Last Update 2005 1 1 El Logout Help Apply Cancel The Diagnostics Page contains the following fields a Select a Port Specifies the port to be tested a Test Result Displays the cable test results Possible values are a No Cable Indicates that a cable is not connected to the port or the cable is connected on only one side or the cable is shorter than 1 meter a Short Cable Indicates that a short has occurred in the cable
183. rt Detail Page Qo Baseline Switch 2924 SFP Plus S W Device gt VLAN Port Detail scom Device Summary Save Configuration Modify VLAN Modify Port VLAN Detail Remove Port Detail Select Port EIEEEI e TTL Administration cs egte e r ie oo eee D S a Tw Help Untagged membership Tagged membership a a H H al Logout Help The VLAN Port Detail Page contains the following information m Select Port Selects the port to be displayed Untagged membership Indicates the port is an untagged member of the VLAN a Tagged membership Indicates the port is a tagged member of a VLAN VLAN tagged packets are forwarded by the interface The packets contain VLAN information 104 CHAPTER 8 CONFIGURING VLANS Creating VLANs The VLAN Setup Page allows the network administrator to create user defined VLANs The monitor users have no access to this page To create VLANs Click Device gt VLAN gt Setup The VLAN Setup Page opens Figure 54 VLAN Setup Page Baseline Switch 2924 SFP Plus EFAN S Ve Devi gt VLAN Setup 3 C 0 m evice etup Setup Modify VLAN Modify Port Remove Por Detail VLAN Detail Device Summary Save Configuration Create Administration gt VLAN IDs Example 3 5 12 Create Device gt Port le ID Name Security Monitoring gt 2 Two Help 10 Voice Rename VLAN note you can do this later on the VLAN Modify page
184. s Control Lists 59 m Ethertype Provides an identifier that differentiates between various types of protocols a Action Indicates the ACL forwarding action In addition the port can be shut down a trap can be sent to the network administrator or packet is assigned rate limiting restrictions for forwarding The options are as follows a Permit Forwards packets which meet the ACL criteria a Deny Drops packets which meet the ACL criteria a Shutdown Drops packet that meets the ACL criteria and disables the port to which the packet was addressed Ports are reactivated from the Port Administration Setup Page The MAC Based ACL Setup Page allows the network administrator to select create and define rules for MAC based Access Control Lists Monitor users have no access to this page Click Device gt ACL gt MAC Based ACL gt Setup The MAC Based ACL Setup Page opens Figure 29 MAC Based ACL Setup Page eV 3C0M Device Summary Save Configuration Administration Device Port Security Monitoring Help rvv v El Logout Baseline Switch 2924 SFP Plus Device gt ACL gt MAC Based ACL Setup Setup Modify Remove C Selection ACL C Create ACL Create Add Rules to ACL Priority Source MAC Address C Source Mask C Any Destination MAC Address C Destination Mask Cc Any VLAN ID Cos Cos Mask Ethertype Action permit x P Source Destin
185. s Destination File Name File Type Parameters a TFTP Server IP Address Defines the TFTP server s IP address a Source File Name Specifies the source file name a File Type Defines the file type to be downloaded The possible values are runtime Downloads the runtime software application file ebootcode Downloads the bootcode software file Default Configuration This command has no default configuration User Guidelines During the upgrade process a series of dots appear representing the upgrade process in the CLI interface When the upgrade process is completed the command prompt reappears The Dual Software Image feature is supported therefore the next boot after upgrade command will always use the newly downloaded image 202 APPENDIX E 3COM CLI REFERENCE GUIDE Initialize The Initialize command resets the device configuration to factory defaults including the IP configuration Syntax Initialize Default Configuration This command has no default configuration User Guidelines The system prompts for confirmation of the request If no response is entered within 15 seconds timeout occurs and the command is not executed Example Select menu option initialize WARNING This command initializes the system to factory defaults and causes a reset Do you wish to continue Y N N N Select menu option CLI Commands 203 Reboot The Reboot command simulates a power cycle of the
