Allied Telesis AT-8000S User's Manual
Contents
1. wlolalatulalw ro e o A o a 3 lt SI SEI ES D a o ZS alalalalalalalalala ala 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 121e12 lt As a default the CoS Page opens displaying the port options The fields are identical when displaying the trunk CoS The CoS Page contains the following fields e QoS Mode Indicates if QoS is enabled on the interface The possible values are Basic Enables QoS on the interface Disable Disables QoS on the interface e Ports Displays the Ports CoS table e Of Unit Defines the unit number e Trunks Displays the Trunks CoS table The Cos Ports table displays the following information Number Displays the interface number Interface Lists the interfaces available for CoS configuration CoS Configuration Lists the current configuration Restore Defaults Allows restoring default CoS values Select the interfaces Check the Restore Defaults option where needed on Page 133 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide 4 Click Modify The CoS Configuration Page opens Figure 85 CoS Configuration Page e Portlel zl ec rach Set Default User Priority 0 The CoS Configuration Page contains the following fields e Interface Defines the interface for the CoS being set The possible field values are2. User Name Group Name Engine ID Authentication 1 User 1 test Local None SNMP o o D Ex EN Ki N o n Allied Telesyn Inc All rights reserved TheSNMP Users Page contains the following fields User Name Contains a list of user defined user names The field range is up to 30 alphanumeric characters Group Name Contains a list of user defined SNMP groups SNMP groups are defined in the SNMP Group Profile Page Engine ID Displays either the local or remote SNMP entity to which the user is connected Changing or removing the local SNMP Engine ID deletes the SNMPv3 user database Local Indicates that the user is connected to a local SNMP entity Remote Indicates that the user is connected to a remote SNMP entity If the Engine ID is defined remote devices receive inform messages Authentication Displays the method used to authenticate users The possible field values are MD5 Key Users are authenticated using the HMAC MD5 algorithm SHA Key Users are authenticated using the HMAC SHA 96 authentication level MD5 Password The HMAC MD5 96 password is used for authentication The user should enter a password Page 118 2 Configuring SNMP Defining SNMP Users SHA Password Users are authenticated using the HMAC SHA 96 authentication level The user should enter a password No Authentication No user authentication
3. Console show ip interface Proxy ARP is disabled IP Address I F Type Broadcast Directed 100 1 1 1 24 vlan 1 static disable Page 175 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide User Name A user name is used to manage the device remotely for example through SSH Telnet or the Web interface To gain complete administrative super user control over the device the highest privilege 15 must be specified N Note Only an administrator super user with the highest privilege level 15 is allowed to manage the device through the Web browser interface For more information about the privilege level see the CLI Reference Guide The configured user name is entered as a login name for remote management sessions To configure user name and privilege level enter the command at the system prompt as shown in the configuration example Console gt enable Console configure Console config username admin password lee privilege 15 Downloading Software For this explanation the following parameters are going to be used e TFTP Server 172 16 101 101 e System software file file 1 e Boot file file 2 Standalone Device Software Download To download software an a standalone device perform the following 1 Power up the device as described in the Allied Telesis AT 8000S Installation Guide The CLI command prompt is displayed Console 2 Enter the c
4. E Es o N o am General Administrator System Name IP Address 10 16 ba P 222 Administrator Subnet Mask 255 255 JS o 1000x641 Comments Default Gateway DHCP Configuration C Enable MAC Address Aging Time Disable 300 Sec The following table lists the interface components with their corresponding numbers Table 1 Interface Components Component Description 1 Menu The Menu provides easy navigation through the main management software features In addition the Menu provides general navigation options Tabs Provide navigation to configurable device sub features Management Buttons Enable configuring parameters and navigation to other pages see Using the Management Buttons Page 13 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Using the Management Buttons Management buttons provide an easy method of configuring device information and include the following Table 2 Configuration Management Buttons Button Name Description Add Opens a page which creates new configuration entries Create Opens a page which creates new configuration entries Modify Modifies the configuration settings The configuration change is saved to the Running Configuration file and is maintained until reset or power up Apply Saves configuration changes to the device The configuration change is saved to
5. Enable Enables Guest VLANs Disable Disables Guest VLANs Guest VLAN ID Lists the currently defined VLANs Click Enable Port Access Select the Authentication Method Define the VLAN fields Click Apply The 802 1x access is configured globally and device information is updated To modify port based authentication settings 1 Click Settings The Port Authentication Settings Page opens Figure 30 Port Authentication Settings Page Port e18 sl User Name Admin Port Control Authorized y Current Port Control Authonzed Enable Guest VLAN D Enable Periodic Reauthentication 7 Reauthentication Period 3600 Reauthenticate Now Tr Authenticator State Initialize Quiet Period fo o Resending EAP Bo Max EAP Requests 2 Supplicant Timeout Bo Server Timeout pooo Termination Cause Port re initialize Apply Geet The Port Authentication Settings Page contains the following port authentication parameters Port Displays a list of interfaces on which port based authentication is enabled User Name Displays the supplicant user name Current Port Control Displays the current port authorization state The possible field values are Page 50 Configuring Device Security Configuring Network Security Auto Enables port based authentication on the device The interface moves between an authorized or unauthorized state based on the authentication exchange between the device
6. Logging Out The Logout option enables the user to log out of the device thereby terminating the running session To log out e In any page click Logout on the menu The current management session is ended and the Login Page opens Figure 8 Login Page User Name Password Sign in Clear Copyright 2006 Allied Telesyn Inc All rights reserved For more information about login refer to Starting the Application Page 16 Getting Started Resetting the Device Resetting the Device The Reset option enables resetting the device from a remote location N Note Save all changes to the Running Configuration file before resetting the device This prevents the current device configuration from being lost See also Managing System Files To reset the device 1 Inthe System General Page click Reset You are prompted to confirm 2 Click OK The device is reset Resetting the device ends the web browser management session You must restart the session to continue managing the device After the device is reset a prompt for a user name and password displays 3 Enter a user name and password to reconnect to the Web Interface To reset the device to the predefined default configuration e Inthe System General Page click Defaults The default settings are restored and the device is reset Page 17 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Section 2 Defining Sys
7. Page 122 Configuring SNMP Configuring SNMP Notifications The SNMP Notify Page contains tables for SNMPv2 and SNMP v3 notification recipients and lists the following parameters SNMPv1 2c Notification Recipient The SNMP v1 v2c Recipient table contains the following fields e Recipients IP Displays the IP address to which the traps are sent e Notification Type Displays the type of notification sent The possible field values are Trap Indicates that traps are sent nform Indicates that informs are sent e Community String Displays the community string of the trap manager e Notification Version Displays the trap type The possible field values are SNMP V1 Indicates that SNMP Version 1 traps are sent SNMP V2c Indicates that SNMP Version 2 traps are sent e UDP Port Displays the UDP port used to send notifications The field range is 1 65535 The default is 162 e Filter Name Indicates if the SNMP filter for which the SNMP Notification filter is defined e Timeout Indicates the amount of time in seconds the device waits before resending informs The field range is 1 300 The default is 15 seconds e Retries Indicates the number of times the device resends an inform request The field range is 1 255 The default is 3 SNMPv3 Notification Recipient The SNMPv3 Notification Recipient table contains the following fields e Recipients IP Displays the IP addres
8. Port Defines CoS for port Trunk Defines CoS for trunk e Set Default User Priority Indicates the priority level for CoS on the selected port trunk Default Priority determines the default CoS value for incoming packets The value range is 0 7 and the default is 0 5 Select the nterface and the Priority level 6 Click Apply The CoS settings for the selected port trunk are updated Page 134 Configuring Services Configuring CoS Priorities Configuring CoS Priorities The CoS Queuing amp Scheduling Page provides fields for configuring CoS Priority to Egress Queues and for defining Egress Weights The queue settings are set system wide To define schedule and queue settings for Quality of Service 1 Click Services gt Queuing amp Scheduling The CoS Queuing amp Scheduling Page opens Figure 86 CoS Queuing amp Scheduling Page Queuing amp Scheduling Configure Scheduling Select Schedule Strict Priority Weighted Priority 999x634 Configure Priority to Egress Queues Configure CoS Services Configure DSCP o o D E Es gt o D o o mn Allied Telesyn Inc All rights reserved The CoS Queuing amp Scheduling Page contains scheduling and Priority Queue settings for the defined CoS and DSCP and contains the following fields Select Schedule Defines the priority method in queuing Strict Priority Indicat
9. Timeout for Reply Defines the time interval in seconds that passes before the connection between the device and the TACACS server times out The field range is 1 60 seconds and the default is 10 seconds Key String Defines the default key string Server Displays the server number Host IP Address Displays the TACACS server IP address Priority Defines the order in which the TACACS servers are used The field range is 0 65535 The default is 0 Authorization Port Identifies the authentication port The authentication port is used to verify the TACACS server authentication Timeout for Reply Defines the time interval in seconds that passes before the connection between the device and the TACACS server times out The field range is 1 60 seconds and the default is 10 seconds Single Connection Maintains a single open connection between the device and the TACACS server The possible field values are Checked Enables a single connection Unchecked Disables a single connection Status Indicates the connection status between the device and the TACACS server The possible field values are Connected Indicates there is currently a connection between the device and the TACACS server Not Connected Indicates there is not currently a connection between the device and the TACACS server Click Create The Add TACACS Page opens Page 39 Allied Telesis AT 8000S Sw
10. c ccceceeeeeeeeeeeeeeeeeeeeeececeeeeeeaaeeseeaeeeeaaaeeeeaeeeenaaeeseeaeesenaaeeees 27 Defining Access e UE 28 Defining Profile RUl S aa rana a He eave eee Ee ed eed ates Sd dawn eat db had he ed 31 Defining Authentication Profiles c ccccseceseseeceteeeeeeeeeaeesensesesceeeessceneeeesecedenegesenseeeeseseeeesneneseeenseeeess 34 Mapping Authentication Profiles AAA 37 Configuring Server Based Authenticatton nr narran 38 Configuring TACA rain 38 Configuring RADIUS EE 41 Contigtiring Local USFS EE 43 Configuring Network Security i sisanne aana aaan iaaa aiaa a a a aaa aeaaeae a Naa eana 45 Network Security OVervieW tcc ek ee ie ein da ee deene arar 46 Managing Port Secure EE E 46 Defining 302 1POrbACC SS ct cinc rte tc ia dict 49 Enabling Storm Control EE 52 Page 1 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Configuring e 54 Defining Port Settings tii OA a a ans 55 Configuring Port MIONN EE 59 Aggregating POS iiyaa stat tee Pant dae aa heats add hehe oe catalase at heated teal anaes 62 Defining Trunk Settings EEN 63 Defining Port Tru nkinG WEE 67 Contiguring LACRA a da fa 69 Configuring Interfaces ise it 70 Defining MAC Addreseses A 71 Configuring VEAN EE 74 Defining VELAN Properties Case ES a a edi 75 Defining VLAN Interface Settings A 77 Defini GVRP EE 79 Configuring System Logs E 82 Defining Log Settings EE 83 Clearing Event e EE 85 Configuring Log Servers ui ii 85 S
11. Configuring SNTP The device supports the Simple Network Time Protocol SNTP SNTP assures accurate network device clock time synchronization up to the millisecond Time synchronization is performed by a network SNTP server The device operates only as an SNTP client and cannot provide time services to other systems The device can poll the following server types for the server time e Unicast e Anycast e Broadcast Time sources are established by stratums Stratums define the accuracy of the reference clock The higher the stratum where zero is the highest the more accurate the clock The device receives time from stratum 1 and above The following is an example of stratums Stratum 0 A real time clock such as a GPS system is used as the time source Stratum 1 A server that is directly linked to a Stratum O time source is used Stratum 1 time servers provide primary network time standards Stratum 2 The time source is distanced from the Stratum 1 server over a network path For example a Stratum 2 server receives the time over a network link via NTP from a Stratum 1 server Polling for Unicast Time Information Polling for Unicast information is used for polling a server for which the IP address is known T1 T4 are used to determine the server time This is the preferred method for synchronizing device time Polling for Anycast Time Information Polling for Anycast information is used when the SNTP server I
12. Each table contains the following fields e Profile Name Contains a list of user defined authentication profile lists to which user defined authentication profiles are added The default configuration displays as Console Default and Network Default e Methods Indicates the authentication method for the selected authentication profile The possible authentication methods are None Assigns no authentication method to the authentication profile Line Indicates that authentication uses a line password Enable Indicates that authentication uses an Enable password Page 34 Configuring Device Security Configuring Management Security Local Authenticates the user at the device level The device checks the user name and password for authentication RADIUS Authenticates the user at the RADIUS server For more information see Defining RADIUS Server Settings TACACS Authenticates the user at the TACACS server For more information see Defining TACACS Host Settings Local RADIUS Indicates that authentication first occurs locally If authentication cannot be verified locally the RADIUS server authenticates the management method If the RADIUS server cannot authenticate the management method the session is blocked RADIUS Local Indicates that authentication first occurs at the RADIUS server If authentication cannot be verified at the RADIUS server the session is authenticated
13. Link State Indicates the current link status Members Indicates the ports which are defined for the trunk Select the trunk to modify Click Modify The Modify Trunk Page opens Page 67 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Figure 40 Modify Trunk Page Trunk Name Unit Number Trunk Members In addition to the fields in the The Port Trunking Page the Modify Trunk Page contians the following additional field e LACP Indicates if LACP is enabled on the trunk The possible field values are Checked Enables LACP on the trunk Unchecked Disables LACP on the trunk This is the default value 4 Modify the Trunk ID LACP Unit Number and Trunk LAG Name fields 5 Select the ports for the trunk from the Port List using the zl arrow The selected ports are displayed as Trunk Members 6 Click Apply Trunking information is modified and the device is updated 7 Click Save Config in the Trunk Settings Page menu to permanently save the changes Page 68 Configuring Ports Aggregating Ports Configuring LACP LAG ports can contain different media types if the ports are operating at the same speed Aggregated links can be set up manually or automatically established by enabling Link Aggregation Control Protocol LACP on the relevant links Aggregate ports can be linked into link aggregation port groups Each group is comprised of ports with th
14. Provides device information Debug Provides detailed information about the log If a Debug error occurs contact Customer Tech Support Provides detailed information about the log If a Debug error occurs contact Customer Tech Support The Event Log Page page contains fields for defining which events are recorded to which logs It contains fields for enabling logs globally and parameters for defining logs Page 83 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide To define system log parameters 1 Click System gt Event Log The Event Log Page opens Figure 50 Event Log Page Event Log O Console Informational O Temporary Informational ero Seo z259 303 Fa ES p H ue fan cn a5 S aaa The Event Log Page contains the following fields e Minimum Severity Indicates the minimum severity level to be included in the log output All logs that have the severity higher than the minimum severity are also included in the output When the minimum severity level is defined logs of all higher severity levels are selected automatically Disable Disables minimum severity Enable Enables minimum severity The Log Outputs table displays the following log information e Type Indicates the log type included in the output The possible values are Console Indicates that the output is of a console log Te
15. Read Management access is restricted to read only and changes cannot be made to the assigned SNMP view Write Management access is read write and changes can be made to the assigned SNMP view Notify Sends traps for the assigned SNMP view 2 Click Create The Create SNMP Group Profile Page opens Figure 73 Create SNMP Group Profile Page Group Name Security Model SNMPv1 y Operation Security Level T Read Default No Authenticatior T Write Default 3 Define the Group Name Security Level Security Model and Operation 4 Click Apply The SNMP group profile is saved To modify an SNMP group 1 Click SNMP gt Groups The SNMP Group Page opens 2 Click Modify The Modify SNMP Group Profile Page opens Figure 74 Modify SNMP Group Profile Page Security Model SNMPv1 y Group Name gr2 y Operation Security Level IT Read Default y I Write Default y FT Notify Default T 3 Define the Group Name Security Level Security Model and Operation 4 Click Apply The SNMP group profile is saved Page 117 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Defining SNMP Users The SNMP Users Page enables assigning system users to SNMP groups as well as defining the user authentication method To define SNMP group membership 1 Click SNMP gt Users The SNMP Users Page opens Figure 75 SNMP Users Page
16. SNMPw1 2 Community String Notification Version C SNMPw3 User Name Security Level UDP Port F Filter Name Timeout Retries 3 Define the Recipient IP Notification Type SNMPv1 2 Community String Notification Version SNMPv3 User Name and Security Level fields 4 Click Apply The notification recipient settings are saved and the device is updated Defining Notification Filters The SNMP Notification Filter Page permits filtering traps based on OIDs Each OID is linked to a device feature or a portion of a feature The SNMP Notification Filter Page also allows network managers to filter notifications To configure SNMP notification filters 1 Click SNMP gt Notify The SNMP Notify Page opens 2 Click Configure next to Configure Notification Filters The opens Page 124 Configuring SNMP Configuring SNMP Notifications Figure 81 SNMP Notification Filter Settings Page A Si e JE Object ID Subtree Filter Type 1 3 6 1 2 1 4 Excluded SNMP o o D s z A o N E e a Allied Telesyn Inc All rights reserved 3 Define the Filter Name New Object Identifier Tree and Filter Type fields 4 Click Apply The SNMP notification filter is defined and the device is updated Page 125 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Section 11 Configuring Power Over Ethernet This section
17. Up Indicates that the trunk is currently operating Page 64 Configuring Ports Aggregating Ports Down Indicates that the trunk is currently not operating Current Trunk Status Indicates whether the trunk is currently operational or non operational The possible field values are Up Indicates the trunk is currently operating Down Indicates the trunk is currently not operating Reactivate Suspended Reactivates suspended trunks The possible field values are Checked Reactivates the selected suspended trunk Unchecked Maintains the trunk status This is the default value Operational Status Indicates the trunk operational status Possible field values are Suspended The trunk is currently active and is not receiving or transmitting traffic Active Indicates the trunk is currently active and is receiving and transmitting traffic Disable Indicates the trunk is currently disabled and is not receiving or transmitting traffic Admin Speed Indicates the configured rate for the trunk The trunk type determines what speed setting options are available Admin speed can only be designated when the trunk is disabled Current Trunk Speed Displays the configured rate for the trunk The trunk type determines the speed settings available trunk speeds can only be configured when auto negotiation is disabled The possible field values are 10 Indic
18. 18 F factory defaults restoring 141 FCS 156 160 FCS error 156 160 file management overview 141 Frame Check Sequence 156 160 Page 184 G GARP VLAN Registration Protocol GVRP 79 GVRP configuration 79 GVRP configuration 79 81 IGMP Snooping 102 interface configuration access profiles 28 Internet Group Management Protocol IGMP 102 L Link Control Protocol LCP 95 Mac Address Aging Time 19 MAC addresses 71 Multicast Forwarding 102 multicast forwarding 102 Multiple Spanning Tree Protocol MSTP 96 N Network Control Protocol NCP 95 P PoE configuration enabling 127 port based authentication 46 port security configuration 47 ports configuration parameters 55 Powered Devices 126 Power over Ethernet PoE 126 R RADIUS authentication 41 RADIUS server authentication methods 35 Remote Authorization Dial In User Service RADIUS 41 restoring configuration file to factory defaults 141 S security 802 1x port access 49 Page 185 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide server based authentication methods 38 servers configuration RADIUS 41 TACACS 38 Simple Network Management Protocol SNMP 110 Simple Network Time Protocol SNTP 23 SNMP communities 114 overview 111 versions 111 SNTP configuration 23 SNTP overview anycast time 23 broadcast time 23 unicast time 23 Stacking 168 configuration 172 management interfaces 169 members 170 stack
19. Access rights are managed by defining communities in the SNMP Community Page When the community names are changed access rights are also changed SNMP communities are defined only for SNMP v1 and SNMP v2c NI Note The device switch is delivered with no community strings configured To define SNMP communities 1 Figure 70 SNMP Community Page Click SNMP gt Community The SNMP Global Page opens The SNMP Community Page opens Era 0 GI PEE eae le A H nz o 23 293 FA aan Community Ga a Basic Table Management Station Community String Access Mode View Name 1 10 6 39 16 comstring Default 2 10 6 60 13 comstring Read Only Default Advanced Table Management Station Community String Group Name c 1 10 6 39 13 comstring test The SNMP Community Page contains the Basic and the Advanced Table SNMP Communities Basic Table The SNMP Communities Basic Table contains the following fields community Management Station Displays the management station IP address for which the basic SNMP community is defined Community String Defines the password used to authenticate the management station to the device Access Mode Defines the access rights of the community The possible field values are Read Only Management access is restricted to read only and changes cannot be made to the Page 114 Co
20. CRC Align Errors Displays the number of CRC and Align errors that have occurred on the interface since the device was last refreshed Page 159 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Undersize Packets Displays the number of undersized packets less than 64 octets received on the interface since the device was last refreshed e Oversize Packets Displays the number of oversized packets over 1518 octets received on the interface since the device was last refreshed e Fragments Displays the number of fragments packets with less than 64 octets excluding framing bits but including FCS octets received on the interface since the device was last refreshed Jabbers Displays the total number of received packets that were longer than 1518 octets This number excludes frame bits but includes FCS octets that had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral octet Alignment Error number The field range to detect jabbers is between 20 ms and 150 ms e Collisions Displays the number of collisions received on the interface since the device was last refreshed Utilization Displays the percentage of the interface utilized Select an entry in the History Entry No field Select the sample number The statistics are displayed Click RMON History to return to the RMON History Page oR we Page 160 Viewing Stat
21. Current Auto Negotiation Displays the current Auto Negotiation setting Current Advertisement Indicates the port advertises its speed to its neighbor port to start the negotiation process The possible field values are those specified in the Admin Advertisement field Neighbor Advertisement Indicates the neighboring port s advertisement settings The field values are identical to the Admin Advertisement field values Advertisement Defines the auto negotiation setting the port advertises The possible field values are Max Capability Indicates that all port speeds and duplex mode settings are accepted 10 Half Indicates that the port advertises for a 10 Mbps speed port and half duplex mode setting 10 Full Indicates that the port advertises for a 10 Mbps speed port and full duplex mode setting 100 Half Indicates that the port advertises for a 100 Mbps speed port and half duplex mode setting 100 Full Indicates that the port advertises for a 100 Mbps speed port and full duplex mode setting 1000 Full Indicates that the port advertises for a 1000 Mbps speed port and full duplex mode setting Back Pressure Displays the back pressure mode on the port Back pressure mode is used with half duplex mode to disable ports from receiving messages Flow Control Displays the flow control status on the port Operates when the port is in full duplex mode Enable Indicates that flow contro
22. E E T A E E T 136 Mapping CoS Values to Queues cccoocccoccconccconcnoncnnoncnoncnoncn nn nn rnnc cnn nr arc nan nn nn nr rca n rra r nene a rr n cn enn nana cnn 136 Mapping DSCP Values to Queues ee eeeceeeeeeeeeeeeeeeeneteaeeseeceaeecaeeseaeesaeeseaeeeaeeseeeeeaeesaeeseaeesieeeneeeneeeaes 137 Configuring Bandwidth QoS ccccccceeceeceeeeeeeeeeeeceeeeceaaeeeceeeeceaaeeesaaeeeseaeeeseaaeeseeeeeesiaeeeeeeeeesaes 138 Managing System TEE 140 Restoring the Default Configuration cceccececeeeeeeeeeee cones eeeeaeeseaeeeeeaaeeeeeeeseaeseeeeeeesaaeeseneeess 141 Defining TFTP File Uploads and Downloads AAA 142 Viewing Integrated Cable Tests anar nnnnrrnrrn nc rnrrnrrnrn 145 Viewing Optical Transceivers cccccccceceseeeceeeeeeeaeeeeeeeeeceaaeseceeeseaaessneneeeseaeeeseeeeesscaeesteaseeenaees 147 ue BAC 148 VIGWING Statistics ia 150 Viewing Interface Giatetlce AA 151 Viewing Interface Statistics niner erinnere eted elie noia 151 Viewing Etherlike Statistics coca iria 153 Managing RMON StatistiCs sieccite asteecateteteesdeeesdeeediennrnbedhaghhadietive nad dra pidas 155 Viewing RMON We Ee 155 Contiguring RMON History sic eh Goin dade ce ve tie N eias 157 Contigtring RMON Events E 161 Defining RMON Alarm iii ota 164 Managing ET e EE 168 Ee ie He EE 169 ele alle Hie We el VE 169 Stacking Chain Kei e VE 169 Stacking Members and Unit ID 170 Removing and Replacing Stacking Members 170 Exchanging Stacki
23. Enable rc na 16 Theesen zt d Tele DissbisdAl Tastis r The RSTP Page contains the following fields Unit Number Indicates the stacking member for which the Rapid STP information is displayed e Interface Displays the port or LAG on which Rapid STP is enabled e State Indicates if e Role Displays the port role assigned by the STP algorithm to provide to STP paths The possible field values are Root Provides the lowest cost path to forward packets to the root switch Designated The port or LAG through which the designated switch is attached to the LAN Alternate Provides an alternate path to the root switch from the root interface Page 94 Configuring Spanning Tree Configuring Rapid Spanning Tree Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports occur only when two ports are connected in a loop by a point to point link or when a LAN has two or more connections to a shared segment Disabled The port is not participating in the Spanning Tree e Mode Displays the current STP mode The STP mode is selected in the Spanning Tree Page The possible field values are STP Classic STP is enabled on the device Rapid STP Rapid STP is enabled on the device Multiple STP Multiple STP is enabled on the device e Fast Link Operational Status Indicates whether Fast Link is enabled or
