Allied Telesis at-9000/24 User's Manual
Contents
1. 08 07 2006 15 10 52 IP DHCP get IP address lt 149 35 8 43 gt 08 07 2006 15 10 56 W Console Login failed from console 08 07 2006 15 11 02 Console Login from console 01 01 1900 00 00 05 System Switch start 01 01 1900 00 00 06 I PCFG Port 1 link up Figure 66 System Log Page The System Log page contains a table that displays the following information ID An indentifying number for the event Date Time The date that the event occurred Time The time that the event occurred L Severity level of the event The severity levels are l nformation Useful information that you can ignore during normal Section II Web Browser Interface Section Il Web Browser Interface AT S84 Management Software User s Guide operation W arning An issue that may require a manager s attention E rror Switch operation is severely impaired Type The type provides more information about the event The possible types are 802 1X An 802 1X event CFG Configuration event CLI CLI login Console A console login by a user IP Change to the IP information PCFG Port configuration PoE PoE configuration or event SNTP SNTP configuration STP Spanning tree SwUpg Software upgrade System General system event Telnet Access via Telnet Description A description of the event Toremove the current log entries click Clear All To refresh the log click Refresh 223 Chapt2. Engineering VLAN Sales VLAN VID 2 VID 3 Untagged Tagged Untagged Tagged Port Port Port Port Members Members Members Members AT 8000 8POE 1 2 5 7 24 None 9 11 13 21 14 24 Fast Ethernet PVID 2 23 PVID 3 Switch top AT 8000 8POE 2 4 13 None 10 12 18 13 Fast Ethernet PVID 2 22 PVID 3 Switch bottom Ports 1 2 5 and 7 on the top switch and ports 2 4 and 13 on the bottom switch are assigned a PVID of 2 and are untagged members of VLAN 2 These ports are connected to workstations from Sales Ports 9 11 13 21 and 23 on the top switch and ports 10 12 18 20 and 22 on the bottom switch are assigned a PVID of 3 and are untagged members of VLAN 3 These ports are connected to workstations from Engineering Ports 14 and 24 on the top switch are untagged members of VLAN2 and are tagged members of VLAN 3 Port 13 on the bottom switch is an untagged member of VLAN 2 and a tagged member of VLAN 3 Traffic passed between the switches and the router consist of tagged and untagged packets from both VLANs These ports provide a common connection that enables different member ports of the same VLAN to communicate with each other while maintaining data separation between VLANs Section Using the Menus Interface AT S84 Management Software User s Guide Working with VLANS Creating a VLAN Section Using the Menus Interface This section contains the following procedures
3. 1000F for 1000 Mbps full duplex mode after a port establishes a link with an end node 100M Full 100 Mbps in full duplex mode 10M Full 10 Mbps in full duplex mode 100M Half 100 Mbps in half duplex mode 10M Half 10 Mbps in half duplex mode When you select a setting note the following O When a twisted pair port is set to Auto Negotiation the default setting the end node should also be using Auto Negotiation to prevent a duplex mode mismatch A switch port using Auto Negotiation defaults to half duplex if it detects that the end node is not using Auto Negotiation This can result in a mismatch if the end node is operating at a fixed duplex mode of full duplex To avoid this problem when connecting an end node with a fixed duplex mode of full duplex to a switch port disable Auto Negotiation on the port and set the port s speed and duplex mode manually O Allied Telesis does not recommend manually setting a 10 100 1000Base T twisted pair port to either 1000 Mbps full duplex or 1000 Mbps half duplex For 1000 Mbps operation Allied Telesis recommends setting the port to Auto Negotiation Section II Web Browser Interface Section Il Web Browser Interface AT S84 Management Software User s Guide O The only valid setting for an optional SFP port is Auto Negotiation Flow Ctrl The current flow control setting on the port The switch uses a special pause packet to notify the end node to stop transmitting for a specifie
4. a Auto The port uses Auto Negotiation to set its speed and duplex mode This is the default setting for all ports h 10 Mbps half duplex H 100 Mbps half duplex f 10 Mbps full duplex F 100 Mbps full duplex T 1000 Mbps full duplex When you select a setting note the following O When a twisted pair port on the switch is set to Auto Negotiation the default setting the end node should also be using Auto Negotiation to prevent a duplex mode mismatch A switch port using Auto Negotiation defaults to half duplex if it detects that the end node is not using Auto Negotiation This can result in a mismatch if the end node is operating at a fixed duplex mode of full duplex To avoid this problem when connecting an end node 73 Chapter 5 Port Configuration 74 with a fixed duplex mode of full duplex to a switch port disable Auto Negotiation on the port and set the port s speed and duplex mode manually Section Using the Menus Interface AT S84 Management Software User s Guide Changing the Flow Control Setting A switch port uses flow control to control the flow of ingress packets from its end node Flow control applies to ports operating in full duplex mode A switch port uses flow control to control the flow of ingress packets from its end node A port using flow control issues a special frame referred to as a PAUSE frame as specified in the IEEE 802 3x standard to stop the transmission of data from
5. Basic RSTP Port 274 Settings This section contains the following topics m m Configuring the Basic RSTP Port Settings next Configuring the Advanced RSTP Port Settings on page 275 To configure the basic RSTP port settings perform the following procedure 1 From the Basic Config menu select Rapid Spanning Tree gt RSTP Basic Port Config The RSTP Basic Port Configuration page opens as shown in Figure 85 RSTP Basic Port Configuration 2 Up Down 3 Down 4 Down Dewn z Down Up Down Down 0 Down Down 2 Down 3 Down Down 5 Down i Down Down Down 9 Down 0 Down Down 22 Down Down 24 Down Forwarding Discarding Discarding Discarding Discarding Discarding Forwarding Discardina Discarding Discarding Discarding Discarding Discarding Discarding Discarding Discarding Discarding Discarding Discarding Discarding Discarding Discarding Discarding Discarding Root Disabled Disabled Disabled Disabled Disabled Designated Disabled Disabled Disabled isabled sabled isabled sabled isabled J EJ 0 w p g isabled sabled isabled sabled Disabled Disabled Disabled Disabled Disabled Eire tc STP Status Priority Path Cost Enable Apply Enable 128 200000 Apply Enable 128 20000 Apply Enable 128 20000 Apply Enable 128 2
6. Figure 80 Traffic Class Configuration Page 2 To enable or disable QoS select Enable or Disable from the QoS Status list The default is disabled 3 To change the egress priority queue assignment of an 802 1p priority class click the dialog circle of the queue for the corresponding priority For example to direct all tagged traffic with a priority of 4 to egress queue 3 on the ports you would click the button for queue 3 in the priority 4 row 4 Click Apply Section II Web Browser Interface Section Il Web Browser Interface AT S84 Management Software User s Guide Note The switch does not alter the original priority level in tagged frames Frames leave the switch with the same priority level they had when they entered the switch 263 Chapter 23 Quality of Service QoS Configuring CoS 264 As explained in QoS Overview on page 126 a packet received on a port is placed it into one of four priority queues on the egress port according to the switch s mapping of 802 1p priority levels to egress priority queues The default mappings are shown in Table 2 on page 127 You can override the mappings at the port level by assigning a new default egress queue to a port Note that this assignment is made on the ingress port and before the frame is forwarded to the egress port Consequently you need to configure this feature on the ingress port For example you can configure a switch port so that all ingr
7. 2006 01 01 SNTP Server IP f Enabled SNTP Polling Interval Enabled Time Zone GMT 800 Taipei Daylight Saving Disabled Set SNTP Server I P Set SNTP I nterval S e t Daylight Saving Set Time Z lone Q uit to previous menu Command gt Figure 8 SNTP Configuration Menu 3 Configure the SNTP server s IP address a Type P to select Set SNTP Server IP 44 Section Using the Menus Interface AT S84 Management Software User s Guide The following prompt is displayed Enter new IP address gt b Type the IP address for the SNTP server you want to use 4 To set the SNTP interval a Type Ito select Set SNTP Interval The following prompt is displayed Enter Interval Time gt b Type a number to specify the number of minutes between occurrences of polling the SNTP server The range is 1 to 60 minutes and the default is 1 minute 5 To set the time zone a Type Z to select Set Time Zone The Time Zone Configuration Menu is shown in Figure 9 AT 8000 8POE Local Management System Switch Tools Configuration gt Time Zone Configuration Menu Time Zone GMT 8 00 Taipei Daylight Saving Disabled Type Time Zone Nation or City Eniwetok Kwajalein Midway Islands Samoa Hawaii Alaska Pacific Time US amp Canada Tijuana Arizona Mountain time US amp Canada Central Time US amp Canada GMT 06 Mexico City Tegucigalpa Saskatchewan lt COMMAND gt N ext Page S et Time Zone P revious Pa
8. The AT S84 management software comes with RADIUS client software You can use the client software together with 802 1x network access control described in Chapter 12 802 1x Network Access Control on page 167 to control which end users and end nodes can send packets through the switch What do you need to use the RADIUS protocol Following are the main points You must install RADIUS server software on a network server or management station Authentication protocol server software is not available from Allied Telesis O The RADIUS server must be communicating with the switch through a port that is an untagged member of the Default VLAN o If the RADIUS server is on a different subnet from switch be sure to specify a default gateway in the System IP Configuration Menu shown in Figure 5 on page 33 so that the switch and server can communicate with each other O You need to configure the RADIUS server software on the authentication server by specifying the username and password combinations The maximum length of a username or password is 12 alphanumeric characters Note This manual does not explain how to configure RADIUS server software Refer to the documentation that came with the software for instructions O You must activate the RADIUS client software on the switch using the AT S84 management software and configure the settings This is explained in Configuring the RADIUS Server on page 181 By defau
9. e IP Address e Subnet Mask e Default Gateway e DHCP Mode System Up For 10Omin s 46sec s Runtime Image Version 1 1 Boot Loader Version 1 00 00 Hardware Information e Revision A e DRAM Size 16 MB e Flash Size 4MB e Console Baud Rate 9600 bps Administration Information e System Name Rivermark e System Location e System Contact System MAC Address IP Address Subnet Mask and Gateway 00 00 90 24 00 02 149 35 8 50 255 255 255 0 149 35 8 1 Enable Section Il Web Browser Interface Figure 62 Switch Information Page The Switch Information page displays the following information System Up For The number of days hours and minutes that the switch has been running since it was last rebooted Runtime Image The version number and build date of the runtime firmware Boot Loader The version number and build date of the bootloader firmware Hardware Information Section Revision The hardware version number 217 Chapter 17 Basic Switch Parameters 218 DRAM Size The size of the DRAM in megabytes Flash Size The size of the flash memory in megabytes Console Baud Rate The baud rate of the console port You cannot change this setting Administration Information Section System Name The name assigned to the switch To give the switch a name refer to Configuring System Administration Information on page 209 System Location The location of the switch To spe
10. on page 91 Creating a Port This procedure explains how to create a port trunk Trunk 88 Caution Do not connect the cables to the ports on the switches until after you have configured the trunk with the management software Connecting the cables before configuring the software creates a loop in your network topology which can result in broadcast storms and poor network performance To create a port trunk perform the following procedure 1 From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 21 AT 9000 24 Local Management System Main Menu gt Advanced Switch Configuration Menu V LAN Management T runk Configuration I GMP Snooping Configuration Quality of S Jervice Configuration Port M irroring Configuration 802 x X Port Based Access Control Configuration Q uit to previous menu Command gt Figure 21 Advanced Switch Configuration Menu 2 From the Advanced Switch Configuration Menu type T to select Trunk Configuration Section Using the Menus Interface AT S84 Management Software User s Guide The Trunk Configuration Menu is shown in Figure 22 AT 9000 24 Local Management System Advanced Switch Configuration gt Trunk Configuration Menu Status Port Members Trunk ID Disabled Disabled Disabled Disabled A dd Trunk Member LACP G roup Status R emove Trunk Member Set P o rt Priority S et Trunk Status Q
11. 158 Choosing an RSTP protocol version allows you to determine if the switch ports will operate in RSTP only mode or are STP compatible This setting applies to all of the ports you cannot set this on a per port basis To configure the STP compatibility perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 From the Basic Switch Configuration Menu type S to select Rapid Spanning Tree Configuration The Rapid Spanning Tree Configuration Menu is shown in Figure 42 on page 153 Type V to select Set RSTP Protocol Version The following prompt is displayed Set RSTP protocol version S R gt Type S to make the ports STP compatible or R to make the ports operate only in RSTP mode Section Il Menus Interface AT S84 Management Software User s Guide Configuring RSTP Port Settings This section contains the following topics 0 Configuring the Basic RSTP Port Settings next 0 Configuring the Advanced RSTP Port Settings on page 161 Configuring the To configure the basic RSTP port settings perform the following Basic RSTP Port Procedure Settings 4 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 2 From the Basic Switch Configuration Menu type S to select Rapid Spanning Tree Configuration The Rapi
12. 5 Type R to select Start Reboot Process The following prompt is displayed Are you sure you want to reboot the system Y N gt 6 Type Y to start the reboot process or N to cancel the reboot The switch immediately begins to reload the AT S84 management software This process takes approximately one minute to complete You can not manage the device during the reboot After the reboot is finished you can log in again if you want to continue to manage the device Section Using the Menus Interface 51 Chapter 3 Basic Switch Parameters Pinging a Remote System 52 This procedure instructs the switch to ping a node on your network This procedure is useful in determining whether an active link exists between the switch and another network device Note the following before performing the procedure o The switch where you are initiating the ping must have an IP address and subnet mask o The device you are pinging must be a member of the Default VLAN This means that the port on the switch through which the node is communicating with the switch must be an untagged or tagged member of the Default VLAN To ping a network device perform the following procedure 1 From the Main Menu type T to select Switch Tools The Switch Tools Configuration Menu is shown in Figure 11 on page 50 2 From the Switch Tools Configuration Menu type P to select Ping Execution The Ping Execution Menu is shown in Figure 13 AT 9000 2
13. Apply 11 Down Discarding Disabled False False Aso MIFalse Init Rester Apply 12 Dow Discarding Disabled False False Auto False Init Restert Apply 13 Down Discarding Disabled False False Auto lfFalse Init Restert Apply 14 Down Discarding Disabled Faise False Auto False Init Festen LApply J 15 Don Discarding Disabled False False Auto False Init Rester Apply 16 Down Discarding Disabled False False Auto False Init Restort Apply 17 Down Discarding Disabled False False Ano False Init Resten Apply 18 Down Discarding Disabled False iFalse Auio False Init 7 Restert A pply 19 Down Discarding Disabled False yFalse Auto JFalse init s Restert Appi 20 Down Discarding Disabled False ViFalse Auto False Init Restart Any 21 Down Discarding Disabled False False Auo False init s Restor Appi 22 Down Discarding Disabled False Falso Auto Falso init Restart Arey a Down Discarding Disabled Felse False Auto False init m Rastart aney 2 Down Discarding Disabled False Falso Auto False init Restart Apply Figure 86 RSTP Advanced Port Configuration Page 2 In the Admin OperEdge column for the port you want to configure choose True or False to set whether or not the port will operate as an ed
14. Disable Apply 3 1000TX Down Enable Auto x Disable m Apply 4 1000TX Dewn Enable Auto s Disable Apply 4000TX Dewn Enable Auto m Disable mf Apply 1000TX Down Enable Auto x Disable Apply 1000TX Dewn Enable Auto m Disable Apply S 1000TX Down Eneble Auto si Disable Apply g 1000TX Down Enable Auto a Disable Apply 10 1000TX Up Enable Auto 100F Disable m Apply 11 1000TX Down Enable Auto s Disable a Apply 1000TX Down Enable f Auto m Disable a Apply 13 1000TX Dewn Enable Auto m Disable mj Apply 14 z 1000TX Down Enable Auto i Disable App iy 10007 Down Enable Auto m Disable Apply 16 1000TX Down Enable M Auto v Disable m Appi y 10007 Dewn Enable Auto s Disable mf Apply 1000TX Dewn Enable M Auto m Disable sf Apply O00TX Dewn Enable l Auto m Disable mf Apply e Me ewn L etle Auto t Lison e Apply a I Dewr E etlc x Auto x Cisabiz m Aprl 2 Lieven L etle Auto z Lison e Apply 22 1CnITX Devri E etic x Auto x Cisabl gt Apple 24 10I Dewn L etle e Auto t Lisa fe Apps Figure 67 Port Configuration Page 2 Adjust the port settings as needed Not all parameters are adjustable The parameters are 226 Section Il Web B
15. Reboot Status Stop Reboot Type Normal The following table lists the user interface default settings Setting Default Console UI Idle Timeout 5 minutes Telnet UI Idle Timeout 5 minutes Telnet Server Enabled SNMP Agent Disabled Web Server Enabled User Name Manager The following table lists the management interface default settings Setting Default Manager Username manager Manager Password friend Console Idle Timeoutl 5 minutes Section Basic Features Ping Default Settings System IP Configuration Default Settings System Administration Configuration Default Settings AT S84 Management Software User s Guide Note Login names and passwords are case sensitive The following table lists the ping default settings Setting Default Target IP Address 0 0 0 0 Number of Requests 10 Timeout Value sec 3 The following table lists the system IP configuration default settings Setting Default IP Address 0 0 0 0 Subnet Mask 0 0 0 0 Gateway 0 0 0 0 DHCP Mode Disabled The following table describes the system administration default settings Administration Setting Default Description AT 9000 24 Name None Location None Contact None 313 Appendix A AT S84 Default Settings SNMP Default Settings The following table describes the SNMP defau
16. Table 3 lists the RSTP port costs with Auto Detect Table 3 RSTP Auto Detect Port Costs Port Speed Port Cost 10 Mbps 2 000 000 100 Mbps 200 000 1000 Mbps 20 000 Table 4 lists the RSTP port costs with Auto Detect when the port is part of a port trunk Table 4 RSTP Auto Detect Port Trunk Costs Port Speed pee Port Cost 10 100 1000 2 10 000 10 100 1000 3 6 666 10 100 1000 4 5 000 10 100 1000 5 4 000 10 100 1000 6 3 333 10 100 1000 7 2 857 10 100 1000 8 2 500 You can override Auto Detect and set the port cost manually However you must assign the same port cost to all ports that are members of a trunk Port Priority If two paths have the same port cost the bridges must select a preferred path In some instances this can involve the use of the port priority parameter This parameter is used as a tie breaker when two paths have the same cost The range for port priority in hexadecimal format is 0 to 240 with 240 being the highest priority As with bridge priority this range is broken into multiples of 16 To select a port priority for a port you enter the desired value Section II Menus Interface Section Il Menus Interface AT S84 Management Software User s Guide Table 5 lists the values The default value is 0 Table 5 Port Priority Value Increments Port Port Priority Priority 0 128 16 144 32 160 48 176 64 192 80 208 9
17. You access the menus and CLI interfaces through the console port on the switch or through Telnet and the web browser interface from any management workstation on your network that has a web browser application For background information on the management interfaces refer to Chapter 1 Overview on page 17 This preface contains the following sections o Where to Find Web based Guides on page 14 0 Contacting Allied Telesis on page 15 Preface Where to Find Web based Guides The installation and user guides for all Allied Telesis products are available in portable document format PDF on our web site at www alliedtelesis com You can view the documents online or download them onto a local workstation or server AT S84 Management Software User s Guide Contacting Allied Telesis Online Support Email and Telephone Support Warranty Returning Products Sales or Corporate Information Management Software Updates This section provides Allied Telesis contact information for technical support as well as sales and corporate information You can request technical support online by accessing the Allied Telesis Knowledge Base http kb alliedtelesis com You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions For Technical Support via email or telephone refer to the Support amp Services section of the Allied Telesis web
18. changes or the port receives an EAPOL Start packet from a supplicant The switch requests the identity of the client and begins relaying authentication prompts between the client and the authentication Section Using the Menus Interface 169 Chapter 12 802 1x Network Access Control 170 server Each client that attempts to access the network is uniquely identified by the switch using the client s MAC address Force unauthorized Places the port in the unauthorized state ignoring all attempts by the client to authenticate This port control setting blocks all users from accessing the network through the port and is similar to disabling a port and can be used to secure a port from use The port continues to forward EAPOL packets but discards all other packets including multicast and broadcast packets Force authorized Disables IEEE 802 1x authentication and causes the port to transition to the authorized state without any authentication exchange required The port transmits and receives normal traffic without 802 1x based authentication of the client This is the default setting Use this port control setting for those ports where there are network devices that are not to be authenticated Figure 46 illustrates the concept of the authenticator port control settings Port 17 802 1x Port Control Setting Force unauthorized Port 2 Port 20 802 1x Port Control Setting Auto 802 1x Port Control Setti
19. first disconnecting the cables can create loops in your network topology which can cause broadcast storms and poor network performance To add or remove ports from a trunk perform the following procedure 1 From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 21 on page 88 2 From the Advanced Switch Configuration Menu type T to select Trunk Configuration The Trunk Configuration Menu is shown in Figure 22 on page 89 3 To add ports to a port trunk type A to select Add Trunk Member To remove ports type R to select Remove Trunk Member The following prompt is displayed Enter trunk group number gt 4 Type the number of the trunk group you want to modify and press Enter The following prompt is displayed Enter port members up to 8 ports for trunk m gt 5 Enter the ports you want to add or remove from the trunk and press Enter Section Using the Menus Interface Enabling or Disabling a Port Trunk Section Using the Menus Interface 6 AT S84 Management Software User s Guide You can specify the ports individually separated by commas for example 1 2 5 as a range of ports separated by a hyphen for example 2 4 or both for example 1 3 6 8 Modify the port trunk on the other switch and reconnect the cables This procedure enables and disables a port trunk Note the following before performing this procedure
20. public 5 Type W to select Set SNMP Write Community The following prompt is displayed Enter write community name gt 6 Type the name of the write community The default is private 64 Section Using the Menus Interface AT S84 Management Software User s Guide Working with Trap Receivers Adding a Trap Receiver Enabling or Disabling Trap Receivers Section l Using the Menus Interface This section contains procedures for working with SNMP trap receivers and includes the following topics n2 a 0 Adding a Trap Receiver next Enabling or Disabling Trap Receivers on page 65 Modifying a Trap Receiver on page 66 Deleting a Trap Receiver on page 67 You must add a trap receiver before you can enable it To add a trap receiver perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 From the Basic Switch Configuration menu type N to select SNMP Configuration The SNMP Configuration menu is shown in Figure 16 on page 63 Type A to select Add SNMP Trap Receiver The following prompt is displayed Add SNMP trap receivers gt Enter entry number gt Enter 1 through 4 for the trap receiver you want to configure The following prompt is displayed Enter IP address for trap receiver gt Enter the IP address of the workstation that you want to receive traps T
21. setting Upa Font Trunk oa ara Gee r a ra 2 et bake E ERA 88 Creating a Port Trunk scscvicnceentiy denies a aden dada AEE Peed aid dee E eee ene nad 88 Modifying a Porn T UNR mrri A A A RTO AAAA ANEA A A A RA 90 Enabling or Disabling a Port Trunk ccccceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeseeeaaeeeeceeeeeeeeeseeeeaeeeeseeaeeeeteeaeeees 91 setting Upan LAGP TMNK neieiet hra AAAA A S a a E E A 92 Creating an LACP Trunk omoisinniisii iiini needs eee ea i EARE a TEE E EEEE PEGAN 92 Configuring the LACP Port Priority enron a atea aA RTE TAEAE AEREE RAAS rya ANDERE EADAE Ri 93 Verifying the LACP Group Settings 06 0 ccccccseeeeddeececeeeedeecneeeedeaceneeeedeaceneeeesancceeeeedecccaeeendeaceneeedeaceneenddeas 94 Disabling an LACP TUNK rarnana a ai tie Se ai an te OAN 95 Chapter 7 Port Mirroring onnccninesrnenienii eiiiai eraa aTa aA Nera Eaa eE Niar A erai aaa 97 Port Mirroring OV6InVICW sie nected ie feet d acl ed i ii Lee a detec 98 Configuring Port Mirroring 22sec rR A AAAA OAP OEA RARA OROAR 99 Enabling or Disabling Port Mirroring eccccceeceeeeeeeeeeeeeeeeeeeeeeeeeeeeeceeeeeeeeseeaeeeeeseeeeeeeeeceeeeaeeeeseeaeeeeseeenaeeees 101 Chapter 8 Virtual LANS aNd GVRP a lagi aa cad od a ited dad aaa eaa aa aia 103 VANTRO S enion a a E A TA 104 Increased Performance auinen a E ae Wa ea R det E 104 lmproved Manageablllity areira na AA TT ATRE A EAE O 104 Increased Securty ane re a E EA E E ea E a E aE 104 WIEANS QVGIVIGW