186. s used for interactive traffic a Rst Reset the connection This invalidates the sequence numbers and aborts the session between the sender and receiver a Syn Synchronize Initial Sequence Numbers ISNs This is used to initialize a new connection a Fin Finish This indicates there is no more data from the sender This marks a normal closing of the session between the sender and receiver 72 CHAPTER 4 MANAGING DEVICE SECURITY For each TCP flag the possible field values are a Set Enables the TCP flag a Unset Disables the TCP flag a Don t Care Does not check the packet s TCP flag ICMP If checked enables filtering ICMP packets for an ICMP message type The possible values are a Select from List Selects an ICMP message type from a list a CMP Type Specifies an ICMP message type a Any Does not filter for an ICMP message type ICMP Code If checked enables specifying an ICMP message code for filtering ICMP packets ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code IGMP If checked enables filtering IGMP packets for an IGMP message type The possible values are a Select from List Selects an IGMP message type from a list a GMP Type Specifies an IGMP message type a Any Does not filter for an IGMP message type Source IP Address Matches the source IP address to which packets are addressed to the ACL
187. ses assigned to the port a Dynamic Displays dynamic MAC Addresses assigned to the port Adding Entries into Address Tables Configuring Address Tables 117 MAC Address Displays MAC Addresses currently listed in the MAC Addresses table filtered by the selected value of the State field VLAN ID Displays the VLAN ID attached to the MAC Address State Displays a port table display based on the type of address Possible values are a Config Static Indicates the MAC Address is statically configured a Config Dynamic Indicates the MAC Address is dynamically configured Port Index Indicates Port Table entry number Aging Time Specifies the amount of time the MAC Address remains in the Dynamic MAC Address table before it is timed out if no traffic from the source is detected The default value is 300 seconds The Address Table Add Page allows the network manager to assign MAC addresses to ports with VLANs The monitor users have no access to this page To Cli add Address Tables ck Monitoring gt Address Tables gt Add The Address Table Add Page opens Figure 64 Address Table Add Page Qo Baseline Switch 2924 SFP Plus a Monitoring gt Address Table Add o SCOM SmE S EER RT Device Summary Save Configuration VLAN ID fi a Administration gt MAC Address For example 0010 dce28 a4e9 Device I M No Aging Port gt Security Select a Port Monitoring 2 Heip RBM Ee ele
188. ses to the OUI table Once the OUls are added all traffic received on the Voice VLAN ports from the specific IP phone with a listed OUI is forwarded on the voice VLAN To modify OUI Settings Click Device gt QoS gt VoIP Traffic Setting gt OUI Modify The Voice VLAN OUI Modify Page opens Figure 90 Voice VLAN OUI Modify Page CAN Baseline Switch 2924 SFP Plus Device gt Qos gt VoIP Traffic Setting OUI Modify 3C0M C Summary Seup Port Setup Save Configuration Port Detail OUI Summary OUI Modify Device Summary Specify a telephony OUI and click the Add button to add a telephone to the list Administration Telephony OUI 0029000900000 Device an Description Port gt Security Add Remove Monitoring gt js Help Telephony OUI s Description 00 01 E3 00 00 00 00 03 6B 00 00 00 00 0F E2 00 00 00 00 60 B9 00 00 00 00 D0 1E 00 00 00 00 E0 75 00 00 00 00 E0 BB 00 00 00 Help The Voice VLAN OUI Modify Page contains the following fields a Telephony OUI Defines new OUls enabled on the Voice VLAN Description Provides a user defined OUI description 2 Enter an OUI in the Telephony OUI field 3 Enter an OUI description in the OUI field 4 Click Apply The new OUI is defined and the device is updated 14 Configuration File Structure MANAGING SYSTEM FILES This section contains information about managing configuration files and in