24. One Master enabled stack member is elected Stacking Master and the other Master enabled stack member is elected Secondary Master according to the following decision process If only one Master enabled unit is present it is elected Stacking Master If two Master enabled stacking members are present and one has been manually configured as the Stacking Master the manually configured member is elected Stacking Master If two Master enabled units are present and neither has been manually configured as the Stacking Master the one with the longer up time is elected Stacking Master If the two Master enabled stacking members are the same age Unit 1 is elected Stacking Master Two stacking member are considered the same age if they were inserted within the same ten minute interval For example if Stack member 2 is inserted in the first minute of a ten minute cycle and Stack member 1 is inserted in fifth minute of the same cycle the units are considered the same age If there are two Master enabled units that are the same age then Unit 1 is elected Stacking Master The Stacking Master and the Secondary Master maintain a Warm Standby The Warm Standby ensures that the Secondary Master takes over for the Stacking Master if a failover occurs This guarantees that the stack continues to operate normally During the Warm Standby the Master and the Secondary Master are synchronized with the static configuration only When the Stacking Master is con
25. System Time Defaults The following is the system time default SNTP Enabled Spanning Tree Defaults The following are the spanning tree defaults STP Disabled STP Port Disabled Rapid STP Disabled Multiple STP Disabled Address Table Defaults The following the Address Table defaults Number of 8 000 MAC Entires MAC Address 300 seconds Aging Time Page 182 VLAN Default The following are the VLAN defaults Possible VLANs 256 GVRP Disabled Join Timer 20 centiseconds Leave Timer 60 centiseconds Leave All Timer 1000 centiseconds Trunking Defaults The following are the trunking defaults Possible Trunks 8 Possible Ports per 8 Trunk LACP Ports Trunk 16 Multicast Defaults The following are the Multicast defaults IGMP Snooping Disable Maximum Multicast 256 Groups System Defaults VLAN Default Page 183 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Index Symbols 802 1x port access 49 A access profiles rules 31 authentication methods HTTP 38 secure HTTP 37 authentication profiles 34 mapping 37 Secure Shell SSH 37 B BPDU handling 90 max hops 97 C CIR 139 Class of Service CoS 132 Committed Burst Siz 139 Committed Information Rate 139 D Daylight Saving Time DST 24 Daylight Saving Time configuration broadcast time 23 DST per country 20 parameters 24 device management methods 28 29 Dynamic Host Configuration Protocol DHCP
26. This section contains information on configuring the interfaces of the device This section describes the following topics e Defining MAC Addresses e Configuring VLANs Page 70 Configuring Interfaces Defining MAC Addresses Defining MAC Addresses The MAC Address Page contains parameters for querying information in the Static Mac Address Table and the Dynamic MAC Address Table The MAC Address tables contain address parameters by which packets are directly forwarded to the ports and can be sorted by interface VLAN and MAC Address To configure MAC addresses 1 Click Layer 2 gt MAC Address The MAC Address Page opens Figure 42 MAC Address Page Name 00 00 60 01 22 33 MAC Address View Add Unicast MAC Addresses View Static I View MAC Addresses on Interface e1 Y Pot Trunk L 2 ayer I View MAC Addresses for VLAN C View Dynamic View MAC Address 00 00 10 view JI ada Delete All Dynamic MAC Addresses Click Delete to Remove All Dynamic MAC Addresses o o D SE Es Ei o N o a Allied Telesyn Inc All rights reserved The MAC Address Page contains the following sections e View Add Unicast MAC Addresses Enables viewing and configuring Unicast addresses e View Add Multicast MAC Addresses Enables viewing and configuring Multicast addresses The fields in both page sections are the same Only one page can be selected at a time The d
27. the software from the Stacking Master to all the Stacking Members use the character instead of the Stacking Member number number 4 in this example Console copy unit 1 image unit 4 image 3 Reboot the devices being updated The allocated devices boot up with the updated boot and system files Page 179 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Appendix B System Defaults This section contians the system defaults and includes the following topics RS 232 Port Settings Port Defaults Configuration Defaults Security Defaults System Time Defaults Spanning Tree Defaults Address Table Defaults VLAN Default Trunking Defaults Multicast Defaults Page 180 RS 232 Port Settings The following table contains the RS 232 port setting defaults Data Bits 8 Stop Bits 1 Parity None Flow Control None Baud Rate 115 200 bps Port Defaults The following are the port defaults Head of Line Enabled Blocking Back Pressure Disabled Configuration Defaults The following are the initial device configuration defaults Default User Name Manager Default Password friend System Name None Comments None BootP Enabled DHCP Disable Security Defaults The following are the system security defaults System Defaults RS 232 Port Settings Page 181 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Locked Ports Disabled 802 1X Disabled
28. Chain Topology e Stacking Members and Unit ID e Removing and Replacing Stacking Members e Exchanging Stacking Members Stacking Ring Topology Stacked devices operate in a Ring topology A Ring topology is where all devices in the stack are connected to each other forming a circle Each stacked device accepts data and sends it to the device to which it is physically connected The packet continues through the stack until it reaches the destination port The system automatically discovers the optimal path on which to send traffic Most difficulties in Ring topologies occur when a device in the ring becomes non functional or a link is severed In a stack the system automatically switches to a Stacking Failover topology without any system downtime An SNMP message is automatically generated but no stack management action is required However the stacking link or stacking member must be repaired to ensure the stacking integrity After the stacking issues are resolved the device can be reconnected to the stack without interruption and the Ring topology is restored Stacking Chain Topology If a failure occurs in the stacking topology the stack reverts to Stacking Chain Topology In the Chain topology devices operate in a chain formation The Stacking Master determines where the packets are sent Each unit is connected to two neighboring devices except for the top and bottom units Page 169 Allied Telesis AT 8000S Switch Web B
29. Click Apply The access profile is saved and the device is updated 5 Click Save Config on the menu to save the changes permanently Page 30 Configuring Device Security Configuring Management Security Defining Profile Rules Access profiles can contain up to 128 rules that determine which users can manage the device module and by which methods Users can also be blocked from accessing the device Rules are composed of filters including Rule Priority Interface Management Method IP Address Prefix Length Forwarding Action To define profile rules 1 Click Mgmt Security gt Profile Rules The Profile Rules Page opens Figure 13 Profile Rules Page oe z 00 00 b0 01 22 33 Access Profile Name Console Only y Priority Interface Management Method Source IP Address Prefix Length Action jiji All 132 Deny Mgmt Securi Delete Add modify em Name o Eeer D E P Ga o N an Access Profile Name Displays the access profile to which the rule is attached Priority Defines the rule priority When the packet is matched to a rule user groups are either granted permission or denied device management access The rule number is essential to matching packets to rules as packets are matched on a first fit basis Interface Indicates the interface type to which the rule applies The possible field values are Port Attaches th
30. Description Type rg ee LACP _ ier Trunk 1 Unknown Unknown Disable Mgmt Security C Trunk 2 Unknown Unknown Disable SNMP Trunk 3 Unknown Unknown Disable L Mgmt Protocols C Trunk 4 Unknown Unknown Disable Cesa Trunk 5 Unknown Unknown Disable Services C Trunk 6 Unknown Unknown Disable ___Mutticast__ Trunk 7 Unknown Unknown Unknown Unknown Unknown Disable C Trunk 8 Unknown Unknown Unknown Unknown Unknown Disable C Save Config Modify Help Logout Allied Telesyn Inc All rights reserved The Trunk Settings Page displays information about the currently defined trunks and contains the following fields e Trunk Displays the trunk name e Description Displays the user defined trunk name and or description e Type Indicates the type of LAG defined by the first port assigned to the trunk For example 100 Copper or 100 Fiber e Status Indicates if the LAG is currently linked The possible field values are Up Indicates the LAG is currently linked and is forwarding or receiving traffic Down Indicates the LAG is not currently linked and is not forwarding or receiving traffic e Speed Displays the configured aggregated rate for the trunk The possible field values are 10 Indicates the port is currently operating at 10 Mbps 100 Indicates the port is currently operating at 100 Mbps 1000 Indicates the port is currently
31. Dynamic Indicates the VLAN was dynamically created through GARP Static Indicates the VLAN is user defined Default Indicates the VLAN is the default VLAN e Authentication Indicates whether unauthorized users can access a Guest VLAN The possible field values are Enable Enables unauthorized users to use the Guest VLAN Disable Disables unauthorized users from using the Guest VLAN Page 75 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide The Zoom View shows port representation on the device and enables selecting ports for the VLAN The Zoom View of VLAN ports includes the following indicators e Include Indicates that the port is included in the VLAN e E Exclude Indicates that the port is excluded from the VLAN F Forbidden Indicates that the port cannot be included in the VLAN Page 76 Configuring Interfaces Configuring VLANs Defining VLAN Interface Settings The VLAN Member Interface Settings Page contains fields for managing ports that are part of a VLAN The Port Default VLAN ID PVID is configured on the Modify Interface Configuration Page All untagged packets arriving at the device are tagged with the port PVID To define VLAN interface 1 Click Layer 2 gt VLAN Interface The VLAN Interface Page opens Figure 46 VLAN Interface Page VLAH Interface Ports C Trunks Ingress Reserved Filtering VL
32. E Ki N o E ag em Name 00 00 b0 01 22 33 MAC Addr 802 1 Port Access Configure Port Access Parameters FT Enable Port Access I Guest VLAN Authentication Method VLAN List RADIUS y The 802 1x Port Access Page contains the following fields Enable Port Access Enables the 802 1x port access globally The possible values are Checked Enables the 802 1x port access on the device Unchecked Disables the 802 1x port access on the device This is the default value e Authentication Method Displays the method by which the last session was authenticated The possible field values are None Indicates that no authentication method is used to authenticate the port RADIUS Provides port authentication using the RADIUS server RADIUS None Provides port authentication first using the RADIUS server If the port is not authenticated then no authentication method is used and the session is permitted Guest VLAN Provides limited network access to authorized ports If a port is denied network access via port based authorization but the Guest VLAN field is enabled the port receives limited network access Page 49 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide 92 ON For example a network administrator can use Guest VLANs to deny network access via port based authentication but grant Internet access to unauthorized users The possible field values are
33. Facility Defines an application from which system logs are sent to the remote server Only one facility can be assigned to a single server If a second facility level is assigned the first facility is overridden All applications defined for a device utilize the same facility on a server The field default is Local 7 The possible field values are Local 0 Local 7 e Description Provides any additional information about the syslog server for example its location e Minimum Severity Indicates the minimum severity level to be included in the log output All logs that have the severity higher than the minimum severity are also included in the output When the minimum severity level is defined logs of all higher severity levels are selected automatically 4 Define the P Address UDP Port Facility Description and Minimum Severity fields Click Apply The Log server is defined and the device is updated a Page 85 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Setting System Log Display The Modify Event Log Output Page contains options to set output parameters for system logs To configure log output properties 1 2 3 Click System gt Event Log The Event Log Page opens Select a Log Type in the Configure Log Outputs table Click Modify The Modify Event Log Output Page opens Figure 52 Modify Event Log Output Page Enable Logging Iv Severi
34. Mgmt Protocols MSTP Designated Bridge ID asa MST WA TI Services Port State Designated Port ID Emer MA TE Type Designated Cost see A WA Save Config Role Forward Transitions mee nn NA Mode Remain Hops N A NA Copyright 2006 Allied Telesyn Inc All rights reserved The MSTP Interface Settings Page contains the following fields e Instance ID Lists the MSTP instances configured on the device The possible field range is 0 7 e Interface Priority Defines the interface priority for the specified instance The default value is 128 e Interface Displays the interface for which the MSTP settings are displayed The possible field values are Port of Unit Specifies the port for which the MSTP settings are displayed LAG Specifies the LAG for which the MSTP settings are displayed e Path Cost Indicates the port contribution to the Spanning Tree instance The field range is 1 200 000 000 e MSTP Specifies whether or not MSTP is enabled on the interface The possible field values are Enable Enables MSTP on the interface Disable Disables MSTP on the interface e Port State Indicates whether the port is enabled for the specific instance The possible field values are Enable Enables the port for the specific instance Page 98 Configuring Spanning Tree Configuring Multiple Spanning Tree Disable Disables the port for the specific instance Type Indic
35. Page contains the following fields N Note MAC Address Defines the static or dynamic Unicast MAC address Port Number Indicates the port on which the address was learned or assigned The MAC address with port CPU is the address of the device VLAN ID Displays the VLAN ID number to which the entry refers Status Indicates the current status of the address The possible values are Permanent The MAC address is permanent Delete on Reset The MAC address is deleted when the device is reset Delete on Timeout The MAC address is deleted when a timeout occurs Secure Options The MAC Address is defined for locked ports When viewed the information also includes the Type of the address static or dynamic Page 72 Configuring Interfaces Defining MAC Addresses 4 Click Apply The new MAC address is added to the addresses table and the device information is updated To delete all MAC addresses 1 Click Layer 2 gt MAC Address The MAC Address Page opens 2 Click Delete in the Delete All MAC Addresses section of the MAC Address Page All addresses are cleared from the Dynamic MAC Address Table and the device begins to learn new addresses as packets arrive on the ports To view or remove MAC addresses 1 Click Layer 2 gt MAC Address The MAC Address Page opens 2 Click View in either View Add Unicast MAC Addresses section or the View Add Multicast MAC Addresses section The
36. Rro 0 KW WW PEE 4 fas St A 220 L 3p 8 PIO am The MSTP Page contains the following fields Region Name User defined STP region name e Revision An unsigned 16 bit number that identifies the revision of the current MSTP configuration The revision number is required as part of the MSTP configuration The possible field range is 0 65535 e Max Hops Specifies the total number of hops that occur in a specific region before the BPDU is discarded Once the BPDU is discarded the port information is aged out The possible field range is 1 40 The field default is 20 hops e IST Master Identifies the Spanning Tree Master instance The IST Master is the specified instance root Page 97 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Defining MSTP Interfaces Network administrators can assign MSTP settings to a specific interface port or LAG using the MSTP Interface Settings Page To define MSTP interface settings 1 Click Layer 2 gt MSTP The MSTP Page opens 2 Click Configure next to the Configure Interface Settings option The MSTP Interface Settings Page opens Figure 60 MSTP Interface Settings Page Name 00 00 b0 01 22 33 MSTP Interface Settings System Eessen Instance ID Interface Priority 0 240 in steps of 16 me pa C Mgmt Security Interface Path Cost 1 200 000 000 SNMP e Port el y C Trunk 2000000 T Use Default IT
37. The Modify PoE Page opens Page 128 Configuring Power Over Ethernet Defining PoE Settings Figure 83 Modify PoE Page Interface 111 Admin Mode Output Current ma Enable y 0 0 Priority Level Output Power Watt 0 0 Power Limit Watt 0 0 Output Voltage Volt Status 0 0 Disabled The Modify PoE Page displays the currently configured PoE ports and contains the following information e Interface Displays the selected port s number Admin Mode Indicates whether PoE is enabled or disabled on the port The possible values are Enable Enables PoE on the port This is the default setting Disable Disables PoE on the port e Priority Level Indicates the PoE ports priority The possible values are High Medium and Low The default is Low Class Indicates the power class the IEEE 802 3af class of the device e Output Voltage The voltage delivered to the powered device Output Current The current drawn by the powered device e Output Power Indicates the power being supplied to the device in Watts e Power Limit Indicates the maximum amount of power allowed by the port for the device The default is 15400 milliwatts 15 4 W and the range is 3000 15400 milliwatts e Status Indicates if the port is enabled to work on PoE The possible field values are On Indicates the device is delivering power to the interface Off Indicates the device is n
38. Unit 3 Click Apply The Configuration Copy section of the File System Page contains the following fields e Copy Configuration Allows the copy configuration operation e Source File Name Specifies the configuration files to be copied Running Configuration Copies the Running Configuration file Startup Configuration Copies the Startup Configuration file and overwrites the old Startup Configuration file Backup Configuration Copies the Backup Configuration file e Destination File Name Specifies the destination file to which the configuration file is copied The possible field values are Running Configuration Downloads commands into the Running Configuration file Startup Configuration Downloads the Startup Configuration file and overwrites it Backup Configuration Downloads the Backup Configuration file and overwrites it To copy configuration 1 Click Copy Configuration The copy configuration parameters are activated 2 Select the Source file and the Destination file 3 Click Apply Page 144 Managing System Files Viewing Integrated Cable Tests Viewing Integrated Cable Tests The Cable Test Page contains fields for performing tests on copper cables Cable testing provides diagnostic information about where errors occurred in the cable the last time a cable test was performed and the type of cable error that occurred The tests use Time Domain Reflectometry TDR techn
39. Web Browser Interface User s Guide Section 14 Viewing Statistics This section provides device statistics for RMON interfaces and Etherlike This section contains the following topics e Viewing Interface Statistics e Managing RMON Statistics Page 150 Viewing Statistics Viewing Interface Statistics Viewing Interface Statistics This section contains the following topics e Viewing Interface Statistics e Viewing Etherlike Statistics e Select the Interface and the Refresh Rate The selected interface s Etherlike statistics are displayed Viewing Interface Statistics The Interface page contains statistics for both received and transmitted packets To view interface statistics 1 Click Statistics gt Interface The Interface Statistics Page opens Figure 97 Interface Statistics Page Interface Refresh Rate Portlel y C Trunk l 7 No Refresh Receive Statistics Total Bytes Octets Unicast Packets 0 0 Multicast Packets Broadcast Packets 0 0 Transmit Statistics Statistics Total Bytes Octets Unicast Packets 0 0 Multicast Packets Broadcast Packets 0 0 ee a o SE D F Es o N o o aa The Interface Statistics Page contains the following fields e Interface Indicates the device for which statistics are displayed The possible field values are Port of Unit Defines the specific port for which interface statistics
40. and the client Authorized Indicates the interface is in an authorized state without being authenticated The interface re sends and receives normal traffic without client port based authentication Unauthorized Denies the selected interface system access by moving the interface into unauthorized state The device cannot provide authentication services to the client through the interface Admin Port Control Indicates the port state The possible field values are Auto Enables port based authentication on the device The interface moves between an authorized or unauthorized state based on the authentication exchange between the device and the client ForceAuthorized Indicates the interface is in an authorized state without being authenticated The interface re sends and receives normal traffic without client port based authentication ForceUnauthorized Denies the selected interface system access by moving the interface into unauthorized state The device cannot provide authentication services to the client through the interface Enble Guest VLAN Indicates if the Guest VLAN is enabled The possible field values are Checked Enables the Guest VLAN Unchecked Disables the Guest VLAN This is the default value Enable Periodic Reauthentication Permits immediate port reauthentication The possible field values are Enable Enables immediate port reauthentication This is the de
41. defined and the device is updated 4 Click Save Config on the menu to save the changes permanently Di Page 19 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Section 3 Configuring System Time This section provides information for configuring system time parameters including Setting the System Clock Configuring SNTP Configuring Daylight Saving Time The following is a list of Daylight Savings Time start and end dates by country Albania From the last weekend of March until the last weekend of October Australia From the end of October until the end of March Australia Tasmania From the beginning of October until the end of March Armenia From the last weekend of March until the last weekend of October Austria From the last weekend of March until the last weekend of October Bahamas From April to October in conjunction with Daylight Savings Time in the United States Belarus From the last weekend of March until the last weekend of October Belgium From the last weekend of March until the last weekend of October Brazil From the third Sunday in October until the third Saturday in March During the period of Daylight Saving Time Brazilian clocks go forward one hour in most of the Brazilian southeast Chile In Easter Island from March 9 until October 12 In the rest of the country from the first Sunday in March or after 9th March China China does n
42. disabled for the port or LAG If Fast Link is enabled for a port the port is automatically placed in the forwarding state e Point to Point Admin Status Indicates whether a point to point link is established or if the device is permitted to establish a point to point link The possible field values are Enable The device is permitted to establish a point to point link or is configured to automatically establish a point to point link To establish communications over a point to point link the originating PPP first sends Link Control Protocol LCP packets to configure and test the data link After a link is established and optional facilities are negotiated as needed by the LCP the originating PPP sends Network Control Protocol NCP packets to select and configure one or more network layer protocols When each of the chosen network layer protocols has been configured packets from each network layer protocol can be sent over the link The link remains configured for communications until explicit LCP or NCP packets close the link or until some external event occurs This is the actual switch port link type It may differ from the administrative state Disable Disables point to point link e Point to Point Operational Status Displays the point to point operating state 2 Click Modify The Modify RSTP Page opens Figure 58 Modify RSTP Page Interface Portfel ze Trunk 1 gt Role Designated Mode STP Fas
43. down buttons and define the Insert field 5 Click Apply The view is defined and the device is updated Page 121 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Configuring SNMP Notifications The SMNMP SNMP Notify Page enables the configuration of notification recipients the page contains information for defining filters that determine whether traps are sent to specific users and the trap type sent SNMP notification filters provide the following services e Identifying Management Trap Targets e Trap Filtering e Selecting Trap Generation Parameters e Providing Access Control Checks Defining Notification Recipients To define SNMP notification receivers To configure SNMP notification recipients 1 Click SNMP gt Notify The SNMP Notify Page opens Figure 79 SNMP Notify Page am Ga 00 00 60 01 22 33 Notify SNMPv1 2 Notification Recipient Recipients Notification Community Notification UDP Filter 3 IP Type String Version Port Deg Timeout Retries 10 6 39 16 comString SNMPY1 162 SNMPv3 Notification Recipient Recipients Notification Security UDP Filter IP Type Level Port Name 1 10 6 39 16 Traps user No Authentication 162 User Mam Retries Timeout Configure Notification Filters Configure o e o D gt o N o o aan
44. for which statistics are displayed The possible field values are Port of Unit Defines the specific port for which RMON statistics are displayed Trunk Defines the specific LAG for which RMON statistics are displayed e Refresh Rate Defines the frequency of the interface statistics updates The possible field values are 15 Sec Indicates that the RMON statistics are refreshed every 15 seconds Page 155 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide 30 Sec Indicates that the RMON statistics are refreshed every 30 seconds 60 Sec Indicates that the RMON statistics are refreshed every 60 seconds No Refresh Indicates that the RMON statistics are not refreshed e Received Bytes Octets Displays the number of octets received on the interface since the device was last refreshed This number includes bad packets and FCS octets but excludes framing bits e Received Packets Displays the number of packets received on the interface including bad packets Multicast and broadcast packets since the device was last refreshed e Broadcast Packets Received Displays the number of good broadcast packets received on the interface since the device was last refreshed This number does not include Multicast packets e Multicast Packets Received Displays the number of good Multicast packets received on the interface since the device was last refreshed e CRC amp Align Errors Dis
45. globally enabling and configuring SNMP on the device To enable SNMP 1 Click SNMP gt Global The SNMP Global Page opens Figure 69 SNMP Global Page Name 0 00 60 01 22 33 Global Local Engine ID 5 32 Characters y Enable SNMP Notifications EnginelD not Configured KG Enable Authentication F Use Default Notifications ZSo n oe 300 Kik AE fas SEN 13 uz 0 fan ae E 3 o ann The SNMP Global Page contains the following fields Enable SNMP Access Indicates if the protocol is enabled for the device The possible values are Checked SNMP is enabled Unchecked SNMP is disabled Local Engine ID 5 32 Characters Displays the engine number Use Defaults Restores default SNMP settings Enable SNMP Notifications Indicates if SNMP traps are enabled for the device The possible values are Checked Traps are enabled Unchecked Traps are disabled Enable Authentication Notifications Indicates if authentication error notifications are enabled on the device The possible values are Checked Notifications are enabled Unchecked Notifications are disabled Define the fields Page 112 Configuring SNMP Enabling SNMP 3 Click Apply The global SNMP settings are saved and the device is updated Page 113 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Defining SNMP Communities
46. is used Click Modify The SNMP User Settings Page opens Figure 76 SNMP User Settings Page User Name Userl y Engine ID Local Group Name test zl Authentication Method Noe y Password Authentication Key Privacy Key The SNMP User Settings Page contains the following additional SNMPv3 fields Authentication Method Defines the SNMP Authentication method Password Defines the password for the group member Authentication Key Defines the HMAC MD5 96 or HMAC SHA 96 authentication level The authentication and privacy keys are entered to define the authentication key If only authentication is required 16 bytes are defined If both privacy and authentication are required 32 bytes are defined Each byte in hexadecimal character strings is two hexadecimal digits Each byte can be separated by a period or a colon Privacy Key Defines the privacy key LSB If only authentication is required 20 bytes are defined If both privacy and authentication are required 36 bytes are defined Each byte in hexadecimal character strings is two hexadecimal digits Each byte can be separated by a period or colon Define the User Name Group Name Engine ID Authentication Method Password Authentication Key and Privacy Key fields Click Apply The SNMP group membership is modified and the device is updated Page 119 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Defining SNMP Views T