22. 000 0 ee eee ee eeeeeee eee eeeeeeeeeeeeeaeeeeseeeeaeeeeseneaeeeeeseeeaaeeseeenaeees 313 System Administration Configuration Default Settings 0 0 0 cece eeeeeeeeeeeeeeeeeeeeeseeeaeeeeseeeeaeeeeseeenaees 313 SNMP Default Settings ts sce slats a avs eoieict A aad ainda atlas 314 Contents Port Configuration Default Settings ec ceececeeceeeeeeeeeeeeeeeeseeeeeeeeeseeeeeeeeeeeeeeeeeeeseeeeeeeeeeeeeeeeseseeaeeeeseenaeeees 315 Qualy OF SORVICG i scx Seed eaS sl E waev te taste AAA AEEA EE T a aa tides 316 IGMP Snooping Default Settings oerrinne eter ena ae eee een eee e ee a EAA a a 317 RSTP Default Seuingss ci a ar a abies ten ce Peeuan cate vey ENEA EEA ar a T a Qiieeh A 318 802 1x Network Access Control Default Settings 20 00 ecceeeeeeeeeeeeeee tent eee eeeeaeeeeeeeaaeeeeeeenaeeeeeetenaeeeeesenaees 319 RADIUS Server Default Settings 0 0 ee ceeeceee inent eee eeeeaae eee eeeaaaeeeeeeeaaeeeeeseeaaeeeeeseeaaeeeeseeeaeeessencaeeeeesenaees 320 Broadcast Storm Control Default Settings 200 0 eee cee eeeeee eee eeenae eee eeeeeaeeeeseeaeeeeeeeaaeeeeseeedaeeeeeeiiaeeeeesenaees 321 MAER osc diescbs thccesdenacies E waded ctetha A eeetadudegeenasdoacdeaasdds A EEE EEE 323 Figures Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Figure 11 Figure 12 Figure 13 Figure 14 Figure 15 Figure 16 Figure 17 Figure 18 Figure 19 Figure 20 Figure 21 Figure 22 Figure 2
23. 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 From the Basic Switch Configuration menu type N to select SNMP Configuration The SNMP Configuration menu is shown in Figure 16 on page 63 Type M to select Modify SNMP Trap Receiver The following prompt is displayed Section Using the Menus Interface Deleting a Trap Receiver Section l Using the Menus Interface AT S84 Management Software User s Guide Modify SNMP trap receivers gt Enter entry number gt Note The trap receiver must be one whose status is not deleted Enter the number for the trap you want to modify The following prompt is displayed Modify trap receiver entry number 1I C B gt The options are Modify the IP address of the trap receiver To modify only the IP address type I and follow the prompts C Modify the community name of the trap receiver To modify only the community name type C and follow the prompts B Modify both the IP address and community name of the trap receiver To modify both the IP address and the community name type B and follow the prompts When you delete a trap receiver all the settings are removed from the entry in the table Instead of deleting a trap receiver you may want to disable it as described in Enabling or Disabling Trap Receivers on page 65 To delete a trap receiver perform the follow
24. 1 to 9 O to set all ports Enter the number of the port you want to change or type 0 zero to apply the settings to all ports on the switch The following prompt is displayed Enter priority for port n gt This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge The range is 0 to 240 in increments of 16 The default value is 8 priority value 128 For a list of the increments refer to Table 5 on page 149 Note If two or more ports have the same cost and priorities then the port with the lowest MAC address becomes the forwarding port Enter a number for the priority Type C to select Set Path Cost The following prompt is displayed Select port number to be changed gt Port number is in range from 1 to 9 O to set all ports Enter the number of the port you want to change or type 0 zero to apply the settings to all ports on the switch The following prompt is displayed Enter path cost for port n gt The spanning tree algorithm uses the cost parameter to decide which port provides the lowest cost path to the root bridge for that LAN The range is from 0 to 240 with 240 being the highest priority For a list of the increments refer to Table 5 on page 149 The default setting is based on the Auto Detect Port Cost feature which sets port cost depending on the speed of the port The default values are shown in Table 3 on page 148 Enter a number for the pa
25. 50 From the Switch Tools Menu type U to select Software Upgrade Section Using the Menus Interface AT S84 Management Software User s Guide The Software Upgrade Menu is shown in Figure 51 AT 9000 24 Local Management System Switch Tools Configuration gt Software Upgrade Menu T FTP Software Upgrade Q uit to previous menu Command gt Figure 51 Software Upgrade Menu 1 of 2 3 Type T to select TFTP Upgrade The Software Upgrade Menu 2 of 2 is shown in Figure 52 AT 9000 24 Local Management System Main Menu gt Software Upgrade Menu Image Version Date 0 0 0 jul 29 2006 20 57 07 TFTP Server IP 0 0 0 0 Image File Name Retry Count 5 Set TFTP S lerver IP Address Set Image Flile Name U pgrade Image and Reboot Set R etry Count Q uit to previous menu Command gt Figure 52 Software Upgrade Menu 2 of 2 Section Using the Menus Interface 191 Chapter 15 Working With System Files 10 11 192 Type S to select Set TFTP Server IP Address The following prompt is displayed Enter IP address of TFTP server Type the IP address of the TFTP server and press Enter Type F to select Set Image File Name The following prompt is displayed Enter file name gt Enter the file name of the AT S84 image file on the TFTP server and press Enter Type R to select Set Retry Count The following prompt is displayed Enter retry count gt Enter the number of times you want the swit
26. Action column click Modify next to the VLAN you want to modify Section II Web Browser Interface AT S84 Management Software User s Guide The Modify VLAN page opens as shown in Figure 79 Modify VLAN VLAN ID 2 Note U Untagged Port VLAN member VLAN Name tech pubs Port Number 123 45 6 7 8 9 10 11 12 13 14 15 16 17 Static Tagged 6 0000000000 Static Untagged Not Member Apply Restore Clear Figure 79 Modify VLAN Page 3 To change the VLAN s name click the VLAN Name field and enter the new name The name can contain up to 32 characters including spaces but not including special characters such as asterisks or exclamation points 4 To add a new tagged port to the VLAN click the button in the Static Tagged row of the port to be added as a tagged port 5 To remove a tagged port from the VLAN click the button in the Not Member row of the port to be removed If you make changes to the VLAN that you want to cancel click Restore If you want to clear the current name and all tagged port assignments from the VLAN prior to assigning ita new name and new tagged ports click Clear 6 After you have made the desired changes click Apply The changes are implemented on the VLAN The current VLAN window remains on the screen You can make additional changes to the VLAN or you can repeat this procedure to modify other VLANs Section Il Web Browser Interface 257 C
27. Configuring the Advanced RSTP Port SettingS cceeeceeeeeeeeeeeeeeeeeeeeeeeeeseeeeeeeeeeeeeeeeeeseeneeeeseseeaeeees 161 Displaying the RSTP Topology nere ai aas i aa iaee A UAI a AATE era LE eRT 164 Chapter 12 802 1x Network Access Control 0 0 ccccccccceeececeeecee cee eeeee eee ee tees caaeaaeaaeeeeeeeeeeeeeeseteensnaeees 167 802 1x Network Access Control Overview 00 eee ceteeee eee ennne ee eee teense ee eaeeeeeetaaeeeeeetaaeeeeeesaeeeeessneeeeeeen 168 Authentication Proessor aa AE A a sista faite Oates 169 AuthentiCator PONS enea a E E a a a da a i 169 ETET RSIS E E E A TE EAEE A is ice E O AST 171 Network Access Control Guidelines ceccccccetesseccceesesesceeeeteeeeceeeeneeneeeeeseaucedeceseeccadeeeteeacecenenseaeeenenses 171 Configuring 802 1x Network Access Control ccccccceceeeeeeeeneeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeseeeeeeeeeseneaeeeeeeeenanenees 174 Chapter 13 RADIUS Authentication Protocol 0 0 0cccccccccceccecce cee ce eee ee ee te ee cee eaaeaaeceeeseeeeeeeetetennseaeees 179 RADIUS OVerview epei tect ca tetacticta a daddies inne uceved at a E a a aera a E e A N Ear EiS 180 RADIUS Implementation Guidelines cccccceceeceeeeeeeeceeneceeceeeeeeeeeeeeececaaecaeeeeeseeeeseeeecscnnueeeeeeeeteeeeeees 180 Configuring the RADIUS Server rosser iaae ia AA aai aR AALTEN ETTE EAA T a ARRE T ierat 181 Displaying the RADIUS Server Settings 0 ccc cceeceeee eee ennne erect ecne ee ee
28. Creating a VLAN next Configuring the Port PVID on page 116 Displaying the VLANs on page 117 Modifying a VLAN on page 119 Deleting a VLAN on page 120 Resetting to the Default VLAN on page 121 OQ 000 0 This section contains the procedure for creating a new VLAN This procedure assigns the VLAN a name a VID number and the untagged and tagged member ports After you have performed this procedure you must configure the untagged members of the VLAN by adjusting their PVID values to match the virtual LAN s VID number The PVID value of a port must match its virtual LAN s VID in order for a port to be considered an untagged member of the VLAN This procedure is found in Configuring the Port PVID on page 116 To create a VLAN perform the following procedure 1 From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 21 on page 88 2 From the Advanced Switch Configuration Menu type V to select VLAN Management 113 Chapter 8 Virtual LANs and GVRP The VLAN Management Menu which displays any existing VLANs is shown in Figure 28 AT 9000 24 Local Management System Advanced Switch Configuration gt VLAN Management Menu GVRP Status Disabled VLAN ID VLAN Name VLAN Type Default VLAN Permanent Marketing Static lt COMMAND gt N ext Page c reate VLAN CLo nfig VLAN Member P revious Page D elete VLAN
29. Frames Section Using the Menus Interface AT S84 Management Software User s Guide Note The switch is preconfigured with the Default_VLAN only All ports on the switch are initially members of the Default_VLAN If a port is assigned to be a new member of a VLAN its membership can be defined as either tagged or untagged Tagged Port Members A port is a tagged member of a VLAN when the PVID does not equal the VID In this case the port must be a member of two or more VLANs If a port is a tagged member of one VLAN then the same port is also an untagged member of another VLAN where the PVID matches its VID Untagged Port Members A port is an untagged member of a VLAN if the PVID is equal to the VID of that VLAN A port can be an untagged member of only one VLAN An example of this is the Default_VLAN configuration where all ports are initially configured to be untagged members of VLAN 1 only A port can be an untagged member of one VLAN and be a tagged member of one or more VLANS at the same time See Figure 27 on page 111 The VLAN information within an Ethernet frame is referred to as a tag or tagged header An Ethernet frame can contain VLAN information within its header Likewise a frame that does not contain this VLAN tag information is referred to as an untagged or standard frame A tag contains the VID information of the VLAN to which the frame belongs according to the IEEE802 1Q VLAN tagging standard When a sw
30. Local Management System Advanced Switch Configuration gt Quality of Service Configuration Menu T raffic Class Configuration P ort Priority Configuration Q uit to previous menu Command gt Figure 32 Quality of Service Configuration Menu 3 From the Quality of Service Configuration Menu type T to select Traffic Class Configuration Section Using the Menus Interface 129 Chapter 9 Quality of Service QoS 130 The Traffic Class Configuration Menu is shown in Figure 33 AT 9000 24 Local Management System Quality of Service Configuration gt Traffic Class Configuration Menu Qos Status Disabled Traffic Class Queue Highest Lowest Set S tatus Set P riority Queue Q uit to previous Page Command gt Figure 33 Traffic Class Configuration Menu 4 To enable or disable QoS do the following a Type S to select Set Status The following prompt is displayed Enable or Disable QoS E D gt b Type E to enable QoS or D to disable it The default setting is disabled When disabled all tagged packets are stored in the lowest priority queue of a port 5 To change the egress priority queue assignment of an 802 1p traffic class do the following a Type P to select Set Priority Queue The following prompt is displayed Enter traffic class gt b Enter the traffic class whose egress priority queue you want to change The range is 0 to 7 You can specify only one traffic class at a time S
31. S et Port Config R eset VLAN to Default Set G VRP Status Q uit to Previous Menu Command gt Figure 28 VLAN Management Menu 3 From the VLAN Management Menu type C to select Create VLAN 114 Section Using the Menus Interface AT S84 Management Software User s Guide The VLAN Creation Menu is shown in Figure 29 AT 9000 24 Local Management System VLAN Management gt VLAN Creation Menu VLAN ID VLAN Name Port Member Set VLAN I D I ndex S e lect Port Member Set VLAN N ame LA pply Q uit to Previous Menu Command gt Figure 29 VLAN Creation Menu 4 To specify the VLAN ID do the following a Type Ito select Set VLAN ID Index The following prompt is displayed Set VLAN ID gt Enter VLAN ID gt Note A VLAN must have a VID b Enter a value from 2 to 4094 and press Enter 5 To specify the VLAN name do the following a Type N to select Set VLAN Name The following prompt is displayed Set VLAN Name gt Enter VLAN Name gt b Type a name for the VLAN and press Enter The VLAN name can contain up to 32 characters including spaces 6 To add ports to the VLAN do the following Section Using the Menus Interface 115 Chapter 8 Virtual LANs and GVRP 116 Configuring the Port PVID a Type S to select Select Port Number The following prompt is displayed Enter port number gt b Enter the ports of the VLAN You can specify the ports individually separated by comma
32. The port on the designated bridge that is connected to the switch s root port is called the designated port Path Costs and Port Costs After the root bridge has been selected the bridges must determine if the network contains redundant paths and if one is found they must select a preferred path while placing the redundant paths in a backup or blocking state If redundant paths exist the bridges that are a part of the paths must determine which path will be the primary active path and which path s will be placed in the standby blocking mode This is accomplished by an determination of path costs The path offering the lowest cost to the root bridge becomes the primary path and all other redundant paths are placed into blocking state Path cost is determined through an evaluation of port costs Every port on a bridge participating in STP has a cost associated with it The cost of a port on a bridge is typically based on port speed The faster the port the lower the port cost The exception to this is the ports on the root bridge where all ports have a port cost of 0 Path cost is the sum of the port costs between a bridge and the root bridge Port cost also has an Auto Detect feature This feature allows spanning tree to automatically set the port cost according to the speed of the port assigning a lower value for higher speeds Auto Detect is the default setting 147 Chapter 11 Rapid Spanning Tree Protocol RSTP 148
33. User Interface Configuration Menu The Telnet server option is described in Disabling or Enabling the Telnet Server on page 43 The web server option is described in Disabling or Enabling the Web Server on page 42 Section Using the Menus Interface Section Using the Menus Interface AT S84 Management Software User s Guide The SNMP option is described in Enabling or Disabling the SNMP Agent on page 62 The RADIUS Server Configuration option is described Chapter 13 RADIUS Authentication Protocol on page 179 3 To configure the console UI idle time out parameter do the following a Type C to select Set Console UI Time Out The following prompt is displayed Enter console idle timeout gt b Enter a number for the timeout value The range is 0 to 60 minutes and the default is 5 minutes A timeout value to 0 causes the switch to never time out a local management session The console UI idle time out parameter specifies the length of time a local management session can be inactive before the management software automatically ends it This feature prevents unauthorized individuals from configuring the switch if you leave your management workstation unattended This parameter applies to a local management session but not to a remote SNMP or web management session An SNMP management session remains active as long as the network management application is active A web browser management session remains
34. You can not manage the device during the reboot After the reboot is finished you can log in again if you want to continue to manage the device Section Using the Menus Interface Chapter 4 SNMP Section l Using the Menus Interface This chapter contains the following sections SNMP Overview on page 60 Enabling or Disabling the SNMP Agent on page 62 Enabling Authentication Traps on page 63 Changing the Default SNMP Community Names on page 64 OQ 000 Working with Trap Receivers on page 65 59 Chapter 4 SNMP SNMP Overview 60 The Simple Network Management Program SNMP is another way for you to manage the switch This type of management involves viewing and changing the management information base MIB objects on the device using an SNMP application program The AT S84 management software supports SNMPv1 and SNMPv2c which is always disabled on the switch The procedures in this chapter show you how to create and manage SNMPv1 and SNMPv2c community strings through which your SNMP application program at your management workstation can access the switch s MIB objects To manage a switch using an SNMP application program you must do the following O Activate SNMP management on the switch The default setting for SNMP management is disabled The procedure for this can be found in Enabling or Disabling the SNMP Agent on page 62 O Load the Allied Telesis MIBs for the
35. a New Management Software Image Using TFTP on page 290 Note For information on how to obtain new releases of the AT S84 management software refer to Management Software Updates on page 15 O Uploading or Downloading a Configuration File on page 292 289 Chapter 29 Working with System Files Downloading a New Management Software Image Using TFTP 290 Before downloading a new version of the AT S84 management software onto the switch note the following o The current configuration of a switch is retained when a new AT S84 software image is installed To return a switch to its default configuration values refer to Returning the AT S84 Management Software to the Factory Default Values on page 57 Your network must have a node with TFTP server software You must store the new AT S84 image file on the server You should start the TFTP server software before you begin the procedure The switch where you are downloading the image file must have an IP address and subnet mask For instructions on how to configure the IP address on a switch refer to Configuring the IP Address Subnet Mask and Gateway Address on page 32 or Enabling and Disabling the DHCP Client on page 35 AN Caution Downloading a new version of management software onto the switch causes the device to reset Some network traffic may be lost during the reset process This procedure assumes that you have alre
36. a VLAN consists only of ports located on one physical switch in your network you assign it a VID different from all other VLANs in your network If a VLAN spans multiple switches then the VID for the VLAN on the different switches should be the same The switches are then able to recognize and forward frames belonging to the same VLAN even though the VLAN spans multiple switches For example if you had a VLAN titled Marketing that spanned three AT 9000 24 Gigabit Ethernet switches you would assign the Marketing VLAN on each switch the same VID Port VLAN _ The Port VLAN Identifier PVID is the VLAN identifier associated with a Identifier specific port The PVID provides a VLAN assignment for each untagged frame received by the switch See Incoming and Outgoing Tagged and Untagged Frames on page 107 The switch internally associates the untagged frame with the VID that is equal to the PVID The switch then forwards this frame to one of the other member ports of that VLAN The default PVID value is 1 VLAN Port You need to specify which ports on the switch are to be members of a Members VLAN A port can be specified as a member of one or more VLANs up to 255 the maximum number of VLANs supported by the switch The factory default VID is 1 Therefore each port is initially configured to be a member of VLAN 1 which is known as the default VLAN 106 Section Using the Menus Interface Incoming and Outgoing Tagged and Untagged
37. a port trunk Trunk Note Do not connect the cables of a port trunk to the ports on the switch until after you have configured the ports on both the switch and the end node Connecting the cables prior to configuring the ports can create loops in your network topology Loops can result in broadcast storms which can adversely affect the operation of your network To create a port trunk perform the following procedure 1 From the Advanced Config menu select Trunk Config The Trunk Configuration page opens as shown in Figure 71 Trunk ID 1 Trunk ID 2 Trunk ID 3 Trunk ID 4 Trunk Configuration 234567 8 9 1011121314 151617 18192021 2223 24 Disable v Apply IDA 5 F 9131415 rd 20 21 2223 34 S a Disable v Apply pitey Wil ots 7 g 2131415 i 92021 22 23 22 OPEET Disable v Apply pay ile Tes 7 9 Peas i 202122232 2 Disable v Apply Figure 71 Trunk Configuration Page If the switch does not contain a port trunk all of the ports on the switch are unchecked If there is a port trunk the ports in the trunk are checked In any one of the unused Trunk ID rows click the check box next to the ports that will make up the port trunk A c
38. active as long as your web browser is open Note If you select 0 you must always remember to properly log off from a local management session when you are finished to prevent blocking future management sessions with the switch 4 To configure the Telnet UI idle time out parameter do the following a Type T to select Set Telnet Ul Time Out The following prompt is displayed Enter console idle timeout gt b Enter a number for the timeout value The range is 0 to 60 minutes and the default is 5 minutes A timeout value to O causes the switch to never timeout a local management session 39 Chapter 3 Basic Switch Parameters 40 The Telnet Ul idle time out parameter specifies the length of time a remote Telnet management session can be inactive before the management software automatically ends it This feature prevents unauthorized individuals from configuring the switch if you leave your management workstation unattended This parameter applies to a local management session but not to a remote SNMP or web management session An SNMP management session remains active as long as the network management application is active A web browser management session remains active as long as your web browser is open 5 To change the AT S84 management login user name do the following 6 a Type N to select Change Administrator User Name The following prompt is displayed Enter current password gt Enter the current lo
39. address and subnet mask For instructions on how to configure the IP address on a switch refer to Configuring the IP Address Subnet Mask and Gateway Address on page 32 or Enabling and Disabling the DHCP Client on page 35 O When you download a new configuration file onto the switch the new file overrides the current file and the current file is lost unless you uploaded it to a TFTP server before you replaced it Note The configuration file contains only those settings that have been changed since the switch was last reset to the default settings Uploading the To upload the switch s configuration file onto a TFTP server perform the Configuration following procedure File 4 From the Main Menu type T to select Switch Tools The Switch Tools Configuration Menu is shown in Figure 11 on page 50 2 From the Switch Tools Menu type C to select Configuration File Upload Download Section Using the Menus Interface 193 Chapter 15 Working With System Files The Configuration File Upload Download menu is shown in Figure 53 AT 9000 24 Local Management System Switch Tools Configuration gt Configuration File Upload Download Menu T FTP Configuration File Upload Download Q uit to previous menu Command gt Figure 53 Configuration File Upload Download Menu 3 From the Configuration File Upload Download menu type T to select TFTP Configuration File Upload Download The TFTP Configuration File Upl
40. an end node When a port needs to stop an end node from transmitting data it issues this frame The frame instructs the end node to cease transmission The port continues to issue PAUSE frames until it is ready again to receive data from the end node The default setting for flow control on a switch port is disabled To change the flow control setting on a port perform the following procedure 1 From the Main Menu type B to select Basic Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 2 From the Basic Switch Configuration Menu type P to select Port Configuration The Port Configuration Menu is shown in Figure 17 on page 70 3 Type F to select Flow Control The following prompt is displayed Set Flow Control gt Enter port number gt 4 Enter the port number whose flow control setting you want to change You can configure only one port at a time The following prompt is displayed Enable or Disable flow control for port n E D gt 5 Type E to enable flow control or D to disable it The default is enabled The display is refreshed to show the port s new flow control setting Section Using the Menus Interface 75 Chapter 5 Port Configuration Changing the Back Pressure Setting Back pressure performs much the same function as flow control Both are used by a port to control the flow of ingress packets Flow control applies to ports operating in full duplex back pressure appl
41. are case sensitive To change the user name and password refer to Configuring System Administration Information on page 209 The AT S84 management software displays the home page The window contains an image of the front of the switch Ports that have a link to an end node are green Ports without a link are grey An example of a home page is shown in Figure 57 MV Allied Telesis ar s000 24 Gigabit Ethernet Switch General Info gt Basic Config Advanced Tools gt Statistics Config Front Panel Key Port Not Connected Port Disabled STP Discarding STP Forwarding STP Learning Figure 57 Home Page for the AT 9000 24 Gigabit Ethernet Switch Section II Using the Web Browser Interface 201 Chapter 16 Starting a Web Browser Management Session The main menu is on the top of the home page It consists of the following selections General Info Basic Config Advanced Config Tools OdQ0Q000 Statistics A web browser management session remains active even if you link to other sites You can return to the management web pages anytime as long as you do not quit the browser 202 Section Il Using the Web Browser Interface AT S84 Management Software User s Guide Web Browser Tools You can use the web browser tools to move around the management pages Selecting Back on your browser s toolbar returns you to the previous display You can also use the browser s book