189. sions running on the device Select menu option Summary IP Method Manual IP address 12 33 54 Subnet mask 255 255 255 0 Default gateway BS ad Runtime version examplel ext Bootcode version example2 ext 200 APPENDIX E 3COM CLI REFERENCE GUIDE ipSetup The ipSetup command allows the user to define an IP address on the device either manually or via a DHCP server Syntax ipSetup dhcp ip address mask default gateway ip address Parameters a dhcp Specifies the IP address is acquired automatically from the Dynamic Host Configuration Protocol DHCP server p address mask Specifies that the IP address and default gateway are configured manually by the user Range 0 0 0 0 223 255 255 255 Default Configuration No default IP address is defined for interfaces User Guidelines IP Addresses configured beyond the range of 224 0 0 0 are defined as multicast experimental or broadcast addresses If a default gateway is configured manually the IP address and mask are required to be the same as the gateway address and mask Example The following example displays an IP address configured manually ipSetup 161 71 34 120 255 255 255 0 The following example displays an IP address obtained via a DHCP server ipSetup DHCP Upgrade CLI Commands 201 The Upgrade command starts a system download and thereby allowing a system upgrade Syntax upgrade TFTP Server IP Addres
190. ssociated with the MAC address a MAC Address Displays the station MAC address which is associated in the ARP table with the IP address a Status Displays the ARP table entry type Possible field values are a Dynamic Indicates the ARP entry is learned dynamically a Static Indicates the ARP entry is a static entry Select the Interface to be removed 3 Click Remove The ARP interface is removed and the device is updated Configuring Address Tables MAC addresses are stored in either the Static Address or the Dynamic Address databases A packet addressed to a destination stored in one of the databases is forwarded immediately to the port The Dynamic Address Table can be sorted by interface VLAN and MAC Address MAC addresses are dynamically learned as packets from sources arrive at the device Addresses are associated with ports by learning the ports from the frames source address Frames addressed to a destination MAC address that is not associated with any port are flooded to all ports of the relevant VLAN Static addresses are manually configured In order to prevent the bridging table from overflowing dynamic MAC addresses from which no traffic is seen for a certain period are erased This section includes the following sections a Viewing Address Table Settings a Viewing Port Summary Settings a Adding Entries into Address Tables a Defining Aging Time a Removing Address Table Ports m Removing Address
191. stalling and backing up switch firmware including the following topics Backing Up System Files Restoring Files Upgrade the Firmware Image Activating Image Files The configuration file structure consists of the following Startup Configuration File Contains the commands required to reconfigure the device to the same settings as when the device is powered down or rebooted The Startup file is created by copying the configuration commands from the Running Configuration file or by downloading the configuration file from via TFTP or HTTP Running Configuration File Contains all configuration file commands and all commands entered during the current session When the device is powered down or rebooted the commands in the Running Configuration file are lost During startup all commands in the Startup file are copied to the Running Configuration File and applied to the device To update the Startup file click the Save Configuration button before powering down the device This copies the Running Configuration file to the Startup Configuration file Image files Software upgrades are used when a new version file is downloaded The file is checked for the right format and that it is complete After a successful download the new version is marked and is used after the device is reset Backup and restore of the configuration files are always done from and to the Startup Config file Backing Up System Files 163 Backing Up Sy
192. stem Files The Backup Page permits network managers to backup the system configuration to a TFTP or HTTP server The monitor users have no access to this page To keep your currently running configuration click the Save Configuration item on the left side of the page Click Administration gt Backup amp Restore gt Backup The Backup Page opens Figure 91 Backup Page As A Baseline Switch 2924 SFP Plus i oN Administration gt Backup amp Restore Backup 3 C 0 m Backup Restore Device Summary Save Configuration Upload via TFTP C Upload via HTTP ini ji gt eonan gt Configuration Upload hee TFTP Serwer IP Addres Port gt Security gt Destination File Name Monitoring Help Logout Help Apply Cancel The Backup Page contains the following fields Upload via TFTP Enables initiating an upload to the TFTP server a Upload via HTTP Enables initiating an upload to the HTTP server or HTTPS server TFTP Server IP Address Specifies the TFTP Server IP Address to which the configuration files are uploaded a Destination File Name Specifies the destination file to which the configuration file is uploaded 3 Define the relevant fields 4 Click Apply The backup file is defined and the device is updated 164 CHAPTER 14 MANAGING SYSTEM FILES Restoring Files The Restore Page restores files from the TFTP or HTTP server The monitor users have no access to this page