47. locally If the session cannot be authenticated locally the session is blocked Local RADIUS None Indicates that authentication first occurs locally If authentication cannot be verified locally the RADIUS server authenticates the management method If the RADIUS server cannot authenticate the management method the session is permitted RADIUS Local None Indicates that Authentication first occurs at the RADIUS server If authentication cannot be verified at the RADIUS server the session is authenticated locally If the session cannot be authenticated locally the session is permitted Local TACACS Indicates that Authentication first occurs locally If authentication cannot be verified locally the TACACS server authenticates the management method If the TACACS server cannot authenticate the management method the session is blocked TACACS Local Indicates that authentication first occurs at the TACACS server If authentication cannot be verified at the TACACS server the session is authenticated locally If the session cannot be authenticated locally the session is blocked Local TACACS None Indicates that authentication first occurs locally If authentication cannot be verified locally the TACACS server authenticates the management method If the TACACS server cannot authenticate the management method the session is permitted TACACS Local None Indicates that authentication first occurs at the TAC
48. operating at 1000 Mbps e Auto Negotiation Displays the auto negotiation status of the trunk Auto negotiation is a protocol between two link partners that enables a port to advertise its transmission rate duplex mode and flow control abilities to its partner Page 63 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide 2 Flow Control Displays the flow control status of the trunk LACP Indicates if LACP is enabled on the trunk The possible values are Enable LACP is enabled on the trunk Disable LACP is disabled on the trunk Click Modify The Trunk Settings Page opens Figure 38 Trunk Configuration Settings Page LAG Description Type Admin Status Current Status Reactivate Suspended Operational Status Admin Auto Negotiation Current Auto Negotiation Admin Advertisement Current Advertisement Neighbor Advertisement Admin Speed Current Speed Admin Flow Control Current Flow Control r Active Enable M Max Capability M 10 Full FF 100 Full T 1000 Full Unknown Unknown Disable h The Trunk Settings Page contains the following fields Trunk Lists the names of configured trunks Description Provides a user defined trunk description Type Indicates the type of trunk Admin Status Displays the link operational status Changes to the trunk state are active only after the device is reset The possible field values are
49. receiving and transmitting traffic Disable Indicates the port is currently disabled and is not receiving or transmitting traffic Admin Speed Indicates the configured rate for the port The port type determines what speed setting options are available Admin speed can only be designated when the port is disabled Current Port Speed Displays the configured rate for the port The port type determines the speed settings available Port speeds can only be configured when auto negotiation is disabled The possible field values are 10 Indicates the port is currently operating at 10 Mbps 100 Indicates the port is currently operating at 100 Mbps 1000 Indicates the port is currently operating at 1000 Mbps Duplex Mode Displays the port duplex mode This field is configurable only when auto negotiation is disabled and the port speed is set to 10M or 100M This field cannot be configured on LAGs The possible field values are Full The interface supports transmission between the device and its link partner in both directions simultaneously Half The interface supports transmission between the device and the client in only one direction at a time Auto Negotiation Displays the auto negotiation status on the port Auto negotiation is a protocol between two link partners that enables a port to advertise its transmission rate duplex mode and flow control abilities to its partner
50. selected Indicates that security is currently enabled on the port 2 Select the ports to lock The port indicator changes to selected 3 Click Modify The Port Security Configuration Page opens Page 47 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Figure 28 Port Security Configuration Page A EE Unit Number Action on Violation H Discar y Interface Max Entries E E Learning Mode Lock Interface Classic Lock y m Enable Trap r Trap Frequency The Port Security Configuration Page contains the following fields oe Unit Number Defines the unit number Interface Displays the port or LAG name Learning Mode Defines the locked port type The Learning Mode field is enabled only if Locked is selected in the Set Port field The possible field values are Classic Lock Locks the port using the classic lock mechanism The port is immediately locked regardless of the number of addresses that have already been learned Limited Dynamic Lock Locks the port by deleting the current dynamic MAC addresses associated with the port The port learns up to the maximum addresses allowed on the port Both relearning and aging MAC addresses are enabled Enable Trap Indicates if the SNMP trap generated if there is a violation The possible values are Yes Trap is generated No Notrap is generated Trap Frequency The time interval in seco
51. the device using HTTP meeting access profile criteria are permitted or denied access to the device Secure HTTP HTTPS Assigns HTTPS access to the rule If selected users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device SNMP Assigns SNMP access to the rule If selected users accessing the device using SNMP meeting access profile criteria are permitted or denied access to the device Interface Defines the interface on which the access profile is defined The possible field values are Port Specifies the port on which the access profile is defined LAG Specifies the LAG on which the access profile is defined VLAN Specifies the VLAN on which the access profile is defined Source IP Address Defines the interface source IP address to which the access profile applies The Source IP Address field is valid for a subnetwork Page 29 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Network Mask Defines the network mask of the source IP address Prefix Length Defines the number of bits that comprise the source IP address prefix or the network mask of the source IP address e Action Defines the action attached to the access rule The possible field values are Permit Permits access to the device Deny Denies access to the device This is the default 3 Define the fields 4
52. updated To modify the RMON Event entry settings 1 Click Statistics gt RMON Events The RMON Events Page opens 2 Click Modify The Event Control Settings Page opens Figure 106 Event Control Settings Page Event Entry No Community 1 y Default Community Description Type Default Description None y Owner A Apply _ Close 3 Select an event entry and define the fields for the entry 4 Click Apply The event control settings are saved and the device is updated Page 162 Viewing Statistics Managing RMON Statistics Viewing the RMON Events Logs The RMON Events Logs Page contains interface specific statistical network samplings Each table entry represents all counter values compiled during a single sample To view the RMON Events Table 1 Click Statistics gt RMON Events The RMON Events Page opens 2 Click View The RMON Events Logs Page opens Figure 107 RMON Events Logs Page Braz 29 n Name 00 00 b0 01 22 33 RMOH Events Event Log No Log Time Description Statistics o o D Fel gt o N o o E Allied Telesyn Inc All rights reserved The RMON Events Logs Page contains the following event log information Event Displays the RMON Events Log entry number e Log No Displays the log number e Log Time Displays the time when the log entry was entered e Description Displays the log entry description 3 C
53. 0 Full 100 Half 100 Full 1000 Full Unknown Back Pressure Cwrent Back Pressure Disable zj Disable Flow Control Cwrent Flow Control Disable MDIMDIX Cwrent MDUMDIX MDI y MIDD Trunk The Modify Port Settings Page contains the following fields e Port Lists the names of configured ports e Description Provides a user defined port description e Port Type Indicates the type of port e Admin Status Displays the link operational status Changes to the port state are active only after the device is reset The possible field values are Up Indicates that the port is currently operating Down Indicates that the port is currently not operating e Current Port Status Indicates whether the port is currently operational or non operational The possible field values are Up Indicates the port is currently operating Page 56 Configuring Ports Defining Port Settings Down Indicates the port is currently not operating Reactivate Suspended Reactivates suspended ports The possible field values are Checked Reactivates the selected suspended port Unchecked Maintains the port status This is the default value Operational Status Indicates the port operational status Possible field values are Suspended The port is currently active and is not receiving or transmitting traffic Active Indicates the port is currently active and is
54. 147425519 26 Sep 2005 09 56 32 P_HTTPS E GEIDATEFROMSYS WARNING The if modified since date can w 2147425688 26 Sep 2005 09 48 54 HTTP_HTTPS E SETTAGDOESNTEXIST PGPRCS Trying to set tag sub A 2147425857 26 Sep 2005 09 48 54 HTTP_HTTPS E SETTAGDOESNTEXIST PGPRCS Trying to set tag sub an in 2147426024 26 Sep 2005 09 48 54 HTTP_HTTPS E SETTAGDOESNTEXIST PGPRCS Trying to set tag n 2147426192 16 26 Sep 2005 09 48 54 26 Sep 2005 09 48 54 26 Sep 2005 09 41 49 HTTP_HTTPS E SETTAGDOESNTEXIST PGPRCS Trying to set tag mit HTTP_HTTPS E SETTAGDOESNTEXIST PGPRCS Trying to set tag snn HTTP_HTTPS E SETTAGDOESNTEXIST PGPRCS Trying to set tag sub The Flash Log Page lists the following information Log Index Lists the log index number Log Time Lists the date and time that the log was entered Severity Lists the severity of the event for which the log was created in Flash memory Description Lists the event details To clear Flash memory logs Click Clear Logs Logs are removed from the table Click Close The Event Log Page is displayed 1 2 Page 87 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Section 8 Configuring Spanning Tree Spanning Tree Protocol STP provides tree topography for any arrangement of bridges STP also provides a single path between end stations on a network eliminating loops Loo
55. 18 Defining System Information e Default Gateway The IP address of a router for remote management of the device The address must be entered in the format xxx xxx xxx xxx The default value is 0 0 0 0 N Note Packets are forwarded to the default IP when frames are sent to a remote network via the default gateway The configured IP address must belong to the same subnet as one of the IP interfaces The DHCP Configuration section of the System General Page contains the following fields e DHCP Indicates if the Dynamic Host Configuration Protocol DHCP is enabled Enable DHCP dynamically assigns IP addresses to devices on a network With dynamic addressing a device can have a different IP address every time it connects to the network If the DHCP client software is activated the device immediately begins to query the network for a DHCP server The device continues to query the network for its IP configuration until it receives a response If the device and IP address are manually assigned that address is deleted and replaced by the IP address received from the DHCP server Disable Disables DHCP on the device e Mac Address Aging Time The time interval an inactive dynamic MAC address can remain in the MAC address table before it is deleted The default time is 300 seconds and the range is 0 300 2 Define the administration passwords and DHCP configuration fields Click Apply The system general information is
56. 4 Viewing Statistics Managing RMON Statistics Absolute Compares the values directly with the thresholds at the end of the sampling interval e Rising Threshold Displays the rising counter value that triggers the rising threshold alarm The rising threshold is presented on top of the graph bars Each monitored variable is designated a color e Rising Event Displays the mechanism in which the alarms are reported The possible field values are LOG Indicates there is not a saving mechanism for either the device or in the management system If the device is not reset the entry remains in the Log Table TRAP Indicates that an SNMP trap is generated and sent via the Trap mechanism The Trap can also be saved using the Trap mechanism Both Indicates that both the Log and Trap mechanism are used to report alarms e Falling Threshold Displays the falling counter value that triggers the falling threshold alarm The falling threshold is graphically presented on top of the graph bars Each monitored variable is designated a color e Falling Event Displays the mechanism in which the alarms are reported e Startup Alarm Displays the trigger that activates the alarm generation Rising is defined by crossing the threshold from a low value threshold to a higher value threshold e interval sec Defines the alarm interval time in seconds e Owner Displays the device or user that defined the alarm 2 Click Cre
57. 93 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Configuring Rapid Spanning Tree While Classic STP prevents Layer 2 forwarding loops in a general network topology convergence can take between 30 60 seconds This time may delay detecting possible loops and propagating status topology changes Rapid Spanning Tree Protocol RSTP detects and uses network topologies that allow a faster STP convergence without creating forwarding loops The Global System LAG information displays the same field information as the ports but represent the LAG RSTP information To define RSTP on the device 1 Click Layer 2 gt RSTP The RSTP Page opens Figure 57 RSTP Page E System C taei SS H terface Role a SE Status Ge SE aner Migrat O 1 Jel Designated STP Disable Disabled Enable D Mgmt Protocols __ 2 Designated Disable Disabled Enable D Network Security ak Designated Disable Disabled Enable F Services cla Designated Disable Disabled Enable E E Designated Disable Disabled Enable r ED IT Designated Disable Disabled Enable C Statisties ol Designated Disable Disabled Enable D Eines c 18 Designated Disabled D C19 Designated d Disabled F C 10 Designated Disabled F Designated Disable Disabled Enable F Designated Disable Disabled Enable F Lom iest nn 1 o Designated Disable Disabled Enable m ri le Designated Disable Disabled
58. ACS server If authentication cannot be verified at the TACACS server the session is authenticated locally If the session cannot be authenticated locally the session is permitted Click Add The Add Authentication Profile Page opens Page 35 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Figure 17 Add Authentication Profile Page Profile Method Profile Name Login Authentication Method Optional Method Line None Enable SS Local _ RADIUS y Selected Method Select the type of function to configure for the profile Method or Login Enter the Profile Name Using the arrows move the method s from the Optional Method list to the Selected Method list Click Apply The authentication profile is defined The profile is added to the profiles table and the device is updated OP ON Go To modify the authentication profile settings 1 Click Mgmt Security gt Authentication Profiles The Authentication Profiles Page opens 2 Click Modify The Authentication Profile Configuration Page opens Figure 18 Authentication Profile Configuration Page Profile Name Console Default Optional Method Selected Method None 3 Select the Profile Name from the list 4 Using the arrows move the method s from the Optional Method list to the Selected Method list 5 Click Apply The profile settings are saved and the device is updated Page 36 Configuring Device Security Configur
59. AN Admit All Enable Admit All Enable Admit All Enable Admit All Enable Admit All Enable Admit All Enable Admit All Enable Admit All Enable Admit All Enable Admit All Enable Admit All Enable Admit All Enable Admit All Enable Admit All Enable Admit All Enable Layer 2 ei Access Access Access 13 e13 Access 14 e14 Access 15 e15 Access ero ra ER e V GE FA ES pt 13 fhe fin cn oO 2 350 aaa oOojpojajojojojojojojajoa jojojo The VLAN Interface Page displays the VLAN interface information for a selected Port Unit or Trunk e Port Interface Displays the port number included in the VLAN PVID Assigns a VLAN ID to untagged packets The possible values are 1 4094 VLAN 4095 is defined as per standard and industry practice as the Discard VLAN Packets classified to the Discard VLAN are dropped e Ingress Filtering Indicates whether ingress filtering is enabled on the port The possible field values are Enable Enables ingress filtering on the device Ingress filtering discards packets that are defined to VLANs of which the specific port is not a member Disable Disables ingress filtering on the device e Reserve VLAN for Internal Use Indicates which VLAN is reserved for internal use by the system One VLAN must be reserved e Port VLAN Mode Displays the port mode The possible values
60. Default Configuration The Reset to Factory Defaults function restores the Configuration file to factory defaults after the device is reset When this option is not selected the device maintains the current Configuration file To restore the default system configuration 1 Click Utilities gt System Utilities The System Utilities Page opens Figure 91 System Utilities Page ee a System Utilities Reset to Factory Defaults Reboot Switch After Resetting to Defaults Unit No Active Image After Reset d Image 1 Image 17 Apply o Se D lt E 2 o N o o D o The System Utilities Page contains the following fields e Reboot Switch After Resetting to Defaults Performs reboot after the reset e Unit No Indicates the unit number e Active Image indicates the current image file e After Reset Defines which image file will be used after reset e Apply Resets the device To reset the configuration file to defaults without rebooting the device e Click Apply in the Reset to Factory Defaults section To reset the configuration file to defaults with reboot 1 Check the Reboot Switch After Resetting to Defaults option 2 Select the After Reset image file 3 Click Apply The factory defaults are restored and the device is updated The device reboots Page 141 Allied Telesis AT 8000S Switch Web Browser Interface User s Guid
61. Layer 2 Ethernet Switch AT 8000S Series User s Guide N Allied Telesis Table of Contents Table of Contents Se 6 Web Browser Interface User s Guide Overview ccececeeeeeteceeeeee cece eeeeeeeeeeeeeeseaeeteneeestiaeeteeeeees 7 Intended Ae 7 Document CONVENTIONS ET 8 Contacting Allied Telesis iz eeben Seeerei 8 Getting Stat EE 10 Starting the ele DEE ei ey E E 10 Using the Web Browser Interface 12 Viewing the Device Representation ccessccesescereseeeteneneeeeeeceseseeenesueessseneeeseneneueeneseaeeseseensenaeteaes 12 User Intetface Components coa ideal caia 13 Using the Management Buttons cscceescececeseeetenseeteseeeeeeaeenesgesesseceesesceseeseeennsceeesseceeeneneessensenseseenes 14 Adding Modifying and Deleting Information A 15 elle H len 16 LON EE 16 Resetting RAR 17 Defining System A A nenene 18 Configuring System RH 20 Setting the System Clock ccccceseeceeneeececeeeeenaeeceaaeceeeaeeeceaeeeeeaaeeseaeeeseaaeeegeeeeseeaaeseceeeseaaaeeeaneeeeas 22 Gonfiguring SN TP uo nde 23 Polling for Unicast Time Intormaton A 23 Polling for Anycast Time Information ooooonocccononccnnoccncnoncconannno nono nn nar n nc rar nara r cnn rre rra rrnrnns 23 Broadcast Time Informator s eian na dei ceeede bid ee dee vein ets b pee devine thpi ade ede abies 23 Configuring Daylight Saving Time 24 Configuring Device Sec neern 26 Configuring Management Security
62. P address is unknown The first Anycast server to return a response is used to set the time value Time levels T3 and T4 are used to determine the server time Using Anycast time information for synchronizing device time is preferred to using Broadcast time information Broadcast Time Information Broadcast information is used when the server IP address is unknown When a broadcast message is sent from an SNTP server the SNTP client listens for the response The SNTP client neither sends time information requests nor receives responses from the Broadcast server Message Digest 5 MD5 Authentication safeguards device synchronization paths to SNTP servers MD5 is an algorithm that produces a 128 bit hash MD5 is a variation of MD4 and increases MD4 security MD5 verifies the integrity of the communication authenticates the origin of the communication To define SNTP global parameters 1 Click System gt System Time The System Time Page opens The SNTP Settings section of the System Time Page contains the following fields Status Indicates if SNTP is enabled on the device The possible field values are Disabled Indicates that SNTP is disabled Enabled Indicates that SNTP is enabled e Server IP Address Displays a user defined SNTP server IP address e Poll Interval Defines the interval in seconds at which the SNTP server is polled for Unicast information The Poll Interval default is 1024 seconds 2 Sele
63. P on the device GARP VLAN Registration Protocol GVRP is specifically provided for automatic distribution of VLAN membership information among VLAN aware bridges GVRP allows VLAN aware bridges to automatically learn VLANs to bridge ports mapping without having to individually configure each bridge and register VLAN membership This section describes the following topics e Configuring GVRP e Enabling Disabling GVRP on a Port A Notes e GVRP cannot be configured if MSTP is enabled on the device e The Default button returns all GVRP parameter settings to their default values Caution The settings for the three GVRP timers must be the same on all GVRP active devices in your network Configuring GVRP To define GVRP on the device 1 Click Layer 2 gt GVRP The GVRP Page opens Figure 48 GVRP Page zee a US 1 GVRP Global Status Disable LI Gei Mgmt Security SNMP Port Trunk _ Mgmt Protocols Interface GVRP State SE SE GVRP Registration Multicast c 1 Jel Disabled Enabled Enabled C Utilities C 2 e2 Disabled Enabled Enabled s Js le Disabled Enabled Enabled Esseg ela les Disabled Enabled Enabled C Help C15 les Disabled Enabled Enabled ee C16 feb Disabled Enabled Enabled C17 fe Disabled Enabled Enabled C18 e8 Disabled Enabled Enabled ap Alied Telesya cla les Disabled Enabled Enabled tos c falen Disabled Enabl
64. ST parameters that will recur every year select Recurring and define its From and To fields Click Apply The DST settings are saved and the device is updated Click Save Config on the menu to save the changes permanently Page 25 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Section 4 Configuring Device Security This section describes setting security parameters for ports device management methods users and servers This section contains the following topics e Configuring Management Security e Configuring Network Security Page 26 Configuring Management Security Configuring Device Security Configuring Management Security This section provides information for configuring device management security device authentication methods users and passwords This section includes the following topics Defining Access Profiles Defining Profile Rules Defining Authentication Profiles Mapping Authentication Profiles Configuring Server Based Authentication Configuring TACACS Configuring RADIUS Configuring Local Users Page 27 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Defining Access Profiles Access profiles are profiles and rules for accessing the device Access to management functions can be limited to user groups User groups are defined for interfaces according to IP addresses or IP subnets Access profiles contain management methods for accessing a
65. STP is enabled STP Status Indicates if STP is enabled on the port The possible field values are Enabled Indicates that STP is enabled on the port Disabled Indicates that STP is disabled on the port Port Fast Indicates if Fast Link is enabled on the port If Fast Link mode is enabled for a port the Port State is automatically placed in the Forwarding state when the port link is up Fast Link optimizes the STP protocol convergence STP convergence can take 30 60 seconds in large networks Root Guard Prevents devices outside the network core from being assigned the spanning tree root Port State Displays the current STP state of a port If enabled the port state determines what forwarding Page 91 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Di action is taken on traffic Possible port states are Disabled Indicates that STP is currently disabled on the port The port forwards traffic while learning MAC addresses Blocking Indicates that the port is currently blocked and cannot forward traffic or learn MAC addresses Blocking is displayed when Classic STP is enabled Speed Indicates the speed at which the port is operating Path Cost Indicates the port contribution to the root path cost The path cost is adjusted to a higher or lower value and is used to forward traffic when a path is rerouted Priority Indicates the priority value of the port The prio
66. View MAC Address Table Page opens Figure 44 View MAC Address Table Page VLAN MAC ADDRESS 00 00 0B 15 56 00 Dynamic Secure options 00 00 0B 15 56 00 Dynamic Delete on Reset 00 00 0B 15 56 00 Dynamic Delete on Timeout 00 00 0B 15 56 00 Static fixed non aging Delete on Reset 00 00 0B 15 56 00 Dynamic Permanent 00 00 0B 15 56 00 Dynamic Secure options 00 00 0B 15 56 00 Dynamic Secure options 00 00 0B 15 56 00 Dynamic Permanent 00 00 0B 15 56 00 Dynamic Secure options 00 00 0B 15 56 00 Dynamic Secure options 00 00 0B 15 56 00 Dynamic Delete on Reset STATUS 3 a 9a e 6 6 6 e 6 ec The View MAC Address Table Page displays all MAC addresses of the selected type Unicast or Multicast 3 Click the radio button to select a VLAN ID 4 Click Remove The MAC Address is deleted from the list 5 Click Refresh The Mac Addresses information is updated 6 Click Close The View MAC Address Table Page is displayed Page 73 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Configuring VLANs This section describes how to create and configure Virtual LANs VLANs VLANs are logical subgroups with a Local Area Network LAN which combine user stations and network devices into a single unit regardless of the physical LAN segment to which they are attached VLANs allow network traffic to flow more efficiently within subgroups VLANs use software to reduce t
67. abled 300 10 The IGMP Page contains the following fields e Enable IGMP Snooping Status Indicates if IGMP Snooping is enabled on the device IGMP Snooping can be enabled only if Bridge Multicast Filtering is enabled The possible field values are Checked Enables IGMP Snooping on the device Unchecked Disables IGMP Snooping on the device VLAN ID Specifies the VLAN ID e IGMP Snooping Status Indicates if IGMP Snooping is enabled on the VLAN The possible field values are Page 103 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Enable Enables IGMP Snooping on the VLAN Disable Disables IGMP Snooping on the VLAN Auto Learn Indicates if Auto Learn is enabled on the device If Auto Learn is enabled the devices automatically learns where other Multicast groups are located Enables or disables Auto Learn on the Ethernet device The possible field values are Enable Enables auto learn Disable Disables auto learn Host Timeout Indicates the amount of time host waits to receive a message before timing out The default time is 260 seconds e MRouter Timeout Indicates the amount of the time the Multicast router waits to receive a message before it times out The default value is 300 seconds Leave Timeout Indicates the amount of time the host waits after requesting to leave the IGMP group and not receiving a Join message from anoth
68. ard Delay Time is the time interval during which a bridge remains in the listening and learning state before forwarding packets The value range is 4 30 seconds the default value is 15 seconds The Designated Root section of the Spanning Tree Page contains the following fields e Bridge ID Identifies the Bridge priority and MAC address Root Bridge ID Identifies the Root Bridge priority and MAC address Root Port Indicates the port number that offers the lowest cost path from this bridge to the Root Bridge This field is significant when the bridge is not the Root Bridge The default is zero Root Path Cost The cost of the path from this bridge to the Root Bridge Topology Changes Counts Specifies the total amount of STP state changes that have occurred Last Topology Change Indicates the time interval that has elapsed since the bridge was initialized or reset and the last topographic change that occurred The time is displayed in a day hour minute second format such as 2 days 5 hours 10 minutes and 4 seconds 2 Complete the Spanning Tree State and Bridge Settings fields 3 Click Apply The new STP definition is added and device information is updated 4 Click Save Config on the menu to save the settings permanently Page 90 Defining STP Interfaces Network administrators can assign STP settings to a specific interface port or LAG using the STP Interface Configuration Page The Global LAGs section display
69. are Page 77 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide General Indicates the port belongs to VLANs and each VLAN is user defined as tagged or untagged full IEEE802 1q mode Access Indicates a port belongs to a single untagged VLAN When a port is in Access mode the packet types which are accepted on the port cannot be designated Ingress filtering cannot be enabled or disabled on an access port Trunk Indicates the port belongs to VLANs in which all ports are tagged except for one port that can be untagged e Frame Type Specifies the packet type accepted on the port The possible field values are Admit Tag Only Only tagged packets are accepted on the port Admit All Both tagged and untagged packets are accepted on the port e Current Reserved VLAN Indicates that the VLAN selected by the user is reserved if not in use by the system 2 Click Modify The Modify Interface Configuration Page opens Figure 47 Modify Interface Configuration Page __VLAN Interface Configuration Interface el y Port VLAN Mode Access y PVID o Frame Type Admit Al y Current Reserved VLAN Reserve VLAN for Internal Use Ir Apply 3 Define the fields 4 Click Apply The VLAN interface configuration is saved and the device is updated Page 78 Configuring Interfaces Configuring VLANs Defining GVRP This section explains how to configure GVR