42. eaaaeaaeeeeeeeeeee ee saaaaaaaanaeeaeeeeeeeeeeeseeeecssacaecaeeeeeees 14 Contacting Allied Telese eni aae a ATE ATE eda eat ae ten ana a TS 15 Online SuUpPOtsscctieletpe lalate eee i hehe tee bel Ba iaa tected aaea aaa aa a tack Ad besadadady 15 Email and Telephone Suppott ccccccccccceeceeeeeeeeeceneaeeeeeeeeeeeeeeseceaaaaaeaecaeeeeeeeeeeeseceqcncacaeeeeeeeeeeeeeteeeseneaees 15 Walrantys a a el ecaes aati sah a cella nla kts Coed te status a stl Peat A a a 15 REUN FTU IE e AT sas edad ee ten SR ee eee 15 Sales or Corporate IMformatlOnie ct saci s cdacicsel aadacecue hadebeoes eea a eaaa ae deae eaaa eaaa dat selene ladveetieagiste 15 Management Software Updates cceccccccceceeeeeeeeeeeeeeeeaaeceeeeeeeeeeeeceaaaaeaaeceeeeeeeeeeeeecaccnaesaeeeeeteeeeeeeseee 15 Chapter 1 Overview 2 2 500 2 ees ieee ai E a eee Posse ane nace ee ane eed 17 Management Overview c cc cccecccetedeneeeidadeeneedadecdeenegenectenecdacavbaseessnceetesebeccesmensueedesenectecteneneneceeseenseccceeesentace 18 Local Connection ies nicest ti acd a r 8 aa aise td eed ad iene eh hedat 19 Remote C nnection netere a degen aa taeda aca edie pina eaaa eaa a aaa e eee Ana daee treat eens 20 Using an SNMP Network Management Application 0 cccccceeeeeeeeeeeneeee eee enneeeeeeeteeeeeetieeeeeeesneeeeerenea 20 Management Access Level 2 2 ccccesescdeneteseecceeeecadendeeneceeeceeenessaneceesesusccneseeaseceeeseensneateseenseeeetenesiete
43. for normal network operations of the switch Values for these parameters are only required if you want to remotely manage the device using the web browser interface O A gateway address is only required if you want to remotely manage the device from a remote management station that is separated from the switch by a router O To configure the switch to automatically obtain its IP configuration from a DHCP server on your network go to Enabling and Disabling the DHCP Client on page 208 O You must use the menus interface to manually assign an IP address to the switch as described in Configuring an IP Address Subnet Mask and Gateway Address on page 206 To change the switch s IP configuration perform the following procedure 1 From the Basic Config menu select IP Config The IP Configuration page is shown in Figure 58 IP Configuration System MAC Address 00 00 90 24 00 02 system IP Address 149 35 8 50 System Subnet Mask 255 255 255 0 System Default Gateway 149 35 8 1 DHCP Mode Enable v Figure 58 IP Configuration Page 2 Change the IP configuration parameters by entering new information in the fields System MAC Address This parameter displays the MAC address of the switch You cannot change this parameter System IP Address Enter the IP address for the switch Section II Web Browser Interface AT S84 Management Software User s Guide System Subnet Mask Enter the subnet mask
44. for the transmission period 9 To set the supplicant timeout do the following a Type L to select Supplicant Timeout The following prompt is displayed Enter supplicant timeout value gt This parameter sets the switch to client retransmission time for the EAP request frame The default value for this parameter is 30 seconds The range is 1 to 600 seconds b Type a number for the supplicant timeout 10 To set the server timeout do the following a Type O to select Server Timeout The following prompt is displayed Enter transmission period gt This parameter sets the timer used by the switch to determine authentication server timeout conditions The default value for this parameter is 10 seconds The range is 1 to 60 seconds b Type a number for the server timeout 11 To set the maximum number of requests do the following a Type M to select Maximum Request 176 Section Using the Menus Interface Section Using the Menus Interface b AT S84 Management Software User s Guide The following prompt is displayed Enter maximum request count gt This parameter sets the maximum number of times that the switch retransmits an EAP Request packet to the client before it times out the authentication session The default value for this parameter is 2 retransmissions The range is 1 to 10 retransmissions Type a number for the maximum request count 12 To configure the quiet period do the following a b Ty
45. instructs the switch to ping a node on your network This procedure is useful in determining whether an active link exists between the switch and another network device Note the following before performing the procedure o The switch where you are initiating the ping must have an IP address o The device you are pinging must be a member of the Default VLAN This means that the port on the switch through which the node is communicating with the switch must be an untagged or tagged member of the Default VLAN To ping a network device perform the following procedure 1 From the Tools menu select Ping The Ping Test Configuration page opens as shown in Figure 64 Ping Test Configuration Destination IP Address 0 0 0 0 Timeout Value 3 Sec 1 5 Number of Ping Requests 10 Times 1 10 Start Show Ping Result 220 Figure 64 Ping Test Configuration Page 2 Configure the following parameters Destination IP Address The IP address of the node you want to ping Timeout Value Specifies the length of time in seconds the switch waits for a response before assuming that a ping has failed The default is 3 seconds Number of Ping Requests Specifies the number of ping requests you want the switch to perform The default is 10 3 Click Start 4 To view the ping results click Show Ping Results Section Il Web Browser Interface AT S84 Management Software User s Guide A sample Ping Test Results page is show
46. is 280 seconds Section Il Menus Interface 141 Chapter 10 IGMP Snooping Viewing the Multicast Groups To view the IGMP snooping multicast groups perform the following procedure 1 From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 4 on page 32 2 From the Advanced Switch Configuration Menu type I to select IGMP Snooping Configuration The IGMP Configuration Menu is shown in Figure 35 on page 140 3 Start your viewing application 4 Type V to select View group members The following prompt is displayed Enter VLAN ID gt 5 Enter the VLAN ID number The menu is updated to show the MAC address of the multicast group as shown in Figure 36 AT 9000 24 Local Management System Advanced Switch Configuration gt IGMP Configuration Menu IGMP Snooping Status Disabled IGMP Snooping Age Out Timer 280 seconds VLAN ID Multicast group address lt COMMAND gt N ext Page E nable Disable IGMP Snooping P revious Page S et Age Out Timer V iew group members Q uit to previous menu Command gt 142 Section II Menus Interface Section Il Menus Interface AT S84 Management Software User s Guide Figure 36 MAC Address Displayed on IGMP Configuration Menu The following prompt is displayed Enter MAC Address xx xXX XX XX XX XX gt 6 Enter the MAC address as shown on the menu The View Group Members Menu is shown in Figure 37
47. is operating as the aggregator Attached Port List The ports assigned to the aggregator Disabling an To disable an LACP trunk perform the following procedure LACP Trunk 1 From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 21 on page 88 Section Using the Menus Interface 95 Chapter 6 Port Trunking 2 From the Advanced Switch Configuration Menu type T to select Trunk Configuration The Trunk Configuration Menu is shown in Figure 22 on page 89 3 From the Trunk Configuration Menu type S to select Set Trunk Status The following prompt is displayed Enter trunk group number gt 4 Enter the trunk group number The following prompt is displayed Set trunk group n status A P M D gt 5 Type D to select Disabled 96 Section Using the Menus Interface Chapter 7 Port Mirroring Section l Using the Menus Interface This chapter contains the procedure for setting up port mirroring Port mirroring allows you to unobtrusively monitor the ingress and egress traffic on a port by having the traffic copied to another port This chapter contains the following sections ao Port Mirroring Overview on page 98 0 Configuring Port Mirroring on page 99 o Enabling or Disabling Port Mirroring on page 101 97 Chapter 7 Port Mirroring Port Mirroring Overview 98 The port mirroring feature allows you to unobt
48. m m Do not enable a port trunk until after you have configured the trunk on both switches Do not connect the cables to the ports on the switches until after you have configured and enabled the trunk on both switches Note If you are disabling a port trunk be sure to first disconnect all cables from the ports of the trunk Leaving the cables connected can create loops in your network topology because the ports of a disabled port trunk function as normal network ports forwarding individual network traffic To enable or disable a port trunk perform the following procedure 1 From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 21 on page 88 From the Advanced Switch Configuration Menu type T to select Trunk Configuration The Trunk Configuration Menu is shown in Figure 22 on page 89 From the Trunk Configuration Menu type S to select Set Trunk Status The following prompt is displayed Enter trunk group number gt Type the number of the trunk group you want to enable or disable and press Enter The following prompt is displayed Set trunk group n status A P M D gt Type M to enable a manual trunk or D to disable the trunk 91 Chapter 6 Port Trunking Setting Up an LACP Trunk 92 Creating an LACP Trunk This section contains the following procedures to work with LACP trunks QOQOQ0Q0 0 Creating an
49. not forward network traffic during the reboot process Some network traffic may be lost To return the AT S84 management software to the default settings perform the following procedure 1 From the Main Menu type T to select Switch Tools The Switch Tools Configuration Menu is shown in Figure 11 on page 50 From the Switch Tools Menu type R to select System Reboot to start the reboot The System Reboot menu is shown in Figure 12 on page 51 Type O to select Set Reboot Option The following prompt is displayed Select reboot option F I N gt Type F or I to select one of the following F Factory Default Resets all switch parameters to the factory default settings including IP address subnet mask and gateway address I Reset to Defaults Except IP Address Resets all switch parameters to the factory default settings but retains the IP address subnet mask and gateway settings If the DHCP client is enabled it remains enabled after this reset Note Option N is described in Rebooting the Switch on page 50 57 Chapter 3 Basic Switch Parameters 58 5 Type R to select Start Reboot Process The following prompt is displayed Are you sure you want to reboot the system Y N gt 6 Type Y to start the reboot process The switch returns its operating parameters to the default values and begins to reload the AT S84 management software This process takes approximately one minute to complete
50. one path exists between the end nodes in your network Where multiple paths exist this protocol places the extra paths in a standby or blocking mode leaving only one main active path RSTP can also activate a redundant path if the main path goes down So not only do these protocols guard against multiple links between segments and the risk of broadcast storms but they can also maintain network connectivity by activating a backup redundant path in case a main link fails When a change is made to the network topology such as the addition of a new bridge a spanning tree protocol must determine whether there are redundant paths that must be blocked to prevent data loops or activated to maintain communications between the various network segments This is the process of convergence RSTP can complete a convergence in seconds and so greatly diminishes the possible impact the process can have on your network At this time only RSTP is available on the switch The RSTP implementation complies with the IEEE 802 1w standard The following subsections provide a basic overview on how RSTP operates and define the different parameters that you can adjust The first task that bridges perform when a spanning tree protocol is activated on a network is the selection of a root bridge A root bridge distributes network topology information to the other network bridges and is used by the other bridges to determine if there are redundant paths in the ne
51. ons iora E T T OT e aa touaetedece sate 106 VEAN NIMO yara e A E AE EAN A E ede ek er ie 106 VEAN OMOT ss easuecce Side A A E T 106 Port VLAN IGONIMGD scccssit2 sectenteescectad aad jcectecees ceeeeelbd of eced lady sequatl bes teckdeid comeueesdndeceeascaddaeees dAdeeeanagadeeedeadn ERE 106 VLAN Port MGM Drs ast 5 asian tek E ceenst cones eth cig decid tuanacesededaeen stad fupadeeibt eneea setidgaee snes cial eae ddan ene 106 Tagged Port Members taisiieeci ee i E A aee hia ae eerie een eth alae 107 Untagged Port Members eoar iora cece a gan tceants E A ne Sgn A eee oe eae eee 107 Incoming and Outgoing Tagged and Untagged Frames cccccecceeeeeeeeceeeeeseeeeeeeeseneeeeeeseeeaeeeeeeenaeeees 107 IMGOMING Fames eio 4 aiaet A a E cache stats cies datas Avast uae ada A Meet Aada deat ite 107 Outgoing Frames sedate ieee eee ae eee ee eee 108 Guidelines for Creating a VLAN mastaaa eA AEE ENEA ERA EE E AETIA EREE EEE 108 Untagged VANS eane ranse aer Ea AREA E A E AA A A E AE ASE EEE 109 Tagged VLAN Exam ple rronte eT a Ta AT sich ta davate teasaaian ange 111 Working with VLAN S reier n T A E E E E E eee ede 113 CGreatirig a VLAN oaa T A ce dat cde settee ede A E AAT 113 Conmigonngthe Pon PMID reisene E a E E EEEE A A Eaa TE 116 Displaying the MEANS hiss onret a teiaa toads carne T A A EA teatiet ein ete tad on 117 AT S84 Management Software User s Guide Modifying a VLAN sx sess inoin ertr edad ibe dade adda Paani aidaa ein eiaa SE Ea E a
52. or Disabling GVRP sssrinin iiri iia aai A Aaa AARNA A AE AAA AA 260 Chapter 23 Quality of Service QOS 200 0 ccc eeeeeee terrence eee eeeee eee eeeeeeeeeeeneaeeeeeseeeaeeeeseeeaeeeeseeeaaeees 261 Mapping CoS Priorities to Egress Queues ccceeeeceeee tenet eee ee eter eee eeeaaeeeeeeeaaeeeeeesaaeeeeeeeiaaeeeeeneenaeeeeeeenaas 262 Configuring COS v2 cree sis E E A eaten ee aed a te teeta teeta al Mag 264 Chapter 242 1GMP r edie ee et ca tao date west gece od dda we tacit atdewi tne acess 267 Configuring IGMP sisccsciectard ot ndoeties aceivenl dine algae Hei deed es ccd ce de ban deere A erat Eea a TaN TaN 268 Viewing the Multicast Group Members cece eeeeeeeeeeeeeaeeeeeeeeaaeeeeeeeaaaeeeeeeeaeeeeeeeaaeeeseeeaaeeesseneeeeeeeeaas 269 Chapter 25 RST sg E 2a Gage de E EE E sedges Gia aed idenad oer nh S eed 271 Basic RSTP Configuration screenen iaa siance dees caeaddants A eves AE SEE ANE SEE EA 272 Configuring RSTP Port Settings nasroni nonah a re a A a n A e as 274 Configuring the Basic RSTP Port SetingSeinisherarmiridiia iei i e ri ae 274 Configuring the Advanced RSTP Port Settings cccccceceeeeeeeeeeeeeeeeeeeeeeeeseeeeeeeeeeseneaeeeeeeeeaaeeeeseeaaeees 275 Viewing the RSTP Topology rrii aeiiaaie i dv dels eqeued eh taev deeded asavertisnedvenel AA 278 Chapter 26 802 1x Network Access Control 0 cccccccceececeeenec cece ceeeeee cette eeseceaeaaeseeeeeeeeeeeeeeeeenenaeees 281 Configuring 802 1x Netwo
53. page opens as shown in Figure 92 Configuration File Upload Download Download Upload Config File Upload TFTP Server IP 0 0 0 0 Config File Name Retry Count 5 1 20 Apply Figure 92 Configuration File Upload Download Page 292 Section II Web Browser Interface Section Il Web Browser Interface AT S84 Management Software User s Guide 2 From the Download Upload Config File list choose Upload to upload a file to the TFTP server or Download to download the configuration file from the TFTP server to the switch Change the following parameters as necessary TFTP Server IP The IP address of the TFTP server Config File Name The name of the configuration file There is no default name for the configuration file Retry Count The number of times you want the switch to retry in the event a problem occurs during the upload or download process The range is 1 to 20 and the default is 5 times Click Apply The following message is displayed Are you sure you want to Upload Download the new configuration file 5 Click OK to continue or Cancel to stop the process 293 Chapter 29 Working with System Files 294 Section II Web Browser Interface Section II Using the Command Line Interface The chapter in this section provides information for using the command line interface in the AT S84 management software Section II Using the Web Browser Interface Note The menus interface is desc
54. priority described 148 port role default setting 319 port speed configuring on a single port 229 configuring on multiple ports 226 port statistics displaying 77 232 port status enabling or disabling on a single port 229 enabling or disabling on multiple ports 226 port trunk configuring 88 creating 240 324 description 82 disabling 91 241 enabling 91 241 guidelines 83 modifying 90 port VLAN identifier PVID configuring 116 252 Q Quality of Service QoS configuring 129 261 default settings 316 overview 126 R RADIUS configuring 181 286 displaying settings 183 guidelines 180 overview 180 Rapid Spanning Tree Protocol RSTP advanced port settings configuring 161 and VLANs 152 basic port settings configuring 159 configuring 156 272 default settings 318 enabling or disabling 153 port configuration displaying 164 remote management access defaults 312 remote management session quitting 204 starting 20 200 RJ 45 serial terminal port default settings 313 root bridge 146 RSTP See Rapid Spanning Tree Protocol RSTP S Simple Network Time Protocol SNTP 44 SNMP authentication traps enabling 63 community name 60 default setting for remote management 312 default settings 314 SNMP agent enabling 236 enabling or disabling 62 SNMP authentication traps enabling 63 SNMP community string access mode 60 default 61 64 default name 314 default changing 237 name 60 operating status 60 SNMP management de
55. procedure 1 From the Advanced Config menu select VLAN Config gt VLAN Info The VLAN Information page is shown in Figure 78 on page 256 2 From the GVRP status list choose either Enable or Disable 3 Click Apply 260 Section II Web Browser Interface Chapter 23 Quality of Service QoS This chapter contains the procedure for configuring Quality of Service QoS This chapter includes the following procedures o Mapping CoS Priorities to Egress Queues on page 262 o Configuring CoS on page 264 Note For background information on QoS refer to QoS Overview on page 126 Section II Web Browser Interface 261 Chapter 23 Quality of Service QoS Mapping CoS Priorities to Egress Queues 262 This procedure explains how to change the default mappings of CoS priorities to egress priority queues as shown in Table 2 on page 127 This is set at the switch level You cannot set this at the per port level This procedure also enables and disables QoS To change the default mappings of CoS priorities to egress priority queues or to enable or disable QoS perform the following procedure 1 From the Advanced Config menu select QoS Config gt Traffic Class The Traffic Class Configuration page opens as shown in Figure 80 Traffic Class Configuration QoS Status Disable Traffic Class Queue 0 Lowest 3 Highest bs WwW lj D an 0 gt Ww WwW WwW Apply
56. procedure the PVID values of the untagged ports of the VLAN must be adjusted to match the virtual LAN s VID number In order for a port to be considered an untagged member of a VLAN its PVID value must be changed to match the VID of the virtual LAN This procedure is found in Configuring the PVID of Untagged Ports on page 252 To configure a VLAN perform the following procedure 1 From the Advanced Config menu select VLAN Config gt Create VLAN The Create VLAN page opens as shown in Figure 75 Create VLAN VLAN ID 2 4094 Note U Untagged Port VLAN member VLAN Name Port Number 1 2 Se A Be Be FB 9 10111213 1415 16 17 18 19 20 24 222352 Static Tagged OO OOOQOOQOOQOOQOQO0Q0QO0Q00000 00 00 0000 Static Untagged Not Member Apply Restore Clear Figure 75 Create VLAN Page 2 In the VLAN ID field enter a VLAN ID for the new VLAN The range is 2 to 4094 If this VLAN will be unique in your network then its VLAN ID VID must also be unique from all other VIDs in the network 3 In the VLAN Name field enter a name for the VLAN The name can contain up to 32 characters including spaces but not including special characters such as asterisks or exclamation points 1 If the VLAN will be unique in you network then the name should be unique as well Section Il Web Browser Interface Section Il Web Browser Interface AT S84 Management Software User s Guid
57. s Guide Changing the Default SNMP Community Names To configure the SNMP settings perform the following procedure 1 From the Basic Config menu select SNMP Config The SNMP Configuration page opens as shown in Figure 70 SNMP Configuration SNMP Read Community public SNMP Write Community private Trap Authentication Enable v SNMP Trap Receivers IP Address Community 1 10 0 0 0 Delete 2 0 0 0 0 Delete 3 10 0 0 0 Delete 4 0 0 0 0 Delete Apply Restore Figure 70 SNMP Configuration Page 2 Click the SNMP Read Community field and type the name of the read community The default is public 3 Click the SNMP Write Community field and type the name of the write community The default is private 4 To set Trap Authentication for that community string select Enable or Disable from the list 5 Click Apply Section Il Web Browser Interface 237 Chapter 19 SNMP Working with Trap Receivers Adding and Enabling a Trap Receiver Disabling a Trap 238 Receiver Deleting a Trap Receiver This section contains the following procedures g o m Adding and Enabling a Trap Receiver next Disabling a Trap Receiver on page 238 Deleting a Trap Receiver on page 238 To add and enable a trap receiver perform the following procedure 1 From the Basic Config menu select SNMP Config The SNMP Configuration page is shown i
58. site www alliedtelesis com To sign up for a warranty on your product refer to the Allied Telesis web site http alliedtelesis com support warranty Products for return or repair must first be assigned a return materials authorization RMA number A product sent to Allied Telesis without an RMA number will be returned to the sender at the sender s expense To obtain an RMA number contact the Allied Telesis Technical Support group at our web site http alliedtelesis com support rma Select your country from the list displayed on the website Then select the appropriate menu tab You can contact Allied Telesis for sales or corporate information through our web site www alliedtelesis com To find the contact information for your country select Contact Us gt Worldwide Contacts New releases of management software for our managed products are available from either of the following Internet sites o Allied Telesis web site www alliedtelesis com o Allied Telesis FTP server ftp ftp alliedtelesis com To download new software from the Allied Telesis FTP server from your workstation s command prompt you must have FTP client software Additionally you must log in to the server The user name is anonymous and your email address is the password Preface 16 Chapter 1 Overview This chapter provides an overview of the AT S84 management software for the AT 9000 24 Gigabit Ethernet switch This chapter describ
59. switch onto your management workstation containing the SNMP application program The MIBs are available from the Allied Telesis web site at www alliedtelesis com To manage a switch using SNMP you need to know the IP address of the switch and at least one of the switch s community strings A community string is a string of alphanumeric characters that gives you access to the switch A community string has several attributes that you can use to control who can use the string and what the string will allow a network manager to do on the switch The community string attributes are defined below Community String Name The SNMP community string is similar to a user ID or password which allows access to a network device s statistics You must assign a name to the community string The name can be from one to eight alphanumeric characters Spaces are allowed Access Mode This defines what the community string will allow a network manager to do There are two access modes Read and Read Write A community string with an access mode of Read can only be used to view but not change the MIB objects on a switch A community string with a Read Write access can be used to both view the MIB objects and change them Status A community string can be enabled disabled or deleted When disabled no one can use it to access the switch You might disable a community string if you suspect someone is using it for unauthorized access to the Section Usi
60. the command line interface and returns to the Main Menu MODE Displays the available modes NO Negates a command or sets its defaults OVERRIDE Enables the port override feature 303 Chapter 30 Getting Started with the Command Line Interface 304 Table 12 Interface Configuration Command Mode Commands Commands Description PING Pings a specified IP address to check connectivity to another system PORT Sets port mirroring parameters PVID Sets the PVID SHUTDOWN Disables a port SPANNING Sets the parameters for the STP feature TREE SPEED Sets the speed and duplex mode for a port DUPLEX Port Mirroring Example To configure port 8 as the mirroring port and port 6 as the mirrored port you need to first access the Interface Configuration mode specify the port and then configure the port mirroring feature Perform the following procedure 1 From the User EXEC mode enter enable You now have access to the Privileged EXEC Configuration mode as indicated by the Switch config prompt 2 From the Privileged EXEC Configuration mode enter configure You now have access to the Global Configuration mode as indicated by the Switch config prompt 3 Access port 8 on the Interface Configuration mode interface Ethernet1 8 You now have access to the Interface Configuration mode as indicated by the Switch config if prompt 4 Enter the port mirro
61. the statistics for a particular port since the switch was last reset select the port and then type R for Since Reset To stop refreshing the statistics type T for Stop Refresh 79 Chapter 5 Port Configuration 80 Section Using the Menus Interface Chapter 6 Port Trunking Section l Using the Menus Interface This chapter provides information and procedures for creating a port trunk and contains the following sections Port Trunking Overview on page 82 LACP Trunks on page 84 Setting Up a Port Trunk on page 88 Setting Up an LACP Trunk on page 92 QOQ0Q0Q 0 81 Chapter 6 Port Trunking Port Trunking Overview Static Port Trunk 82 Overview Port trunking is an economical way for you to increase the bandwidth between two Ethernet switches A port trunk is 2 to 8 ports that have been grouped together to function as one logical path A port trunk increases the bandwidth between switches and is useful in situations where a single physical data link between switches is insufficient to handle the traffic load A port trunk always sends packets from a particular source to a particular destination over the same link within the trunk A single link is designated for flooding broadcasts and packets of unknown destination A static port trunk consists of two to eight ports on the switch that function as a single virtual link between the switch and another device A static port trunk
62. untagged ports refer to Chapter 8 Virtual LANs and GVRP on page 103 Section Il Menus Interface AT S84 Management Software User s Guide Enabling or Disabling RSTP To enable or disable RSTP perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 From the Basic Switch Configuration Menu type S to select Rapid Spanning Tree Configuration The Rapid Spanning Tree Configuration Menu is shown in Figure 42 AT 9000 24 Local Management System Advanced Switch Configuration gt Rapid Spanning Tree Configuration Menu Global RSTP Status Disabled Protocol Version RSTP Root Port 0 Root Path Cost 0 Time Since Topology Change 118 Sec Topology Change Count 1 Designated Root 8000 00C08F1211BB Bridge ID 8000 010203AABB04 Hello Time 2 sec Bridge Hello Time 2 Sec Maximum Age 20 Sec Bridge Maximum Age 20 Sec Forward Delay 15 Sec Bridge Forward Delay 15 Sec lt COMMAND gt E nable Disable Global RSTP Set Bridge Florward Delay Set RSTP Protocol V Jersion RSTP Blasic Port Configuration Set Bridge P riority RSTP A dvanced Port Configuration Set Bridge H ello Time Topology I nformation Set Bridge M aximum Age Q uit to previous menu Command gt Section Il Menus Interface Figure 42 RSTP Configuration Menu The RSTP menu allows you to configure RSTP as wel