193. t Detail Settings 1 Click Device gt QoS gt VoIP gt Traffic Setting gt Port Detail The Voice VLAN Port Details Page opens Figure 88 Voice VLAN Port Details Page Ro N N Baseline Switch 2924 SFP Plus Device gt QoS gt VoIP Traffic Setting Port Detail 3com m Summary Port Setup Port Detail MOUE an Meme NUCC I Device Summary Save Configuration 3COM Voice VLAN Port Detail aa Select Port Administration Device Port Security Monitoring Help vvv v Security Disabled Mode Manual Logout Help 2 Click a port in the Zoom View The port is highlighted blue and the Voice VLAN port settings are displayed in the text box Viewing the OUI The Voice VLAN OUI Summary Page lists the Organizationally Unique Summaries Identifiers OUls associated with the Voice VLAN The first three bytes of the MAC Address contain a manufacturer identifier While the last three bytes contain a unique station ID Using the OUI network managers can add specific manufacturer s MAC addresses to the OUI table Once the OUls are added all traffic received on the Voice VLAN ports from the specific IP phone with a listed OUI is forwarded on the voice VLAN 160 CHAPTER 13 CONFIGURING QUALITY OF SERVICE To view VLAN Settings 1 Click Device gt QoS gt VoIP Traffic Setting gt OUI Summary The Voice VLAN OUI Summary Page opens Figure 89 Voice VLAN OUI Summary Page Roh Baseline Switc
194. t s DSCP value a Queue Specifies the traffic forwarding queue to which the DSCP priority is mapped Four traffic priority queues are supported 148 CHAPTER 13 CONFIGURING QUALITY OF SERVICE Configuring DSCP Queue The DSCP to Queue Setup Page contains fields for mapping DSCP settings to traffic queues For example a packet with a DSCP tag value of 3 can be assigned to queue 1 The monitor user has no access to this page To map CoS to Queues Click Device gt QoS gt DSCP to Queue gt Setup The DSCP to Queue Setup Page opens Figure 81 DSCP to Queue Setup Page Rv Baseline Switch 2924 SFP Plus 3com Device gt QoS gt DSCP to Queue Setup Semar Save Configuration Restore Oetautts I 7 gel v ia ba jla 4 Fa a Pst 52 ice Ifa 2 Rs fs Re se est o iea Ika ba rs tat sles bs Ist rs zs Ig 2 G 2 IPs ha z IEJ fe IEJ fe om hal 2 e3 Past Eat fal f Ike a Pa jia Fa e eJ e eI ees m A n Rees The DSCP to Queue Setup Page contains the following fields m Restore Defaults Restores the device factory defaults for mapping DSCP values to a traffic forwarding queue m DSCP Displays the incoming packet s DSCP value a Queue Specifies the traffic forwarding queue to which the DSCP priority is mapped Four traffic priority queues are supported 2 Define the queue number in
195. ted Modifying Port VLAN Settings 107 Modifying Port VLAN Settings The Modify VLAN Port Page allows the network manager to modify port VLAN settings The monitor users have no access to this page 1 Click Device gt VLAN gt Modify Port The Modify VLAN Port Page opens Figure 56 N 3com Device Summary Save Configuration Administration ElLogout Modify VLAN Port Page Baseline Switch 2924 SFP Plus Device gt VLAN Modify Port Setup Modify VLAN CGE Remove Port Detail VLAN Detail Select a Port Select membership type g E Untagged c im Tagged Not avaliable for selection Enter VLAN ID to add port to VLAN ID Selected Port Untagged Membership Tagged Membership The Modify VLAN Port Page contains the following fields a Select a Port Selects a port to be modified a Select Membership Type Displays the membership type for each VLAN The possible field values are a lagged Indicates the interface is a tagged member of a VLAN VLAN tagged packets are forwarded by the interface The packets contain VLAN information a Untagged Indicates the interface is an untagged member of the VLAN a Not Available for Selection Indicates the interface is not available for selection a VLAN ID Enter the VLAN ID to which the port is assigned 2 Select a port 108 CHAPTER 8 CONFIGURING VLANS 3 Select Membership type