70. are displayed Trunk Defines the specific LAG for which interface statistics are displayed Page 151 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Refresh Rate Defines the frequency of the interface statistics updates The possible field values are 15 Sec Indicates that the Interface statistics are refreshed every 15 seconds 30 Sec Indicates that the Interface statistics are refreshed every 30 seconds 60 Sec Indicates that the Interface statistics are refreshed every 60 seconds No Refresh Indicates that the Interface statistics are not refreshed Receive Statistics Total Bytes Octets Displays the number of octets received on the selected interface Unicast Packets Displays the number of Unicast packets received on the selected interface Multicast Packets Displays the number of Multicast packets received on the selected interface Broadcast Packets Displays the number of Broadcast packets received on the selected interface Packets with Errors Displays the number of error packets received from the selected interface Transmit Statistics Total Bytes Octets Displays the number of octets transmitted from the selected interface Unicast Packets Displays the number of Unicast packets transmitted from the selected interface Multicast Packets Displays the number of Multicast packets transmitted from the selected interface Broadcast Pack
71. ast service address group To define Multicast Groups 1 Click Multicast gt Multicast Group The Multicast Group Page opens Figure 64 Multicast Group Page Multicast Group Enable Bridge Multicast Filtering l VLAN ID Bridge Multicast Address mai fal Greate Ciela Multicast e Ports C Trunks RER Modify Apply o o D E E gt o N o o an The Multicast Group Page contains the following fields e Enable Bridge Multicast Filtering Indicates if bridge Multicast filtering is enabled on the device The possible field values are Checked Enables Multicast filtering on the device Unchecked Disables Multicast filtering on the device If Multicast filtering is disabled Multicast frames are flooded to all ports in the relevant VLAN Disabled is the default value e VLAN ID Displays the VLAN for which Multicast parameters are displayed Unit Number Identifies a VLAN and contains information about the Multicast group address e Bridge Multicast Address Identifies the Multicast group MAC address IP address e Ports of Unit Displays the port that can be added to a Multicast service Trunks Displays the trunk that can be added to a Multicast service e Interface Displays the currently defined interface Page 105 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide e Interface Stat
72. aster device of an enhanced stack e The uplink and downlink ports on each device that are functioning as the tagged or untagged data links between the devices must be either tagged or untagged members of the management VLAN e The port on the device to which the management station is connected must be a member of the management VLAN This section contains the following topics e Defining VLAN Properties e Defining VLAN Interface Settings e Defining GVRP Page 74 Configuring Interfaces Configuring VLANs Defining VLAN Properties The VLAN Page provides information and global parameters for configuring and working with VLANs To configure a VLAN 1 Click Layer 2 gt VLAN The VLAN Page opens Figure 45 VLAN Page VLAN ID VLAN Name Layer 2 VLAN Type F Delete VLAN Ada Apply Interface Status Untagged Untagged Untagged Untagged o o D E EA o N o o n 2 gt gt gt gt gt ajaj BR ww Untagged Allied Telesyn Inc All rights reserved eb Untagged The VLAN Page contains the following fields Select VLAN ID Contains a drop down list of the currently configured VLAN IDs Show All Displays all currently configured VLANs VLAN ID Displays the VLAN ID VLAN Name Displays the user defined VLAN name This is a required field VLAN Type Displays the VLAN type The possible field values are
73. aster is reset the entire stack is reset In addition Unit IDs can be changed on the Enhanced Stacking Page To configure stack control 1 Click Mgmt Protocols gt Enhanced Stacking The Enhanced Stacking Page opens Figure 111 Enhanced Stacking Page eo Enhanced Stacking Force Master fi Unit No Unit No After Reset Mgmt Protocols MIN Copyright 2006 Allied Telesis Inc All rights reserved The Enhanced Stacking Page contains the following stack configuration fields e Force Master The unit is forced to be master of the stack Note that only Unit 1 or Unit 2 can be the stack master Unit No Indicates the Unit ID assigned to the unit in the current stacking configuration e Unit No After Reset Indicates the Unit ID to be reassigned to the unit in the stacking configuration after reset Page 172 Managing Stacking Configuring Stacking Management 2 Select the master election method type of ports to be used in stacking 3 Map assign the unit numbers 4 Click Apply A confirmation message displays The stacking settings are saved and the device configuration is updated 5 Click Refresh The stacking configuration is applied 6 Click Save Config on the menu to save the changes permanently N Note If a different Unit ID is selected the device must be reset for the configuration changes are active Page 173 Allied Telesi
74. ate The Add Alarm Page opens Figure 109 Add Alarm Page Adda Alarm Entry Interface 2 Portjel y Trunks E Counter Name Sample Type Total Bytes Octets Receive Absolute y Rising Threshold Rising Event 100 1 Default Description y Falling Threshold Falling Event 20 1 Default Description y Startup Alarm Interval Rising and Falling y 100 Owner mooo 3 Define the Interface Counter Name Sample Type Rising Threshold Rising Event Falling Threshold Falling Event Startup Alarm Interval and Owner fields 4 Click Apply The RMON alarm is added and the device is updated To modify RMON alarms 1 Click Statistics gt Alarm The RMON Alarm Page opens Page 165 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide 2 Click Modify The RMON Alarm Settings Page opens Figure 110 RMON Alarm Settings Page Alarms Configuration Alarm Entry Interface hz e Portlet zl C Tun E Counter Name Counter Value Total Bytes Octets Receive 0 Sample Type Rising Threshold Absolute y 100 Rising Event Falling Threshold fi Default Description 20 Falling Event Startup Alarm fi Default Description Rising and Falling Interval Sec Owner hm 3 Define the fields 4 Click Apply The RMON alarm is saved and the device is updated Page 166 Viewing Statistics Managing RMON Statistics Page 167 Allied Telesis AT 8000S S
75. ates the trunk is currently operating at 10 Mbps 100 Indicates the trunk is currently operating at 100 Mbps 1000 Indicates the trunk is currently operating at 1000 Mbps Duplex Mode Displays the trunk duplex mode This field is configurable only when auto negotiation is disabled and the trunk speed is set to 10M or 100M This field cannot be configured on LAGs The possible field values are Full The interface supports transmission between the device and its link partner in both directions simultaneously Half The interface supports transmission between the device and the client in only one direction at a time Auto Negotiation Displays the auto negotiation status on the trunk Auto negotiation is a protocol between two link partners that enables a trunk to advertise its transmission rate duplex mode and flow control abilities to its partner Current Auto Negotiation Displays the current Auto Negotiation setting Current Advertisement Indicates the trunk advertises its speed to its neighbor trunk to start the negotiation process The possible field values are those specified in the Admin Advertisement field Neighbor Advertisement Indicates the neighboring trunk s advertisement settings The field values are identical to the Admin Advertisement field values Advertisement Defines the auto negotiation setting the trunk advertises The possible field values are Max Capabi
76. ates whether the port is a Boundary or Master port The possible field values are Boundary Port Indicates that the port is a Boundary port A Boundary port attaches MST bridges to LANs in an outlying region If the port is a Boundary port this field also indicates whether the device on the other side of the link is working in RSTP or STP mode Master Port Indicates the port is a master port A Master port provides connectivity from an MSTP region to the outlying CIST root Role Indicates the port role assigned by the STP algorithm to provide to STP paths The possible field values are Root Provides the lowest cost path to forward packets to the root device Designated Indicates the port or LAG through which the designated device is attached to the LAN Alternate Provides an alternate path to the root device from the root interface Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports occur only when two ports are connected in a loop by a point to point link or when a LAN has two or more connections to a shared segment Disabled Indicates the port is not participating in the Spanning Tree Mode Indicates the STP mode by which STP is enabled on the device The possible field values are Classic STP Classic STP is enabled on the device This is the default value Rapid STP Rapid STP is enabled on the device M
77. ation method is not available the next selected method is used Configuring TACACS Terminal Access Controller Access Control System TACACS provides centralized security user access validation The system supports up to 4 TACACS servers TACACS provides a centralized user management system while still retaining consistency with RADIUS and other authentication processes TACACS provides the following services e Authentication Performed at login and via user names and user defined passwords e Authorization Performed at login Once the authentication session is completed an authorization session starts using the authenticated user name The TACACS protocol ensures network integrity through encrypted protocol exchanges between the client and TACACS server To define TACACS security settings 1 Click Mgmt Protocols gt TACACS The TACACS Configuration Page opens Page 38 Configuring Device Security Configuring Management Security Figure 20 TACACS Configuration Page e a n Name MAC Addr 00 0C 46 95 B1 32 TACACS Default Parameters Timeout for Reply Key Sting 5 Sec Authentication Timeout Port for Reply Host IP Address 192 168 1 1 Single Mgmt Protocols Priority S d Status Connection Cl Copyright 2006 Allied Telesis Inc All rights reserved The TACACS Configuration Page contains the following fields
78. atus and Ingress Rate Limit fields 6 Click Apply The bandwidth information is saved and the device is updated Page 139 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Section 13 Managing System Files The configuration file structure involves the following configuration files Startup Configuration File Contains the commands required to reconfigure the device to the same settings as when the device is powered down or rebooted The Startup file is created by copying the configuration commands from the Running Configuration file or the Backup Configuration file Running Configuration File Contains all configuration file commands as well as all commands entered during the current session After the device is powered down or rebooted all commands stored in the Running Configuration file are lost During the startup process all commands in the Startup file are copied to the Running Configuration File and applied to the device During the session all new commands entered are added to the commands existing in the Running Configuration file Commands are not overwritten To update the Startup file before powering down the device the Running Configuration file must be copied to the Startup Configuration file The next time the device is restarted the commands are copied back into the Running Configuration file from the Startup Configuration file Backup Configuration Files Contains a backup copy of the d
79. ayed Port Indicates the port for which the bandwidth settings are displayed LAG Indicates the LAG for which the bandwidth settings are displayed e Ingress Rate Limit Status Indicates the traffic limit for the port The possible field values are Enable Rate Limit is enabled Page 138 Configuring Services Configuring Bandwidth QoS Disable Rate Limit is disabled e Ingress Rate Limit Indicates the traffic limit for the port e Egress Shaping Rates Configure the traffic shaping type The possible field values are Committed Information Rate CIR Defines CIR as the queue shaping type The possible value range is 4096 1 000 000 000 bits per second Committed Burst Size CBS Defines CBS as the queue shaping type The possible value range is 4096 16 000 000 bytes None Indicates that a queue shaping type is not defined This is default value 2 Select the port unit or trunk Select the interfaces to configure 4 Click Modify The Bandwidth Configuration Page opens w Figure 90 Bandwidth Configuration Page Interface Portjel6 y C Trunk Egress Shaping Rate Enable Egress Shaping Rate Cornmitted Information Rate CIR Committed Burst Size CBS Ingress Rate Limit Enable Ingress Rate Limit Ingress Rate Limit 5 Define the Interface Committed Information Rate Egress Shaping Rate on Selected Port Committed Burst Size Ingress Rate Limit St
80. ble displays To define Multicast forward all settings 1 Click Multicast gt Multicast Forward All The Multicast Forward All Page opens Figure 67 Multicast Forward All Page m Name MAC Addr 00 0C 46 95 B1 32 sy Me kum es f EE Ports Of Unit 1 E Trunks IT Mgmt Protocols Interface Interface Status mmm Otter Sich E Sewies 2 Cu Lie Forbidden 0 3 1 e3 Exclude 3 CIA Lied Forbidden A ass Exclude MSS tes Forbidden sxc c 7 ue Exclude _ gt gt O LIT we Sek C 10 1 e10 Exclude are Mied Telesis efi ven Exclude Copyright 2006 Allied Telesis Inc 12 1e12 Exclude All rights reserved o lil 1013 Exclude A 1A IEN Treats dn The Multicast Forward All Page contains the following fields e VLAN ID Displays the VLAN for which Multicast parameters are displayed e Unit Number Identifies a VLAN and contains information about the Multicast group address e Ports VLAN ID Lists the ports for which Multicast parameters are displayed e Of Unit Lists the units for ports that can be added to a Multicast service e Trunks Lists the trunks that can be added to a Multicast service Page 107 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide The Multicast Forward All table displays the following information identical for ports and trunks e Interface Displays the interface ID e In
81. bles device performance monitoring Network administrators can configure port mirroring by selecting a specific port from which to copy all packets and other ports to which the packets copied Any number of ports on the device can be mirrors except the destination port To define port mirroring 1 Click Layer 1 gt Port Mirroring The Port Mirroring Page opens Figure 35 Port Mirroring Page Port Mirroring Layer 1 Destination Port el y Source Port Type Status o S D ES gt o Y o o aan The Port Mirroring Page contains information about all port mirrors currently defined on the device The following information is displayed e Port Destination Defines the port number to which port traffic is copied Note that this port has to be detached from its VLAN before mirroring is configured Only one destination port can be defined A zero value indicates that port mirroring is not enabled e Source Port Indicates the port from which the packets are mirrored e Type Indicates the port mode configuration for port mirroring The possible field values are RX Defines the port mirroring on receiving ports TX Defines the port mirroring on transmitting ports Both Defines the port mirroring on both receiving and transmitting ports This is the default value e Status Indicates if the port is currently monitored The possible field value
82. ch DST is constant from year to year other than the USA and Europe From The time that DST begins each year In the example DST begins locally every first Sunday in April at midnight The possible field values are Day The day of the week from which DST begins every year The possible field range is Sunday Saturday Week The week within the month from which DST begins every year The possible field range is 1 5 Month The month of the year in which DST begins every year The possible field range is Jan Dec Page 24 Po Configuring System Time Configuring Daylight Saving Time Time The time at which DST begins every year The field format is Hour Minute For example 02 10 To The time that DST ends each year In the example DST ends locally every first Sunday in October at midnight The possible field values are Day The day of the week at which DST ends every year The possible field range is Sunday Saturday Week The week within the month at which DST ends every year The possible field range is 1 5 Month The month of the year in which DST ends every year The possible field range is Jan Dec Time The time at which DST ends every year The field format is HH MM For example 05 30 To configure the device to automatically switch to DST select Daylight Savings and select either USA European or Other lf you select Other you must define its From and To fields To configure D
83. ct the SNTP Status Page 23 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide 3 4 5 Define the Server IP Address and the Poll Interval fields Click Apply The SNTP global settings are defined and the device is updated Click Save Config on the menu to save the changes permanently Configuring Daylight Saving Time To configure DST 1 Click System gt System Time The System Time Page opens The Additional Time Parameters section of the System Time Page contains the following fields Daylight Saving Enables automatic Daylight Saving Time DST on the device based on the device s location There are two types of daylight settings either by a specific date in a particular year or a recurring setting irrespective of the year For a specific setting in a particular year complete the Daylight Savings area and for a recurring setting complete the Recurring area The possible field values are USA The device devices to DST at 2 00 a m on the first Sunday of April and reverts to standard time at 2 00 a m on the last Sunday of October European The device devices to DST at 1 00 am on the last Sunday in March and reverts to standard time at 1 00 am on the last Sunday in October The European option applies to EU members and other European countries using the EU standard Custom The DST definitions are user defined based on the device locality If Custom is selected the From an
84. ctive image area contains the newly downloaded boot file Console show bootvar Images currently available on the FLASH image 1 active selected for next boot image 2 not active 4 Enter the boot system command to change the booting image to the currently inactive image In the example it is image 2 which has the latest downloaded boot file Console boot system image 2 5 Enter the copy command to download the system file Console copy tftp 172 16 101 101 filel ros unit 3 image Accessing file filel on 172 16 101 101 Loading filel from 172 16 101 101 EEEEKREEKLEEF TZAREEEEEL EE Ween ea Dette LO 10 0 eh hor PELI 09 Jul 2006 03 22 27 SCOPY W TRAP The copy operation was completed successfully I Copy 6720861 bytes copied in 00 05 00 hh mm ss 6 Reboot the devices being updated The allocated devices boot up with the updated boot and system files Copying Software from the Stacking Master to a Stacking Member To copy the software from the Stacking Master to a specified Stacking Member number 4 in this example perform the following 1 Download the software to the Stacking Master as previously described using the Stacking Member number 1 instead of number 3 as per the previous example Page 178 Downloading Software with CLI Downloading Software 2 Enter the copy command to copy the software from the Stacking Master to the Stacking Member To copy
85. d and the device is updated Page 33 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Defining Authentication Profiles Authentication profiles allow network administrators to assign authentication methods for user authentication User authentication can be performed either locally or on an external server User authentication occurs in the order the methods are selected If the first authentication method is not available the next selected method is used For example if the selected authentication methods are RADIUS and Local and the RADIUS server is not available then the user is authenticated locally To define Authentication profiles 1 Click Mgmt Security gt Authentication Profiles The Authentication Profiles Page opens Figure 16 Authentication Profiles Page Mgmt Security Copyright 2006 Allied Telesis Inc All rights reserved System Name MAC Addr 00 0C 46 95 B1 32 Login Authentication Profiles Profile Name Methods e 1 Console Default Local o 2 Network Default Local Enable Authentication Profiles Profile Name Methods G S The Authentication Profiles Page contains two tables which display the currently defined profiles e Login Authentication Profiles Provides the method by which system users logon to the device e Enable Authentication Profiles Provides user authentication levels for users accessing the device
86. d To fields must be defined Time Set Offset Used for non USA and European countries to set the amount of time for DST in minutes The default time is 60 minutes The range is 1 1440 minutes From Indicates the time that DST begins in countries other than the USA and Europe in the format Day Month Year in one field and HH MM in another For example if DST begins on October 25 2007 at 5 00 am the two fields should be set to 25 Oct 07 and 05 00 The possible field values are Date The date on which DST begins The possible field range is 1 31 Month The month of the year in which DST begins The possible field range is Jan Dec Year The year in which the configured DST begins Time The time at which DST begins The field format is HH MM For example 05 30 To Indicates the time that DST ends in countries other than the USA and Europe in the format Day Month Year in one field and HH MM in another For example if DST ends on March 23 2008 at midnight the two fields should be 23 Mar 08 and 00 00 The possible field values are Date The date on which DST ends The possible field range is 1 31 Month The month of the year in which DST ends The possible field range is Jan Dec Year The year in which the configured DST ends Time The time at which DST starts The field format is HH MM For example 05 30 Recurring Enables user defined DST for countries in whi
87. describes configuring Power over Ethernet PoE for an AT 8000S device PoE only applies to the AT 8000S 24POE and AT 8000S 48POE device Power over Ethernet PoE provides power to devices over existing LAN cabling without updating or modifying the network infrastructure Power over Ethernet removes the necessity of placing network devices next to power sources Power over Ethernet can be used in the following applications IP phones Wireless Access Points IP gateways PDAs Audio and video remote monitoring Powered Devices are devices which receive power from the device power supplies for example IP phones Powered Devices are connected to the device via Ethernet ports This section includes the following topics Enabling PoE and Setting the Power Threshold Defining PoE Settings Page 126 Configuring Power Over Ethernet Enabling PoE and Setting the Power Threshold Enabling PoE and Setting the Power Threshold The PoE threshold is a percentage of the total maximum PoE power on the device 400 W If the total power requirements of the powered devices exceed this threshold the device sends an SNMP trap to the management workstation and enters an event in the event log The threshold is adjustable For management workstations to receive traps from the device configure SNMP on the device by specifying the IP addresses of the workstations The Power Over Ethernet Page contains system PoE information for enabling PoE on the devic
88. e Defining TFTP File Uploads and Downloads The File System Page contains parameters for system uploads and downloads and for copying firmware and configuration files To define file upload and download settings 1 Click Utilities gt File System The File System Page opens Figure 92 File System Page TFTP File Uploads and Downloads E Download C Upload EH i a ee pi Narie TFTP Server IP Address ENEE Destination File Ctra Sotwoeimese Eessen Configuration Services Iren Statistics L Save Config Copy Master Firmware Copy Configuration Source Source File Name E Running Configuration C blogut Destination Unit Destination File Name All SI Startup Configuration Copyright 2006 Allied Telesyn Inc All rights reserved The TFTP File Uploads and Downloads section of the File System Page contains the following fields TFTP Server IP Address Specifies the TFTP Server IP Address from which files are downloaded TFTP Operation Defines the type of TFTP operation The possible values are Download Downloads the file Upload Uploads the file TFTP Remote Filename Indicates the name of the destination file TFTP Local Filename Indicates the name of the file on the TFTP server TFTP Boot Type Defines the type of boot operation The possible values are Image Boots the Image file Config set defau
89. e monitoring the current power usage and enabling PoE traps To enable PoE for the device 1 Click System gt Power Over Ethernet The Power Over Ethernet Page opens Figure 82 Power Over Ethernet Page ee 40 Unit Power Status Nominal Power Watts Consumed Power Watts System Usage Threshold Traps Edit 1 1 On 180 0 95 Disable Power Over Ethernet Copyright 2006 The Power Over Ethernet Page contains the following fields Unit Number Indicates the stacking member for which the PoE information is displayed e Power Status Indicates if the port is enabled to work on PoE The possible field values are On Indicates the device is delivering power to the interface Off Indicates the device is not delivering power to the interface Test Fail Indicates the powered device test has failed For example a port could not be enabled and cannot be used to deliver power to the powered device Testing Indicates the powered device is being tested For example a powered device is tested to confirm it is receiving power from the power supply Searching Indicates that the device is currently searching for a powered device Searching is the default PoE operational status Page 127 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Fault Indicates that the device has detected a fault on the powered device For example the p
90. e 32 Storm Control Configuration Page Enable Broadcast Control Broadcast Mode Broadcast Only Broadcast Rate Threshold 3500 The Storm Control Configuration Page contains the following fields NO os Port Indicates the port from which storm control is enabled Enable Broadcast Control Indicates if forwarding Broadcast packet types is enabled on the port The field values are Enabled Enables storm control on the selected port Disabled Disables storm control on the selected port Broadcast Mode Specifies the Broadcast mode currently enabled on the device The possible field values are Multicast amp Broadcast Counts both Broadcast and Multicast traffic together Broadcast Only Counts only the Broadcast traffic Broadcast Rate Threshold Indicates the maximum rate kilobits per second at which unknown packets are forwarded The range is 70 100 000 The default value is 2500 The range for Giga ports is 3500 100 000 Select the Port Storm Control Settings Click Enable Broadcast Control and define the Rate Threshold Click Apply Storm control is enabled on the device for the selected port Click Save Config on the menu to save the changes permanently Page 53 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Section 5 Configuring Ports This section contains the procedures for configuring ports on the device This section contains the f
91. e 7 viana 07 vian29 pH ous 03 vao 03 vm pm se OR E ogu 7 van pH VLaN32 pH vans pH VLAN33 oz II vam pH vian34 03 Copyright 2006 eher viano oz vian3s pH The MSTP Interface Settings Page contains the following fields e VLAN Displays the VLAN ID e Instance ID Configures the MSTP instances The possible field range is 0 7 3 Map the VLANs to Instance IDs 4 Click Save Config on the menu to save changes permanently Page 100 Configuring Spanning Tree Configuring Multiple Spanning Tree Page 101 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Section 9 Configuring Multicast Forwarding Multicast forwarding allows a single packet to be forwarded to multiple destinations Layer 2 Multicast service is based on a Layer 2 switch receiving a single packet addressed to a specific multicast address Multicast forwarding creates copies of the packet and transmits the packets to the relevant ports The Internet Group Management Protocol IGMP allows hosts to notify their local switch or router that they want to receive transmissions assigned to a specific multicast group This section describes the configuration of IGMP Snooping When IGMP Snooping is enabled globally all IGMP packets are forwarded to the CPU The CPU analyzes the incoming packets and determines e Which ports have Multicast routers generating IGMP queries e Which ports want to join which Mul
92. e last weekend of March until the last weekend of October Lebanon From the last weekend of March until the last weekend of October Page 20 Configuring System Time Lithuania From the last weekend of March until the last weekend of October Luxembourg From the last weekend of March until the last weekend of October Macedonia From the last weekend of March until the last weekend of October Mexico From the first Sunday in April at 02 00 to the last Sunday in October at 02 00 Moldova From the last weekend of March until the last weekend of October Montenegro From the last weekend of March until the last weekend of October Netherlands From the last weekend of March until the last weekend of October New Zealand From the first Sunday in October until the first Sunday on or after March 15 Norway From the last weekend of March until the last weekend of October Paraguay From April 6 until September 7 Poland From the last weekend of March until the last weekend of October Portugal From the last weekend of March until the last weekend of October Romania From the last weekend of March until the last weekend of October Russia From the last weekend of March until the last weekend of October Serbia From the last weekend of March until the last weekend of October Slovak Republic From the last weekend of March until the last weekend of October South Africa South Africa does