63. 0 24 Local Management System Enter the character in square brackets to select option Main Menu Gleneral Information B asic Switch Configuration A dvanced Switch Configuration Switch T ools S tatistics C ommand Line Interface Q uit Command gt Figure 3 Main Menu Section Using the Menus Interface 27 Chapter 2 Getting Started with the Menus Interface Using the Menus Interface If you are using a DEC VTOO or ANSI the default terminal configuration refer to Table 1 for instructions on how to move through the menus and select menu options Table 1 Menus Interface Operations When directed to You must Make a menu selection Type the menu option letter enclosed in brackets such as typing P to select P ort Configuration Enter information for example entering a port number Return to previous menu Type the information and press Enter Type Q for Quit to previous menu When you enter a letter to select a field in which you can enter a value a message is displayed For example Enter new password gt The gt symbol indicates that you can enter a new value for the parameter or change the existing value After you have entered a value press Enter Changes are immediately activated on the AT 9000 24 Gigabit Ethernet switch Note The web browser interface is described in Section II Using the Web Browser Interface on page 197 and the comma
64. 000 000090240002 0 9000 000090240002 00 00 5 Down 9000 000090240002 0 9000 000090240002 00 00 6 Down 9000 000090240002 0 9000 000090240002 00 00 7 Up 8000 000c46aa7fa1 220000 9000 000090240002 80 07 8 Down 9000 000090240002 0 9000 000090240002 00 00 9 Down 9000 000090240002 0 9000 000090240002 00 00 O Down 9000 000090240002 0 9000 000090240002 00 00 1 Down 9000 000090240002 0 9000 000090240002 00 00 a Down 9000 000090240002 0 9000 000090240002 00 00 Si Down 9000 000090240002 0 9000 000090240002 00 00 4j Down 9000 000090240002 0 9000 000090240002 00 00 al Down 9000 000090240002 0 9000 000090240002 00 00 6 Down 9000 000090240002 0 9000 000090240002 00 00 im Down 9000 000090240002 0 9000 000090240002 00 00 8j Down 9000 000090240002 0 9000 000090240002 00 00 9 Down 900 0090240002 0 9000 000090240002 00 00 20 Down 900 0090240002 0 9000 000090240002 00 00 21 Down 900 0090240002 0 9000 000090240002 00 00 22s Down 90 0090240002 0 9000 000090240002 00 00 2 Down 90 0090240002 0 9000 000090240002 00 00 24 Down 90 0090240002 0 9000 000090240002 00 00 Figure 87 Designated Topology Information Page This page displays the following information about the ports Trunk The trunk of which the port is a member Link Status Whether the link on the port is up or down Designated Root The desi
65. 0000 Apply Enoble f128 20000 Apply Enable 128 20000 Apply Enable 128 200000 Apply Enable li28 20000 Apply Enable 128 20000 Apply Enable 128 20000 Apply Enable 128 20000 Apply Eneble 128 20000 Apply Eneble 128 20000 Apply Enable 128 20000 Apply Enable 128 20000 Apply Enable 128 zo000 Apply Eneble M 128 20000 _ Apply Enable 128 20000 Apply Enable 128 20000 Apply Enebe 128 20000 Apply Enoble 128 20000 Apply Enable 128 20000 Apply Enable 128 20000 Apo Enoble 128 20000 Apply Figure 85 RSTP Basic Port Configuration Page Section II Web Browser Interface Configuring the Advanced RSTP Port Settings Section Il Web Browser Interface AT S84 Management Software User s Guide In the STP Status column for the port you want to configure select the STP status from the list either Enable or Disable In the Priority column for the port you want to configure type a number for the port priority Port priority is described in Port Priority on page 148 In the Path Cost column for the port you want to configure type a number for the Path Cost Path cost is described in Path Costs and Port Costs on page 147 Click Apply To configure all of the ports to the same settings in the All row configure one two or all of the following settings STP Status Prior
66. 2 1x Network Access Control on page 174 167 Chapter 12 802 1x Network Access Control 802 1x Network Access Control Overview 802 1x Network Access Control IEEE 802 1x is used to control who can send traffic through and receive traffic from a switch port With this feature the switch will not allow an end node to send or receive traffic through a port until the user of the node logs on by entering a username and password This feature can prevent an unauthorized individual from connecting a computer to a switch port or using an unattended workstation to access your network resources Only those users to whom you have assigned a username and password will be able to use the switch to access the network This feature must be used with the RADIUS authentication protocol and requires that there be a RADIUS server on your network The RADIUS server performs the authentication of the username and password combinations Note RADIUS with Extensible Authentication Protocol EAP extensions is the only supported authentication server for this feature Following are several terms to keep in mind when using this feature O Supplicant A supplicant is an end user or end node that wants to access the network through a switch port A supplicant is also referred to as a client Authenticator The authenticator is a port on the switch that prohibits network access by a supplicant until the network user has entered a valid
67. 2 3 64 bytes including the CRC received on the port Oversize Pkts Number of packets that exceeded the maximum length specified by IEEE 902 3 1518 bytes including the CRC received on the port Fragments Number of undersized packets packets with alignment errors and packets with FCS errors CRC errors received on the port Jabbers Number of electrical signal errors detected on the port Collisions Number of packet collisions on the port 64 Byte Pkts Number of 64 byte packets sent or received by the port The minimum length of an Ethernet packet is 64 bytes 65 127 Pkts Number of 65 to 127 byte packets sent or received by the port 128 255 Pkts Number of 128 to 255 byte packets sent or received by the port 256 511 Pkts Number of 256 to 511 byte packets sent or received by the port 512 1023 Pkts Number of 512 to 1023 byte packets sent or received by the port 1024 1522 Pkts Number of 1024 to 1522 byte packets sent or received by the port The maximum length of an Ethernet packet is 1518 bytes The statistics are refreshed every 30 seconds 2 To select a specific port a Type S to select Select Section Using the Menus Interface Section Using the Menus Interface AT S84 Management Software User s Guide The following prompt is displayed Select port number gt b Type the number of the port whose statistics you want to view Type N for Next or P for Previous to move between ports To view
68. 3 Figure 24 Figure 25 Figure 26 Figure 27 Figure 28 Figure 29 Figure 30 Figure 31 Figure 32 Figure 33 Figure 34 Figure 35 Figure 36 Figure 37 Figure 38 Figure 39 Figure 40 Figure 41 Figure 42 Figure 43 Figure 44 Figure 45 Figure 46 Figure 47 Figure 48 Figure 49 Figure 50 Connecting the Management Cable to the Console Port ee ccececeeeesseeeeeeeeeeneeeenaeeeseneeeeaeeeseaeeesneeeeenaeeeseaes 26 Login MON ssnin ee oben ees hades Nano te ete e Sa ene ien ieee heed 27 Main Menu jeccc5520 ses phe ve eee e r chagceeeas coin a a s ntdeeeesegde ae a A a a a aaa 27 Basic Switch Configuration M nu ceceeeccesesseeeeeneeeeeneeeeeaeeeseeeeeesaaeeeeeeaeecseeesesaeeeseeaeeeeeeeeeeaeeeseaaeessneeeensaeeeeenaees 32 SystemilP Configuration Men s s i2 0 25cccs adsescucesscteneceessvsescennscebubanres dn naate Ds cecetpeessceeserh cxpeeaees dees 33 System Admin Configuration MenU 0 0 0 eecceeesseeeereeeeeeeeeaeeeeeeeeeesaeeeeeaeeeseeeesesaeeeeeaaeeseaeseaeeeseaaeessneeeensaeeseenaees 36 User Interface Configuration M nu ceecceeesseceeeeeeeeeneeeeeeeeceeeeeesaaeeceeaaeecaeesesaeeeceeaeeeeeeeeneaeeeseaaeeseeeeensaeeeeenaees 38 SNIP Configuration Meu ea i aa ee Ee A E Te Laa ARAE E a Aare AAEE EANES 44 Time Zone Configuration Menu eee eeeececeereeeeneeeceeeeeneeeeeeaeeeceeaeeenneeeeeaeeeeeeaeeseneeeeeaeseeaeesnneeseeeeeseeeeesneeeenea 45 General Information M nU ss 2 cccssesneescncki ii
69. 4 Local Management System Switch Tools Configuration gt Ping Execution Target IP Address 0 0 0 0 Number of Requests 10 Timeout Value sec Set Target I P Address E xecute Ping Set N umber of Requests S top Ping Set T imeout Value Q uit to previous menu Command gt Figure 13 Ping Execution Menu Section Using the Menus Interface AT S84 Management Software User s Guide 3 Type Ito select Set Target IP Address The following prompt is displayed Enter new target IP address gt 4 Type the IP address of the node you want the switch to ping and press Enter 5 Type N to select Set Number of Requests The following prompt is displayed Enter new number of requests gt 6 Enter the number of ping requests you want the switch to perform The range is 1 to 10 The default is 10 7 Type T to select Set Timeout Value The following prompt is displayed Enter new timeout value gt 8 Enter the length of time in seconds the switch is to wait for a response before assuming that a ping has failed The range is 1 to 5 seconds The default is 3 seconds 9 Type E to select Execute Ping The following prompt is displayed Execute ping or Clean ping data E C gt 10 Type E to execute the ping or C to clear previous ping data before performing this ping Section Using the Menus Interface 53 Chapter 3 Basic Switch Parameters 54 Figure 14 shows an example of the results of a ping AT 9000 24 Local M
70. 4 Management Software User s Guide Enter bridge maximum age gt The bridge maximum age is the length of time after which stored bridge protocol data units BPDUs are deleted by the bridge All bridges in a bridged LAN use this aging time to test the age of stored configuration messages called bridge protocol data units BPDUs For example if you use the default value 20 all bridges delete current configuration messages after 20 seconds This parameter can be from 6 to 40 seconds When you select a value for maximum age observe the following rules MaxAge must be greater than 2 x HelloTime 1 MaxAge must be less than 2 x ForwardingDelay 1 Note The aging time for BPDUs is different from the aging time used by the MAC address table 7 Type a number for the bridge maximum age 8 Type F to select Set Bridge Forward Delay The following prompt is displayed Enter bridge forward delay gt The bridge forwarding delay is the waiting period in seconds before a bridge changes to a new state for example becomes the new root bridge after the topology changes If the bridge transitions too soon not all links may have yet adapted to the change resulting in network loops The range is 4 to 30 seconds The default is 15 seconds 9 Type a number for the bridge forward delay between 4 and 30 seconds Section Il Menus Interface 157 Chapter 11 Rapid Spanning Tree Protocol RSTP Configuring STP Compatibility
71. 52 packets The spanning tree implementation in the AT S84 management software is a single instance spanning tree The switch supports just one spanning tree You cannot define multiple spanning trees The single spanning tree encompasses all ports on the switch If the ports are divided into different VLANs the spanning tree crosses the VLAN boundaries This point can pose a problem in networks containing multiple VLANs that span different switches and are connected with untagged ports In this situation STP blocks a data link because it detects a data loop This can cause fragmentation of your VLANs This issue is illustrated in Figure 41 Two VLANs Sales and Production span two AT 9000 24 Gigabit Ethernet switches Two links consisting of untagged ports connect the separate parts of each VLAN If RSTP is activated on the switches one of the links is disabled In the example the port on the top switch that links the two parts of the Production VLAN is changed to the block state This leaves the two parts of the Production VLAN unable to communicate with each other Production rro Zz 7 We S Sut aaia iii i a o SSSSSS eee mmm Z eg Sales fY 7 Production VLAN VLAN Figure 41 VLAN Fragmentation You can avoid this problem by not activating rapid spanning tree or by connecting VLANs using tagged port members instead of untagged ports For information on tagged and
72. 6 224 112 240 If two paths have the same port cost and the same priority then the ports with the lowest port MAC addresses become the root ports of their respective bridges Hello Time and Bridge Protocol Data Units BPDUs The bridges that are part of a spanning tree domain communicate with each other using a bridge broadcast frame that contains a special section devoted to carrying STP or RSTP information This portion of the frame is referred to as the bridge protocol data unit BPDU When a bridge is brought online it issues a BPDU in order to determine whether a root bridge has already been selected on the network and if not whether it has the lowest bridge priority number of all the bridges and should therefore become the root bridge The root bridge periodically transmits a BPDU to determine whether there have been any changes to the network topology and to inform other bridges of topology changes The frequency with which the root bridge sends out a BPDU is called the hello time This is a value that you can set in the AT S84 management software The interval is measured in seconds and the default is two seconds Consequently if an AT 9000 24 Gigabit Ethernet switch is selected as the root bridge of a spanning tree domain it transmits a BPDU every two seconds Point to Point and Edge Ports Part of the task of configuring RSTP is defining the port types on the bridge This relates to the device s connected to t
73. 70 Type S to select Set Status The following prompt is displayed Set Status gt Enter port number gt Enter the number of the port you want to enable or disable You can configure only one port at a time The following prompt is displayed Enable or Disable port n E D gt Type E to enable the port or D to disable it The default is enabled A disabled port immediately stops forwarding all ingress and egress traffic until you enable it again The display is refreshed to show the port s new status Section Using the Menus Interface AT S84 Management Software User s Guide Setting a Port s Speed and Duplex Mode Section Using the Menus Interface To change a port s speed or duplex mode perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 From the Basic Switch Configuration Menu type P to select Port Configuration The Port Configuration Menu is shown in Figure 17 on page 70 Type M to select Set Mode The following prompt is displayed Set Mode gt Enter port number gt Enter the number of the port whose speed or duplex mode you want to change You can configure only one port at a time The following prompt is displayed Enter new mode for port n a h H F f T gt Enter the letter that corresponds to the desired speed and duplex mode setting for the port The port settings are
74. A EEr SAATE RAAEN Eaa 142 Chapter 11 Rapid Spanning Tree Protocol RSTP cccccceceeeeeeeeeeeeeeeeeeeeeeeeeeeeseneaeeeeeseeeaeeeeeeeaaeees 145 RSTP OVGrVICW acneea ated i cede eel ulhged EAO ANTE A A A adda vines anedoaviviee 146 Bridge Priority and the Root Bridge cccccccecsceeeeeeeeeeeeeeee eee aai TE ea AA r AAA LEEA KAATA EAEri 146 Designated Bridge and Designated Port ceceeeeeceeeeeeceeeeeeeenneeeeeeeeaeeeeeeeeaeeeeeeeenaeeeeeeeeiaeeeeseeeaes 147 Fathi Costs and Port COStS t cctevsnceecdasguis bee leases innate eavnege AEA A R ERAI EAR AA AA Rea 147 Port Priory einga inia rii AEE EN ENE E ETA EE A A 148 Hello Time and Bridge Protocol Data Units BPDUS sssssessssssessrressesrrsseetrrrssrrrrrsstttnrsssrtrrrssrrrnnne 149 Point to Point and Edge Ports icirsnssiriiipiuieniiiiireeiiai n Ei A NEEE EEA TEE EE 149 Mixed STP and RSTP Networks 00 ccecceececteeee aE aA eE R ATE a ai e aiT 151 Rapid Spanning Tree and VLANS cecceccceeeeeeeeeeeeeeeneaecaeeeeeeeeeeeceesecaeaaeaeeeeeeeeeeeseseeccicaaeeeeeeeeteeeeeees 152 Enabling or Disabling RST Peerke a A a A 153 Configuring the RSTP Bridge SettingS scserssiniidrdriiiiaiei d re E E i ea aaa 156 Configuring STP Compatibili ereen e aaar A A R AOA OR 158 Configuring RSTP Port Settings ss acrrnccieiernniii iii a A T A a 159 Configuring the Basic RSTP Port Settings c cece eeeeeeeeeeeeeeeeeeeeeeeeeeeeeseneeeeeeeseeeaeeeeeseeaaeeeseeeaaees 159
75. AN The switch responds and processes management packets only if they are received on an untagged port of the Default VLAN To start a web browser management session perform the following procedure 1 Start your web browser Note If your PC with the web browser is connected directly to the switch to be managed or is on the same side of a firewall as the switch you must configure your browser s network options not to use proxies Consult your web browser s documentation on how to configure the switch s web browser to not use proxies 2 Inthe URL field of the browser enter the IP address of the switch to be managed E http 149 35 8 238 Microsoft Internet Explorer BAX File Edit View Favorites Tools Help E Q Back x a Search Favorites 04 amp Wy rel 3 Address 2 AEEBI T4935 181238 v E co Links gt Switch s ie Address Figure 55 Entering a Switch s IP Address in the URL Field 200 Section Il Using the Web Browser Interface AT S84 Management Software User s Guide The AT S84 management software displays the login dialog box shown in Figure 56 Connect to 149 35 8 238 WA User name manager iv Password eecccee Remember my password Figure 56 AT S84 Login Dialog Box 3 Enter the AT S84 management login user name and password The default user name is manager and the default password is friend The login name and password
76. AT 9000 24 Local Management System IGMP Configuration Menu gt View Group Members Menu VLAN ID 1 Multicast group address 01 00 5E 75 FF FA Group members Q uit to previous menu Command gt Figure 37 View Group Members Menu 143 Chapter 10 IGMP Snooping 144 Section II Menus Interface Chapter 11 Rapid Spanning Tree Protocol RSTP Section II Menus Interface This chapter describes how to configure the Rapid Spanning Tree Protocol RSTP on the switch and includes the following sections RSTP Overview on page 146 Enabling or Disabling RSTP on page 153 Configuring the RSTP Bridge Settings on page 156 Configuring STP Compatibility on page 158 Configuring RSTP Port Settings on page 159 QOdQ0Q0Q00 0 Displaying the RSTP Topology on page 164 145 Chapter 11 Rapid Spanning Tree Protocol RSTP RSTP Overview 146 Bridge Priority and the Root Bridge The performance of a Ethernet network can be negatively impacted by the formation of a data loop in the network topology A data loop exists when two or more nodes on a network can transmit data to each other over more than one data path The problem that data loops pose is that data packets can become caught in repeating cycles referred to as broadcast storms that needlessly consume network bandwidth and can significantly reduce network performance RSTP prevents data loops from forming by ensuring that only
77. Admin Configuration Menu Description AT 9000 24 ObjectID 1 3 6 1 4 1 207 1 4 Name Location Contact Set System N ame Set System L ocation Set System C ontact Information Q uit to previous menu Command gt Figure 6 System Admin Configuration Menu The Description parameter in the top portion of the menu displays the model name of the switch The System Object ID parameter is the numeric ID of the switch You cannot change these parameters 3 To set the system s name do the following a Type N to select Set System Name The following prompt is displayed Section Using the Menus Interface AT S84 Management Software User s Guide Enter system name gt b Type a name for the switch for example Sales The name is optional and can contain up to 50 characters Note Allied Telesis recommends that you assign names to the switches Names can help you identify the switches when you manage them and can also help you avoid performing a configuration procedure on the wrong switch 4 Toenter the system s location do the following a Type L to select Set System Location The following prompt is displayed Enter system location gt b Type information to describe the location of the switch for instance Third Floor The location is optional and can contain up to 50 characters 5 To enter the administrator s name do the following a Type C to select Set System Contact Information The foll
78. Change Count 25 Designated Root 8000 00308454C840 Hello Time 2 Sec Maximum Age 20 Sec Forward Delay 15 Sec Bridge ID 9000 000090240002 Bridge Priority 0x3000 0x0000 0xF000 and in increments of 0x1000 Bridge Hello Time 2 Sec Bridge Maximum Age 20 Sec Bridge Forward Delay 15 Sec Figure 84 Rapid Spanning Tree Configuration Page The RSTP Configuration page allows you to configure RSTP as well as to view the current settings and contains the following items of information in the middle portion Root Port The active port on the switch that is communicating with the root bridge If the switch is the root bridge for the LAN then there is no root port and the root port parameter will be 0 Root Path Cost The sum of all the root port costs of all the bridges between the switch s root port and the root bridge including the switch s root port cost 272 Section II Web Browser Interface Section Il Web Browser Interface AT S84 Management Software User s Guide Time Since Topology Change The time in seconds since the last topology change took place When RSTP detects a change to the LAN s topology or when the switch is rebooted this parameter is reset to 0 seconds and begins incrementing until the next topology change is detected Topology Change Count An integer that reflects the number of times RSTP has detected a topology change on the LAN since the switch was initially powered on or rebooted The f
79. Click Apply Section Il Web Browser Interface 215 Chapter 17 Basic Switch Parameters Configuring SNTP To configure SNTP perform the following procedure 1 From the Basic Configuration menu select SNTP Configuration The SNTP Configuration page opens as shown in Figure 61 SNTP Configuration Time HH MM SS 00 14 23 Date YYYY MM DD 1900 01 01 Monday SNTP Server IP 0 10 0 0 SNTP Polling Interval 1 Min 1 60 Time Zone GMT 08 00 Pacific Time US amp Canada Tijuana v Daylight Saving Disabled v Apply Figure 61 SNTP Configuration Page 2 In the SNTP Server IP field type the IP address for the SNTP server you want to use 3 Inthe Set SNTP Interval field type a number to specify the number of minutes between occurrences of polling the SNTP server The range is 1 to 60 minutes and the default is 1 minute 4 To set the time zone select one from the Time Zone list 5 For the Daylight Saving parameter choose one of the following from the list Disabled To disable daylight saving time Enabled To disable daylight saving time 6 Click Apply 216 Section II Web Browser Interface Viewing System Information AT S84 Management Software User s Guide To view general information about the switch perform the following procedure 1 From General Info menu select Switch Info The Switch Information page opens as shown in Figure 62 Switch Information e MAC Address
80. E EE aE 222 Returning the AT S84 Management Software to the Factory Default Values eeeeseeeeeerreseeerressrrrressee 224 Chapter 18 Port Configuration 2 0 0 0 ccc eee e centre eee tees eet ae ee eee eee eee ee eaaaeeeeeeeaeeeeeeeceeeeeesenaeeeeeeeaas 225 Viewing and Configuring Multiple Ports 2 2 eeccceeeeseeeeeeeeeseeeeeeeeeeeneeeeeeeeeeeeeeeeeeeeeeeeeeeseeeeeeeeeteeaeeeeseeeaeeess 226 Viewing and Configuring a Single Port seirer aienea iE A ERE EE aS NENA E A AEEA ERATE EAE 229 Displaying Forn Statistics Toin ea a E AT ET E EE E EET REE 232 Chapter 192 SNMP imien Bees aes a te eed ta a oa r e ra ed aad et eE 235 Enabling or Disabling the SNMP Agent ccccceeeeeeeeeeeeeee tere eeeeeeeeeeeeaaaeeeeseeeaaeeeeeeeaaeeeeeeeeaeeeeseeiaeeeeeseates 236 Changing the Default SNMP Community Names ccc ccccceeeeeeeeeeeeeneeeeeeeaaeeeeeeeaeeeeeeeaaeeeeseenaeeeeeeeenaeeeeeeaas 237 Working with Trap ReCCIVEMS roaraa S A E AET 238 Adding and Enabling a Trap RECEIVED sicnsieoiie iaeei iaa aaee EEE aE NEET EEEa AEA EEE la EAKA EEE EEN TAREE 238 Disabling a Trap Recoon aon AA TEA A EEEE 238 Deleting a Trap RECCIVER ereina EAA EA EA EEEE E AENT 238 Chapter 20 Port Trunking orean ata a aAA a AAE TEN AaS Pa LARA EEEa kateda 239 Setting Up a Port Trunk s cccc eiccedeceeseddeces calen cee shade deci vue a a AE E T a a 240 Cieanng a Port Trunk eiia E A A AA a E pede ae tide 240 Enabling or Disabling a Port TUNK amser cecceeee ence tes
81. LACP Trunk next Configuring the LACP Port Priority on page 93 Verifying the LACP Group Settings on page 94 Disabling an LACP Trunk on page 95 To create an LACP trunk perform the following procedure 1 From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 21 on page 88 From the Advanced Switch Configuration Menu type T to select Trunk Configuration The Trunk Configuration Menu is shown in Figure 22 on page 89 To set the trunk status type S to select Set Trunk Status The following prompt is displayed Enter trunk group number gt Type the trunk group number and press Enter The following prompt is displayed Set trunk group n status A P M D gt Choose one of the four following settings A LACP Active Ports are in an active negotiation state P LACP Passive Ports are in a passive state where the port negotiates a bundle by exchanging LACP packets to the peer only if the far end initiates it M Manual Ports are in a static trunk state D Disabled Ports are disabled and do not sent or received LACP data units or network traffic Note LACP must be enabled at both ends of the link to be operational Section l Using the Menus Interface AT S84 Management Software User s Guide Configuring the The switch uses the port priority to determine which ports are to be active LACP Port and which are to be in
82. Management Software AT S84 User s Guide For the AT 9000 24 Layer 2 Gigabit Ethernet Switch Version 1 1 1 Allied Telesis 613 000368 Rev C Copyright 2007 Allied Telesis Inc All rights reserved No part of this publication may be reproduced without prior written permission from Allied Telesis Inc Allied Telesis is a trademark of Allied Telesis Inc Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation Netscape Navigator is a registered trademark of Netscape Communications Corporation All other product names company names logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners Allied Telesis Inc reserves the right to make changes in specifications and other information contained in this document without prior written notice The information provided herein is subject to change without notice In no event shall Allied Telesis Inc be liable for any incidental special indirect or consequential damages whatsoever including but not limited to lost profits arising out of or related to this manual or the information contained herein even if Allied Telesis Inc has been advised of known or should have known the possibility of such damages Contents PROT ACC oe ois cask corks gnc Sache sas oad zak gates EET EAO net aad ou decane see E A EAE ETT 13 Where to Find Web based Guides 0 ccececcecececceceece cette eee cee