196. the Reboot button Administration gt Reboot _ Device gt Port Sory 4 R he devi fi defaults b ing the Initialize b A gt eturn the device to factory defaults by pressing the Initialize button Help Initialize with Current IP Address Initialize with Default IP Address Logout Click Reboot A confirmation message is displayed Click OK The device is reset and a prompt for a user name and password is displayed Figure 17 User Name and Password Page Baseline Switch 2924 SFP Plus Login User Name P Password a Login 4 Enter a user name and password to reconnect to the web interface Restoring Factory Defaults 39 Restoring Factory The Restore option appears on the Reset Page The Restore option Defaults restores device factory defaults To restore the device 1 Click Administration gt Reset The Reset Page opens Figure 18 Reset Page AA Baseline Switch 2916 SFP Plus Ne Administration gt Reset Reset 3C om j Reset Device Summary Save Configuration Power Cycle the unit by pressing the Reboot button Administration Device Port Security Monitoring Help Initialize with Current IP Address Initialize with Default IP Address Initialize Return the device to factory defaults by pressing the Initialize button vyv vv Logout The Reset Page contains the following fields a nitialize with Current IP Address Resets the
197. the Bootstrap Protocol BOOTP adding the capability of automatic allocation of reusable network addresses and additional configuration options Extensible Authentication Protocol over LAN EAPOL Generic Multicast Registration Protocol GMRP IEEE 802 1D IEEE 802 1Q IEEE 802 1p IEEE 802 15 IEEE 802 1X IEEE 802 3ac IEEE 802 3x IGMP Snooping IGMP Query 207 EAPOL is a client authentication protocol used by this switch to verify the network access rights for any device that is plugged into the switch A user name and password is requested by the switch and then passed to an authentication server e g RADIUS for verification EAPOL is implemented as part of the IEEE 802 1X Port Authentication standard GMRP allows network devices to register end stations with multicast groups GMRP requires that any participating network devices or end stations comply with the IEEE 802 1p standard Specifies a general method for the operation of MAC bridges including the Spanning Tree Protocol VLAN Tagging Defines Ethernet frame tags which carry VLAN information It allows switches to assign end stations to different virtual LANs and defines a standard way for VLANs to communicate across switched networks An IEEE standard for providing quality of service QoS in Ethernet networks The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority
198. the following fields m RJ45 Displays the port status of the RJ45 connections which are the physical interface used for terminating twisted pair type cable a SFP Displays the port status of the Small Form Factor SFP optical transmitter modules that combine transmitter and receiver functions Table 9 describes the color and the port status Table 9 Color Key Definitions Color White Port Status Unconnected No link detected Yellow Lower speed on 10 100 1000M port Green Light Blue Maximum speed 10 100 1000M RJ45 or RJ45 SFP Indicates that a link was detected SX LX SFP Indicates that a link was detected Light Gray Port has been set to inactive by User or Protocol Dark Blue Red Port has been selected by user Port or Transceiver has failed POST or Transceivers not recognized MANAGING DEVICE SECURITY The Management Security section provides information for configuring system access defining RADIUS authentication port based authentication and defining access control lists This section includes the following topics Configuring System Access Defining RADIUS Clients Defining Port Based Authentication 802 1X Defining Access Control Lists Enabling Broadcast Storm Configuring System Access 45 Configuring System Access Network administrators can define users passwords and access levels for users using the System Access Interface The Multi Session web feature is e