93. e rule to the selected port LAG Attaches the rule to the selected LAG VLAN Attaches the rule to the selected VLAN Page 31 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide 2 Management Method Defines the management method for which the rule is defined Users with this access profile can access the device using the management method selected The possible field values are All Assigns all management methods to the rule Telnet Assigns Telnet access to the rule If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device Secure Telnet SSH Assigns SSH access to the rule If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device HTTP Assigns HTTP access to the rule If selected users accessing the device using HTTP meeting access profile criteria are permitted or denied access to the device Secure HTTP HTTPS Assigns HTTPS access to the rule If selected users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device SNMP Assigns SNMP access to the rule If selected users accessing the device using SNMP meeting access profile criteria are permitted or denied access to the device Source IP Address Defines the interface source IP address to which the rule applies Pref
94. e same speed The LACP Page contains fields for configuring LACP LAGs To configure LACP for LAGs 1 Click Layer 1 gt LACP The LACP Page opens Figure 41 LACP Page eo Layer 1 Port Port Priority LACP Timeout G el Long e2 Long e3 Long e4 Long e5 1 1 1 1 1 ef 1 Long e 1 Long e8 1 Long 1 1 1 1 1 1 1 1 0101 191 2 0 91 9102 wjo af ma ajujn e9 10 e10 Long 11 e11 Long e 12 e12 Long 13 e13 Long 14 e14 Long Allied Telesyn Inc 15 e15 Long All rights reserved i AEN 01010 o o D lt E SI Ey o N S o 5 elke kelke 5 T ana The LACP Page contains the following fields Pon LACP System Priority Specifies system priority value The field range is 1 65535 The field default is 1 Unit Number Displays the stacking member for which the LAG parameters are defined Port Displays the port number to which timeout and priority values are assigned Port Priority Displays the LACP priority value for the port The field range is 1 65535 LACP Timeout Displays the administrative LACP timeout Click Modify the Modify LACP Settings Page opens Define the fields Click Apply The LACP settings are saved and the device is updated Page 69 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Section 6 Configuring Interfaces
95. ed Enabled E caen Disabled Enabled Enabled 1 The GVRP Page contains the following fields GVRP Global Status Indicates if GVRP is enabled on the device The possible field values are Page 79 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide NOORON Enable Enables GVRP on the selected device Disable Disables GVRP on the selected device Port Displays the ports table Trunk Displays the trunks table Interface Displays the port or trunk on which GVRP is enabled The possible field values are Port Indicates the port number on which GVRP is enabled Trunk Indicates the LAG number on which GVRP is enabled GVRP State Indicates if GVRP is enabled on the port The possible field values are Enable Enables GVRP on the selected port Disable Disables GVRP on the selected port Dynamic VLAN Creation Indicates if Dynamic VLAN creation is enabled on the interface The possible field values are Enable Enables Dynamic VLAN creation on the interface Disable Disables Dynamic VLAN creation on the interface GVRP Registration Indicates if VLAN registration through GVRP is enabled on the device The possible field values are Enable Enables GVRP registration on the device Disable Disables GVRP registration on the device Select Enable GVRP Define the GVRP parameters Click Apply The gl
96. ed to users with specific MAC addresses These addresses are either manually defined on the port or learned on that port up to the point when it is locked When a packet is received on a locked port and the packet D Link source MAC address is not tied to that port either it was learned on a different port or it is unknown to the system the protection mechanism is invoked and can provide various options Unauthorized packets arriving at a locked port are either e Forwarded e Discarded with no trap e Discarded with a trap e Shuts down the port Locked port security also enables storing a list of MAC addresses in the configuration file The MAC address list can be restored after the device has been reset Disabled ports are activated from the Port Security Page To define port security The Port Security Page enhances network security by providing port locking management to network administrators To configure secure ports 1 Click Network Security gt Port Security The Port Security Page opens Page 46 Configuring Device Security Configuring Network Security Figure 27 Port Security Page Network Security Copyright 2006 Allied Telesis Inc All rights reserved Port Security Unit Number hd The Port Security Page displays the Zoom View of device ports The possible port indicators are e Zei Port is not selected Indicates that security is currently not enabled on the port Portis
97. efault selection is the View All option for Multicast MAC addresses Page 71 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide The MAC Address Page contains the following fields View All Displays all dynamic addresses learned on the ports of the device and all static addresses that have been assigned to the ports View Static Displays the static addresses assigned to the ports on the device View Dynamic Displays the dynamic addresses learned on the ports on the device View MAC Addresses on Port Displays the dynamic and static MAC addresses of a port You can specify more than one port at a time View MAC Addresses for VLAN Displays the static and dynamic addresses learned on the tagged and untagged ports of a specific VLAN You specify the VLAN by entering the VLAN ID Only one VLAN can be defined at a time View MAC Address Displays the number of the port on which a MAC address was assigned or learned To find out on which port a particular MAC address was learned even if the device is part of a large network you can just specify the MAC address The system automatically locates the port on the device where the device is connected Define the fields for the Unicast or Multicast MAC addresses to add Click Add The Add MAC Address Page opens Figure 43 Add MAC Address Page MAC Address Port Number VLAN ID Status Permanent bd Apply cancel The Add MAC Address
98. els Each group also has a defined security access to set of MIB objects for reading and writing which are known as views The device has a default view all MIB objects and default groups defined for security models v1 and v2c The following table shows the security models and levels available and the system default settings The SNMP agents maintain a list of variables which are used to manage the device The variables are defined in the Management Information Base MIB The SNMP agent defines the MIB specification format as well as the format used to access the information over the network Access rights to the SNMP agents are controlled by access strings The device is SNMP compliant and contains an SNMP agent that supports a set of standard and private MIB variables Developers of management stations require the exact structure of the MIB tree and receive the complete private MIBs information before being able to manage the MIBs All parameters are manageable from any SNMP management platform except the SNMP management station IP address and community community name and access rights The SNMP management access to the device is disabled if no community strings exist N Notes The device switch is delivered with no community strings configured e The device generates copy traps Page 111 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Enabling SNMP The SNMP Global Page provides fields for
99. em Date System Time Services Time Zone Offset C Multicast GMT y Utilities Statisties Simple Network Time Protocol SNTP Settings Save Config Hep Status Server IP Address Enabled C logout amp Disabled Poll Interval 1024 seconds ae Additional Time Parameters Allied Telesyn Inc All rights reserved l Daylight Saving Recurring Clock Source and System Time sections of the System Time Page contains the following fields Clock Source The source used to set the system clock The possible field values are Use Local Settings Indicates that the clock is set locally Use SNTP Server Indicates that the system time is set via an SNTP server System Time Sets the local clock time The field format is HH MM SS For example 21 15 03 System Date Sets the system date The field format is Day Month Year For example 04 May 50 May 4 2050 Time Zone Offset The difference between Greenwich Mean Time GMT and local time For example the Time Zone Offset for Paris is GMT 1 while the Time Zone Offset for New York is GMT 5 To set the system clock 2 3 4 5 Select the system time mode Define the System Date System Time and Time Zone Offset fields Click Apply in each section The local system clock settings are saved and the device is updated Click Save Config on the menu to save the changes permanently Page 22 Configuring System Time Configuring SNTP
100. er station before timing out If a Leave Timeout occurs the switch notifies the Multicast device to stop sending traffic The Leave Timeout value is either user defined or an immediate leave value The default timeout is 10 seconds 2 Click the Enable IGMP Snooping Status checkbox IGMP Snooping is enabled on the device To modify the IGMP Snooping configuration 1 Click Multicast gt IGMP The GMP Page opens 2 Click Modify The GMP Snooping Settings Page opens Figure 63 IGMP Snooping Settings Page IGMP Status Enable Disable Auto Learn Host Timeout Enable D 260 Leave Timeout MRouter Timeout 300 e 10 C Immediate Leave 3 Modify the VLAN ID IGMP Status Enable Enable Auto Learn Host Timeout MRouter Timeout and Leave Timeout fields 4 Click Apply The IGMP Snooping global parameters are modified and the device is updated 5 Click Save Config on the menu to save the changes permanently Page 104 Configuring Multicast Forwarding Defining Multicast Bridging Groups Defining Multicast Bridging Groups The Multicast Group Page displays the ports and LAGs attached to the Multicast service group in the Ports and LAGs tables The Port and LAG tables also reflect the manner in which the port or LAGs joined the Multicast group Ports can be added either to existing groups or to new Multicast service groups New Multicast service groups can be created and ports can be assigned to a specific Multic
101. es of data taken from ports For example the samples may include interface definitions or polling periods To view RMON history information 1 Click Statistics gt RMON History The RMON History Page opens Figure 100 RMON History Page RMON History History Source Sampling Sampling Current Number Deene Entry No Interface Interval Requested of Samples Add Modify Delete Wes Statistics W i Copyright 2006 The RMON History Page contains the following fields History Entry No Displays the history control entry number Source Interface Displays the interface from which the history samples were taken The possible field values are Port Specifies the port from which the RMON information was taken LAG Specifies the port from which the RMON information was taken Sampling Interval Indicates in seconds the time period that samplings are taken from the ports The field range is 1 3600 The default is 1800 seconds equal to 30 minutes Sampling Requested Displays the number of samples to be saved The field range is 1 65535 The default value is 50 Current Number of Samples Displays the current number of samples taken Owner Displays the RMON station or user that requested the RMON information The field range is 0 20 characters Click RMON History The Create History Entry Page opens Page 157 Allied Teles
102. es that traffic scheduling for the selected queue is based strictly on the queue priority Weighted Priority Indicates that traffic scheduling for the selected queue is based strictly on the Weighted Priority Configure CoS Priority to Egress Queues Maps CoS VPT tag to a queue 0 3 Configure CoS Maps CoS priority to a queue Configure DSCP Priority Maps DSCP priority to a queue 0 3 Select a schedule type Click Apply The configuration is saved and the device is updated Page 135 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Mapping Queues This section contains the following topics Mapping CoS Values to Queues Mapping DSCP Values to Queues Mapping CoS Values to Queues The Configure CoS Page contains fields for classifying CoS settings to traffic queues To set CoS to queue 1 2 3 4 Click Services gt Queuing amp Scheduling The CoS Queuing amp Scheduling Page opens Select the Configure CoS Priority to Egress Queues values Click Configure CoS Click Configure The Configure CoS Page opens Figure 87 Configure CoS Page Restore Defaults 4 Class of Service O E o E o 1 2 3 4 5 6 7 8 The Configure CoS Page contains the following fields Restore Defaults Allows you to restore default settings Class of Service Specifies the CoS priority tag values where zero is the lo
103. ets Displays the number of Broadcast packets transmitted from the selected interface Select the nterface and the Refresh Rate The selected interface s Interface statistics are displayed Page 152 Viewing Statistics Viewing Interface Statistics Viewing Etherlike Statistics The Etherlike Statistics Page displays interface statistics To view Etherlike statistics 1 Click Statistics gt Etherlike The Etherlike Statistics Page page opens Figure 98 Etherlike Statistics Page Etherlike Interface Refresh Rate Port el y C Trunk 1 z No Refresh Etherlike Frame Check Sequence FCS Errors Single Collision Frames 0 0 Late Collisions Excessive Collisions 0 Oversize Packets Internal MAC Receive Errors 0 0 Received Pause Frames Transmitted Pause Frames 0 0 ezo ZS e 30 EES are fas Ge La 220 L3p Lo PIO aan The Etherlike Statistics Page contains the following fields e Interface Indicates the device for which statistics are displayed The possible field values are Port of Unit Defines the specific port for which Etherlike statistics are displayed Trunk Defines the specific LAG for which Etherlike statistics are displayed e Refresh Rate Defines the frequency of the interface statistics updates The possible field values are 15 Sec Indicates that the Etherlike statistics are refreshed every 15 seconds 30 Sec Indicates that the Et
104. etting System Log Display AANEREN 86 Viewing He EI CN 87 Configuring Spanning RE 88 Configuring Classic Spanning Tree 89 Defining STP Properties vse anaes ace are da a eee ed 89 Defining STP Interfaces adsl 91 Configuring Rapid Spanning Tree 94 Configuring Multiple Spanning Tree 96 Defining MS TP Properties E 97 Rule NON sl 98 Defining MS TP IAStanCeS isi EE 100 Configuring Multicast Forwarding EE 102 Configuring IGMP SnOO ping BEE 103 Defining Multicast Bridging Groups 105 Defining Multicast Forward All Gettinges crac 107 Configuring ETT EE 110 SNMP Melek petites Mie Rete anda ee eet he Maat hee 111 Enabling SNMP asiha et ee edie aia ia 112 Defining SNMP Communes 114 Defining SNMP Groupe occoococccnncccconncncnonnccconcnn cnn c cnn 116 Defining SNMP Users caviar idad 118 Defining SNMP Views 120 Page 2 Table of Contents Configuring SNMP Notifications oooonnnncnnnnnncnnnncnnnccccno conan narnnn rca cnn 122 Defining erte geil eu 122 Defining Notification Filters coso iaa 124 Configuring e e TT 126 Enabling PoE and Setting the Power Threshold cccccceseeeeeeeeeeeeeeeeeeeeesaaeeeeneeeseeeeteneeeea 127 Riet EE 128 Configuring SOS E 132 Enabling Class of Service COS cccccececeeeeneeeeeeeeeeeeaeeeeeeeeeeeaeeeecaeeeceaaeeeeeeeesaeseeeeeeesiaaeeseeeeeeeas 133 Configuring CoS Priorities 2 0 2 ceeceeeceeeeeeeeeee cece eeeeaeeeeeaeeeeeaaeeseeeeeeeeaaeeseeeessaaaesseaeeeesiaeeeeeeeeeeaees 135
105. evice configuration Up to five backup configuration files can be saved on the device with user configured names These files are generated when the user copies the Running Configuration file or the Startup Configuration file to a user named file The contents of the backup configuration files can be copied to either the Running Configuration or the Startup Configuration files Image Files Software upgrades are used when a new version file is downloaded The file is checked for the right format and that it is complete After a successful download the new version is marked and is used after the device is reset There are two types of files firmware files and configuration files The firmware files manage the device while the configuration files configure the device for transmissions Configuration files can be uploaded and downloaded to the device System files are uploaded or downloaded using the Trivial File Transfer Protocol TFTP TFTP utilizes the User Data Protocol UDP without security features N Note Only one type of download or upload can be performed at any one time During upload or download no user configuration can be performed File maintenance includes configuration file management and device access This section describes the following topics Restoring the Default Configuration Defining TFTP File Uploads and Downloads Page 140 Managing System Files Restoring the Default Configuration Restoring the
106. fault value Disable Disables port reauthentication Reauthentication Period Displays the time span in seconds in which the selected port is reauthenticated The field default is 3600 seconds Reauthenticate Now Reauthenticates the port immediately Authenticator State Displays the current authenticator state as defined in Admin Port Control Quiet Period Displays the number of seconds that the device remains in the quiet state following a failed authentication exchange The possible field range is 0 65535 The field default is 60 seconds Resending EAP Defines the amount of time in seconds that lapses before EAP requests are resent The field default is 30 seconds Max EAP Requests Displays the total amount of EAP requests sent If a response is not received after the defined period the authentication process is restarted The field default is 2 retries Supplicant Timeout Displays the amount of time in seconds that lapses before EAP requests are resent to the supplicant The field default is 30 seconds Server Timeout Displays the amount of time in seconds that lapses before the device re sends a request to the authentication server The field default is 30 seconds Termination Cause Indicates the reason for which the port authentication was terminated Click Apply The port authentication configuration is saved and the device is updated Click Save Config on the menu to save the cha
107. figured the Stacking Master must synchronize the Secondary Master The Dynamic configuration is not saved for example dynamically learned MAC addresses are not saved Each port in the stack has a specific Unit ID port type and port number which are part of both the configuration commands and the configuration files Configuration files are managed only from the device Stacking Master including e Saving to the Flash e Uploading configuration files to an external TFTP Server e Downloading configuration files from an external TFTP Server Page 170 Managing Stacking Stacking Overview Whenever a reboot occurs topology discovery is performed and the Master learns all units in the stack Unit IDs are saved in the unit and are learned through topology discovery If a unit attempts to boot without a selected Master and the unit is not operating in stand alone mode the unit does not boot Configuration files are changed only through explicit user configuration Configuration files are not automatically modified when Units are added e Units are removed Units are reassigned Unit IDs e Units toggle between Stacking mode and Stand alone mode Each time the system reboots the Startup configuration file in the Master unit is used to configure the stack If a stack member is removed from the stack and then replaced with a unit with the same Unit ID the stack member is configured with the original device configuration Only ports
108. he SNMP views provide or block access to device features or portions of features For example a view can be defined which provides that SNMP group A has Read Only R O access to Multicast groups while SNMP group B has Read Write R W access to Multicast groups Feature access is granted via the MIB name or MIB Object ID To define SNMP views 1 Click SNMP gt Views The SNMP Views Page opens Figure 77 SNMP Views Page View Name Default Object ID Subtree View Type Included 1 3 6 1 6 3 13 Excluded 1 3 6 1 6 3 16 1 3 6 1 6 3 18 Excluded 3 6 1 6 3 12 1 2 Excluded 3 6 1 6 3 12 1 3 Excluded Copyright 2006 Allied Telesis Inc All rights reserved The SNMP Views Page contains the following fields e View Name Displays the user defined views The view name can contain a maximum of 30 alphanumeric characters e Object ID Subtree Displays the device feature OID included in or excluded from the selected SNMP view e View Type Indicates whether the defined OID branch will be included in or excluded from the selected SNMP view 2 Click Create The Add SNMP View Page opens Page 120 Configuring SNMP Defining SNMP Views Figure 78 Add SNMP View Page View Name interfaces Select from List fip Subtree ID Tree icmp tcp C Insert included Apply _ Close 3 Define the View Name field 4 Select the Subtree ID Tree using the Up
109. he amount of time it takes for network changes additions and moves to be implemented VLANs have no minimum number of ports and can be created per unit per device or through any other logical connection combination since they are software based and not defined by physical attributes VLANs function at Layer 2 Since VLANs isolate traffic within the VLAN a Layer 3 router working at a protocol level is required to allow traffic flow between VLANs Layer 3 routers identify segments and coordinate with VLANs VLANs are Broadcast and Multicast domains Broadcast and Multicast traffic is transmitted only in the VLAN in which the traffic is generated VLAN tagging provides a method of transferring VLAN information between VLAN groups VLAN tagging attaches a 4 byte tag to packet headers The VLAN tag indicates to which VLAN the packets belong VLAN tags are attached to the VLAN by either the end station or the network device VLAN tags also contain VLAN network priority information Combining VLANs and Generic Attribute Registration Protocol GARP allows network managers to define network nodes into Broadcast domains When configuring VLANs ensure the following e When using this feature the management VLAN must exist on each 8000S Series device that you want to manage e All of the devices in an enhanced stack must use the same management VLAN Consequently you must use the following procedure to specify the management VLAN on each slave and m
110. herlike statistics are refreshed every 30 seconds 60 Sec Indicates that the Etherlike statistics are refreshed every 60 seconds No Refresh Indicates that the Etherlike statistics are not refreshed Page 153 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide 2 Frame Check Sequence FCS Errors Displays the number of FCS errors received on the selected interface Single Collision Frames Displays the number of single collision frames received on the selected interface Late Collisions Displays the number of late collision frames received on the selected interface Excessive Collisions Displays the number of excessive collisions received on the selected interface Oversize Packets Displays the number of oversized packet errors on the selected interface Internal MAC Receive Errors Displays the number of internal MAC received errors on the selected interface Received Pause Frames Displays the number of received paused frames on the selected interface Transmitted Paused Frames Displays the number of paused frames transmitted from the selected interface Select the nterface and the Refresh Rate The selected interface s Etherlike statistics are displayed To update the refresh time To change the refresh rate for statistics select another rate from the Refresh Rate dropdown list To reset Etherlike interface statistics counters 1 2 Open the Etherlike Statistic
111. ick System gt Event Log The Event Log Page opens 2 Click View Flash The Flash Log Page opens Figure 53 Flash Log Page Flash TI LogIndex Leg Time 2147422871 26 Sep 2005 14 31 02 2147423105 26 Sep 2005 12 55 03 Description _HTITPS E GETDATEFROMSYS WARNING The if modified since date can OSTICS ERROR in lt RL_vtRepeat gt syntax error in calculating expression Filter 2147423442 26 Sep 2005 12 25 36 P syntax error in calculating expression Filter rIPhDPortsModuleNumber 2147423779 26 Sep 2005 12 22 57 P syntax error in calculating expression Filter rIPhDPortsModuleNumber 2147424116 26 Sep 2005 12 10 58 P syntax error in calculating expression Filter riPhDPortsModuleNumber 2147424453 26 Sep 2005 12 10 53 P syntax error in calculating expression Filter riPhDPortsModuleNumber 2147424648 26 Sep 2005 12 07 39 P_HTTPS E GETDATEFROMSYS WARNING The if modified since date can 2147424817 26 Sep 2005 10 04 04 HTTP_HTTPS E SETTAGDOESNTEXIST PGPRCS Trying to set tag sub 2147424986 26 Sep 2005 10 04 04 HTTP_HTTPS E SETTAGDOESNTEXIST PGPRCS Trying to set tag sub 2147425155 26 Sep 2005 10 03 26 HTTP_HTTPS E SETTAGDOESNTEXIST PGPRCS Trying to set tag sub 2 3 A 5 6 7 8 9 10 11 2147425324 26 Sep 2005 10 03 26 HTTP_HTTPS E SETTAGDOESNTEXIST PGPRCS Trying to set tag sub N 2
112. ield values are Filtering Filters BPDU packets when spanning tree is disabled on an interface Flooding Floods BPDU packets when spanning tree is disabled on an interface This is the default value e Path Cost Default Values Specifies the method used to assign default path cost to STP ports The possible field values are Short Specifies 1 through 65 535 range for port path cost Long Specifies 1 through 200 000 000 range for port path cost This is the default value The Bridge Settings section of the Spanning Tree Page contains the following fields e Priority Specifies the bridge priority value When switches or bridges are running STP each is assigned a priority After exchanging BPDUs the device with the lowest priority value becomes the Root Bridge The default value is 32768 The port priority value is provided in increments of 4096 the value range is 0 65535 e Hello Time Specifies the device Hello Time in seconds The Hello Time is the time interval during which a Root Bridge waits between configuration messages The value range is 1 10 seconds the default value is 2 seconds e Max Age Specifies the device Maximum Age Time in seconds The Maximum Age Time is the time interval during which a bridge waits before sending configuration messages The value range is 6 40 seconds the default value is 20 seconds e Forward Delay Specifies the device Forward Delay Time in seconds The Forw
113. if VLAN registration through GVRP is enabled on the device The possible field values are Enabled Enables GVRP registration on the device Disabled Disables GVRP registration on the device Gg Select the interface Port or Trunk Define the GVRP State and GVRP Registration fields 6 Click Apply The change to the GVRP mode is activated on the selected interface a Page 81 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Section 7 Configuring System Logs This section provides information for managing system logs System logs enable viewing device events in real time and recording the events for later usage System Logs record and manage events and report errors and informational messages This section includes the following topics e Defining Log Settings e Configuring Log Servers e Setting System Log Display e Clearing Event Logs e Viewing Flash Logs Page 82 Defining Log Settings Event messages have a unique format which is the Syslog protocols recommended message format for all error reporting For example Syslog and local device reporting messages are assigned a severity code and include a message mnemonic which identifies the source application generating the message This allows messages to be filtered based on their urgency or relevancy The message severity determines the set of event logging devices that are sent for each event message The default severity for al
114. ing chain topology 169 ring topology 169 Stacking Master 170 STP 95 STP configuration Fast Link 91 System Log configuring display 86 system log configuration 84 severity levels 83 T Terminal Access Controller Access Control System TACACS 38 Time Domain Reflectometry TDR 145 V VLAN 79 access profile interface 29 guest VLAN 46 VLAN aware bridges 79 Z Zoom View 12 47 55 60 76 128 PoE ports 128 port security 47 Page 186 Page 187
115. ing Management Security Mapping Authentication Profiles After authentication profiles are defined they can be applied to management access methods For example console users can be authenticated by Authentication Profile List 1 while Telnet users are authenticated by Authentication Profile List 2 Authentication methods are selected using arrows The order in which the methods are selected is the order by which the authentication methods are used To map authentication methods 1 Click Mgmt Security gt Authentication Mapping The Authentication Mapping Page opens Figure 19 Authentication Mapping Page tem Name 00 00 60 01 22 33 Authentication Mapping Login Enable Console Console Default zi Console Default Telnet Network Default Network Default y Secure Telnet SSH Network Default Network Default Secure HTTP Optional Methods Selected Methods 984x605 HTTP o o D S EI o N o o a Allied Telesyn Inc The Authentication Mapping Page comprises three sections e Authentication Login and Enable e Secure HTTP e HTTP The Authentication Mapping Page contains the following fields e Console Indicates that authentication profiles are used to authenticate console users e Telnet Indicates that authentication profiles are used to authenticate Telnet users e Secure Telnet SSH Indicates that authentication p