83. Number of 512 to 1023 byte packets sent or received by the port 1024 1522 Pkts Number of 1024 to 1522 byte packets sent or received by the port The maximum length of an Ethernet packet is 1518 bytes To modify how frequently the statistics are updated from the Request Time list select the desired time and click Refresh Now The default is every two seconds You can click Refresh Now at any time to update the page 233 Chapter 18 Port Configuration 234 Section II Web Browser Interface Chapter 19 SNMP This chapter contains the following procedures for working with the Simple Network Management Protocol SNMP o Enabling or Disabling the SNMP Agent on page 236 o Changing the Default SNMP Community Names on page 237 o Working with Trap Receivers on page 238 Note For background information on SNMP refer to SNMP Overview on page 60 Section II Web Browser Interface 235 Chapter 19 SNMP Enabling or Disabling the SNMP Agent To enable or disable the SNMP agent perform the following procedure 1 From the Basic Config menu select User Interface gt User Interface The User Interface page is shown in Figure 60 on page 211 2 For the SNMP Agent parameter choose Enable or Disable from the list The default is Enable When you enable this parameter SNMP access is allowed 3 Click Apply 236 Section II Web Browser Interface AT S84 Management Software User
84. P Advanced Port Configuration Page ccccesseceeeeneeeeeeeeeeeeeeeeeeeeseeeeeeeaeeseeaeeeeneeeeeeaeeseeaeeeseeeeenseeeenaas 276 Designated Topology Information Page e ceececeseeeeeerneeeeeeeeeeeaeeeeeeeeeeeeeessaeeseeeeeeseneeessaeeeeeaeeeseeeeenaneeeenaas 278 02 Ax Configuration PAGE eer a a a ee bidbgp a oac ited a i aa a as aaa ia aR 282 RADIUS Configuration Pages nanea E A E EAE AN AAE ERNE Ea AE vp utennessenvertechtensevincneesacdaeenes 286 Broadcast Storm Control Page ooo ee eeseeceeeeeeeneeeeenaeeeseeeeeeneeeseaaeeeeeeaeeseeeeesaaeeseeaeeesneeeesaeeseeaeeesneeeensaeeeenaas 288 Image Upgrade Pagesat and a e soe iel Deeb E eehed ee An PAM aetna 290 Configuration File Upload Download Page ceeeesceeeeeceeeneeeeeneeeeeneeeenaeeeseaaeecnaeeeseaeeseeeeeesneeeeseaeeesneeeensaeeeenaas 292 Malin MOU a a J evediec ag ade chee s a a E E tx ux overs a Aa nd e raS 307 Command Line Prompt User Executive MOde 0 c ccccccccceeeseceeeeeeeceeeeeeeecaeee eee seceeaeeeeseseeaeeeseaeeeeeeseneeeeeeee 307 Tables Table 1 Table 2 Table 3 Table 4 Table 5 Table 6 Table 7 Table 8 Table 9 Table 10 Table 11 Table 12 Table 13 Table 14 Menus Interface Operations asi e er eE aea aT dewey anestugaeodueesfeugoanedeqanv anaes Peeddate E aaa aa aE aaa 28 Default Mappings of IEEE 802 1p Priority Levels to Egress Port Priority Queues cecceceeeeeeesteceeeeeeeteeeees 127 RSTP Auto Detect Port Costs Sy
85. Port Control The following prompt is displayed Select authenticator port control A U F gt The options are A Auto Enables 802 1x authentication and causes the port to begin in the unauthorized state allowing only EAPOL frames to be sent and received through the port The authentication process begins when the link state of the port changes or the port receives an EAPOL Start packet from a supplicant The switch requests the identity of the client and begins relaying authentication prompts between the client and the authentication server U Force unauthorized Causes the port to remain in the unauthorized state ignoring all attempts by the client to authenticate 175 Chapter 12 802 1x Network Access Control F Force authorized Disables IEEE 802 1x authentication and causes the port to transition to the authorized state without any authentication exchange required The port transmits and receives normal traffic without 802 1x based authentication of the client This is the default setting b Type A U or F 8 To configure the transmission period do the following a Type T to select Transmission Period The following prompt is displayed Enter transmission period gt This parameter sets the number of seconds that the switch waits for a response to an EAP request identity frame from the client before retransmitting the request The default value is 30 seconds The range is 1 to 65 535 seconds b Type a number
86. The following prompt is displayed Enable or Disable monitoring E D gt Type E to disable port mirroring or D to disable port mirroring Port mirroring is disabled by default When you disable port mirroring the port that was functioning as the mirroring port can then be used as a normal networking port 101 Chapter 7 Port Mirroring 102 Section Using the Menus Interface Chapter 8 Virtual LANs and GVRP Section l Using the Menus Interface This chapter contains the procedures for creating modifying and deleting and tagged Virtual Local Area Networks VLANs This chapter contains the following sections VLAN Features on page 104 VLAN Overview on page 106 Working with VLANS on page 113 GVRP on page 122 QOQQ0Q0 0 103 Chapter 8 Virtual LANs and GVRP VLAN Features A Virtual Local Area Network VLAN is a logical grouping of devices on different physical LAN segments that allows users to communicate as if they were physically connected to a single LAN independent of the physical configuration of the network With VLANs you can segment your network and group end nodes with related functions into their own separate logical LAN segments For example the marketing personnel in your company may be spread throughout a building Assigning marketing to a single VLAN allows marketing personnel to share resources and bandwidth as if they were connected to the same segment The
87. The speed and duplex mode settings for the port You can use this parameter to set the speed and duplex mode of a port Possible settings are Auto The port is using Auto Negotiation to set the operating speed and duplex mode This is the default setting for all ports The actual operating speed and duplex mode of the port are displayed in parentheses for example 100F after a port establishes a link with an end node 100M Full 100 Mbps in full duplex mode 10M Full 10 Mbps in full duplex mode 227 Chapter 18 Port Configuration 100M Half 100 Mbps in half duplex mode 10M Half 10 Mbps in half duplex mode 1000 Mbps full duplex When you choose a setting note the following O When a twisted pair port is set to Auto Negotiation the default setting the end node should also be using Auto Negotiation to prevent a duplex mode mismatch A switch port using Auto Negotiation defaults to half duplex if it detects that the end node is not using Auto Negotiation This can result in a mismatch if the end node is operating at a fixed duplex mode of full duplex To avoid this problem when connecting an end node with a fixed duplex mode of full duplex to a switch port disable Auto Negotiation on the port and set the port s speed and duplex mode manually O The only valid setting for an optional SFP port is Auto Negotiation Flow Ctrl The current flow control setting on the port The switch uses a special pause packet to no
88. Trunk ID The trunk group number A number in this column indicates that the port is a member of a port trunk For information about configuring a trunk refer to Chapter 20 Port Trunking on page 239 Operation Status The status of the link between the port and the end node connected to the port You must use the Port Configuration page to configure this 229 Chapter 18 Port Configuration 230 parameter For information refer to Viewing and Configuring Multiple Ports on page 226 Admin Status The operating status of the port You can use this parameter to enable or disable a port You may want to disable a port and prevent packets from being forwarded if a problem occurs with the node or cable connected to the port After the problem has been fixed you can enable the port to resume normal operation You can also disable an unused port to secure it from unauthorized connections The possible values are Enabled The port is able to send and receive Ethernet frames This is the default setting for a port Disabled The port is disabled Mode The speed and duplex mode settings for the port You can use this parameter to set the speed and duplex mode of a port The possible settings are Auto The port is using Auto Negotiation to set the operating speed and duplex mode This is the default setting for all ports The actual operating speed and duplex mode of the port are displayed in parentheses for example
89. a host node exits from a multicast group by sending a leave request After receiving a leave request from a host node the router removes the node from appropriate membership list The router also stops sending multicast packets out the port to which the node is connected if it determines there are no further host nodes on the port Version 3 adds the ability of host nodes to join or leave specific sources in a multicast group through the use of Group Source report and Group Source leave messages The IGMP snooping feature on the switch supports IGMP versions 1 and 2 It enables the switch to monitor the flow of queries from a router and reports and leave messages from host nodes to build its own multicast membership lists It uses the lists to forward multicast packets only to switch ports where there are host nodes that are members of multicast groups This improves switch performance and network security by Section II Menus Interface Section Il Menus Interface AT S84 Management Software User s Guide restricting the flow of multicast packets only to those switch ports connected to host nodes Without IGMP snooping a switch would have to flood multicast packets out all of its ports except the port on which it received the packet Such flooding of packets can negatively impact switch and network performance The switch maintains its list of multicast groups through an adjustable timeout value which controls how frequently it expect
90. a switch by having the switch ports give higher priority to some packets such as delay sensitive traffic over other packets This is referred to as prioritizing traffic QoS actually consists of several different elements The element supported by the AT 9000 24 Gigabit Ethernet Switch is called Class of Service CoS CoS applies primarily to tagged packets As explained in Incoming and Outgoing Tagged and Untagged Frames on page 107 a tagged packet contains information within it that specifies the VLAN to which the packet belongs A tagged packet can also contain a priority level This priority level is used by network switches and other networking devices to know how important delay sensitive that packet is in comparison to other packets Packets of a high priority are typically handled before packets of a low priority CoS as defined in the IEEE 802 1p standard has eight levels of priority The priorities are 0 to 7 with 0 the lowest priority and 7 the highest When a tagged packet is received on a port on the switch it is examined by the AT S84 software for its priority The switch software uses the priority to determine which egress priority queue the packet should be stored in on the egress port Each port on the switch has four priority queues 0 low to 3 high When a tagged packet enters a switch port the switch responds by placing the packet into one of the queues according to the assignments shown in Table 2 A pa
91. access the User EXEC command mode automatically This is the first command mode level and it allows you access to the basic switch commands Each command mode contains a subset of commands that are available within that mode only As a result you enter commands according to which command mode you have accessed For example port specific commands are available from the Interface Configuration mode You must access the first three command modes User EXEC Privilege EXEC and Global Configuration modes in the order that they are listed You can access both the Interface Configuration and VLAN Configuration modes from the Global Configuration mode The AT S81 prompt changes to indicate which mode you are accessing To access the Privilege EXEC Global Configuration Interface and VLAN Configuration modes you must enter a specific command that permits entry to a new mode Each time you change modes the prompt changes to indicate the mode See Table 8 on page 299 for information about the commands used to access the modes and their respective prompts In addition there are commands that allow you to move between the modes and return to the Main Menu For example typing the EXIT command when you are in the Interface Configuration mode returns you to the Global Configuration mode From all the command modes the LOGOUT command exits the command line interface and returns you to the Main Menu If you enter a command that is not accessible in a par
92. ad 119 Changing the VLAN Name ersari attirer nii ia t A A AAE AAT A AAT EA E ATAA 119 Adding or Removing a Tagged Port in a VLAN eessssssersseserresesirrrssttrrrsssttrrrsttttnnsssttrnsssttennssttennnnt 119 Deleting a VEAN ranri edere N e TEA AAE a Parma aaa A N A 120 Resetting to the Default VLAN ccccccccceeeeeseccceetesecceeeeeneeeeeeeenseeesaeneneceeeeeeseuceseeensuecesaenenecedaneseeeesanensee 121 GVRPS aea ararat sda atte sd ea ee a T a a Ne Dae ance A AA Ea A aden cael sada Aaa TE Te doesnt 122 GVRP OVErVISW anair a re A EE AE A TAANE NE E ANA A A NAA 122 GUIdGIINGS derna a r a aa a a e ra eA A 122 Enabling or Disabling GVIRP siiaresian aa ai e eea a eda i NE SA 123 Chapter 9 Quality of Service QOS cece eeeeeeee eee eeee neste eeeeee sees ttnt tn Eunn t tE ra sattu nn sattun naate nn nannten nnt 125 DOS OVO O a alae A ae a e a a a a aa 126 Mapping CoS Priorities to Egress QUCUES assisiiriareri iraran i RE rei EAER E T EEA R REAA E R TERENA AREARE ENEAN RENERE RA 129 CONMMGUNING GOS oi AT E T T T T E A AT E 132 Chapter 10 IGMP Snooping ccccccceceeeeeeeeeecceee cee ee eee ttt tesa ceaaaaeaeeceeeeeeeeeeesedsecaeaaeeeeeeeeeeeeeesesensseaeess 137 IGMP Snooping Overview eare ar a raae rE AEE EAA AEA AEAEE GS ETENE TLEAN EAR E AA 138 Contiguing IGMP o sciciiccne coves bes coviey Headecedensge ace NTE TA de TENE A EE A TIPNE EEE a E E AA 140 Viewing the Multicast Groups iresi rdar eaat ARAA AAAS riais ATAS ETEEN RE
93. ady obtained the software and have stored it on the computer from which you will be performing this procedure To download the AT S84 image software onto the switch perform the following procedure 1 From the Tools menu select Image Upgrade The Image Upgrade page opens as shown in Figure 91 Image Upgrade Image Version Date 1 0 0 37 Jan 6 2006 11 48 20 Download Server IP 149 35 8 40 Download File Name 584_V1 0 rom Retry Count 5 1 20 Figure 91 Image Upgrade Page Section Il Web Browser Interface Section Il Web Browser Interface AT S84 Management Software User s Guide The Image Version Date shows the current version and date of software installed on the switch Change the following parameters as necessary Download Server IP The IP address of the TFTP server from which you are downloading the new software Download File Name The name of the AT S84 file you are downloading Retry Count The number of times you want the switch to retry in the event a problem occurs during the download process The range is 1 to 20 The default is 5 times Click Apply The software immediately begins to download onto the switch This process takes a few minutes After the software download is complete the switch initializes the software and reboots You will lose your web browser connection to the switch during the reboot process 291 Chapter 29 Working with System Files Uploading or Downloadin
94. age 36 Setting the User Interface Configuration on page 38 Disabling or Enabling the Web Server on page 42 Disabling or Enabling the Telnet Server on page 43 Configuring SNTP on page 44 Viewing Switch Information on page 47 Rebooting the Switch on page 50 Pinging a Remote System on page 52 Ooaoagoaqaqdaaaa n Returning the AT S84 Management Software to the Factory Default Values on page 57 Section l Using the Menus Interface 31 Chapter 3 Basic Switch Parameters Configuring the IP Address Subnet Mask and Gateway Address This procedure explains how to manually assign an IP address subnet mask and gateway address to the switch Before performing the procedure note the following An IP address and subnet mask are not required for normal network operations of the switch Values for these parameters are only required if you want to remotely manage the device with a web browser O A gateway address is only required if you want to remotely manage the device from a remote management station that is separated from the switch by a router O To configure the switch to automatically obtain its IP configuration from a DHCP server on your network go to Enabling and Disabling the DHCP Client on page 35 To set the switch s IP configuration perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuratio
95. anagement System Switch Tools Configuration gt Ping Execution Target IP Address 149 35 8 33 Number of Requests 4 Timeout Value sec Set Target I P Address E xecute Ping Set N umber of Requests S top Ping Set T imeout Value Q uit to previous menu Command gt Figure 14 Ping Results 11 To stop the ping type S to select Stop Ping Section Using the Menus Interface AT S84 Management Software User s Guide Viewing the System Log The system log displays system level events in the switch such as logging in to the management software To view the system log perform the following procedure 1 From the Main Menu type T to select Switch Tools The Switch Tools Configuration Menu is shown in Figure 11 on page 50 From the Switch Tools Configuration Menu type L to select System Log The System Log Menu is shown in Figure 15 AT 9000 24 Local Management System Switch Tools Configuration gt System Log Menu Description 08 03 2006 08 30 45 System Switch start 08 03 2006 08 30 46 Console Login from console 08 03 2006 08 30 47 PCFG Port 3 link up 08 03 2006 08 30 50 IP DHCP get IP address lt 192 2 1 23 gt lt COMMAND gt c lear the Log Entries N ext Page P revious Page Command gt Section Using the Menus Interface Q uit to previous menu Figure 15 System Log Menu The System Log Menu contains a table that displays the following information ID An identifyin
96. anel of the switch Note You do not need to assign an IP address to the switch to manage the unit from a local management session To start a local management session perform the following procedure 1 Connect one end of the management cable included with the switch to the console port on the AT 9000 24 Gigabit Ethernet switch as shown in Figure 1 Figure 1 Connecting the Management Cable to the Console Port 2 Connect the other end of the cable to the RS 232 port on a terminal or PC with a terminal emulator program 3 Configure the terminal or terminal emulator program as follows Baud per second 9600 Data bits 8 Stop bits 1 Flow control None OaQ0Q0 0 Note These settings are fora DEC VT100 or ANSI terminal or an equivalent terminal emulation program You cannot change this 26 Section Using the Menus Interface AT S84 Management Software User s Guide The Login Menu is shown in Figure 2 AT 9000 24 Management System Local Console Allied Telesis International Corp Copyright 2007 Login Menu Login Figure 2 Login Menu 4 Enter the manager login name and press Return The default name is manager You are prompted for a password 5 Enter the manager password The default password is friend Note To change the login name or password refer to Setting the User Interface Configuration on page 38 The Main Menu is shown in Figure 3 AT 900
97. ault community strings SNMP Read Community and SNMP Write Community The read community string is called public and has an access mode of just Read The write community string is named private and has an access mode of write only 61 Chapter 4 SNMP Enabling or Disabling the SNMP Agent 62 To disable or enable the SNMP agent perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 From the Basic Switch Configuration Menu type U to select User Interface Configuration The User Interface Configuration Menu is shown in Figure 7 on page 38 From the User Interface Configuration Menu type S to select Enable Disable SNMP Agent The following prompt is displayed Enable or Disable SNMP agent E D gt Type D to disable the SNMP agent or E to enable it The default is Enabled Section Using the Menus Interface AT S84 Management Software User s Guide Enabling Authentication Traps To enable SNMP authentication traps perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 2 From the Basic Switch Configuration menu type N to select SNMP Configuration The SNMP Configuration menu is shown in Figure 16 AT 9000 24 Local Management System Basic Switch Configuration
98. be from 0 to 12 characters Allied Telesis recommends not using special characters such as spaces and exclamation points The password is case sensitive Leaving this field empty deletes the current password without assigning a new one Click the Verify New Password field and enter the same password entered in the previous step Click Apply 213 Chapter 17 Basic Switch Parameters Enabling or Disabling the Web Server To enable or disable the web server perform the following procedure 1 From the Basic Config menu select User Interface gt User Interface The User Interface page is shown in Figure 60 on page 211 2 For the Web Server parameter choose Enable or Disable from the list The default is Enable When you enable this parameter an individual can manage the switch remotely using a web browser Note Disabling the web server automatically ends your remote management session 3 Click Apply 214 Section II Web Browser Interface AT S84 Management Software User s Guide Enabling or Disabling the Telnet Server To enable or disable the Telnet server perform the following procedure 1 From the Basic Config menu select User Interface gt User Interface The User Interface page is shown in Figure 60 on page 211 2 For the Telnet Server parameter choose Enable or Disable from the list The default is Enable When you enable this parameter a Telnet connection to the switch is available 3
99. bers of the VLAN If you have a large network and a large number of VLANS this type of manual configuration can be cumbersome and time consuming Instead let GVRP set up the communications path for you Following are guidelines to observe when you use GVRP 0 Both ports that constitute a data link between the switch and the other device must be running GVRP o You cannot modify a GVRP VLAN you can only enable or disable it Section Using the Menus Interface Enabling or Disabling GVRP Section Using the Menus Interface AT S84 Management Software User s Guide O GVRP is only aware of those VLANs that have active nodes or where at least one end node of a VLAN has established a valid link with a switch GVRP is not aware of a VLAN if there are no active end nodes or if no end nodes have established a link with the switch GVRP is disabled by default To enable or disable GVRP perform the following procedure 1 From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 21 on page 88 From the Advanced Switch Configuration Menu type V to select VLAN Management The VLAN Management Menu is shown in Figure 28 on page 114 From the The VLAN Management Menu type G to select Set GVRP Status The following prompt is displayed Enable or Disable GVRP status E D gt 4 Type E to enable GVRP or D to disable it 123 Chapter 8 Vir
100. c 1 65535 Supplicant Timeout 30 Sec 1 65535 Server Timeout 30 Sec 1 65535 Maximum Request 2 1 10 Re auth Period 3600 Sec 1 65535 Re auth Status Disable v Figure 88 802 1x Configuration Page Note The Initialize and Re auth Initialize parameters are described in Steps 5 and 6 respectively 2 To select a port do the following a Click Go To Port and select the port you want to configure from the list You can configure only one port at a time b Click Apply The current settings for the selected port are displayed 282 Section II Web Browser Interface Section Il Web Browser Interface AT S84 Management Software User s Guide 3 Configure the following parameters as needed NAS ID This parameter assigns an 802 1x identifier to the switch that applies to all ports The NAS ID can be up to sixteen characters Valid characters are 0 to 9 a to z and A to Z Spaces are allowed Specifying an NAS ID is optional Port Status Displays the current 802 1 status of the port as either authorized or unauthorized You cannot adjust this parameter Port Control Sets the 802 1x port control setting The possible settings are Auto Enables 802 1x authentication and causes the port to begin in the unauthorized state allowing only EAPOL frames to be sent and received through the port The authentication process begins when the link state of the port changes or the port receives an EAPOL Start packet fro
101. ce AT S84 Management Software User s Guide Disabling Port Mirroring To disable port mirroring perform the following procedure 1 From the Advanced Config menu select Port Mirroring The Port Mirroring page is shown in Figure 74 on page 246 2 From the Mirroring Status list select Disable and click Apply Port mirroring is immediately disabled on the switch You can now use the mirroring port for regular network operations Section Il Web Browser Interface 247 Chapter 21 Port Mirroring 248 Section II Web Browser Interface Chapter 22 Virtual LANs This chapter contains the procedures for creating modifying and deleting and tagged Virtual Local Area Networks VLANs from a web browser management session This chapter contains the following sections Creating a VLAN on page 250 Configuring the PVID of Untagged Ports on page 252 Displaying the VLANs on page 255 Modifying a VLAN on page 256 Deleting a VLAN on page 258 Deleting All VLANs on page 259 Enabling or Disabling GVRP on page 260 OdQg0Q000 0 Note For background information refer to VLAN Overview on page 106 Section II Web Browser Interface 249 Chapter 22 Virtual LANs Creating a VLAN 250 This section contains the procedure for creating a new or tagged VLAN This procedure assigns the VLAN a name a VID number and the untagged and tagged member ports After performing this
102. ceetenecccceeneneccccenensueddceeeesaeecenenseacedeebenesccennenes 301 Global Configuration Command Mode srra iria aa O TE REEE AERA A ERE ETER 301 Interface Configuration Command Mode 0 eecceceeeeeeneeeeeeeeeeneeeeeeeaeeeeeeeeaeeeeeeeenieeeeeseenaeeeeeeesnaeeeeseeaas 303 Port Mirroring Examplar A Er TTO E A OAE G A TI TOR att 304 VLAN Configuration Command Mode Ss iiircsien aeiae E AEE E AAAA EEE RENEE 305 WEAN E ap E a a a a a a a an a a tae a eat 306 Starting the Command Line Interface orrena E EE E E E a 307 Commiand Formatting x aae aE ed tra A TRE eo eee a ee 308 Command Line Interface Features eeinetan EEE A EAA EAEE EE EA EEEE 308 Command Line Syntax Conventions sirrini serren a EARE A EEEE ASANTE R ERA EEA SERRE 308 Appendix A AT S84 Default Settings 00 ccccccceeceeceeccee cece eee eee ee tee cea aeaeeeeeeeeeeeeeeseceeaaeaeeeeeeeeeeeeeeteees 311 Basic Switch Default Settings ss oe a e EE E ON aad ainda gu eee dee nee erate 312 System Reboot Default Settings sanere i e rea iaaa FERA ANARIK E EAA EAER EE KEANNA KERA AREER TERENE 312 User Interface Configuration Default Settings eeeesssseessrrnesssrrnesssranesennaneetinnnestnnnnetnenannnnnannntenneeennn 312 Management Interface Default Settings cece eetneee eee etne eee eee etneeee eee teeeeeeetaeeeeeeeteeeeeeenieeeeene 312 Ping Default Settings 2 5 s iste sieveteentioti ks vt taney A anand ieee anna acne 313 System IP Configuration Default Settings