199. tion MAC address E0 3B 4A C2 CA E2 this wildcard mask matches all MAC addresses in the range E0 3B 4A C2 CA 00 to E0 3B 4A C2 CA FF VLAN ID Matches the packet s VLAN ID to the ACE The possible field values are 1 to 4093 CoS Classifies traffic based on the CoS tag value CoS Mask Defines the CoS mask used to classify network traffic Ethertype Provides an identifier that differentiates between various types of protocols Action Indicates the ACL forwarding action The port can be shut down a trap can be sent to the network administrator or packet is assigned rate limiting restrictions for forwarding The options are Defining Access Control Lists 63 a Permit Forwards packets which meet the ACL criteria a Deny Drops packets which meet the ACL criteria a Shutdown Drops packet that meets the ACL criteria and disables the port to which the packet was addressed Ports are reactivated from the Port Administration Setup Page 2 Define the fields 3 Click Apply The MAC based settings are modified and the device is updated Removing MAC Based The MAC Based ACL Remove Page allows the user to remove MAC Based ACLs ACLs Monitor users have no access to this page To remove MAC Based ACLs 1 Click Device gt ACL gt MAC Based ACL gt Remove The WAC Based ACL Remove Page opens Figure 31 MAC Based ACL Remove Page Ro Baseline Switch 2924 SFP Plus Ne Device gt ACL gt MAC Based ACL
200. tively forwarding traffic Rapid Spanning Tree RSTP detects uses of network topologies to enable faster convergence without creating forwarding loops Remote Monitoring RMON is an extension to SNMP which provides comprehensive network traffic monitoring capabilities as opposed to SNMP which allows network device management and monitoring RMON is a standard MIB that defines current and historical MAC layer Statistics and control objects allowing real time information to be captured across the entire network The device enables automatic MAC address learning from incoming packets The MAC addresses are stored in the Bridging Table 188 APPENDIX B DEVICE SPECIFICATIONS AND FEATURES Table 11 Features of the Baseline Switch 2916 SFP Plus and Switch 2924 SFP Plus continued Feature Description SNMP Alarms and Trap Logs The system logs events with severity codes and timestamps Events are sent as SNMP traps to a Trap Recipient List SNMP Versions 1 and 2 Spanning Tree Protocol SSL Simple Network Management Protocol SNMP over the UDP IP protocol controls access to the system 802 1d Spanning tree is a standard Layer 2 switch requirement that allows bridges to automatically prevent and resolve L2 forwarding loops Switches exchange configuration messages using specifically formatted frames and selectively enable and disable forwarding on ports Secure Socket Layer SSL is an application level protocol that enab
201. tore Image The Restore Image Page opens Figure 93 Restore Image Page CAN Baseline Switch 2924 SFP Plus oN Administration gt Firmware Upgrade Restore Image 7 3C om Restore Image I Active Image 4 Device Summary Save Configuration Download via TFTP Download via HTTP Software Download TFTP Server IP Address Source File Name Administration Device Port Security Monitoring Help vvv v l Logout Help Apply Cancel The Restore Image Page contains the following fields s Download via TFTP Enables initiating a download via the TFTP server a Download via HTTP Enables initiating a download via the HTTP server or HTTPS server m TFTP Server IP Address Specifies the TFTP Server IP Address from which the image files are downloaded Source File Name Specifies the image files to be downloaded 2 Define the relevant fields 3 Click Apply The files are downloaded and the device is updated 166 CHAPTER 14 MANAGING SYSTEM FILES Activating Image Files The Active Image Page allows network managers to select and reset the Image files The Device Boot is downloaded onto the device through the CLI To upload System files Click Administration gt Firmware Upgrade gt Active Image The Active Image Page opens Figure 94 Active Image Page No Baseline Switch 2924 SFP Plus S v Administration gt Firmware Upgrade Active Image SCOM Active Image Device Sum