116. iority SP allows the prioritization of mission critical time sensitive traffic over less time sensitive applications For example under SP voice over IP VoIP traffic can be prioritized so that it is forwarded before FTP or e mail SMTP traffic e Weighted Round Robin Ensures that a single application does not dominate the device forwarding capacity Weighted Round Robin WRR forwards entire queues in a round robin order All queues can participate in WRR except SP queues SP queues are serviced before WRR queues If the traffic flow is minimal and SP queues do not occupy the whole bandwidth allocated to a port the WRR queues can share the bandwidth with the SP queues This ensures that the remaining bandwidth is distributed according to the weight ratio If WRR is selected the following weights are assigned to the queues 1 2 4 8 This section contains the following topics e Enabling Class of Service CoS e Configuring CoS Priorities e Mapping CoS to Queue e Mapping DSCP to Queue e Configuring Bandwidth QoS Page 132 Configuring Services Enabling Class of Service CoS Enabling Class of Service CoS The CoS Page enables configuring the CoS ports or trunks on the device To configure CoS ports or trunks on the device 1 Click Services gt CoS The CoS Page opens Figure 84 CoS Page Enable Qos Mode Trust Mode Ports Trunks Interface Default CoS Restore Defaults
117. is AT 8000S Switch Web Browser Interface User s Guide Figure 101 Create History Entry Page New History Entry Source Interface Portfel y Trunk i gt Max No of Samples to Keep EA Sampling Interval reno 3 Define the Source Interface Owner Max No of Samples to Keep and Sampling Interval fields 4 Click Apply The new entry is added to the history table and the device is updated To edit an RMON history entry 1 Click Statistics gt RMON History The RMON History Page opens 2 Click Modify The History Control Settings Page opens Figure 102 History Control Settings Page History Entry No Source Interface hz e Portlet E C Tunk E Owner Max No of Samples to Keep Po 50 Sampling Interval 1800 3 Define the fields 4 Click Apply The new entry is added to the history table and the device is updated Page 158 Viewing Statistics Managing RMON Statistics Viewing the RMON History Table The RMON History Table Page contains interface specific statistical network samplings Each table entry represents all counter values compiled during a single sample To view the RMON History Table 1 Click Statistics gt RMON History The RMON History Page opens 2 Click View The RMON History Table Page opens Figure 103 RMON History Table Page SR Seen Se Owner LI layeri C layer C Mgmt Secu
118. istics Managing RMON Statistics Configuring RMON Events TThe RMON Events Page contains fields for defining modifying and viewing RMON events statistics To add an RMON event 1 Click Statistics gt RMON Events The RMON Events Page opens Figure 104 RMON Events Page ree a RMOH Events Owner 2o SA 20D a IA Tag IFA o w e 3 n 28 VPO a a The RMON Events Page contains the following fields Event Entry Displays the event e Community Displays the community to which the event belongs e Description Displays the user defined event description Type Describes the event type Possible values are Log Indicates that the event is a log entry Trap Indicates that the event is a trap Log and Trap Indicates that the event is both a log entry and a trap None Indicates that no event occurred e Time Displays the time that the event occurred e Owner Displays the device or user that defined the event Page 161 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide 2 Click Create The Create Event Entry Page opens Figure 105 Create Event Entry Page Create vent Entry Event Entry Community 1 Default Community Description Type Default Community None y Owner OS 3 Define the Community Description Type and Owner fields 4 Click Apply The event entry is added and the device is
119. itch Web Browser Interface User s Guide Figure 21 Add TACACS Page Host IP Address IT Priority Source IP Address pp 3 IT Use Default Key String I Use Default Authentication Port jaa TimeoutforReply sec D Use Default Single Connection D 3 Define the fields 4 Click Apply The TACACS profile is saved and the device is updated Page 40 Configuring Device Security Configuring Management Security Configuring RADIUS Remote Authorization Dial In User Service RADIUS servers provide additional security for networks RADIUS servers provide a centralized authentication method for web access To configure RADIUS security settings 1 Click Mgmt Protocols gt RADIUS The RADIUS Configuration Page opens Figure 22 RADIUS Configuration Page MAC Addr 00 0C 46 95 B1 32 RADIUS Default Parameters Default Retries Default Timeout for Reply B E Sec Default Dead Time o Min Mgmt Protocols IP Authentication Number of Timeout Dead Key Usage Fl Address Priority Port Retries for Reply Time String Type 1 192 168 1 1 Copyright 2006 Allied Telesis Inc All rights reserved The RADIUS Configuration Page contains the following fields e Default Retries Defines the default number of transmitted requests sent to the RADIUS server before a failure occurs Possible field values are 1 10 Default Timeout for Reply Defi
120. ity queues are supported 2 Modify the Queue values 3 Click Apply The DSCP to Queue mapping is updated Page 137 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Configuring Bandwidth QoS TheBandwidih Page allows network managers to define the bandwidth settings for a specified egress interface Modifying queue scheduling affects the queue settings globally The Bandwidth Page is not used with the Service mode as bandwidth settings are based on services Queue shaping can be based per queue and or per interface Shaping is determined by the lower specified value The queue shaping type is selected in the Bandwidth Page To configure bandwidth 1 Click Services gt Bandwidth The Bandwidth Page opens Figure 89 Bandwidth Page en oe m Name Bandwidth C Trunks Ports Port Ingress Rate Limit Egress Shaping Rates Status Rate Limit CIR CBS 9 o J A Ma afujn ojojaojojojojojojajo ojojojajo 15 e15 zi As a default the Bandwidth Page opens displaying the port options The fields are identical when displaying the trunk CoS The Bandwidth Page contains the following fields e Port Indicates the interface for which the queue shaping information is displayed The field values are e Of Unit Indicates the stacking members for which the bandwidth settings are displ
121. ix Length Defines the number of bits that comprise the source IP address prefix or the network mask of the source IP address Action Defines the action attached to the rule The possible field values are Permit Permits access to the device Deny Denies access to the device This is the default Click Add The Add Profile Rule Page opens Figure 14 Add Profile Rule Page 3 4 5 Add ProfieRule Access Profile Name FT Interface API Port of Unit gt Priority Trunk E e van gt Management Method T Source IP Address All S IT Action Network Mask Permit y IE Prefix Length Define the fields Click Apply The profile rule is added to the access profile and the device is updated Click Save Config on the menu to save the changes permanently Page 32 To modify an access rule Configuring Device Security Configuring Management Security 1 Click Mgmt Security gt Profile Rule The Profile Rules Page opens 2 Click Modify The Profiles Rules Configuration Page opens Figure 15 Profiles Rules Configuration Page Profies Rules Configuration Access Profile Name AP1 Priority Management Method All a Action Permit y l Interface Port 13 Trunk 13 VLAN ia FT Source IP Address E Network Mask S Prefix Length 3 Define the fields 4 Click Apply The profile rule is save
122. k environment as well as to monitor them to evaluate performance or detect potential problems Managed devices supporting SNMP contain software which runs locally on the device and is referred to as an agent A defined set of variables known as managed objects is maintained by the SNMP agent and used to manage the device These objects are defined in a Management Information Base MIB that provides a standard presentation of the information controlled by the agent SNMP defines both the format of the MIB specifications and the protocol used to access this information over the network The switch includes an onboard agent that supports SNMP versions 1 2c and 3 This agent continuously monitors the status of the switch hardware as well as the traffic passing through its ports Access to the onboard agent using SNMP v1 and v2c is controlled by community strings To communicate with the switch the management station must first submit a valid community string for authentication Access to the switch using SNMPv3 provides additional security features that cover message integrity authentication and encryption as well as controlling user access to specific areas of the MIB tree The SNMPv3 security structure consists of security models with each model having its own security levels There are three security models defined SNMPv1 SNMPv2c and SNMPv3 Users are assigned to groups that are defined by a security model and specified security lev
123. l Administrator System Name IP Address Administrator Subnet Mask Comments Default Gateway DHCP Configuration Enable MAC Address Aging Time Disable 300 Sec Page 11 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Using the Web Browser Interface This section provides general information about the interface and describes the following topics e Viewing the Device Representation e User Interface Components e Using the Management Buttons e Using the Management Buttons e Adding Modifying and Deleting Information Viewing the Device Representation Zoom Views provide a graphical representation of the device ports The Port Settings Page displays an example of the Zoom View with a detailed graphical representation of the device ports To open a zoom view of device ports e Click Layer 1 gt Port Settings The Port Settings Page opens Figure 4 Port Settings Page Port Settings Layer 1 The port status indicators vary with context for example the general port status indicators are as in the figure above while port mirror indicators are different Indicator legend descriptions are provided with each context of the specific Zoom View Page 12 User Interface Components The System General Page example shows the interface components Figure 5 System General Page Getting Started Using the Web Browser Interface o 0 D
124. l is currently enabled for the selected port This is the default value Page 57 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide an Disable Indicates that flow control is currently disabled for the selected port MDI MDIX Displays the MDI MDIX status on the port Hubs and switches are deliberately wired opposite the way end stations are wired so that when a hub or switch is connected to an end station a straight through Ethernet cable can be used and the pairs are matched up properly When two hubs or switches are connected to each other or two end stations are connected to each other a crossover cable is used to ensure that the correct pairs are connected The possible field values are Auto Use to automatically detect the cable type MDI Media Dependent Interface Use for end stations MDIX Media Dependent Interface with Crossover Use for hubs and switches Define the fields Click Apply The port settings are saved and the device is updated The Port Settings Page is displayed Click Save Config on the menu to permanently save the change Page 58 Configuring Ports Configuring Port Mirroring Configuring Port Mirroring Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from one port to a monitoring port Port mirroring can be used as a diagnostic tool as well as a debugging feature Port mirroring also ena
125. l logs is Informational with the exception of logs in the Remote Log Server which are Error Configuring System Logs Defining Log Settings The following table lists the available system log severity levels and the corresponding messages Table 3 System Log Severity Levels Severity Level Description Message Emergency 0 The highest warning level If the device is down or not functioning properly an emergency log message is saved to the specified logging location The system is not functioning Alert Critical The second highest warning level An alert log is saved if there is a serious device malfunction For example all device features are down The third highest warning level A critical log is saved if a critical device malfunction occurs For example two device ports are not functioning while the rest of the device ports remain functional The system needs immediate attention The system is in a critical state Error A device error has occurred For example a single port is offline A system error has occurred Warning The lowest level of a device warning The device is functioning but an operational problem has occurred A system warning has occurred Notice The system is functioning properly but a system notice has occurred The system is functioning properly but a system notice has occurred Informational Provides device information
126. lick RMON Event to return to the RMON Events Page Page 163 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Defining RMON Alarms The RMON Alarm Page contains fields for setting network alarms Network alarms occur when a network problem or event is detected Rising and falling thresholds generate events To set RMON alarms 1 Click Statistics gt Alarm The RMON Alarm Page opens Figure 108 RMON Alarm Page Alarm Counter Rising D i Entry Counter Name Interface Value Sample Type Threshold Rising Event 7 efi Total Bytes Octets Receive 1 0 Absolute 100 1 Default Description o 0 o D ES 2 Es EN o N Ei o nm The RMON Alarm Page contains the following fields Alarm Entry Indicates a specific alarm Counter Name Displays the selected MIB variable Interface Displays interface for which RMON statistics are displayed The possible field values are Port Displays the RMON statistics for the selected port LAG Displays the RMON statistics for the selected LAG Counter Value Displays the selected MIB variable value Sample Type Defines the sampling method for the selected variable and comparing the value against the thresholds The possible field values are Delta Subtracts the last sampled value from the current value The difference in the values is compared to the threshold Page 16
127. lity Indicates that all trunk speeds and duplex mode settings are accepted 10 Half Indicates that the trunk advertises for a 10 Mbps speed trunk and half duplex mode setting 10 Full Indicates that the trunk advertises for a 10 Mbps speed trunk and full duplex mode setting 100 Half Indicates that the trunk advertises for a 100 Mbps speed trunk and half duplex mode setting 100 Full Indicates that the trunk advertises for a 100 Mbps speed trunk and full duplex mode setting Page 65 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide 1000 Full Indicates that the trunk advertises for a 1000 Mbps speed trunk and full duplex mode setting e Back Pressure Displays the back pressure mode on the trunk Back pressure mode is used with half duplex mode to disable trunks from receiving messages Flow Control Displays the flow control status on the trunk Operates when the trunk is in full duplex mode Enable Indicates that flow control is currently enabled for the selected trunk This is the default value Disable Indicates that flow control is currently disabled for the selected trunk e MDI MDIX Displays the MDI MDIX status on the trunk Hubs and switches are deliberately wired opposite the way end stations are wired so that when a hub or switch is connected to an end station a straight through Ethernet cable can be used and the pairs are matched up properly Whe
128. lt amp reboot Copies the configuration file on the TFTP server Page 142 Managing System Files Defining TFTP File Uploads and Downloads Boot Downloads or uploads the Boot file Note The configuration file is copied only to the Master Unit since this unit controls the entire stack The configuration file is automatically synchronized with the configuration file on the Backup Unit so that in the event of failure of the Master Unit the Backup Unit takes over immediately with the same configuration information Page 143 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide To download or upload TFTP Files 1 Select the TFTP Operation type upload or download 1 Define the fields 2 Select the Boot Type 3 Click Apply The Firmware Copy section of the File System Page contains the following fields e Copy Master Firmware Copies the Firmware from the the Stacking Master e Source Specifies the file to be copied Software Image Downloads the Image file Boot Code Downloads the Boot file e Destination Unit Downloads firmware to the designated unit The values are Unit Copies the Firmware to a specific stacking member The possible field values are stacking members 3 6 and backup All Copies the Firmware to all stacking member To copy firmware 1 Click Copy Master Firmware The copy firmware parameters are activated 2 Select the Source and the Destination
129. me ay Access Level Configuration Password dd Confirm Password legeeeeeeegegegeger 3 Define the User Name Access Level Password and Confirm Password fields 4 Click Apply The local user settings are defined and the device is updated Page 44 Configuring Device Security Configuring Network Security Configuring Network Security Network security manages locked ports This section contains the following topics e Network Security Overview e Managing Port Security e Defining 802 1x Port Access e Enabling Storm Control Page 45 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Network Security Overview Port based authentication provides traditional 802 1x support as well as Guest VLANs Guest VLANs limited network access to authorized ports If a port is denied network access via port based authorization but the Guest VLAN is enabled the port receives limited network access For example a network administrator can use Guest VLANs to deny network access via port based authentication but grant Internet access to unauthorized users Managing Port Security Network security can be increased by limiting access on a specific port only to users with specific MAC addresses The MAC addresses can be dynamically learned or statically configured Locked port security monitors both received and learned packets that are received on specific ports Access to the locked port is limit
130. mic forwarding databases e Section 10 Configuring SNMP Provides information for configuring SNMP access and management e Section 11 Configuring Power Over Ethernet Provides information for configuring Power over Ethernet PoE on the device e Section 12 Configuring Services Provides information for configuring Quality of Service CoS parameters e Section 13 Managing System Files Provides information for managing system files e Section 14 Viewing Statistics Provides information about viewing device statistics including Remote Monitoring On Network RMON statistics and device history events e Section 15 Managing Stacking Provides information for stacking including a stacking overview Intended Audience This guide is intended for network administrators familiar with IT concepts and terminology Page 7 Page 7 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Document Conventions This document uses the following conventions N Note Provides related information or information of special importance Caution Indicates potential damage to hardware or software or loss of data i Warning Indicates a risk of personal injury Contacting Allied Telesis This section provides Allied Telesis contact information for technical support as well as sales or corporate information Online Support Email and Telephone S
131. mirroring information is updated The port mirror is now active on the device You can connect a data analyzer to the destination port to monitor the traffic on the source ports Click Save Config on the menu to permanently save the change Page 60 Configuring Ports Configuring Port Mirroring To modify or delete a port mirror 1 2 3 4 a Click Layer 1 gt Port Mirroring The Port Mirroring Page opens Click Modify The Modify Mirror Page opens Click the checked Enable Mirror to disable the option Modify the mirror settings on the port s by toggling the port until the required mirror indicator is displayed To delete the port mirror toggle a port to its original black state Click Enable Mirror to enable the mirror again Click Apply The destination port is modified If indicated as black the port is deleted from port mirrors list and is available for normal network operations Click Save Config on the menu to permanently save the change Page 61 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Aggregating Ports Link Aggregation optimizes port usage by linking a group of ports together to form a single LAG Aggregating ports multiplies the bandwidth between the devices increases port flexibility and provides link redundancy The device supports both static LAGs and Link Aggregation Control Protocol LACP LAGs LACP LAGs negotiate aggregating port links with other LACP ports loca
132. mode f Select Terminal keys for Function Arrow and Ctrl keys Ensure that the setting is for Terminal keys not Windows keys NI Note When using HyperTerminal with Microsoft Windows 2000 ensure that you have Windows 2000 Service Pack 2 or later installed With Windows 2000 Service Pack 2 the arrow keys function properly in HyperTerminal s VT100 emulation Go to www microsoft com for information on Windows 2000 service packs CLI can be accessed through the Terminal The device is now ready to download the system software Initial Configuration Before a device can download system software the device must have an initial configuration of IP address and network mask Before assigning a static IP address to the device obtain the following information from the network administrator e A specific IP address allocated by the network administrator for the switch to be configured Network mask for the network Page 174 Downloading Software with CLI Initial Configuration After making any configuration changes the new configuration must be saved before rebooting To save the configuration enter the following CLI command The following prompt is displayed Console copy running config startup config Configuration The initial configuration which starts after the device has booted successfully includes static IP address and subnet mask configuration and setting user name and privilege level to allow remo
133. mporary Indicates that the output is of the temporary memory log Syslog Indicates that the output is of a a system log Flash Indicates that the output is of a Flash memory log e IP Address Displays the defined IP address of the syslog server e Minimum Severity Indicates the defined minimum severity level Page 84 Configuring System Logs Clearing Event Logs e Description Provides additional information about the syslog server 2 Define the Minimum Severity for the log 3 Click Apply Logging is enabled on the device Clearing Event Logs To clear all events from the log 1 Click System gt Event Log The Event Log Page opens 2 Click Clear Logs The stored logs are cleared If logging is enabled the system begins to log new events Configuring Log Servers To add a log server 1 Click System gt Event Log The Event Log Page opens 2 Selecta Log Type in the Configure Log Outputs table 3 Click Create The Add Syslog Server Page opens Figure 51 Add Syslog Server Page Log Server IP Address Description AA UDP Port fo y Facility Minimum Severity Local 0 y Emergency y _Apply Close The Add Syslog Server Page contains the following fields e Log Server IP Address Defines the IP address of the syslog server e UDP Port Defines the UDP port to which the server logs are sent The possible range is 1 65535 The default value is 514 e
134. n o E D a E o D o o a Allied Telesyn Inc All rights reserved The Local Users Page displays the list of currently defined local users and contains the following fields e User Name Displays the user s name e Access Level Displays the user access level The lowest user access level is 1 and the highest is 15 Users assigned access level 1 have read write access to the device User assigned a access level of 15 have read only access The possible field values are Configuration Provides configuration device privileges Monitoring Provides device Read and Read Write privileges Page 43 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide 2 Click Create The Add Local User Page opens Figure 25 Add Local User Page User Name Ir Access Level Configuration Password Ir Confirm Password tC In addition to the fields in the Local Users Page the Add Local User Page contains the following fields e Password Defines the local user password Local user passwords can contain up to 159 characters e Confirm Password Verifies the password 3 Define the fields 4 Click Apply The user is added to the Local Users table and the device is updated To modify local users 1 Click Mgmt Security gt Local Users The Local Users Page opens 2 Click Modify The Local User Configuration Page opens Figure 26 Local User Configuration Page User Na
135. n two hubs or switches are connected to each other or two end stations are connected to each other a crossover cable is used to ensure that the correct pairs are connected The possible field values are Auto Use to automatically detect the cable type MDI Media Dependent Interface Use for end stations MDIX Media Dependent Interface with Crossover Use for hubs and switches Modify the fields 4 Click Apply The Trunk settings are saved and the device is updated Gei Page 66 Defining Port Trunking The Port Trunking Page displays information about the defined trunks To modify Port Trunking settings Click Layer 1 gt Port Trunking The Trunk Settings Page opens 1 Figure 39 Port Trunking Page Configuring Ports Aggregating Ports 1 Name 00 00 b0 01 22 zer E Port Trunking Layer 1 2 ae gt o sav oars zag Pe F SSA o fue 83 cm O PIO aan Trunk Name Link State Link Not Present Member Link Not Present The Port Trunking Page contains information about all port trunks currently defined on the device The following information is displayed N Trunk Displays the ID number of the trunk Name Displays the name of the trunk The name can be up to sixteen alphanumeric characters No spaces or special characters such as asterisks and exclamation points are allowed Each trunk must be given a unique name
136. nd managing the device The device management methods include e All e Telnet e Secure Telnet SSH e HTTP Management access to different management methods may differ between user groups For example User Group 1 can access the device module only via an HTTPS session while User Group 2 can access the device module via both HTTPS and Telnet sessions The Access Profile Page contains the currently configured access profiles and their activity status Assigning an access profile to an interface denies access via other interfaces If an access profile is assigned to any interface the device can be accessed by all interfaces To define access profiles 1 Click Mgmt Security gt Access Profile The Access Profile Page opens Figure 11 Access Profile Page Access Profiles Access Profile Name Current Active Access Profile None 9 Console Only C 996x623 The Access Profile Page contains a table listing the currently defined profiles and their active status Access Profile Name The name of the profile The access profile name can contain up to 32 characters Current Active Access Profile Indicates if the profile is currently active The possible field values are Page 28 2 Configuring Device Security Configuring Management Security Checked The access profile is currently active Access Profiles cannot be deleted when active Unchecked Disables the active acces
137. nds between traps The possible field range is 1 1 000 000 seconds and the default is 10 seconds Action On Violation Indicates the intruder action defined for the port Indicates the action to be applied to packets arriving on a locked port The possible values are Forward Forwards packets from an unknown source without learning the MAC address Discard Discards packets from any unlearned source This is the default value Shutdown Discards packets from any unlearned source and shuts down the port The port remains shut down until reactivated or until the device is reset Max Entries Specifies the number of MAC addresses that can be learned on the port before the port is locked The field range is 1 128 The default is 1 Lock Interface Locks the interface Select the security mode for the selected port s Click Apply The port security settings are saved and the device is updated Page 48 Configuring Device Security Configuring Network Security 6 Click Save Config on the menu to save the changes permanently Defining 802 1x Port Access The 802 1x Port Access Page allows enabling port access globally defining the authentication method and configuration of port roles and settings To configure 802 1x port access parameters 1 Click Network Security gt 802 1x Port Access The 802 1x Port Access Page opens Figure 29 802 1x Port Access Page o 0 og lt a F
138. ned information can be added modified or deleted in specific WBI pages To add information to tables or WBI pages 1 Open a WBI page 2 Click Add An Add page opens for example the Add Local User Page Figure 6 Add Local User Page User Name Ir Access Level Configuration Password es Confirm Password Lo i Apply cose 3 Define the fields 4 Click Apply The configuration information is saved and the device is updated To modify information in tables or WBI pages 1 Open a WBI page 2 Select a table entry 3 Click Modify A Modify or Settings page opens for example the Local User Settings Page Figure 7 Local User Settings Page User Name a Access Level Configuration Password Confirm Password 4 Define the fields 5 Click Apply The fields are modified and the information is saved to the device Page 15 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide To delete information in tables or WBI pages 1 Open the WBI page 2 Select a table row 3 Click Delete The information is deleted and the device is updated Saving Configurations User defined information can be saved for permanent use or until next update not just for the current session A configuration is saved as permanent by copying the current Running Configuration file to the Startup Configuration file To save changes permanently e Click Save Config on the menu