103. ch to retry in the event a problem occurs during the download process The range is 1 to 20 and the default is 5 times To begin the download type U to select Upgrade Image and Reboot The following prompt is displayed Download file Y N gt Type Y for yes to begin the upgrade or N for no to cancel the procedure If you select yes the software immediately begins to download the file onto the switch After the software download is complete the switch initializes the software and reboots You will lose your local management connection to the switch during the reboot process Note Do not interrupt the file download and reboot processes Section Using the Menus Interface AT S84 Management Software User s Guide Uploading or Downloading a Configuration File The procedure in this section allows you to download a different configuration file onto the switch from a TFTP server or upload the file to a TFTP server To return a switch to its default configuration values refer to Returning the AT S84 Management Software to the Factory Default Values on page 57 Before downloading a configuration file onto the switch note the following o Your network must have a node with TFTP server software o You must store the new configuration file on the TFTP server o You should start the TFTP server software before you begin the procedure o The switch where you are downloading the configuration file must have an IP
104. cify the location refer to Configuring System Administration Information on page 209 System Contact The contact person responsible for managing the switch To specify the name of a contact refer to Configuring System Administration Information on page 209 System MAC Address IP Address Subnet Mask and Gateway Section MAC Address The MAC address of the switch You cannot change this value IP Address The IP address of the switch Refer to Configuring an IP Address Subnet Mask and Gateway Address on page 206 to manually assign an IP address or Enabling and Disabling the DHCP Client on page 208 to activate the DHCP client Subnet Mask The subnet mask for the switch Refer to Configuring an IP Address Subnet Mask and Gateway Address on page 206 to manually assign a subnet mask or Enabling and Disabling the DHCP Client on page 208 to activate the DHCP client Default Gateway Default gateway s IP address Refer to Configuring an IP Address Subnet Mask and Gateway Address on page 206 to manually assign a gateway address or Enabling and Disabling the DHCP Client on page 208 to activate the DHCP client DHCP Mode The status of the DHCP client on the switch For information about setting this parameter refer to Enabling and Disabling the DHCP Client on page 208 Section II Web Browser Interface AT S84 Management Software User s Guide Rebooting a Switch Thi
105. cket in a high priority queue is typically transmitted out a port sooner than a packet in a low priority queue Section Using the Menus Interface Section Using the Menus Interface AT S84 Management Software User s Guide Table 2 Default Mappings of IEEE 802 1p Priority Levels to Egress Port Priority Queues IEEE 802 1p Traffic Class a aL 0 0 1 0 2 0 3 1 4 2 3 2 6 3 7 3 For example a tagged packet with a priority tag of 6 is placed in the egress port s highest priority queue of 3 while a packet with a priority tag of 1 is placed in the lowest priority queue Note QosS is disabled by default on the switch You can customize these priority to queue assignments using the AT S84 management software The procedure for changing the default mappings is found in Mapping CoS Priorities to Egress Queues on page 129 You can configure a port to completely ignore the priority levels in its tagged packets and instead use a temporary priority level assigned to the port For instance perhaps you decide that all tagged packets received on port 4 should be assigned a priority level of 5 regardless of the priority level in the packets themselves The procedure for overriding priority levels is explained in Configuring CoS on page 132 CoS relates primarily to tagged packets rather than untagged packets because untagged packets do not contain a priority level By default all untagged packets ar
106. cribed in Section III Using the Command Line Interface on page 295 197 198 Section II Using the Web Browser Interface Chapter 16 Starting a Web Browser Management Session This chapter contains the procedures for starting using and quitting a web browser management session on an AT 9000 24 Gigabit Ethenet switch Sections in the chapter include o Establishing a Remote Connection to Use the Web Browser Interface on page 200 o Web Browser Tools on page 203 0 Quitting a Web Browser Management Session on page 204 Section II Using the Web Browser Interface 199 Chapter 16 Starting a Web Browser Management Session Establishing a Remote Connection to Use the Web Browser Interface In order for you to manage a switch using the web browser interface the switch must have an IP address and subnet mask To manually assign an IP address refer to Configuring the IP Address Subnet Mask and Gateway Address on page 32 To configure the switch to obtain its IP configuration from a DHCP server refer to Enabling and Disabling the DHCP Client on page 35 The initial assignment of an IP address must be made through a local management session Note Enhanced stacking a feature of other Allied Telesis Layer 2 and Layer 2 managed switches is not supported by the AT 9000 24 Gigabit Ethenet switch Note The remote management station must be a member of the switch s Default VL
107. ction Using the Menus Interface AT S84 Management Software User s Guide The topics in this section include Before performing this procedure note the following m m You cannot change the VID of a VLAN You cannot add an untagged port to a VLAN with this procedure That function requires changing a port s VID value as explained in Configuring the Port PVID on page 116 You cannot remove an untagged port from a VLAN with this procedure To remove an untagged port from a VLAN you must assign it as an untagged member of another VLAN by changing its PVID as explained in Configuring the Port PVID on page 116 Changing the VLAN Name To change the name of a VLAN perform the following procedure 1 From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 21 on page 88 From the Advanced Switch Configuration Menu type V to select VLAN Management The VLAN Management Menu is shown in Figure 28 on page 114 Type O to select Config VLAN Member The following prompt is displayed Enter VLAN ID gt Type the number of the VLAN you want to modify and press Enter The Config VLAN Member menu is shown in Figure 30 on page 118 Type C to select Change VLAN Name The following prompt is displayed Enter new VLAN name gt Type the new name for the VLAN and press Enter A VLAN name can be up to 32 characters and can include spaces A
108. d period of time The possible values are Enabled The port uses flow control This is the default setting for all ports on the switch Disabled The port does not use flow control MAC Address The port s MAC address You cannot change this setting Note You cannot configure back pressure on an individual port basis To configure back pressure on all ports refer to Viewing and Configuring Multiple Ports on page 226 Click Apply To view or configure the parameter settings on another port click Go to Port and select the port from the list Repeat step 2 in this procedure to configure the settings Click Apply To return to the front panel page click Return To Front Panel 231 Chapter 18 Port Configuration Displaying Port Statistics To display port statistics perform the following procedure 1 From the Main Menu select Statistics The Statistics page opens as shown in Figure 69 Statistics Select Port 1 v Apply Port 1 Request Time 2 sec Refresh Now Total RX Bytes Total RX Pkts S Total RX Bytes Good Broadcast CRCG Align Errors Good Multicast Oversize coses oo 64 Byte Pkts 65 127 Pkts 128 255 Pkts 512 1023 Pkts 1024 1522 Pkts Figure 69 Statistics Page 2 To view statistics for a port select a port from the Select Port list and click Apply The statistics are displayed in a table that contains the following items of inf
109. d Spanning Tree Configuration Menu is shown in Figure 42 on page 153 3 From the Rapid Spanning Tree Configuration Menu type B to select RSTP Basic Port Configuration The RSTP Basic Port Configuration menu is shown in Figure 43 at 9000 24 Local Management System n Rapid Spanning Tree Configuration gt RSTP Basic Port Configuration Port Trunk Link State Role Priority Path Cost STP Status 1 Up Forwarding Disabled 128 200000 Disabled 2 as Down Forwarding Disabled 128 200000 Enabled 3 ar Up Forwarding Root 128 200000 Enabled 4 SaS Down Forwarding Disabled 128 200000 Enabled 5 Ssa Down Forwarding Disabled 128 200000 Enabled 6 a Down Forwarding Disabled 128 200000 Enabled 7 RRS Down Forwarding Disabled 128 200000 Enabled 8 Saa Down Forwarding Disabled 128 200000 Enabled 9 Sea Down Forwarding Disabled 128 20000 Enabled 10 aes Down Forwarding Disabled 128 20000 Enabled 11 ae Down Forwarding Disabled 128 20000 Enabled 12 Sin Down Forwarding Disabled 128 20000 Enabled Se SSSSne Soha SSeS Sa seees lt COMMAND gt 3 3 3 7 E rrr rrr Set Port Pr iJority Set Port STP S tatus Set Path C lost Q uit to previous menu Command gt a yy Figure 43 RSTP Basic Port Configuration Menu Section Il Menus Interface 159 Chapter 11 Rapid Spanning Tree Protocol RSTP 160 9 Type I to select Set Port Priority The following prompt is displayed Select port number to be changed gt Port number is in range from
110. d Switch Configuration Menu type V to select VLAN Management The VLAN Management Menu is shown in Figure 28 on page 114 The currently configured VLANs are displayed in a table with the following columns of information VLAN ID The ID of the VLAN VLAN Name The name of the VLAN VLAN Type The type of VLAN either permanent or static Only the Default VLAN is permanent All other and tagged VLANs are static 117 Chapter 8 Virtual LANs and GVRP 118 3 To view the ports of a VLAN type O to select Config VLAN Member The following prompt is displayed Enter VLAN ID gt Enter the VID of the VLAN you want to view and press Enter The Config VLAN Member Menu is shown in Figure 30 AT 9000 24 Local Management System VLAN Management gt Config VLAN Member VLAN ID N ext Page P revious page Command gt VLAN Name Marketing lt COMMAND gt cC hange VLAN Name A dd VLAN Member R emove VLAN Member Q uit to Previous Menu Figure 30 Config VLAN Member Menu The menu displays the following information VLAN ID The VID number of the VLAN VLAN Name The name of the VLAN Port The ports of the VLAN Tagging Whether a port is a tagged or untagged member of the VLAN An untagged port is designated with No and a tagged port with Yes The selections in this Config VLAN Member menu are explained in Modifying a VLAN on page 119 Section Using the Menus Interface Modifying a VLAN Se
111. d Telesis managed switch MIB QOaQ0Q0Q 0 You must download the Allied Telesis managed switch MIB atiswitch mib file from the Allied Telesis web site and compile the files with your SNMP application For compilation instructions refer to your third party application s documentation Refer to Chapter 4 SNMP on page 59 for information about how to configure SNMP on the switch AT S81 Management Software User s Guide Management Access Level The AT S84 management software has one level of management access manager When you log in as a manager you can view and configure all of a switch s operating parameters You log in as a manager by entering the appropriate username and password when you start an AT S84 management session The default username is manager and the default password is friend 21 Chapter 1 Overview 22 Section I Using the Menus Interface The chapters in this section explain how to manage the switch using the menus interface of the AT S84 management software The chapters include Chapter 2 Getting Started with the Menus Interface on page 25 Chapter 3 Basic Switch Parameters on page 31 Chapter 4 SNMP on page 59 Chapter 5 Port Configuration on page 69 Chapter 6 Port Trunking on page 81 Chapter 7 Port Mirroring on page 97 Chapter 8 Virtual LANs and GVRP on page 103 Chapter 9 Quality of Service QoS on page 125 Chapte
112. dding or Removing a Tagged Port in a VLAN To add a tagged port to the VLAN perform the following procedure 1 From the Main Menu type A to select Advanced Switch 119 Chapter 8 Virtual LANs and GVRP Deleting a VLAN 120 Configuration The Advanced Switch Configuration Menu is shown in Figure 21 on page 88 From the Advanced Switch Configuration Menu type V to select VLAN Management The VLAN Management Menu is shown in Figure 28 on page 114 To add a tagged port type A for Add Member and press Enter The following prompt is displayed Add member gt Enter port number gt Enter the number of the port and press Enter You can add more than one port at a time You can specify the ports individually i e 2 5 11 as a range i e 4 7 or both i e 2 5 11 15 To remove a tagged port type R for Remove Member and press Enter The following prompt is displayed Delete number gt Enter port number gt Enter the number of the tagged port you want to remove and press Enter You can remove more than one port at a time You can specify the ports individually i e 2 5 11 as a range i e 4 7 or both i e 2 5 11 15 To delete a VLAN perform the following procedure 1 From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 21 on page 88 From the Advanced Switch Configuration Menu type V to select VLAN Management Th
113. ding Forwarding Forwarding Forwarding Forwarding Rapid Spanning Tree Configuration gt RSTP Advanced Port Configuration Role Admin OperEdge Admin OperPtoP Migrat Disabled False False Auto False Init Disabled False False Auto False Init Disabled False False Auto False Init Disabled False False Auto False Init Disabled False False Auto False Init Disabled False False Auto False Init Disabled False False Auto False Init Disabled False False Auto False Init Disabled False False Auto False Init Disabled False False Auto False Init Disabled False False Auto False Init Disabled False False Auto False Init SSeS ERR SSA Sa SaaS Re Sera lt COMMAND gt Set Port P t o P Status Restart Port M igration Q uit to previous menu Set Port E dge Status Command gt lt lt 162 4 Type E to select Edge Status The following prompt is displayed The following prompt is displayed Figure 44 RSTP Advanced Port Configuration Menu Select port number to be changed gt Port number is in range from 1 to 9 O to set all ports 5 Enter the number of the port you want to change or type 0 zero to apply the settings to all ports on the switch The following prompt is displayed Set edge port for port n gt T F gt This parameter defines whether the port is functioning as an edge port The possible settings are True and False For an explanation of this parameter refer to Point to Po
114. e If the VLAN will be part of a larger VLAN that spans multiple switches then the name for the VLAN should be the same on each switch where nodes of the VLAN are connected In the Static Tagged row click the buttons of those ports on the switch that are to be tagged or untagged members of the new VLAN While you might assume that the Static Tagged row is only used to specify tagged ports of the VLAN you should use it to specify the untagged ports of a new VLAN as well Click Apply to create the new VLAN The switch creates the VLAN However the page does not change It continues to display the VLAN just created Tocreate another new VLAN click Clear or repeat this procedure If the new VLAN contains untagged ports perform the next procedure Configuring the PVID of Untagged Ports on page 252 to change the PVID of the untagged ports to match the virtual LAN s VID 251 Chapter 22 Virtual LANs Configuring the PVID of Untagged Ports 252 This procedure adjusts a port s VID value The PVID value determines the VLAN in which the port is an untagged member A port is an untagged member of the VLAN whose VID value matches its PVID A port can be an untagged member of only one VLAN at a time The ports of a new VLAN are initially designated as tagged ports Their PVID values retain their previous settings when they are assigned to a new VLAN If you want the ports to function as untagged members of a new VLAN
115. e 61 Figure 62 Figure 63 Figure 64 Figure 65 Figure 66 Figure 67 Figure 68 Figure 69 Figure 70 Figure 71 Figure 72 Figure 73 Figure 74 Figure 75 Figure 76 Figure 77 Figure 78 Figure 79 Figure 80 Figure 81 Figure 82 Figure 83 Figure 84 Figure 85 Figure 86 Figure 87 Figure 88 Figure 89 Figure 90 Figure 91 Figure 92 Figure 93 Figure 94 Software Upgrade Men 1 Of 2 nederste ig a 191 Software Upgrade Menu 2 Of 2 iccciscscesieetieceseeccaticceanentsches snvenntiecenndentessteecngtieescdaneutoenpvenesscueruteeteesantesen stents 191 Configuration File Upload Download Menu ececcceeceeeseneeceeneeeeneeeeeeeeeseaeeeeseeeceaaeeeeeeeeesnaeeeeeaeeeseeaeenseeeenaas 194 TFTP Configuration File Upload Download Menu c cceeecceeesneceeeeeeeneeeeeeeeeceeeeeeaeeeseaaeeseneeeeiaeeeeeaeeeneeeeees 194 Entering a Switch s IP Address in the URL Field eeeeeeeceecesne cesses eeneeeeeaaeeeeeaeeeseneeeesaeeseeaeeesneeeensaeeeenaas 200 AT S84 Login Dialog BOX viarie ridicarea ha enian E aN aranea A EERE a EAEE aE O ENN EE ENEFA AE aA ENE NA TETA SANNES 201 Home Page for the AT 9000 24 Gigabit Ethernet Switch sssssesssssiessiiesriiesrissrirssiiresrinetrinrtirsrinesrnnesrnnnene 201 IP Config ration Page aii a een aee i eet an BIN ela a ia 206 Administration Configuration Page ceecseceeseeseeeeesneeceeeeeesneeeenaaeeseeeeeeseeeseaaeesseeaeeseeseaaeeseeeeessieeeeenaeeeseaees 209 U
116. e Basic Switch Configuration Menu type S to select Rapid Spanning Tree Configuration The Rapid Spanning Tree Configuration Menu is shown in Figure 42 on page 153 Type P to select Set Bridge Priority The following prompt is displayed Enter bridge priority gt The value is in the range from 0x0000 to 0xF000 and in increments of 0x1000 The priority number for the bridge in hexadecimal format This number is used to determine the root bridge for RSTP The bridge with the lowest priority number is selected as the root bridge If two or more bridges have the same priority value that is the lowest of all the other bridges then the bridge with the numerically lowest MAC address becomes the root bridge When a root bridge goes offline the bridge with the lowest priority number automatically takes over as the root bridge This parameter can be from OX0000 to 0XF000 with OXFO0O being the highest priority The bridge priority is shown as the first field in the Designated Root and Bridge ID parameters Type H to select Set Bridge Hello Time The following prompt is displayed Enter bridge hello time gt This is the time interval between generating and sending configuration messages by the bridge This parameter can be from 1 to 10 seconds The default is 2 seconds Type a number for the bridge priority Type M to select Set Bridge Maximum Age The following prompt is displayed Section II Menus Interface AT S8
117. e LACPDU packets it functions as a normal Ethernet port and forwards network packets along with LACPDU packets Following are the guidelines for creating aggregators LACP must be activated on both the switch and the other device 0 The other device must be 802 3ad compliant 0 The AT 9000 24 Gigabit Ethernet switch supports up to eight active ports in a trunk group ata time o The switch supports a maximum of four trunks o The ports of a trunk group must be of the same medium type all twisted pair ports or all fiber optic ports 0 The ports of a trunk can be consecutive for example ports 5 9 or nonconsecutive for example ports 4 8 11 20 o A port can belong to only one trunk group at a time 0 The ports of an trunk group must be untagged members of the same VLAN oO An LACP trunk does not forward VLAN ID information o 10 100Base TX twisted pair ports must be set to Auto Negotiation or 100 Mbps full duplex mode LACP trunking is not supported in half duplex mode o 100Base FX fiber optic ports must be set to full duplex mode o You can create a trunk group that includes transceivers with 1000Base xX fiber optic ports o Only those ports that are members of a trunk group transmit LACPDU packets O Aport that is a member of a trunk group functions as part of an aggregate trunk only if it receives LACPDU packets from the remote device If it does not receive LACPDU packets it functions as a regular Ethe
118. e R to select RADIUS Server Configuration The RADIUS Server Configuration Menu is shown in Figure 49 on page 181 The top of the menu shows the current RADIUS server configuration 183 Chapter 13 RADIUS Authentication Protocol 184 Section Using the Menus Interface Chapter 14 Broadcast Storm Control Section l Using the Menus Interface This chapter describes how to configure the broadcast storm control feature on the switch and includes the following sections 0 Broadcast Storm Control Overview on page 186 0 Configuring Broadcast Storm Control on page 187 185 Chapter 14 Broadcast Storm Control Broadcast Storm Control Overview 186 The broadcast storm control feature limits the number of broadcast frames forwarded by the switch The feature can help improve network performance in situations where broadcast frames are consuming a significant portion of network bandwidth to a degree where the remaining bandwidth is insufficient for efficiently carrying the unicast and multicast frames This feature can also protect your network from broadcast storms Broadcast storms commonly occur when an Ethernet network topology contains a loop and where the Spanning Tree Protocol is not implemented Ethernet frames become caught in repeating cycles that needlessly consume network bandwidth The default setting for this feature is disabled In the default setting the switch forwards all ingress broadcast
119. e VLAN Management Menu is shown in Figure 28 on page 114 Type D to select Delete VLAN The following prompt is displayed Enter VLAN ID gt Type the VLAN ID of the VLAN you want to delete and press Enter You can enter only one VID Section Using the Menus Interface AT S84 Management Software User s Guide Note The VLAN is immediately deleted with no confirmation prompt Note You cannot delete the Default VLAN which has a VID of 1 The VLAN Management Menu is updated to show that the VLAN is deleted The untagged port members of a deleted VLAN are automatically returned to the Default_VLAN with a PVID of 1 Resetting to the The following procedure for deletes all VLANs except the Default_VLAN Default VLAN 0a switch To delete selected VLANs refer to Deleting a VLAN on page 120 To reset to the default VLAN perform the following procedure 1 Section Using the Menus Interface From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 21 on page 88 From the Advanced Switch Configuration Menu type V to select VLAN Management The VLAN Management Menu is shown in Figure 28 on page 114 Type R to select Reset VLAN to Default The following prompt is displayed Are you sure to reset VLAN configuration to factory default Y N gt Type Y for Yes The following prompt is displayed Reset to factory default completed p
120. e current configuration of a switch is retained when a new AT S84 software image is installed To return a switch to its default configuration values refer to Returning the AT S84 Management Software to the Factory Default Values on page 57 To download a different configuration file refer to Uploading or Downloading a Configuration File on page 193 Your network must have a node with TFTP server software You must store the new AT S84 image file on the TFTP server You should start the TFTP server software before you begin the download procedure The switch where you are downloading the new image file must have an IP address and subnet mask For instructions on how to configure the IP address on a switch refer to Configuring the IP Address Subnet Mask and Gateway Address on page 32 or Enabling and Disabling the DHCP Client on page 35 A Caution Downloading a new version of management software onto the switch causes the device to reset Some network traffic may be lost during the reset process The following procedure assumes you have already obtained the new software from Allied Telesis stored it on the TFTP server and specified a path to the new software in the TFTP configuration To download the AT S84 image software onto the switch perform the following procedure 1 190 From the Main Menu type T to select Switch Tools The Switch Tools Configuration Menu is shown in Figure 11 on page
121. e eaaeeeeeeeeaeeeeeeeaaeeeeeesaaeeeeesenaeeeeeeeeaas 183 Chapter 14 Broadcast Storm Control ccccccceccccce cee ee cece eeeeeaaeaeeeeeeeeeeeseeeeceaaeaaeceeeeeeeeeeeseeseeneeaeees 185 Broadcast Storm Control OVErview iieri srne aT AE TER SAE A ATA EE NEATA RAT 186 Configuring Broadcast Storm Contos eiea eea a EE ANA A REEE ET E R 187 Chapter 15 Working With System Files 2 0 0 0 cc ceceeeeeeeee eee eeeeeee eee seeeeeeeeeeeneeeeeeseseeeeeeeseeeaaeeeeteeaaeees 189 Downloading a New Management Software Image Using TFTP ceeeeceeeeeeteeeeeeeseneeeeeeetaneeeeeeetneeeeeeeeea 190 Contents Uploading or Downloading a Configuration File cccccceceeeeeecceeeeeeeeeeeeeseneeeeeeseeeeeeeeeseeeeeeeeseeeeeeeseeenaeeees 193 Uploading the Configuration Fie siseste iinan eee eter eee eeeeeeeeetaeeeeeeesaeeeeeeeenaeeeeestiaeeeeenenaees 193 Downloading a Configuration File cceceeeeeteeeeeeeeecneee eee ecneeeeeeeaeeeeeeeaaeeeeeeenaeeeeeesicaeeeeseenaeeeeesenaees 195 Section II Using the Web Browser Interface sccccscsssssscssscscsscesccssscsseeees 197 Chapter 16 Starting a Web Browser Management Session 0 0 cccceceeeeeeeeeeeneeeeeeeeeaeeeeeeenneeeeeeaaes 199 Establishing a Remote Connection to Use the Web Browser Interface ccccecseeeeeeeeeeeeeeeeeeteeeeeeeeenaneees 200 Web Browser ROOIS oire ror 5s cates hv teen haa saa dae Sanaa dann can dee ae espe eae Ge Ae eee 203 Quitting a Web B
122. e override is enabled and the tagged packets are stored in the egress queue specified in the Queue column Section Using the Menus Interface 133 Chapter 9 Quality of Service QoS 4 To change the egress priority queue assignment of an 802 1p traffic class do the following a Type R to select Set Priority Queue The following prompt is displayed Enter traffic class gt b Enter the traffic class whose egress priority queue you want to change The range is 0 to 7 You can specify only one traffic class at a time 5 To configure a tagged port or trunk so that the switch ignores the priority tag in ingress tagged frames do the following a Type O to select Set Override Status to configure a port or K to select Set Trunk Override Status to configure a trunk The following prompt is displayed is you are configuring a port Set Priority Queue gt Enter port number gt The following prompt is displayed if you are configuring a trunk Enter trunk group number gt b Enter the port or trunk number that you want to configure You can configure only one port or trunk at a time A prompt similar to the following is displayed Enable or Disable override for port n E D gt c Type E to enable the override or D to disable it Note The tagged information in a frame is not changed as the frame traverses the switch A tagged frame leaves a switch with the same priority level that it had when it entered The default for