202. traps are sent 2 Define the relevant fields 3 Click Apply The SNMP Traps are defined and the device is updated The SNMP Traps Remove Page allows the network manager to remove SNMP Traps Monitor users have no access to this page To remove SNMP traps Click Administration gt SNMP gt Traps gt Remove The SNMP Traps Remove Page opens Figure 75 SNMP Traps Remove Page AA Baseline Switch 2924 SFP Plus 3 C om Administration gt SNMP gt Traps Remove E eoe Device Summary Sae COME AIO I Recipient IP Community String a SNMPY1 Administration Device Port gt Security Monitoring Help l Logout Help Remove Cancel Removing SNMP Traps 141 The SNMP Traps Remove Page contains the following fields a Remove Deletes the currently selected recipient The possible field values are a Checked Removes the selected recipient from the list of recipients a Unchecked Maintains the list of recipients Recipients IP Defines the IP address to which the traps are sent Trap Displays the trap type The possible field values are a SNMP V1 Indicates that SNMP Version 1 traps are sent a SNMP V2c Indicates that SNMP Version 2 traps are sent Community String Defines the community string of the trap manager 2 Select the SNMP trap to be deleted 3 Click Remove The SNMP trap is deleted and the device is updated 13 CONFIGURING QU
203. ts with less than 64 octets excluding framing bits but including FCS octets received on the interface since the device was last refreshed Jabbers Displays the total number of received packets that were longer than 1522 octets This number excludes frame bits but includes FCS octets that had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral 174 CHAPTER 16 VIEWING STATISTICS octet Alignment Error number The field range to detect jabbers is between 20 ms and 150 ms a Collisions Displays the number of collisions received on the interface since the device was last refreshed Frames of 64 Bytes Number of 64 byte frames received on the interface since the device was last refreshed a Frames of 65 to 127 Bytes Number of 65 to 127 byte frames received on the interface since the device was last refreshed m Frames of 128 to 255 Bytes Number of 728 to 255 byte frames received on the interface since the device was last refreshed a Frames of 256 to 511 Bytes Number of 256 to 511 byte frames received on the interface since the device was last refreshed m Frames of 512 to 1023 Bytes Number of 572 to 1023 byte frames received on the interface since the device was last refreshed m Frames of 1024 to 1522 Bytes Number of 7024 to 1522 byte frames received on the interface since the device was last refreshed 2 Select a port The port
204. tup Page D N Baseline Switch 2924 SFP Plus i v Device gt ACL gt IP Based ACL Setup scom Setup Modify Remove Device Summary Save Configuration C Selection ACL Create ACL SE Administration gt Add Rules to ACL Device Port p Priority pooo Security gt Protocol Select from List fany Protocol ID fi Monitoring P Source Port ri Z Y Y E Any Had Destination Port C LOOSS S Any TCP Flags D uglset Pack Se Flpsh Set ret Set Syn Set Z Fin Set z ICMP F Select from List Echo Reply ICMP Type Any ICMP Code M IGMP F Select from List DVMRP z C IGMP Type C Any Source IP Address C Eee Wild Card Mask EEE C Any Dest IP Address Wid Cord Mack i Any Match DSCP o Match IP Precedence Eee Action Permit gt J Logout Flag Set present the flag types in the following order Urg Ack Psh Rst Syn Fin Set is represented as 1 unset as O and dont care as x Priority Protocat Destination Source Flag ICMP ICMP IGMP Source source mask Destination Destination peop Tune Tuna The P Based ACL Setup Page contains the following fields Selection ACL Selects the ACL to be bound Create ACL Defines a new user defined IP based ACL Add Rules to ACL m Priority Defines the ACL priority ACLs are checked on the first fit basis The ACL priority defines the ACL order in the ACL list m Protocol Indicates the prot
205. ual mode a Voice VLAN Port Security Indicates if port security is enabled on the Voice VLAN Port Security ensures that packets arriving with an unrecognized MAC address are dropped a No Changes Maintains the current Voice VLAN port security settings a Enable Enables port security on the Voice VLAN a Disable Disables port security on the Voice VLAN This is the default value m Select Port Enables selecting specific ports and LAGs to which the Voice VLAN settings are applied a Selected Blue Indicates the port or LAG is selected and Voice VLAN settings are applied to the port a Unselected Indicates the port or LAG is not selected and the Voice VLAN settings are not applied to the port LAG This is the default value a Selected Ports Lists the ports and LAGS on which the Voice VLAN settings are applied 2 Click a port in the Zoom View The port is highlighted blue 3 Define the Voice VLAN Port Mode and Voice VLAN Security fields 4 Click Apply The Voice VLAN port settings are defined and the device is updated 158 CHAPTER 13 CONFIGURING QUALITY OF SERVICE Viewing Voice VLAN Port Definitions The Voice VLAN Port Details Page displays the Voice VLAN port settings for specific ports The Voice VLAN Port Details Page contains the following fields m Select Port Enables selecting specific ports to which the Voice VLAN port definitions are applied a Selected Blue Indic