139. nes the default time interval in seconds that passes before the connection between the device and the TACACS server times out The field range is 1 60 seconds and the default is 10 seconds e Default Dead Time Defines the default amount of time in minutes that a RADIUS server is bypassed for service requests The range is 0 2000 e Server Displays the RADIUS server number e IP Address Displays the RADIUS server IP address e Priority Displays the RADIUS server priority The possible values are 1 65535 where 1 is the highest value The RADIUS server priority is used to configure the server query order e Authorization Port Identifies the authentication port The authentication port is used to verify the RADIUS server authentication The authenticated port default is 1812 e Number of Retries Defines the number of transmitted requests sent to the RADIUS server before a failure occurs Possible field values are 1 10 Page 41 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide 2 Timeout for Reply Defines the time interval in seconds that passes before the connection between the device and the RADUIUS server times out The field range is 1 60 seconds and the default is 10 seconds Dead Time Defines the amount of time in minutes that a RADIUS server is bypassed for service requests The range is 0 2000 The default is O minutes Key String Defines the default key string used f
140. nfiguring SNMP Defining SNMP Communities Read Write Management access is read write and changes can be made to the device configuration but not to the community SNMP Admin User has access to all device configuration options as well as permissions to modify the community e View Name Contains a list of user defined SNMP views SNMP Communities Advanced Table The SNMP Communities Advanced Table contains the following fields e Management Station Displays the management station IP address for which the advanced SNMP community is defined e Community String Defines the password used to authenticate the management station to the device e Group Name Defines advanced SNMP community group names To modify SNMP community settings 1 Select an SNMP community entry in the Basic table or in the Advanced Table 2 Click Modify The SNMP Community Settings Page opens Figure 71 SNMP Community Settings Page SNMP Management Station 10 6 39 16 y Community String comstring y Access Mode Read Only x Basic M View Name Default v C Advanced Group Name test z 3 Define the SNMP Management Community String Access Mode Group Name and Basic or Advanced fields 4 Click Apply The SNMP community settings are modified and the device is updated Page 115 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Defining SNMP Groups The provides information f
141. ng Members AAA 171 Configuring Stacking Management ooocccnnnncccnnoncnnnnoccnnnnnnnnnnn ccoo rn nn 172 Connecting a KC NEEN 174 Initial Configuratio EE 174 Configuration175 Static IP Address and Subnet Mask175 User Name176 Page 3 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Downloading SoftWare iiaia aa apaa aA aa aA aa a Aa aaa AAAA E ARAE Ea aaie 176 Standalone Device Software Download176 Stacking Member Software Download177 RS 232 Port Settings EE 181 Port DetaUllS iii ci id A rita ita Edad ta 181 Configuration Defaults 0 00 AA eal rae aan 181 Security Detauliss ico mai ais aa 181 System Time Detalla AA oia 182 Spanning Tres Deal iia aiii AAA aa taa EE AR 182 Address lable Detaglte 0020 A A Ed 182 VLAN Defaults ici rd bs 183 Trunking Defaut S vicio a a ie ea be 183 Multicast DETQUIES cdi dr dada da 183 Page 4 Table of Contents Page 5 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Preface This guide contains instructions on how to configure an AT 8000S Series Layer 2 Fast Ethernet Switch using the interface in the Embedded Management System EWS The Embedded Management System enables configuring monitoring and troubleshooting of network devices remotely via a web browser The web pages are easy to use and easy to navigate This preface provides an overview of the Web Browser Interface User s Guide and includes the following sections e Web Browser In
142. nges permanently Page 51 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Enabling Storm Control Storm control limits the amount of unknown Unicast Multicast and Broadcast frames accepted and forwarded by the device When Layer 2 frames are forwarded Broadcast and Multicast frames are flooded to all ports on the relevant VLAN This occupies bandwidth and loads all nodes on all ports A Broadcast Storm is a result of an excessive amount of broadcast messages simultaneously transmitted across a network by a single port Forwarded message responses are heaped onto the network straining network resources or causing the network to time out Storm control is enabled for all ports by defining the packet type and the rate the packets are transmitted The system measures the incoming Broadcast and Multicast frame rates separately on each port and discards the frames when the rate exceeds a user defined rate The Storm Control Page provides fields for configuring broadcast storm control To enable storm control 1 Click Network Security gt Storm Control The Storm Control Page opens Figure 31 Storm Control Page The Storm Control Page displays the Zoom View of device ports 2 Select a port to configure The port indicator changes to Port is selected white 3 Click Modify The Storm Control Configuration Page opens Page 52 Configuring Device Security Configuring Network Security Figur
143. nit Indicates the unit port IP on which the cable is tested Trunks Indicates the LAG on which the cable is tested Port Displays the port IP address on which the cable is tested Temperature Displays the temperature C at which the cable is operating Voltage Displays the voltage at which the cable is operating Current Displays the current at which the cable is operating Output Power Indicates the rate at which the output power is transmitted Input Power Indicates the rate at which the input power is transmitted Transmitter Fault Indicates if a fault occurred during transmission Loss of Signal Indicates if a signal loss occurred in the cable Data Ready Indicates the transceiver has achieved power up and data is ready ye D Page 147 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Resetting the Device Restoring the Default Configuration File To reset the device 1 Click Utilities gt Reset The Reset Page opens Figure 96 Reset Page Reset the device by selecting Reset Utilities o o D E 2 Ed EI o N o E a Allied Telesyn Inc All rights reserved 2 Select the Reset Unit No 3 Click Reset The confirmation message appears informing that reset ends the management session 4 Click OK The device is reset Page 148 Managing System Files Resetting the Device Page 149 Allied Telesis AT 8000S Switch
144. not use Daylight Saving Time Spain From the last weekend of March until the last weekend of October Sweden From the last weekend of March until the last weekend of October Switzerland From the last weekend of March until the last weekend of October Syria From March 31 until October 30 Taiwan Taiwan does not use Daylight Saving Time Turkey From the last weekend of March until the last weekend of October United Kingdom From the last weekend of March until the last weekend of October United States of America From the first Sunday in April at 02 00 to the last Sunday in October at 02 00 Page 21 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Setting the System Clock The System Time Page contains fields for defining system time parameters for both the local hardware clock and the external SNTP clock If the system time is kept using an external SNTP clock and the external SNTP clock fails the system time reverts to the local hardware clock Daylight Savings Time can be enabled on the device To configure the system clock time 1 Click System gt System Time The System Time Page opens Figure 10 System Time Page The Leg ugi em Name 00 00 b0 01 22 33 dr Clock Source System Cor eee Local Settings L Lager C SNTP L Mgmt Security snmp Mgmt Protocols __ Network Security Syst
145. nterface User s Guide e Cable Length Indicates the approximate cable length This test can only be performed when the port is up and operating at 1 Gbps 2 Select the Unit Number and the Port Click Test The cable test is performed 4 Click Advanced The Copper Cables Extended Feature Page opens and the copper cable test results are displayed Go Figure 94 Copper Cables Extended Feature Page 1 zez Cable Status Speed Bad Cable 1000 MB s Link Status Up Distance to ble Fault Status geed SES 73M 75M 75M Channel Polarity A Normal D Normal C Normal Normal Page 146 Managing System Files Viewing Optical Transceivers Viewing Optical Transceivers The Optical Transceivers Page allows network managers to perform tests on Fiber Optic cables Optical transceiver diagnostics can be performed only when the link is present To view transceiver diagnostics 1 Click Utilities gt Optical Transceivers The Optical Transceivers Page opens Figure 95 Optical Transceivers Page Transceivers gt Output Input Transmitter Loss of Data Port Temperature Voltage Current Power Power Fault Signal Ready 1 e1 True True True Utilities Copyright 2006 Allied Telesis Inc All rights reserved The Optical Transceivers Page contains the following fields Ports of U
146. obal GVRP parameters are saved and the device is updated Click Save Config on the menu to permanently save the change Select Port and Unit or Trunk Click Modify The GVAP Port Configuration Page opens Page 80 Configuring Interfaces Configuring VLANs Enabling Disabling GVRP on a Port To modify the GVRP ports 1 Click Layer 2 gt GVRP The GVRP Page opens 2 Select Port and Unit or Trunk in the GVRP Port Configuration section 3 Click Modify The GVAP Port Configuration Page opens Figure 49 GVRP Port Configuration Page Interface Potje Ze Trunk 7 2 GVRP State Disable y Dynamic VLAN Creation Enable y GVRP Registration Enable y e Unit Number The stacking member for which the GVRP parameters are displayed e interface Displays the port on which GVRP is enabled The possible field values are Port Indicates the port number on which GVRP is enabled LAG Indicates the LAG number on which GVRP is enabled e GVRP State Indicates if GVRP is enabled on the port The possible field values are Enabled Enables GVRP on the selected port Disabled Disables GVRP on the selected port e Dynamic VLAN Creation Indicates if Dynamic VLAN creation is enabled on the interface The possible field values are Enabled Enables Dynamic VLAN creation on the interface Disabled Disables Dynamic VLAN creation on the interface e GVRP Registration Indicates
147. ollowing topics Defining Port Settings Configuring Port Mirroring Aggregating Ports Configuring LACP Page 54 Configuring Ports Defining Port Settings Defining Port Settings The Port Settings Page contains fields for defining port parameters To define port general settings 1 Click Layer 1 gt Port Settings The Port Settings Page opens Figure 33 Port Settings Page Port Settings Layer 1 The Port Settings Page contains the Zoom View of the device ports The possible port settings are Port is active Indicates the port is linked Port is inactive Indicates the port is not linked d Portis disabled Indicates that the port is disabled Portis selected Indicates that the port is selected for modification 2 Select the port s Clicking a port toggles it through the possible settings 3 Click Modify The Modify Port Settings Page opens Page 55 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Figure 34 Modify Port Settings Page AAA Port Description Port Type Admin Status Up y Current Port Status Reactivate Suspended E Operational Status Admin Speed Active Enable y Cwurent Port Speed Admin Duplex Curent Duplex Mode Auto Negotiation Unknown Disable y Curent Auto Negotiation Admin Advertisement Enable M Max Capability IT 10 Half 7 10 Full 7 100 Half FF 100 Full I 1000 Full Curent Advertisement Neighbor Advertisement 10 Half 1
148. ology to test the quality and characteristics of a copper cable attached to a port Cables up to 120 meters long can be tested Cables are tested when the ports are in the down state with the exception of the Approximated Cable Length test To perform a copper cable test 1 Click Utilities gt Cable Test The Cable Test Page opens Figure 93 Cable Test Page n Name Leg Ed 00 00 b0 01 22 33 Cable Test Port Test Result Cable Fault Distance Last Update Cable Length Utilities Erro o SC gas 5 d e 13 w 835 229 23 Ei ang ojfojajojajojajajojojojajo fojaojalo The Cable Test Page displays the following information Unit Number Indicates the stacking member for which the Ethernet ports information is displayed e Port Specifies the port to which the cable is connected Test Result Displays the cable test results Possible values are No Cable Indicates that a cable is not connected to the port Open Cable Indicates that a cable is connected on only one side Short Cable Indicates that a short has occurred in the cable OK Indicates that the cable passed the test Cable Fault Distance Indicates the distance from the port where the cable error occurred Last Update Indicates the last time the port was tested Page 145 Allied Telesis AT 8000S Switch Web Browser I
149. opy command to download the boot file Console copy tftp 172 16 101 101 file2 rfb boot Accessing file file2 on 172 16 101 101 Loading filel from 172 16 101 101 PELEEEEEEEEE EPP P eee eee eee eee eee ees 09 Jul 2006 03 15 21 SCOPY W TRAP The copy operation was completed successfully j Copy 3329361 bytes copied in 00 03 00 hh mm ss Page 176 Downloading Software with CLI Downloading Software 3 Enter the bootvar command to determine which file contains the boot file By default the inactive image area contains the newly downloaded boot file Console show bootvar Images currently available on the FLASH image 1 active selected for next boot image 2 not active 4 Enter the boot system command to change the booting image to the currently inactive image In the example it is image 2 which has the latest downloaded boot file Console boot system image 2 5 Enter the copy command to download the system file Console copy tftp 172 16 101 101 filel ros image Accessing file filel on 172 16 101 101 Loading filel from 172 16 101 101 riera eee eee eee eee ees 09 Jul 2006 03 22 27 SCOPY W TRAP The copy operation was completed successfully j Copy 6720861 bytes copied in 00 05 00 hh mm ss 6 Reboot the device The device boots up with the updated boot and system files Stacking Member Software Download Ensure the stack has been co
150. or authenticating and encrypting all RADIUS communications between the device and the RADIUS server This key must match the RADIUS encryption Usage Type Specifies the RADIUS server authentication type The default value is All The possible field values are Log in Indicates the RADIUS server is used for authenticating user name and passwords 802 1X Indicates the RADIUS server is used for 802 1X authentication All Indicates the RADIUS server is used for authenticating user names and passwords and 802 1X port authentication Click Create The Add RADIUS Page opens Figure 23 Add RADIUS Page 3 4 Host IP Address Priority Authentication Port 1812 Number of Retries Default M Use Default Timeout for Reply Dea Se M Use Default Dead Time DS Min Use Default Key String Alpha Numeric I Use Default Source IP Address Demm M Use Default Usage Type All y Define the fields Click Apply The RADIUS profile is saved and the device is updated Page 42 Configuring Device Security Configuring Management Security Configuring Local Users Network administrators can define users passwords and access levels for users using the Local Users Page To configure local users and passwords 1 Click Mgmt Security gt Local Users The Local Users Page opens Figure 24 Local Users Page ee a r 00 00 b0 01 22 33 User Name Access Level Cilia Configuratio
151. or creating SNMP groups and assigning SNMP access control privileges to SNMP groups Groups allow network managers to assign access rights to specific device features or feature aspects To define an SNMP group 1 Click SNMP gt Groups The SNMP Group Page opens Figure 72 SNMP Group Page Group Name Security Model Security Level Operation Read Write Notify Allied Telesyn Inc o o 0 D S Ea E o N E E Et The SNMP Group Page contains the following fields e Group Name Displays the user defined group to which access control rules are applied The field range is up to 30 characters e Security Model Defines the SNMP version attached to the group The possible field values are SNMPv1 SNMPV1 is defined for the group SNMPv2c SNMPv2c is defined for the group SNMPv3 SNMPv3 is defined for the group e Security Level Defines the security level attached to the group Security levels apply to SNMPv3 only The possible field values are No Authentication Indicates that neither the Authentication nor the Privacy security levels are assigned to the group Authentication Authenticates SNMP messages and ensures that the SNMP message s origin is authenticated Privacy Encrypts SNMP messages e Operation Defines the group access rights The possible field values are Page 116 Configuring SNMP Defining SNMP Groups
152. ot delivering power to the interface Test Fail Indicates the powered device test has failed For example a port could not be enabled and cannot be used to deliver power to the powered device Testing Indicates the powered device is being tested For example a powered device is tested to confirm it is receiving power from the power supply Searching Indicates that the device is currently searching for a powered device Searching is the default PoE operational status Fault Indicates that the device has detected a fault on the powered device For example the powered device memory could not be read Page 129 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide 3 Modify the Admin Mode and Priority Level fields 4 Click Apply The PoE settings are saved and the device is updated 5 Click Save Config on the menu to save the settings permanently Page 130 Configuring Power Over Ethernet Defining PoE Settings Page 131 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Section 12 Configuring Services This section describes Quality of Service related configurations After packets are assigned to a specific egress queue Class of Service CoS services can be assigned to the queue Egress queues are configured with a scheduling scheme by one of the following methods e Strict Priority Ensures that time sensitive applications are always forwarded Strict Pr
153. ot use Daylight Saving Time Canada From the first Sunday in April until the last Sunday of October Daylight Saving Time is usually regulated by provincial and territorial governments Exceptions may exist in certain municipalities Cuba From the last Sunday of March to the last Sunday of October Cyprus From the last weekend of March until the last weekend of October Denmark From the last weekend of March until the last weekend of October Egypt From the last Friday in April until the last Thursday in September Estonia From the last weekend of March until the last weekend of October Finland From the last weekend of March until the last weekend of October France From the last weekend of March until the last weekend of October Germany From the last weekend of March until the last weekend of October Greece From the last weekend of March until the last weekend of October Hungary From the last weekend of March until the last weekend of October India India does not use Daylight Saving Time Iran From Farvardin 1 until Mehr 1 Iraq From April 1 until October 1 Ireland From the last weekend of March until the last weekend of October Israel Varies year to year Italy From the last weekend of March until the last weekend of October Japan Japan does not use Daylight Saving Time Jordan From the last weekend of March until the last weekend of October Latvia From th
154. owered device memory could not be read Nominal Power Indicates the actual amount of power the device can supply The field value is displayed in Watts e Consumed Power Indicates the amount of the power used by the device The field value is displayed in Watts e System Usage Threshold Indicates the percentage of power consumed before an alarm is generated The value range is 1 100 percent the default value is 95 percent At the default setting of 95 the threshold is exceeded when the PoE devices require more than 380 W which is 95 of 400 W e Traps Indicate if PoE device traps are enabled The Zoom View shows device ports and indicators of current PoE port status The possible port settings are Portis active Indicates the port is linked Port is inactive Indicates the port is not linked Zei Portis disabled Indicates the port is disabled Port is selected Indicates the port is selected 2 Click the ports to enable Clicking a port toggles it through the possible settings 3 Define the fields 4 Click Apply PoE is enabled on the device and global settings are saved The new threshold is immediately activated on the device 5 Click Save Config on the menu to permanently save the change Defining PoE Settings To modify PoE port settings 1 Inthe Power Over Ethernet Page Zoom View click the port s to modify The port indication changes to Port is selected 2 Click Modify
155. plays the number of CRC and Align errors that have occurred on the interface since the device was last refreshed Undersize Packets Displays the number of undersized packets less than 64 octets received on the interface since the device was last refreshed e Oversize Packets Displays the number of oversized packets over 1518 octets received on the interface since the device was last refreshed e Fragments Displays the number of fragments packets with less than 64 octets excluding framing bits but including FCS octets received on the interface since the device was last refreshed Jabbers Displays the total number of received packets that were longer than 1518 octets This number excludes frame bits but includes FCS octets that had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral octet Alignment Error number The field range to detect jabbers is between 20 ms and 150 ms Collisions Displays the number of collisions received on the interface since the device was last refreshed e Frames of xx Bytes Displays the number of xx byte frames received on the interface since the device was last refreshed 2 Select the nterface and the Refresh Rate The selected interface s RMON statistics are displayed Page 156 Viewing Statistics Managing RMON Statistics Configuring RMON History The RMON History Page contains information about sampl
156. ps occur when alternate routes exist between hosts Loops in an extended network can cause bridges to forward traffic indefinitely resulting in increased traffic and reducing network efficiency The device supports the following STP versions e Classic STP Provides a single path between end stations avoiding and eliminating loops For more information on configuring Classic STP see Configuring Classic Spanning Tree e Rapid STP Detects and uses network topologies that provide faster convergence of the spanning tree without creating forwarding loops For more information on configuring Rapid STP see Configuring Rapid Spanning Tree e Multiple STP Provides various load balancing scenarios For example if port A is blocked in one STP instance the same port can be placed in the Forwarding State in another STP instance For more information on configuring Multiple STP see Configuring Multiple Spanning Tree This section contains the following topics e Configuring Classic Spanning Tree e Defining STP Interfaces e Configuring Rapid Spanning Tree e Configuring Multiple Spanning Tree Page 88 Configuring Spanning Tree Configuring Classic Spanning Tree Configuring Classic Spanning Tree This section contains the following topics e Defining STP Properties e Defining STP Interfaces Defining STP Properties The Spanning Tree Page contains parameters for enabling and configuring STP on the device To enable STP on the de
157. rity SE SE Received Broadcast Multicast CRC Align Undersize Oversize Frasments Jabh snmp ntry ytes Packets Packets Packets Errors Packets Packets gm a O Joo Network Security Services ae L Multicast titties Statistics ero ER z EE Z nas p H u2 L3p ER 5583 aan The RMON History Table Page contains the following fields e History Entry No Displays the history table entry number e Owner Displays the RMON station or user that requested the RMON information The field range is 0 20 characters e Sample No Indicates the sample number from which the statistics were taken e Drop Events Displays the number of dropped events that have occurred on the interface since the device was last refreshed e Received Bytes Octets Displays the number of octets received on the interface since the device was last refreshed This number includes bad packets and FCS octets but excludes framing bits e Received Packets Displays the number of packets received on the interface since the device was last refreshed including bad packets Multicast and Broadcast packets e Broadcast Packets Displays the number of good Broadcast packets received on the interface since the device was last refreshed This number does not include Multicast packets e Multicast Packets Displays the number of good Multicast packets received on the interface since the device was last refreshed
158. rity value influences the port choice when a bridge has two ports connected in a loop The priority value is between 0 240 The priority value is determined in increments of 16 Designated Bridge ID Indicates the bridge priority and the MAC Address of the designated bridge Designated Port ID Indicates the selected port priority and interface Designated Cost Indicates the cost of the port participating in the STP topology Ports with a lower cost are less likely to be blocked if STP detects loops Forward Transitions Indicates the number of times the port has changed from Forwarding state to Blocking state LAG Indicates the LAG to which the port belongs Select the Unit in the STP Interface Configuration section Click Modify The STP Modify Interface Configuration Page opens Page 92 Figure 56 STP Modify Interface Configuration Page Configuring Spanning Tree Configuring Classic Spanning Tree 5 6 7 Select Enable in the STP field Port STP Port Fast Enable Root Guard Port State Speed Path Cost Default Path Cost Priority Designated Bridge ID Designated Port ID Designated Cost Forward Transitions Trunk el y Enable y Disabled z Disabled 100M 2000000 r ha N A N A N A NA Define the Port Fast Enable Root Guard Path Cost Default Path Cost and Priority fields Click Apply STP is enabled on the interface and the device is updated Page
159. rofiles are used to authenticate Secure Shell SSH users SSH provides clients secure and encrypted remote connections to a device e Secure HTTP Indicates that authentication methods are used for secure HTTP access The possible methods are Local Authentication occurs locally RADIUS Authenticates the user at the RADIUS server TACACS Authenticates the user at the TACACS server Page 37 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide None Indicates that no authentication method is used for access HTTP Indicates that authentication methods are used for HTTP access Possible methods are Local Authentication occurs locally RADIUS Authenticates the user at the RADIUS server TACACS Authenticates the user at the TACACS server None Indicates that no authentication method is used for access 2 Define the Console Telnet and Secure Telnet SSH fields 3 Map the authentication method s in the Secure HTTP selection box using the gt arrow 4 Map the authentication method s in the HTTP selection box 5 Click Save Config on the menu to save the changes permanently Configuring Server Based Authentication Network administrators assign authentication methods for user authentication User authentication can be performed locally or on an external server User authentication occurs in the order the methods are selected If the first authentic
160. rowser Interface User s Guide Stacking Members and Unit ID Stacking Unit IDs are essential to the stacking configuration The stacking operation is determined during the boot process The Operation Mode is determined by the Unit ID selected during the initialization process For example if the user selected stand alone mode the device boots as a stand alone device The device units are shipped with the default Unit ID of the stand alone unit If the device is operating as a stand alone unit all stacking LEDs are off Once the user selects a different Unit ID the default Unit ID is not erased and remains valid even if the unit is reset Unit ID 1 and Unit ID 2 are reserved for Master enabled units Unit IDs 3 to 6 can be defined for stack members When the Stacking Master unit boots or when inserting or removing a stack member the Stacking Master initiates a stacking discovering process If two members are discovered with the same Unit ID the stack continues to function however only the unit with the older join time joins the stack A message is sent to the user notifying that a unit failed to join the stack For first time Unit ID assignment see the Installation Guide Removing and Replacing Stacking Members Stacking member 1 and stacking member 2 are Master enabled units Unit 1 and Unit 2 are either designated as Stacking Master or Secondary Master The Stacking Master assignment is performed during the configuration process
161. rrectly connected as descibed in the Allied Telesis AT 8000S Installation Guide Downloading software to Stacking Members can be performed in the following ways e Download the software to an individual device in the stack In this example the software is downloaded to the device defined as Stacking Member number 3 e Download the software to all devices in the stack The character is used instead of the Stacking Member number e The software is downloaded to the device allocated as the Stacking Master defined as Stacking Member number 1 The software is then copied from the Stacking Master to a specified Stacking Member Downloading Software to a Stacking Member To download software an Stacking Member number 3 perform the following 1 Power up the stack as described in the Allied Telesis AT 8000S Installation Guide The CLI command prompt is displayed Console Page 177 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide 2 Enter the copy command to download the boot file Console copy tftp 172 16 101 101 file2 rfb unit 3 boot Accessing file file2 on 172 16 101 101 Loading filel from 172 16 101 101 FAR i eas LE dk ee EI 09 Jul 2006 03 15 21 SCOPY W TRAP The copy operation was completed successfully j Copy 3329361 bytes copied in 00 03 00 hh mm ss 3 Enter the bootvar command to determine which file contains the boot file By default the ina