123. e placed in a port s QO egress queue the queue with the lowest priority But you can override this and instruct a port s untagged frames to be stored in a higher priority queue The procedure for this is also explained in Configuring CoS on page 132 One last thing to note is that CoS does not change the priority level in a tagged packet The packet leaves the switch with the same priority it had when it entered This is true even if you change the default priority to egress queue mappings 127 Chapter 9 Quality of Service QoS 128 The default setting for Quality of Service is disabled When the feature is disabled all tagged packets are stored in the lowest priority queue of a port Section Using the Menus Interface AT S84 Management Software User s Guide Mapping CoS Priorities to Egress Queues This procedure explains how to change the default mappings of CoS priorities to egress priority queues shown in Table 2 on page 127 This is set at the switch level and applies to all ports This procedure also enables and disables QoS To change the mappings perform the following procedure 1 From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 21 on page 88 2 From the Advanced Switch Configuration Menu type S to select Quality of Service Configuration The Quality of Service Configuration Menu is shown in Figure 32 AT 9000 24
124. e tagged information in a frame is not changed as the frame traverses the switch A tagged frame leaves a switch with the same priority level that it had when it entered Section II Web Browser Interface Chapter 24 IGMP Section II Web Browser Interface This chapter contains the following procedures for working with the Internet Group Management Protocol IGMP O Configuring IGMP on page 268 Note For background information on IGMP refer to IGMP Snooping Overview on page 138 267 Chapter 24 IGMP Configuring IGMP 268 To configure the IGMP settings perform the following procedure 1 From the Advanced Config menu select IGMP Snooping The IGMP Snooping page opens as shown in Figure 82 IGMP Snooping IGMP Snooping Status Disable IGMP Snooping Age Out Timer 280 Sec 280 420 VLAN ID Multicast group address 1 01 00 5E 7F FF FA Figure 82 IGMP Snooping Page 2 To enable or disable IGMP select Enable or Disable from the IGMP Snooping Status list 3 To set the age out timer type a number in the IGMP Snooping Age Out Timer field The range is 280 to 420 seconds and the default is 280 seconds Section II Web Browser Interface AT S84 Management Software User s Guide Viewing the Multicast Group Members To view the multicast group members perform the following procedure 1 From the Advanced Config menu select IGMP Snooping The IGMP Snooping page i
125. e that BPDUs are stored before being deleted on the root bridge Forward Delay The time interval between generating and sending configuration messages by the root bridge The following parameters refer to the switch Bridge ID The MAC address of the bridge The bridge identifier is use as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority You cannot change this setting Bridge Hello Time This is the time interval between generating and sending configuration messages by the bridge This parameter is active only when the switch is the root bridge Bridge Maximum Age The length of time after which stored bridge protocol data units BPDUs are deleted by the bridge Bridge Forward Delay This is the time interval between generating and sending configuration messages by the bridge Section II Menus Interface Section Il Menus Interface AT S84 Management Software User s Guide Type E to select Enable Disable Global RSTP The following prompt is displayed Enable or Disable Global RSTP E D gt Type E to enable RSTP or D to disable RSTP 155 Chapter 11 Rapid Spanning Tree Protocol RSTP Configuring the RSTP Bridge Settings 156 To configure the RSTP bridge settings perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 From th
126. e trunk the bandwidth remains reduced until the lost link is reestablished or you reconfigure the trunk by adding another port to it Port Trunking Observe the following guidelines when you create a port trunk Guidelines n m g g Section Using the Menus Interface A port trunk can consist of up to 8 ports but must have a minimum of 2 ports The switch can support up to 4 trunks at a time A port can belong to only one trunk at a time The speed duplex mode and flow control settings must be the same on all the ports in a trunk The ports of a trunk must be members of the same VLAN A port trunk cannot consist of ports from different VLANs The ports of a trunk do not have to be consecutive When you cable a trunk the order of the connection should be maintained on both nodes The lowest numbered port in a trunk on the switch should be connected to the lowest numbered port of the trunk on the other device the next lowest numbered port on the switch should be connected to the next lowest numbered port on the other device and so on For example assume that you are connecting a trunk between two AT 9000 24 Gigabit Ethernet switches On the first switch you select ports 1 through 4 for a trunk On the second switch you select ports 5 through 8 To maintain the order of the port connections connect port 1 on the first switch to port 5 on the second switch connect port 2 to port 6 and so on To avoid compatibilit
127. ection Using the Menus Interface Section Using the Menus Interface AT S84 Management Software User s Guide The following prompt is displayed Enter queue for traffic class m gt Enter the new egress queue number for the traffic class The range is 0 to 3 0 is the lowest priority queue and 3 is the highest You can specify only one egress queue 131 Chapter 9 Quality of Service QoS Configuring CoS As explained in QoS Overview on page 126 a packet received on a port is placed it into one of four priority queues on the egress port according to the switch s mapping of 802 1p priority levels to egress priority queues The default mappings are shown in Table 2 on page 127 You can override the mappings at the port level by assigning a different egress queue to a port Note that this assignment is made on the ingress port and before the frame is forwarded to the egress port Consequently you need to configure this feature on the ingress port For example you can configure a switch port so that all ingress frames are stored in egress queue 3 of the egress port Note The switch does not alter the original priority level in tagged frames The frames leave the switch with the same priority level they had when they entered the switch To configure CoS for a port perform the following procedure 1 From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Fi
128. eeeeseeneeeeeeseaas 42 Disabling or Enabling the Telnet Server o oo eecccecceeeeeeeeeeeeene eee eeeeeaaeeeeeeeaaaeeeeseeaaaeeeeeeeaaaeeeeseeaaeeeeseenaeeeeeeseaas 43 CONTIQUIING SNI Priscccesssiazceedadesdungedeasanteqeeea E cdenassancqeauasdagaenenasade AE EE RAEAN EAA REENER ERRE 44 Viewing Switch OMANO N s TAT T a A ate 47 Rebooting the Swena e A T E A eke et A ee eee ad 50 Pingin S Remote Systemi oaea ana E te an Diane E O 52 Viewing the System LOJ o eerren E EENE AAEE A E AA AAE E EEA EAEE 55 Returning the AT S84 Management Software to the Factory Default Values 0 0 eeceeeeeenneeeeeeentteeeeeeenaaes 57 Chapter 4 SNMP ie e lea ae ieee on ei ele es ns eee ane eee 59 SNMP OVON orrore aae REE T O cee A E E A ar O E duty 60 Default SNMP Community StringS snes ernnn iire cece sence ee etre eater E A rn TE EEATT E NE A 61 Enabling or Disabling the SNMP AQent eceeeeceeeeeeee eee eeeeee eee eeeeeae eee eeeeaaeeeeseeeaaeeeeeeeeaeeeeeseeaeeeeseeneeeeesenaas 62 Enabling Authentication Traps ieser ai a A EEA A STE E A 63 Changing the Default SNMP Community Names sesseessssseisseserrssstirrsstttrrrtstttrrsstttrnntsttnnssattnnasstttnnatteensetenn 64 Working with Trap Receiver S esiaine tenni na i i ria e aA EA iE a a edal 65 Addioga Trap ROCGIVGR ar a RRR OTRA AE AAE AA E AA ee A Aaa AS 65 Contents Enabling or Disabling Trap Receivers cc ccceeceeeceeeeeeeeeee eee eeneeeeeeeeaeeeeeeseeaeeeeeeeeeeeeeeseeeeaeeeeseeeae
129. eeteeaeeees 65 Modifying a Trap ReCCIVEN rori iaaa Lie AEE R AA A a a a a 66 Deleting a Trap Receiver oeaiei iii dees aii iaa TE AAEE aai E AAAA AA 67 Chapter 5 Port Configuration ciis23cccieesdoocctesaaed eE E AE AE cethatcabeeceuvadeatecsacaai ieee 69 Displaying the Port Paramotor Sasin taari aE ERTER A A TG 70 Enabling or Disabling as Port serae A EAE E EE E EE 72 Setting a Port s Speed and Duplex Mode ccccceeeeeececccecceceeeeeeeeeeeeeeceaeaaeceeeeeeeeeeesecaaaaesaeeeeeeeeeeesesennaaeeees 73 Changing the Flow Control Setting 2 scccss tact cic sddadeschesescedeiecunaal bucesalaptecesesbedeeqeta EEEE EAE ENRE NER 75 Changing the Back Pressure Setting ce ceeceeceeeeeeeeeeeeeseeeeeeeeeeeceeeeeeeceneeeeeeseaeaeeeeseeeeaeeeeeeneaeeeseenaeeeeseenaeeess 76 Displaying Port StatisticS aanse det eini dale iedaiiatitnd Aiies eet EE 77 Chapter 6 Port Trunking sccs teis dae ei eee ee a ea a eee era 81 Port Trunking Overview iminircdrnite ieie Bees 112 tote EAEE e AAAA dee E EEEE aii ded 82 Statie Port TUNK OVVIO W oo sin araa r AAEE OAR TANE A REEE A A A R RAA 82 Port Trunking Guidelines 00 2208 ces eia i E EE T E S ake 83 LACPE TTUNRS haret a a a a a a a a ar 84 LACP Tr nk Status oeisio enr is a N a Ta ae danke ae EEEE EAEE EAP LEEN TTE SEE EE a 84 LACP Port Priority Parameter ara a ana Decades A U ARAA setae kia EEE AAA E betes aa ATER a iiA 85 LACP Trunk Guidelines sorene anse aa a SE todas a N EAA E AATA te anil 86
130. en an RSTP bridge receives STP BPDUs on an RSTP port the port transmits STP BPDUs The RSTP port continues to transmit STP BPDUs indefinitely 12 Enter T for True or F for False 163 Chapter 11 Rapid Spanning Tree Protocol RSTP Displaying the RSTP Topology To display the RSTP topology perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 From the Basic Switch Configuration Menu type S to select Rapid Spanning Tree Configuration The Rapid Spanning Tree Configuration Menu is shown in Figure 42 on page 153 From the Rapid Spanning Tree Configuration Menu type I to select Topology Information The Topology Information menu is shown in Figure 43 st 9000 24 Local Management System N ext Page Command gt PortTrunk Link Desig Root 8000 8000 8000 8000 8000 8000 8000 8000 8000 8000 8000 8000 00c08f1211bb 00c08f1211bb 000c46aa7 fal 00c08Ff1211bb 00c08f1211bb 00c08Ff1211bb 00c08Ff1211bb 00c08Ff1211bb 00c08f1211bb 00c08f1211bb 00c08f1211bb 00c08f1211bb lt COMMAND gt P revious Page Desig Cost Desig Bridge 00000 DOODOCOCOOOCONOCO 8000 8000 8000 8000 8000 8000 8000 8000 8000 8000 8000 8000 00c08f1211bb 00c08f1211bb 003084000000 00c08f1211bb 00c08f1211bb 00c08f1211bb 00c08f1211bb 00c08f1211bb 00c08f1211bb 00c08f1211bb 00c08
131. er 17 Basic Switch Parameters Returning the AT S84 Management Software to the Factory Default Values This procedure returns all AT S84 management software parameters to their default values and deletes all tagged and VLANs on the switch The AT S84 management software default values are listed in Appendix A AT S84 Default Settings on page 311 Caution This procedure causes the switch to reboot The switch does not forward network traffic during the reboot process Some network traffic may be lost To return the AT S84 management software to the default settings perform the following procedure 1 224 From the Tools menu select System Reboot The System Reboot Configuration page is shown in Figure 63 on page 219 For the Reboot Type select one of the following Reset to Factory Default Resets all switch parameters to the factory default settings including IP address subnet mask and gateway address Reset to Factory Default Except IP Address Resets all switch parameters to the factory default settings but retains the IP address subnet mask and gateway settings If the DHCP client is enabled it remains enabled after this reset For the Reboot Status select Start to start the reboot Click Apply The switch is rebooted You must wait for the switch to complete the reboot process before reestablishing your management session Section II Web Browser Interface Chapter 18 Port Configurati
132. erface port statistics counter CONFIGURE Changes the mode to the Global Configuration Mode COPY Uploads the configuration file to an image or configuration file DISABLE Exits from the Privileged EXEC command mode to the User EXEC command mode EXIT Exits from the Privileged EXEC command mode to the User EXEC command mode LOGOUT Exits the command line interface and returns to the Main Menu MODE Displays the available modes PING Pings a specified IP address to check connectivity to another system REBOOT Reboots the system SHOW Displays running system information The Global Configuration command mode allows you to configure advanced system features such as broadcast storm control SNMP and TP To access this mode you must first access the User EXEC and the Privileged modes The prompt changes to Switch config to indicate the Interface Configuration mode See Table 11 for a list of commands that can be accessed from the Global Configuration mode Table 11 Global Configuration Command Mode Commands Command Description BACK Sets the back pressure feature PRESSURE 301 Chapter 30 Getting Started with the Command Line Interface 302 Table 11 Global Configuration Command Mode Commands Continued Command Description CONSOLE Sets the console configuration DOT1X Sets the 802 1x Port based N
133. es the different methods for accessing the software and the management access levels This chapter contains the following sections Management Overview on page 18 Local Connection on page 19 Remote Connection on page 20 Oda 0 U0 Management Access Level on page 21 Chapter 1 Overview Management Overview The AT S84 management software allows you to view and adjust the operating parameters of the AT 9000 24 Gigabit Ethernet switch Here are a few examples of the functions that you can perform with the management software Enable and disable ports Configure a port s speed and duplex mode Create port trunks Configure a port mirror Configure Quality of Service QoS Create and tagged virtual LANs Oaog0Q060d Qa 0 Configure 802 1x network access control The AT S84 management software is preinstalled on the switch with default settings for all of the switch s operating parameters You do not have to manage the switch if the default settings are adequate for your network Instead you can use the device as an unmanaged switch by connecting it to your network as explained in the hardware installation guide and powering on the unit Note The default settings for the management software are listed in Appendix A AT S84 Default Settings on page 311 To actively manage the switch and adjust its operating parameters you must connect to an AT 9000 24 Gigabit Ethernet switch and acc
134. es to a local management session but not to a web management session A web browser management session remains active so long as your web browser is open Note If you select 0 you must remember to properly log off from a local management session when you are finished to prevent blocking future management sessions with the switch b Click Apply 3 To configure the Telnet UI timeout value do the following a In the Telnet UI Time Out field enter a new value The Telnet idle time out parameter specifies the length of time that a remote Telnet management session can be inactive before the management software automatically ends it 4 To change the user settings do the following a Enter the existing name and password in the User Name and Password fields The default name and password are both manager The login name and password are case sensitive Section II Web Browser Interface Section Il Web Browser Interface AT S84 Management Software User s Guide Click the New User Name field and enter a new user name or if you do not want to change the login name enter the current name Leaving this field empty deletes the current login name without assigning a new one The name can be from 0 to 12 characters Spaces are allowed The login name is case sensitive Click the New Password field and enter a new login password or if you do not want to change the password enter the current password The password can
135. es to begin the uploading or N for no to cancel the procedure To download a configuration file onto the switch from a TFTP server perform the following procedure 1 From the Main Menu type T to select Switch Tools The Switch Tools Configuration Menu is shown in Figure 11 on page 50 From the Switch Tools Menu type C to select Configuration File Upload Download The Configuration File Upload Download menu is shown in Figure 53 on page 194 From the Configuration File Upload Download menu type T to select TFTP Configuration File Upload Download 195 Chapter 15 Working With System Files 10 11 196 The TFTP Configuration File Upload Download menu is shown in Figure 54 on page 194 Type S to select Set TFTP Server IP Address The following prompt is displayed Enter IP address of TFTP server Type the IP address of the TFTP server and press Enter Type F to select Set Configuration File Name The following prompt is displayed Enter file name gt Enter the file name of the switch configuration file on the TFTP server and press Enter Note There is no default name for the configuration file Type R to select Set Retry Count The following prompt is displayed Enter retry count gt Enter the number of times you want the switch to retry in the event a problem occurs during the download process The range is 1 to 20 The default is 5 times To begin the download type D to select Download C
136. ess frames are stored in egress queue 3 of the egress port regardless of the priority levels that might be in the frames themselves as found in tagged frames Note The switch does not alter the original priority level in tagged frames Frames leave the switch with the same priority level they had when they entered the switch To configure CoS for a port perform the following procedure 1 From the Advanced Config menu select QoS Config gt Port Priority Config Section II Web Browser Interface AT S84 Management Software User s Guide The Port Priority Configuration page opens as shown in Figure 81 Port Priority Configuration Port Index Trunk Queue 0 Lowest 3 Highest Override All Di Disable v Apply l oix Disable v Apply 2 Ov Disable Apply 3 Oly Disable x Apply 4 2 Di Disable v Apply 5 O v Disable v Apply 6 O Disable v Apply 7 2 Oly Disable v Apply ov Disable Apply 9 2 oix Disable x Apply 10 Dim Disable v Apply 11 oix Disable Apply 12 Di Disable v Apply 13 Di Disable Apply 14 O v Disable v Apply Figure 81 Port Priority Configuration Page The columns in the menu display the following information Port Displays the port number Trunk Displays the trunk number if the port is a member of a trunk Traffic Class Enter the traffic class s current egress priority Queue Displays the number of the queue where u
137. ess the switch s AT S84 management software There are two ways to connect to the switch 0 Locally o Remotely Depending upon the method you choose specific AT S84 management software interfaces are available When you have a local connection you can use the menus described in Section of this guide or the command line interface CLI described in Section Ill With a remote connection you can use the menus CLI and web browser interfaces or a third party network management application The web browser interface is described in Section II The following sections in this chapter briefly describe each type of management session Local Connection AT S81 Management Software User s Guide To establish a local connection with a switch you connect a terminal or a PC with a terminal emulator program to the terminal port on the front of the switch using the management cable included with the unit This type of connection is referred to as local because you must be physically close to the switch such as in the wiring closet where the switch is located Note For instructions on how to start a local management session refer to Starting a Local Management Session on page 26 With a local connection you can manage the switch using the menus or CLI A switch does not need an Internet Protocol IP address for you to manage it locally You can start a local management session on a switch at any time It doe
138. eting Switch Location Fourth Floor Switch Contact Ralph System Address Information MAC Address 00 06 5H B2 65 84 IP Address 149 35 8 237 Subnet Mask 255 255 255 0 Gateway 149 35 8 1 Automatic Network Features DHCP Mode Disabled Press any key to continue Figure 10 General Information Menu The General Information Menu displays the following information System up for The number of hours minutes and seconds since the last reset or power cycle Runtime Image The version of the runtime software Boot Loader The version of the boot loader software Section Using the Menus Interface 47 Chapter 3 Basic Switch Parameters 48 Hardware Information Section Version The hardware version number Fixed Baud Rate The baud rate of the console port You cannot change this parameter DRAM Size The size of the DRAM in megabytes Flash Size The size of the flash memory in megabytes Administration Information Section Switch Name The name assigned to the switch To assign the switch a name refer to Configuring System Administration Information on page 36 Switch Location The location of the switch To specify the location refer to Configuring System Administration Information on page 36 Switch Contact The contact person responsible for managing the switch To specify the name of a contact refer to Configuring System Administration Information on page 36 System Address Info
139. etting for all ports on the switch Disabled The port has been manually disabled To change a port s status see Enabling or Disabling a Port on page 72 Mode The port s speed and duplex mode setting For information about the modes or to change a port s speed and duplex mode setting see Setting a Port s Speed and Duplex Mode on page 73 Flow Ctrl Whether flow control is enabled on the port Flow control is enabled by default To disable flow control refer to Changing the Flow Control Setting on page 75 3 To view information for the rest of the ports type N for Next Section Using the Menus Interface 71 Chapter 5 Port Configuration Enabling or Disabling a Port This procedure enables or disables a port You may want to disable a port and prevent packets from being forwarded if a problem occurs with the node or cable connected to the port After the problem has been fixed you can enable the port to resume normal operation You can also disable an unused port to secure it from unauthorized connections The default setting for a port is enabled To change the port s status perform the following procedure 1 72 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 From the Basic Switch Configuration Menu type P to select Port Configuration The Port Configuration Menu is shown in Figure 17 on page
140. etwork Access Control configuration END Exits from the Global Configuration Command Mode to the Privileged EXEC Command Mode EXIT Exits from the Global Configuration command mode to the Privileged EXEC command mode HOSTNAME Sets the name of the system INTERFACE Changes the command mode to the Interface Configuration command mode you must also specify a port IP Set the IP Address and IP related commands for the system LOGOUT Exits the command line interface and returns to the Main Menu MLS Sets the QoS feature MODE Displays the available modes NO Negates a command or sets its defaults PING Pings a specified IP address to check connectivity to another system PRIORITY Maps a CoS value to a priority value QUEUE RADIUS Sets a RADIUS Server SERVER SNMP Sets the SNMP configuration in the system SERVER SPANNING Sets the STP features TRESS STORM Sets the Broadcast Storm Control feature for the CONTROL system TELNET Sets the Telnet server SERVER TRUNK Add ports to a trunk group USERNAME Sets a system user name and password Section Basic Features Interface Configuration Command Mode Section Basic Features AT S84 Management Software User s Guide The Interface Configuration command mode allows you to configure features that pertain to the ports on the system such as flow control port mirroring and duplex mode To access this mode you must first access the User EXEC Pri
141. ew the LACP group settings perform the following procedure LACP Group From the Main Menu type A to select Advanced Switch Settings Configuration The Advanced Switch Configuration Menu is shown in Figure 21 on page 88 2 From the Advanced Switch Configuration Menu type T to select Trunk Configuration The Trunk Configuration Menu is shown in Figure 22 on page 89 3 From the Trunk Configuration Menu type G to select LACP Group Status The following prompt is displayed Enter trunk group admin key gt 4 Type anumber from 1 to 4 to specify the admin key of the trunk you want to view 94 Section Using the Menus Interface AT S84 Management Software User s Guide The LACP Group Status Menu is displayed as shown in Figure 24 aT 9000 24 Local Management System b Trunk Configuration gt LACP Group Status Menu System Priority 32768 System ID 00 00 90 24 00 03 Key i 1 Aggregator Attached Port List 2 2 3 3 4 4 or S3 S sS ese lt COMMAND gt Q uit to previous menu Command gt 2 Figure 24 LACP Group Status Menu The LACP Group Status Menu displays the following information about the LACP group System Priority The system priority as defined by IEE 802 3ad You cannot change this System ID The MAC address of the system Key The key for this trunk group The menu also contains a table that displays the following information Aggregator The port that
142. f1211bb 00c08f1211bb Rapid Spanning Tree Configuration gt Designated Topology Information Desig Port Q uit to previous menu S 164 Figure 45 Topology Information Menu This menu displays the following information about the ports Trunk The trunk of which the port is a member Section Il Menus Interface Section Il Menus Interface AT S84 Management Software User s Guide Link Whether the link on the port is up or down Desig Root The designated root bridge is the switch that is directly connected to the local switch The MAC address of the designated root bridge is displayed In the network topology the designated bridge is located between the local switch and the root bridge Desig Cost The sum of all the root port costs on all bridges including the switch between the switch and the root bridge Desig Bridge An adjacent bridge to which the root port of the switch is actively connected Desig Port The port on the designated bridge that is directly connected to the root port of the local switch 165 Chapter 11 Rapid Spanning Tree Protocol RSTP 166 Section II Menus Interface Chapter 12 802 1x Network Access Control Section l Using the Menus Interface This chapter contains information about and the procedure for configuring 802 1x Network Access Control It includes the following sections o 802 1x Network Access Control Overview on page 168 0 Configuring 80
143. face Chapter 21 Port Mirroring This chapter contains the procedure for setting up port mirroring Port mirroring allows you to unobtrusively monitor the ingress and egress traffic on a port by having the traffic copied to another port This chapter contains the following sections o Configuring Port Mirroring on page 246 a Disabling Port Mirroring on page 247 Note For background information on port mirroring refer to Port Mirroring Overview on page 98 Section II Web Browser Interface 245 Chapter 21 Port Mirroring Configuring Port Mirroring 246 To set up port mirroring perform the following procedure 1 From the Advanced Config menu select Port Mirroring The Port Mirroring page opens as shown in Figure 74 Port Mirroring Configuration Mirroring Status Disable v Mirroring Port Port Being Mirrored Index Apply Port Port 1 2 M 1 m Apply Figure 74 Port Mirroring Page 2 Inthe Mirroring Port section select the port where the network analyzer is connected 3 In the Port Being Mirrored section select the port whose ingress and egress traffic you want to monitor You can select only one port 4 Click Apply 5 From the Mirroring Status list select Enable and click Apply Port mirroring is immediately enabled on the switch You can now connect a data analyzer to the mirroring port to monitor the traffic on the other port Section II Web Browser Interfa