206. witch If you use the automatic IP configuration method you need to discover the automatically allocated IP information before you can begin management Work through the Viewing IP Information using the Console Port on page 23 Manual IP Configuration When you configure the IP information manually the switch remembers the information that you enter until you change it again You should use the Manual IP configuration method if m You do not have a DHCP server on your network or a You want to remove the risk of the IP address ever changing or Using the Command Line Interface CLI gt Connecting to the Console Port gt Using the Command Line Interface CLI 21 a Your DHCP server does not allow you to allocate static IP addresses Static IP addresses are necessary to ensure that the switch is always allocated the same IP information For most installations 3Com recommends that you configure the switch IP information manually This makes management simpler and more reliable as it is not dependent on a DHCP server and eliminates the risk of the IP address changing To manually enter IP information for your switch work through the Manually set the IP Address using the Console Port on page 22 You can access the switch through the Console port to manually set the IP address or to view the IP address that was assigned automatically for example by a DHCP server For more information about the CLI r
207. y Page contains the following fields a User Name Displays the user name The possible predefined field value Is a Admin Displays the predefined Administrative user name Access Level Displays the user access level The lowest user access level is Monitor and the highest is Management a Management Provides the user with read and write access rights a Monitor Provides the user with read access rights Defining System Access Configuring System Access 47 The System Access Setup Page allows network administrators to define users passwords and access levels for users using the System Access Interface Monitor users have no access to this page Click Administration gt System Access gt Setup The System Access Setup Page opens Figure 22 System Access Setup Page CAN Baseline Switch 2924 SFP Plus an Administration gt System Access Setup 3C om f Summary f Setup Modify Device Summary Create a User Save Configuration Username 1 8 chars Access Level Monitor z Password 1 8 chars Confirm Password Administration gt Device I Port gt Security b Monitoring Li Help Summary User Name Access Level Management monitor Monitor a Logout Help Apply Cancel The System Access Setup Page contains the following fields a User Name Defines the user name Access Level Defines the user access level The lowest user access level is Monitor
208. y checking each packet for certain IP or MAC i e Layer 2 information ARP converts between IP addresses and MAC i e hardware addresses ARP is used to locate the MAC address corresponding to a given IP address This allows the switch to use IP addresses for routing decisions and the corresponding MAC addresses to forward packets from one hop to the next BOOTP is used to provide bootup information for network devices including IP address information the address of the TFTP server that contains the devices system files and the name of the boot file CoS is supported by prioritizing packets based on the required level of service and then placing them in the appropriate output queue Data is transmitted from the queues using weighted round robin service to enforce priority service and prevent blockage of lower level queues Priority may be set according to the port default the packet s priority bit in the VLAN tag TCP UDP port number IP Precedence bit or DSCP priority bit DSCP uses a six bit tag to provide for up to 64 different forwarding behaviors Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSCP bits are mapped to the Class of Service categories and then into the output queues A system used for translating host names for network nodes into IP addresses Provides a framework for passing configuration information to hosts on a TCP IP network DHCP is based on
Download Pdf Manuals
Related Search