162. s AT 8000S Switch Web Browser Interface User s Guide Appendix A Downloading Software with CLI This section describes how to download system files and includes the following topics e Connecting a Terminal e Initial Configuration e Downloading Software Connecting a Terminal Before connecting a device ensure that the device has been installed according to the instructions described in the Allied Telesis AT 8000S Installation Guide Once installed the device is connected to a terminal through a console port on the front panel of the 16 port device 24 port and the back panel for the 48 port devices The console connection which enables a connection to a terminal desktop system running a terminal emulation software for monitoring and configuring the device For a stack only the Stacking Master is connected The terminal must be a VT100 compatible terminal or a desktop or portable system with a serial port and running VT100 terminal emulation software To connect a terminal to the device Console port perform the following 1 Connect a cable from the device console port to the terminal running VT100 terminal emulation software 2 Ensure that the terminal emulation software is set as follows a Select the appropriate port to connect to the device b Set the data rate to 9600 baud c Set the data format to 8 data bits 1 stop bit and no parity d Set flow control to none e Under Properties select VT100 for Emulation
163. s Page Click Clear All Counters The Etherlike interface statistics counters are cleared Page 154 Viewing Statistics Managing RMON Statistics Managing RMON Statistics This section contains the following topics e Viewing RMON Statistics e Configuring RMON History e Configuring RMON Events e Defining RMON Alarms Viewing RMON Statistics The RMON Statistics Page contains fields for viewing information about device utilization and errors that occurred on the device The RMON Statistics Page contains statistics for both received and transmitted packets To view RMON statistics 1 Click Statistics gt RMON Statistics The RMON Statistics Page opens Figure 99 RMON Statistics Page sano E system ER TAE Interface Refresh Rate EE Port Of Unit 1 Trmk zl No Refresh 7 E Received Bytes Octets Received Packets ear 99407 510 Mgmt Protocols Broadcast Packets Received Multicast Packets Received Network Security 7 22 Services CRC amp Align Errors Undersize Packets A o Aa Oversize Packets Fragments Jabbers Collisions Save Contig 0 0 E Frames of 64 Bytes Frames of 65 to 127 Bytes L togoue 26368 974 a Aled ees Frames of 128 to 255 Bytes Frames of 256 to 511 Bytes Copyright 2006 3739 6785 Go EE Frames of 512 to 1023 Bytes Frames of 1024 to 1518 Bytes 9131 52410 The RMON Siatistics Page contains the following fields e Interface Indicates the device
164. s are Page 59 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide 2 Active Indicates the port is currently monitored Ready Indicates the port is not currently monitored Click Modify The Modify Mirror Page opens Figure 36 Modify Mirror Page Unit Number H y DMirror Ingress Port Mirror Egress Port Mirror Ingress Egress Port OMirror To Port The Modify Mirror Page contains the following fields Unit Number Displays the stacking member for which the port is defined Zoom View Port Mirror Displays the status of mirror ports and enables port selection The possible values are Oo ON Ei m E IE Mirror to Port Indicates the destination mirror port There can be only one destination port Mirror Ingress Port Indicates that the port is currently defined as source port The port s ingress traffic is mirrored to the destination port Mirror Egress Port Indicates that the port is currently defined as source port The port s egress traffic is mirrored to the destination port Mirror Ingress Egress Port Indicates that the port is currently defined as source port The port s ingress and egress traffic is mirrored to the destination port Click the ports to mirror Clicking a port toggles it through the possible settings Click Enable Mirror Click Apply The port mirror status indicators are updated Click Refresh in the Port Mirroring Page Port
165. s profile Click Add The Add Access Profile Page opens Figure 12 Add Access Profile Page Access Profile Name Rule Priority Management Method All y T Interface e Port e Ze rach Ze vLaN i a M Source IP Address c Network Mask c Prefix Leg Action Permit zl The Add Access Profile Page contains the following fields Access Profile Name Defines the name of a new access profile Rule Priority Defines the rule priority When the packet is matched to a rule user groups are either granted permission or denied device management access The rule number is essential to matching packets to rules as packets are matched on a first fit basis The rule priorities are assigned in the Profile Rules Page Management Method Defines the management method for which the rule is defined Users with this access profile can access the device using the management method selected The possible field values are All Assigns all management methods to the rule Telnet Assigns Telnet access to the rule If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device Secure Telnet SSH Assigns SSH access to the rule If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device HTTP Assigns HTTP access to the rule If selected users accessing
166. s the STP information for Link Aggregated Groups Configuring Spanning Tree Configuring Classic Spanning Tree To assign STP settings to an interface port or LAG Click Layer 2 gt Spanning Tree The Spanning Tree Page opens Click Configure The STP Interface Configuration Page opens 1 2 Figure 55 STP Interface Configuration Page Layer 2 Copyright 2006 Allied Telesis Inc All rights reserved 4 Interface Configuration Unit No 1 Spanning Tree e Ports Of Unit hd e Trunks Port STP Port Fast Designated Bridge ID Root Guard Port Designatec Cost Designated Port ID Lie Auto Disabled Disabled 4096 00 00 b0 fF 28 00 4096 00 00 b0 fF 28 00 Forwarding 128 40 4 Forwarding Root 128 128 40 4 4096 Disabled Forwarding 128 00 00 b0 28 00 128 40 4 Disabled Forwarding 128 REH 128 40 4 00 00 b0 828 00 Disabled Forwarding N A N A The STP Interface Configuration Page contains the following sections Interface Configuration STP Port Parameters table Global System LAGs table The parameters listed in both tables are identical The STP Interface Configuration Page contains the following fields Unit Number Indicates the stacking member for which the STP information is displayed Port Displays the port or LAG on which
167. s to which the traps are sent e Notification Type Displays the type of notification sent The possible field values are Trap Indicates that traps are sent Inform Indicates that informs are sent e User Name Displays the user to which SNMP notifications are sent e Security Level Displays the means by which the packet is authenticated The possible field values are No Authentication Indicates that the packet is neither authenticated nor encrypted Authentication Indicates that the packet is authenticated UDP Port Displays the UDP port used to send notifications The field range is 1 65535 The default is 162 e Filter Name Includes or excludes SNMP filters e Timeout Indicates the amount of time in seconds the device waits before resending informs The field range is 1 300 The default is 15 seconds e Retries Indicates the number of times the device resends an inform request The field range is 1 255 The default is 3 e Remove Deletes the currently selected recipient The possible field values are Checked Removes the selected recipient from the list of recipients Unchecked Maintains the list of recipients 2 Click Create The Create SNMP Notification Recipient Page opens Page 123 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Figure 80 Create SNMP Notification Recipient Page Recipient IP Notification Type
168. t Link Operational Status Disable Port State Disabled Point to Point Admin Status Auto Point to Point Operational Status Enable Activate Protocol Migration Test Page 95 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide 3 Define the STP Fast Link Enable Root Guard Port State Path Cost Default Path Cost and Priority fields 4 Click Apply RSTP is defined for the selected interface and the device is updated 5 Click Save Config on the menu to save changes permanently Configuring Multiple Spanning Tree Multiple Spanning Tree Protocol MSTP provides differing load balancing scenarios For example while port A is blocked in one STP instance the same port can be placed in the Forwarding state in another STP instance The MSTP Page contains information for defining global MSTP settings including region names MSTP revisions and maximum hops This section contains the following topics e Defining MSTP Properties e Defining MSTP Interfaces e Defining MSTP Instances Page 96 Configuring Spanning Tree Configuring Multiple Spanning Tree Defining MSTP Properties To define MSTP 1 Click Layer 2 gt MSTP The MSTP Page opens Figure 59 MSTP Page em Name 00 00 b0 01 22 33 Region Name Revision 00 00 00 01 22 33 0 Max Hops IST Master feo 32768 00 00 b0 01 22 33 Configure Interface Settings Configure Configure Instance Settings
169. te management If the device is to be managed from an SNMP based management station SNMP community strings must also be configured The following basic configurations are required e Static IP Address and Subnet Mask User Name Static IP Address and Subnet Mask IP interfaces can be configured on each port of the device After entering the configuration command it is recommended to check if a port was configured with the IP address by entering the show ip interface command The commands to configure the device are port specific To manage the switch from a remote network a static route must be configured which is an IP address to where packets are sent when no entries are found in the device tables The configured IP address must belong to the same subnet as one of the device IP interfaces To configure a static route enter the required commande at the system prompt as shown in the following configuration example where 101 101 101 101 is the specific management station and 5 1 1 100 is the static route Console configure Console config interface vlan 1 Console config if ip address 100 1 1 1 255 255 255 0 Console config if exit Console ip route 192 168 2 0 24 100 1 1 33 N Note 100 1 1 33 is the IP address of the next hop that can be used to reach the management network 192 168 2 0 To check the configuration enter the command show ip interface as illustrated in the following example
170. ted on a different device If the other device ports are also LACP ports the devices establish a LAG between them Ensure the following All ports within a LAG must be the same media type A VLAN is not configured on the port The port is not assigned to a different LAG Auto negotiation mode is not configured on the port The port is in full duplex mode All ports in the LAG have the same ingress filtering and tagged modes All ports in the LAG have the same back pressure and flow control modes All ports in the LAG have the same priority All ports in the LAG have the same transceiver type The device supports up to eight LAGs and eight ports in each LAG Ports can be configured as LACP ports only if the ports are not part of a previously configured LAG Ports added to a LAG lose their individual port configuration When ports are removed from the LAG the original port configuration is applied to the ports This section contains the procedures for configuring static port trunks on the device Defining Trunk Settings Defining Port Trunking Configuring LACP Page 62 Configuring Ports Aggregating Ports Defining Trunk Settings The Trunk Settings Page contains parameters for defining Trunks To define a port trunk 1 Click Layer 1 gt Port Trunking The Trunk Settings Page opens Figure 37 Trunk Settings Page Name 00 00 b0 01 22 33 ddr Trunk Settings
171. tem Information The System General Page contains general device information including system name and its IP addressing administrator and passwords information Dynamic Host Configuration Protocol DHCP configuration and MAC Address Aging Time To define the general system information 1 Click System gt General The System General Page opens Figure 9 System General Page Fey a m Name 00 00 b0 01 22 33 d IT Layert System Name TP Address L layer L Mgmt Security io 6 _ 7 B2 C sm Administrator Subnet Mask Mgmt Protocols Network Security 255 Pe ss b Services Multicast Comments Default Gateway L mes Save Config Ee PEC Configuration Logout Enable MAC Address Aging Time Disable 300 Sec Copyright 2006 Apply Reset Allied Telesyn Inc All rights reserved The System General Page comprises two sections Administration and DHCP Configuration The Administration section of the System General Page contains the following fields e Administrator Indicates the name of the administrator responsible for managing the device The field range is 0 159 characters Comments Optional The user can add any comments about the device in this field for example fill in the location of the device IP Address Indicates the device s IP address e Subnet Mask Indicates the device s subnet mask Page
172. terface Status Indicates the forwarding status of the selected interface The possible values are Go Static Attaches the port to the Multicast router or switch as a static port None The port is not attached to a Multicast router or switch Forbidden Indicates that the port is forbidden for forward all Dynamic Attaches the port to the Multicast router or switch as a dynamic port Select interfaces to modify 4 Click Modify The Modify Multicast Forward All Page opens Figure 68 Modify Multicast Forward All Page VLAN ID Interface Interface Status Excluded y 5 Define the Interface Status field Click Apply The Multicast Forward All settings are saved and the device is updated Page 108 Configuring Multicast Forwarding Defining Multicast Forward All Settings Page 109 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Section 10 Configuring SNMP This section contains the following topics SNMP Overview Enabling SNMP Defining SNMP Communities Defining SNMP Groups Defining SNMP Users Defining SNMP Views Configuring SNMP Notifications Page 110 Configuring SNMP SNMP Overview SNMP Overview Simple Network Management Protocol SNMP provides a method for managing network devices Equipment commonly managed with SNMP includes switches routers and host computers SNMP is typically used to configure these devices for proper operation in a networ
173. terface User s Guide Overview Intended Audience Page 6 Preface Web Browser Interface User s Guide Overview Web Browser Interface User s Guide Overview The Web Browser Interface User s Guide provides the following sections e Section 1 Getting Started Provides information for using the Embedded Web Management System including adding editing and deleting configurations e Section 2 Defining System Information Provides information for defining basic device information e Section 3 Configuring System Time Provides information for configuring Daylight Savings Time and Simple Network Time Protocol SNTP e Section 4 Configuring Device Security Provides information for configuring both system and network security including traffic control and switch access methods e Section 5 Configuring Ports Provides information for configuring ports port aggregation port mirroring and LACP e Section 6 Configuring Interfaces Provides information for defining ports LAGs and VLANs e Section 7 Configuring System Logs Provides information for setting up and viewing system logs and configuring switch log servers e Section 8 Configuring Spanning Tree Provides information for configuring Classic Rapid and Multiple Spanning Tree e Section 9 Configuring Multicast Forwarding Provides information for configuring both the static and dyna
174. the Running Configuration file and is maintained until reset or power up Configure Opens a page which creates or modifies configuration entries Delete Deletes the selected table and configuration entries View Displays detailed information for the current page configuration Refresh Refreshes information displayed on the current page Reset Device reset Resets the device information for all device parameters according to current configuration Defaults Configuration reset Resets the information for all parameters in the current context page tab to predefined defaults Test Performs a diagnostic test Clear All Counters Removes all counters includes the following general purpose buttons w D 3 3 o 5 S Di O 3 9 5 u Configuration Opens the default configuration page System Genera Login Signs the user into the WBI starts the management session Logout Signs the user out of the WBI ending the management session Help Opens the online help page Exit Help Closes the online help page Save Config Used when configuration changes to the device need to be saved as permanent The configuration is saved as permanent by copying the current Running Configuration file to the Startup Configuration file Page 14 Getting Started Using the Web Browser Interface Adding Modifying and Deleting Information The WBI contains and tables for configuring devices User defi
175. ticast groups e Which routing protocols are forwarding packets and Multicast traffic Ports requesting to join a specific Multicast group issue an IGMP report specifying that Multicast group is accepting members This results in the creation of the Multicast filtering database Multicast forwarding enables transmitting packets from either a specific multicast group to a source or from a non specific source to a Multicast group This section contains the following topics e Configuring IGMP Snooping e Defining Multicast Bridging Groups e Defining Multicast Forward All Settings Page 102 Configuring Multicast Forwarding Configuring IGMP Snooping Configuring IGMP Snooping When IGMP Snooping is enabled globally all IGMP packets are forwarded to the CPU The CPU analyzes the incoming packets and determines e Which ports want to join which Multicast groups e Which ports have Multicast routers generating IGMP queries e Which routing protocols are forwarding packets and Multicast traffic Ports requesting to join a specific Multicast group issue an IGMP report specifying that Multicast group is accepting members This results in the creation of the Multicast filtering database To configure IGMP Snooping 1 Click Multicast gt IGMP The GMP Page opens Figure 62 IGMP Page Leet ye Y n Name 00 00 b0 01 22 33 IGMP Host MRouter Leave Snooping Status Timeout Timeout Timeout Dis
176. ty Console Temporary Flash Emergency Vv Vv Vv Alert Vv Vv Vv Critical Vv Vv Vv Error Vv M M Warning M Vv P Notice Vv Vv Tr Informational Vv Vv FT Debug m m O The following fields are displayed in the Modify Event Log Output Page N o Enable Logging Defines if logging is enabled Possible values are Checked Logging is enabled on the device Unchecked Logging is disabled on the device Severity Indicates the event severity to trigger a log Log severities are listed from highest to lowest severity See Table 3 System Log Severity Levels on page 83 Console Indicates that the output is of a Console log Memory Logs Indicates that the output is of a Memory log Log Flash Indicates that the output is of a Flash log Check the Enable Logging option Map the log output severities to log types in the Console Memory Logs and Log Flash columns Checking all Includes all severity levels in the log Click Apply The output settings are saved and the device is updated Click Save Config in the Event Log Page menu to save the changes permanently Page 86 Configuring System Logs Viewing Flash Logs Viewing Flash Logs The Syslog Flash Page contains information about log entries saved to the log file in Flash including the time the log was generated the log severity and a description of the log message The message log is available after reboot To display Flash logs 1 Cl
177. ultiple STP Multiple STP is enabled on the device Designated Bridge ID Displays the ID of the bridge that connects the link or shared LAN to the root Designated Port ID Displays the ID of the port on the designated bridge that connects the link or the shared LAN to the root Designated Cost Indicates that the default path cost is assigned according to the method selected on the Spanning Tree Global Settings Forward Transitions Indicates the number of times the LAG State has changed from a Forwarding state to a Blocking state Remain Hops Indicates the hops remaining to the next destination Define the fields Click Apply MSTP is defined for the selected interface and the device is updated The MSTP Page is displayed Click Save Config on the menu to save changes permanently Page 99 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Defining MSTP Instances Network administrators can assign MSTP settings to a specific instance port or LAG using the MSTP Instance Settings Page To define MSTP interface settings 1 Click Layer 2 gt MSTP The MSTP Page opens 2 Click Configure next to the Configure Instance Settings option The MSTP Instance Settings Page opens Figure 61 MSTP Instance Settings Page Free a MSTP Instance Settings lt 7 nl VLAN Instance ID VLAN Instance ID vam Pi vaas 1 we mp sep Network Security vam pa vianze 07 Services Mi
178. upport Returning Products For Sales or Corporate Information Management Software Updates You can request technical support online by accessing the Allied Telesis Knowledge Base from the following web site www alliedtelesis com kb You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions For Technical Support via email or telephone refer to the Support amp Services section of the Allied Telesis web site www alliedtelesiselesis com Products for return or repair must first be assigned a Return Materials Authorization RMA number A product sent to Allied Telesis without a RMA number will be returned to the sender at the sender s expense To obtain a RMA number contact Allied Telesis s Technical Support at our web site www alliedtelesiselesis com You can contact Allied Telesis for sales or corporate information at our web site www alliedtelesis com To find the contact information for your country select Contact Us gt Worldwide Contacts You can download new releases of management software for our managed products from either of the following Internet sites e Allied Telesis web site www alliedtelesis com e Allied Telesis FTP server ftp ftp alliedtelesis com To download new software from the Allied Telesis FTP server using your workstation s command prompt you need FTP client software and you must log in to the server Enter anon
179. us Displays the current interface status 2 Check the Enable Bridge Multicast Filtering checkbox 3 Click Create The Add Multicast Group Page opens Figure 65 Add Multicast Group Page AA Bridge Multicast IP Address mal Bridge Multicast MAC Address ier Maras Apply Ciose 4 Select the VLAN ID 5 Enter the Bridge Multicast MAC Address and the Bridge Multicast IP Address 6 Click Apply The new Multicast group is saved and the device is updated To modify a multicast group Click Modify The Modify Multicast Group Page opens Figure 66 Modify Multicast Group Page Bridge IP Multicast 224 239 129 1 1 1 Bridge Mac Multicast Interface 01005e010101 Lie Interface Status Static DA 7 Define the fields 8 Click Apply The Multicast Group is saved and the device is updated Page 106 Configuring Multicast Forwarding Defining Multicast Forward All Settings Defining Multicast Forward All Settings Multicast forwarding enables transmitting packets from either a specific multicast group to a source or from a non specific source to a Multicast group The Bridge Multicast Forward All page contains fields for attaching ports or LAGs to a device that is attached to a neighboring Multicast router switch Once IGMP Snooping is enabled Multicast packets are forwarded to the appropriate port or VLAN Unless LAGs are defined only a Multicast Forward All ta
180. vice 1 Click Layer 2 gt Spanning Tree STP The Spanning Tree Page opens Figure 54 Spanning Tree Page Spanning Tree SEER STP General LI Let Spanning Tree State STP Operation Mode Mgmt Security CC auer Disable Classic STP D TL Mgmt Protocols BPDU Handling Path Cost Default Values Network Security _ cena E Multicast ttc ouer Statistics emm Mv edie EEN B Sec Logout C Max Age c Forward Delay 20 Sec fi 5 Sec E 2006 Designated Root Allied Telesyn Inc All rights reserved Bridge ID 32768 00 00 b0 01 22 33 Root Bridge ID 32768 00 00 b0 01 22 33 The STP General section of the Spanning Tree Page contains the following fields e Spanning Tree State Indicates whether STP is enabled on the device The possible field values are Enable Enables STP on the device Disable Disables STP on the device e STP Operation Mode Specifies the STP mode that is enabled on the device The possible field values are Classic STP Enables Classic STP on the device This is the default value Rapid STP Enables Rapid STP on the device Page 89 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Multiple STP Enables Multiple STP on the device e BPDU Handling Determines how BPDU packets are managed when STP is disabled on the port or device BPDUs are used to transmit spanning tree information The possible f
181. west and 3 is the highest Queue Defines the traffic forwarding queue to which the CoS priority is mapped Four traffic priority queues are supported where zero is the lowest and 3 is the highest Modify the Queue values or select Restore Defaults Click Apply The CoS to Queue mapping settings are saved and the device is updated Page 136 Mapping DSCP Values to Qu eues Configuring Services Mapping Queues The Configure DSCP Page contains fields for classifying DSCP settings to traffic queues For example a packet with a DSCP tag value of 3 can be assigned to queue 2 To set DSCP to queues 1 Click Services gt Queuing amp Scheduling The CoS Queuing amp Scheduling Page opens 2 Select the Configure DSCP Priority values 3 Click Configure DSCP 4 Click Configure The Configure DSCP Page opens Figure 88 Configure DSCP Page DSCP In Queue DSCPIn Queue DSCP In Queue DSCP In 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 DO AJ On bh Yoyo ra oO H E H H E E E E E OR E H E E E E e DSCP In Displays the incoming packet s DSCP value Pa i 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 GEe i i The Configure DSCP Page contains the following fields 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 ue dd E ki e Queue Defines the traffic forwarding queue to which the DSCP priority is mapped Four traffic prior
182. which are physically present are displayed in the Web Management Interface home page and can be configured through the web management system Non present ports are configured through the CLI or SNMP interfaces Exchanging Stacking Members If a stack member with the same Unit ID replaces an existing Unit ID with the same Unit ID the previous device configuration is applied to the inserted stack member If the new inserted device has either more ports or less ports than the previous device the relevant port configuration is applied to the new stack member The Secondary Master replaces the Stacking Master if the following events occur e The Stacking Master fails or is removed from the stack Links from the Stacking Master to the stacking members fails e A soft switchover is performed via the web interface or the CLI Switching between the Stacking Master and the Secondary Master results in a limited service loss Any dynamic tables are relearned if a failure occurs The Running Configuration file is synchronized between the Stacking Master and the Secondary Master and continues running on the Secondary Master Page 171 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Configuring Stacking Management The Enhanced Stacking Page allows network managers to either reset the entire stack or a specific device Device configuration changes that are not saved before the device is reset are not saved If the Stacking M
183. witch Web Browser Interface User s Guide Section 15 Managing Stacking This section describes the stacking control management and includes the following topics e Stacking Overview e Configuring Stacking Management Page 168 Managing Stacking Stacking Overview Stacking Overview Stacking provides multiple switch management through a single point as if all stack members are a single unit All stack members are accessed through a single IP address through which the stack is managed The stack can be managed using the following interfaces e Web based Interface e SNMP Management Station e Command Line Interface CLI Devices support stacking up to six units per stack or can operate as stand alone units During the Stacking setup one switch is selected as the Stacking Master and another stacking member can be selected as the Secondary Master All other devices are selected as stack members and assigned a unique Unit ID Switch software is downloaded separately for each stack member However all units in the stack must be running the same software version Switch stacking and configuration is maintained by the Stacking Master The Stacking Master detects and reconfigures the ports with minimal operational impact in the event of Unit Failure e Inter unit Stacking Link Failure Unit Insertion e Removing a Stacking Unit This section includes the following topics e Stacking Ring Topology e Stacking
184. ymous as the user name and your email address for the password Page 8 Preface Contacting Allied Telesis Page 9 Page 9 Allied Telesis AT 8000S Switch Web Browser Interface User s Guide Section 1 Getting Started This section provides an introduction to the Web Browser Interface and includes the following topics Starting the Application e User Interface Components e Resetting the Device Starting the Application Starting the Application This section contains information for starting the application The login information is configured with a default user name and password The default password is friend the default user name is manager Passwords are both case sensitive and alphanumeric Additional user names can be added To open the application 1 Open a web browser 2 Enter the device IP address in the address bar and press lt Enter gt The Login Page opens Figure 1 Login Page User Name Password Signin Ges _ Copyright 2006 Allied Telesyn Inc All rights reserved 3 Enter the user name and password 4 Click Login The Embedded Web System Home Page opens Page 10 Getting Started Starting the Application Figure 2 Embedded Web System Home Page Copyright 2006 Allied Telesis Inc All rights reserved 5 Click Configuration The System General Page opens Figure 3 System General Page n Name 00 60 01 22 33 Genera
Download Pdf Manuals
Related Search