144. fault setting 314 SNMP trap receiver adding 65 deleting 67 disabling 65 enabling 65 modifying 66 SNTP 44 SNTP configuring 216 software information 47 217 static port trunk described 82 statistics displaying 77 232 STP compatibility configuring 158 subnet mask configuring 32 206 default setting 313 supplicant described 168 switch hardware information 47 217 rebooting 50 219 software information 47 217 system contact configuring 36 209 default 313 system description default 313 system location configuring 36 209 default setting 313 system log clearing 55 222 system log displaying 55 222 system name configuring 36 209 default setting 313 T tagged VLAN example 111 Telnet server enabling or disabling 43 215 Telnet default setting for remote management 312 trap described 61 U untagged ports described 106 user name configuring 211 V VLAN configuring PVID of untagged ports 116 252 creating 113 250 deleting 120 258 deleting all 259 description 104 displaying 117 255 guidelines 108 modifying 119 256 resetting to the default 121 VLAN ID described 106 WwW web browser management session quitting 204 starting 20 200 web browser tools 203 AT S84 Management Software User s Guide web server default setting 312 enabling or disabling 42 214 325 Index 326
145. fault setting 317 l IEEE 802 1p standard 126 IGMP snooping configuring 140 268 default setting 317 multicast groups 142 overview 138 status default setting 317 IP address configuring 32 206 default setting 313 K keyword abbreviations 308 L LACP port priority described 85 LACP trunk described 84 guidelines 86 323 Index Link Aggregation Control Protocol See LACP trunk local management session explained 19 quitting 29 starting 26 login name configuring 38 211 login password configuring 38 211 management access defaults 312 management access level 21 management interface defaults 312 manager password default setting 312 maximum multicast groups default setting 317 menus interface using 28 mirrored port defined 98 mirroring port defined 98 multicast groups viewing 142 multicast router ports mode default setting 317 P password configuring 40 211 path cost described 147 pinging 52 220 point to point port default setting 318 described 150 port duplex mode configuring 73 enabling or disabling 72 parameters displaying 70 speed configuring 73 status default setting 315 port control 802 1x port based access control 169 283 force authorized 170 283 force unauthorized 170 283 port cost default setting 318 described 147 port duplex mode configuring on a single port 229 configuring on multiple ports 226 port mirroring configuring 99 246 described 98 disabling 101 247 port
146. for the switch System Default Gateway Enter the default gateway s IP address DHCP Mode For information about setting this parameter refer to Enabling and Disabling the DHCP Client on page 208 3 Click Apply Note Changing the IP address ends your management session To resume managing the device enter the new IP address of the switch in the web browser s URL field as shown in Figure 55 on page 200 Section Il Web Browser Interface 207 Chapter 17 Basic Switch Parameters Enabling and Disabling the DHCP Client This procedure explains how to activate and deactivate the DHCP client on the switch When the client is activated the switch obtains its IP configuration such as its IP address and subnet mask from a DHCP server on your network Before performing the procedure note the following An IP address and subnet mask are not required for normal network operations of the switch Values for these parameters are only required if you want to remotely manage the device with a web browser O A gateway address is only required if you want to remotely manage the device from a remote management station that is separated from the switch by a router o The DHCP client is disabled by default on the switch o The DHCP client does not support BOOTP o You must assign an IP address initially through a local management session using the menus interface To activate or deactivate the DHCP client on the swi
147. frames provided that ports are not over subscribed When you enable the feature you are given three threshold levels from which to choose The levels prescribe the maximum number of ingress broadcast frames the switch will accept per second Broadcast frames that exceed the limit are discarded The level are o High 3000 broadcast packets per second o Medium 500 broadcast packets per second o Low 100 broadcast packets per second For example activating the feature and selecting Medium as the threshold means that the switch accepts up to a maximum of 500 ingress broadcast packets per second and discards those broadcast packets that exceed the limit Section Using the Menus Interface AT S84 Management Software User s Guide Configuring Broadcast Storm Control To configure the broadcast storm control feature perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 2 From the Basic Switch Configuration Menu type C to select Storm Control Configuration The Storm Control Configuration Menu is shown in Figure 50 AT 9000 24 Local Management System Basic Switch Configuration gt Storm Control Configuration Menu Broadcast Storm Status Disabled Threshold Low Set B roadcast Status Set T hreshold Q uit to previous menu Command gt Figure 50 Storm Control Configuration Menu 3 Type B
148. g a Configuration File The procedure in this section allows you to download a different configuration file onto the switch from a TFTP server or upload the file to a TFTP server To return a switch to its default configuration values refer to Returning the AT S84 Management Software to the Factory Default Values on page 224 Note The configuration file contains only those settings that have been changed since the switch was last reset to the default settings Before downloading a configuration file onto the switch note the following o Your network must have a node with TFTP server software o You must store the new configuration file on the TFTP server o You should start the TFTP server software before you begin the download procedure o The switch where you are downloading the configuration file must have an IP address and subnet mask For instructions on how to configure the IP address on a switch refer to Configuring the IP Address Subnet Mask and Gateway Address on page 32 or Enabling and Disabling the DHCP Client on page 35 O When you download a new configuration file onto the switch the new file overrides the current file and the current file is lost unless you uploaded it to a TFTP server before you replaced it To download or upload a configuration file perform the following procedure 1 From the Tools menu select Config File Upload Download The Configuration File Upload Download
149. g number for the event Date and Time The date and time that the event occurred 55 Chapter 3 Basic Switch Parameters 56 L Severity level of the event The severity levels are l nformation Useful information that you can ignore during normal operation W arning An issue that may require a manager s attention E rror Switch operation is severely impaired Type The type provides more information about the event The possible types are 802 1X An 802 1X event CFG Configuration event CLI CLI login Console A console login by a user IP Change to the IP information PCFG Port configuration PoE PoE configuration or event SNTP SNTP configuration STP Spanning tree SwUpg Software upgrade System General system event Telnet Access via Telnet Description A description of the event To remove the current log entries type L to select Clear the Log Entries Section Using the Menus Interface AT S84 Management Software User s Guide Returning the AT S84 Management Software to the Factory Default Values Section Using the Menus Interface This procedure returns all AT S84 management software parameters to their default values and deletes all tagged and VLANs on the switch The AT S84 management software default values are listed in Appendix A AT S84 Default Settings on page 311 A Caution This procedure causes the switch to reboot The switch does
150. ge Q uit to previous menu 1 2 3 4 5 6 7 8 9 1 Command gt Figure 9 Time Zone Configuration Menu Section Using the Menus Interface 45 Chapter 3 Basic Switch Parameters b Scroll through the list of time Zones until you find one that matches your time zone c Type S to choose Set Time Zone The following message is prompt is displayed Select time zone gt d Type the number that corresponds to the time zone you want If you selected a time zone that observes daylight saving time the following prompt is displayed Enable or Disable Daylight Saving E D gt e Type D to disable the daylight saving time or E to enable it Note You must set the time zone in order to display the daylight saving time option If the time zone you previously selected is located in DST area you can set this anytime 46 Section Using the Menus Interface AT S84 Management Software User s Guide Viewing Switch Information To view general information about the switch perform the following procedure 1 From the Main Menu type G to select General Information The General Information menu is shown in Figure 10 AT 9000 24 Local Management System Main Menu gt General Information System up for 24min s 36sec s Runtime Image Version 1 0 Boot Loader Version 1 0 Hardware Information Version DRAM Size 16MB Fixed Baud Rate 9600bps Flash Size 4 MB Administration Information Switch Name Mark
151. ge port choose a setting based on the information in Table 7 Table 7 RSTP Point to Point Status In the Admin OperPtoP column for the port you want to configure Admin Operation Port Duplex Operation Auto True Full False Half True True Full or Half 276 Section II Web Browser Interface Section Il Web Browser Interface AT S84 Management Software User s Guide Table 7 RSTP Point to Point Status Continued Admin Operation Port Duplex Operation False False Full or Half 4 Inthe Migration column for the port you want to configure click Restart to reset the port 5 Click Apply To configure all of the ports to the same settings in the All row configure one two or all of the following settings Admin OperEdge Admin OperPtoP and Migration 6 Click Apply 277 Chapter 25 RSTP Viewing the RSTP Topology To view the current RSTP topology perform the following procedure 1 From the Basic Config menu select Rapid Spanning Tree gt RSTP Topology The Designated Topology Information page opens as shown in Figure 87 Designated Topology Information Port Trunk Link Status Designated Root Designated Cost Designated Bridge Designated Port 1 Up 8000 000c46aa7fat 200000 8000 00308454c840 8001 2 Down 9000 000090240002 0 9000 000090240002 00 00 3 Up 8000 000c46aa7fat 200000 8000 003084000000 80 03 4 Down 9
152. gin password The management software prompts you for the password to prevent an unauthorized individual from changing the login name Type the new user name and press Enter The default name is manager The name can be from 0 to 12 characters Spaces are allowed The login name is case sensitive Not entering a new login name deletes the current login name without assigning a new one The new user name appears in the User Field in the top portion of the menu You must use the new login user name the next time you start a local or web browser management session To change the manager login password do the following a Type P to select Change Administrator Password The following prompt is displayed Enter old password gt Enter the current manager password and press Enter The following prompt is displayed Enter new password gt Section Using the Menus Interface AT S84 Management Software User s Guide c Type the new password and press Enter The password can be from 0 to 12 characters Allied Telesis recommends not using special characters such as spaces and exclamation points The password is case sensitive Not entering a new password deletes the current password without assigning a new one The following prompt is displayed Retype new password gt d Retype the new password and press Enter You must use the new login password the next time you start a local or remote 3management session Section Usi
153. gnated root bridge to which the switch s root port is actively connected Designated Cost The sum of all the root port costs on all bridges including the switch between the switch and the root bridge 278 Section II Web Browser Interface Section Il Web Browser Interface AT S84 Management Software User s Guide Designated Bridge An adjacent bridge to which the root port of the switch is actively connected Designated Port The root bridge to which the root port of the switch is actively connected 279 Chapter 25 RSTP 280 Section II Web Browser Interface Chapter 26 802 1x Network Access Control This chapter contains the procedure for configuring 802 1x network access control O Configuring 802 1x Network Access Control on page 282 Note For background information refer to 802 1x Network Access Control Overview on page 168 Section II Web Browser Interface 281 Chapter 26 802 1x Network Access Control Configuring 802 1x Network Access Control To configure 802 1x network access control perform the following procedure 1 From the Advanced Config menu select 802 1x The 802 1x Configuration page opens as shown in Figure 88 802 1x Configuration NAS ID Nast Go to Port 1 lw nitialize Yes v Apply Re auth Initialize Yes M Port 1 Port Status Authorized Port Control Force Authorized Quiet Period 60 Sec 1 65535 Transmission Period 30 Se
154. gs 319 described 168 guidelines 171 supplicant described 168 A administrator name configuring 38 211 AT S84 management software default settings 311 features 18 resetting to factory defaults 57 224 upgrading 190 290 authentication server 168 authenticator port described 168 B back pressure described 76 bridge forwarding delay default setting 318 bridge identifier described 146 bridge priority described 146 bridge protocol data unit BPDU 157 broadcast storm control configuring 187 287 overview 186 Cc Class of Service CoS configuring 132 264 described 126 commands formatting 299 configuration file downloading 195 uploading 193 configuration file downloading or uploading 193 292 console idle timeout configuring 38 211 default setting 312 CoS See Class of Service CoS D default values AT S84 management software 311 DHCP client enabling or disabling 35 208 DHCP mode default setting 313 E edge port default setting 318 described 150 F factory defaults list 311 resetting switch to 57 224 flow control configuring 75 configuring on a single port 229 default setting 315 force version default setting 318 G GARP VLAN Registration Protocol GVRP overview 122 gateway address configuring 32 206 default setting 313 GVRP See GARP VLAN Registration Protocol GVRP H hardware information 47 217 hello time described 149 help context sensitive 308 host router timeout interval de
155. gt SNMP Configuration Menu SNMP Read Community public SNMP write Community private Trap Authentication Enabled SNMP Trap Receivers Status IP Address Communi ty Deleted lt empty gt lt empty gt Enabled 149 35 8 42 Monitor Deleted lt empty gt lt empty gt Deleted lt empty gt lt empty gt Set SNMP R lead Community A dd SNMP Trap Receiver set SNMP w rite Community D elete SNMP Trap Receiver M odify SNMP Trap Receiver E nable Disable Authentication Trap Enable Disable SNMP T rap Receiver Q uit to previous menu Command gt Figure 16 SNMP Configuration Menu 3 Type E to select Enable Disable Authentication Trap The following prompt is displayed Enable or Disable SNMP Authentication Trap E D gt 4 Type E to enable SNMP or D to disable SNMP The default is Enabled Section l Using the Menus Interface 63 Chapter 4 SNMP Changing the Default SNMP Community Names To change the names of the default SNMP communities perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 2 From the Basic Switch Configuration menu type N to select SNMP Configuration The SNMP Configuration menu is shown in Figure 16 on page 63 3 Type R to select Set SNMP Read Community The following prompt is displayed Enter read community name gt 4 Type the name of the read community The default is
156. guration Menu type P to select Port Configuration The Port Configuration Menu is shown in Figure 17 AT 9000 24 Local Management System Basic Switch Configuration gt Port Configuration Menu Back Pressure Disabled Port Trunk Link Status Flow ctrl 1000Tx 1000Tx 1000Tx 1000Tx 1000Tx 1000Tx 1000Tx 1000Tx 1000Tx 1000TXx 1000Tx 1000TX Enabled lt COMMAND gt N ext Page Set S tatus Set F low Control P revious Page Set M ode Set B ack Pressure Q uit to previous menu Command gt Figure 17 Port Configuration Menu 70 Section Using the Menus Interface AT S84 Management Software User s Guide The Port Configuration Menu displays the following columns of information about the status of the first 12 ports on the switch Port The port number Trunk The trunk group number This column contains the number of the port trunk if the port is a member of a trunk To configure a trunk refer to Chapter 6 Port Trunking on page 81 Type The port type The type for an RJ 45 copper port is 10 100 1000Base T Link The status of the link between the port and the end node connected to the port The possible values are Up A link exists between the port and the end node Down The port has not established a link with an end node Status The current operating status of the port The possible values are Enabled The port is able to send and receive Ethernet frames This is the default s
157. gure 21 on page 88 2 From the Advanced Switch Configuration Menu type S to select Quality of Service Configuration The Quality of Service Configuration Menu is shown in Figure 32 on page 129 3 From the Quality of Service Configuration Menu type P to select Port Priority Configuration 132 Section Using the Menus Interface AT S84 Management Software User s Guide The Port Priority Configuration Menu is shown in Figure 34 AT 9000 24 Local Management System Quality of Service Configuration gt Port Priority Configuration Menu Port Trunk Queue Override 1 Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Highest Lowest lt COMMAND gt N ext Page Set P rliority Queue Set T runk Priority Queue P revious Page Set O verride Status Set Trun k Override Status Q uit to previous menu Command gt Figure 34 Port Priority Configuration Menu The columns in the menu display the following information Port Displays the port number Trunk Displays the trunk number if the port is a member of a trunk Queue Displays the number of the queue where untagged packets received on the port are stored on the egress queue Override Displays whether the priority level in ingress tagged frames is being used or not If No the override is disabled and the port is using the priority levels contained within the frames to determine the egress queue If Yes th
158. hapter 22 Virtual LANs Deleting a VLAN To delete a VLAN perform the following procedure 1 From the Advanced Config menu select VLAN Info The VLAN Information page is shown in Figure 78 on page 256 2 Inthe VLAN Action column click Delete next to the VLAN you want to delete A confirmation prompt is displayed 3 Click OK to delete the VLAN or Cancel to cancel the deletion Note You cannot delete the Default VLAN which has a VID of 1 The VLAN Information window is updated to show that the VLAN is deleted The untagged ports of a deleted VLAN are automatically returned to the Default VLAN 258 Section II Web Browser Interface AT S84 Management Software User s Guide Deleting All VLANs Section Il Web Browser Interface The following procedure for deletes all VLANs except the Default_VLAN on a switch To delete selected VLANs refer to Deleting a VLAN on page 258 To reset to the default VLAN perform the following procedure 1 From the Advanced Config menu select VLAN Info The VLAN Information page is shown in Figure 78 on page 256 2 Click Reset to Default The following prompt is displayed Reset VLAN configuration to default 3 Click OK to continue or click Cancel to stop the changes The VLAN Information page is redisplayed with ALL VLANs except the default deleted 259 Chapter 22 Virtual LANs Enabling or Disabling GVRP To enable or disable GVRP perform the following
159. he DHCP client on the switch perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 2 From the Basic Switch Configuration Menu type I to select System IP Configuration The System IP Configuration Menu is shown in Figure 5 on page 33 3 Type D to select Enable Disable DHCP Mode The following prompt is displayed Enable or Disable DHCP mode E D gt 4 Type E to select Enable or D to select Disable If you enable the client it immediately begins to send queries to the DHCP server It continues to send queries until it receives a response Section Using the Menus Interface 35 Chapter 3 Basic Switch Parameters Configuring System Administration Information 36 This section explains how to assign a name to the switch as well as specify the location of the switch and the name of the switch s administrator Entering this information is optional To set a switch s administration information perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 2 From the Basic Switch Configuration Menu type A to select System Administration Information The System Administration Configuration Menu is shown in Figure 6 AT 9000 24 Local Management System Basic Switch Configuration gt System
160. he following prompt is displayed Enter community name for trap receiver gt Enter a name for the workstation that you want to receive traps A new trap receiver is automatically enabled You can disable a trap receiver or enable one that was previously disabled To enable or disable a trap receiver perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration 65 Chapter 4 SNMP Modifying a Trap 66 Receiver The Basic Switch Configuration Menu is shown in Figure 4 on page 32 From the Basic Switch Configuration menu type N to select SNMP Configuration The SNMP Configuration menu is shown in Figure 16 on page 63 Type T to select Enable Disable SNMP Trap Receiver The following prompt is displayed Set SNMP trap receivers status gt Enter entry number gt Enter the number of the trap receiver you want to enable or disable The following prompt is displayed Set SNMP trap receivers status gt Enter entry number gt Enter the number for the trap you want to enable or disable The following prompt is displayed Enable or Disable SNMP Trap Receiver E D gt Note The trap receiver must be one whose status is not deleted Type E to enable the trap receiver or D for disable to disable the trap receiver You can also delete a trap receiver as described in Deleting a Trap Receiver on page 67 To modify a trap receiver perform the following procedure
161. he port With the port types defined RSTP can quickly reconfigure a network when a change in network topology is detected 149 Chapter 11 Rapid Spanning Tree Protocol RSTP There are two possible selections Oo Point to point port o Edge port The default setting for the RSTP port point to point status is automatic With the automatic setting the point to point status is True of the port is operating in full duplex mode If the port is operating in half duplex mode then the point to point status is False Figure 38 illustrates two AT 9000 24 Gigabit Ethernet switches that have been connected with one data link With the link operating in full duplex the ports are point to point ports ol Point to Point Ports Full duplex Mode pears Peer eee m Figure 38 Point to Point Ports If a port is operating in half duplex mode and is not connected to any further bridges participating in STP or RSTP then you need to manually define the port as an edge port The default setting for the edge port status is False You must manually configure this setting for each port There is no automatic mode for the edge port setting Figure 39 illustrates an edge port on an AT 9000 24 Gigabit Ethernet switch The port is connected to an Ethernet hub which in turn is connected to a series of Ethernet workstations This is an edge port because it is connected to a device operating at half duplex
162. heck in a box indicates the port is a member of the trunk No check means the port is not a member A port trunk can contain up to eight ports Section II Web Browser Interface AT S84 Management Software User s Guide 3 From the list at the end of the port list for the trunk you want to enable or disable choose Manual to enable the trunk or Disable to disable it 4 Click Apply The trunk is now operational on the switch 5 Configure the port trunk on the other switch and connect the cables Enabling or This procedure enables and disables a port trunk Note the following Disabling a Port before performing this procedure Trunk 4 Donotenablea port trunk until after you have configured the trunk on both switches o Do not connect the cables to the ports on the switches until after you have configured and enabled the trunk on both switches Note If you are disabling a port trunk be sure to first disconnect all cables from the ports of the trunk Leaving the cables connected can create loops in your network topology because the ports of a disabled port trunk function as normal network ports forwarding individual network traffic To enable or disable a port trunk perform the following procedure 1 From the Advanced Config menu select Trunk Config The Trunk Configuration page is shown in Figure 71 2 From the list at the end of the port list for the trunk you want to enable or disable choose Manual to enable the
163. ies to ports operating in half duplex mode When a twisted pair port on the switch operating in half duplex mode needs to stop an end node from transmitting data it forces a collision A collision on an Ethernet network occurs when two end nodes attempt to transmit data using the same data link at the same time A collision causes the end nodes to stop sending data When a switch port needs to stop a half duplex end node from transmitting data it forces a collision on the data link which stops the end node After the switch is ready to receive data again the switch stops forcing collisions This is called back pressure To apply back pressure to a port perform the following procedure 1 From the Main Menu type B to select Basic Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 2 From the Basic Switch Configuration Menu type P to select Port Configuration The Port Configuration Menu is shown in Figure 17 on page 70 3 Type B to select Back Pressure The following prompt is displayed Enable or Disable all link up ports E D gt 4 Type E to enable back pressure or D to disable it The default is disabled 76 Section Using the Menus Interface AT S84 Management Software User s Guide Displaying Port Statistics To display statistics about a port perform the following procedure 1 AT 9000 24 Local From the Main Menu select Statistics The Statistics menu is shown in Fig
164. improves performance by distributing the traffic across multiple ports between the devices and enhances reliability by reducing the reliance on a single physical link A static trunk is easy to configure You designate the ports on the switch that are to be in the trunk and the management software on the switch automatically groups them together The example in Figure 19 illustrates a static port trunk of four links between two AT 9000 24 Gigabit Ethernet switches Figure 19 Static Port Trunk Example Network equipment vendors tend to employ different techniques to implement static trunks Consequently a static trunk on one device might not be compatible with the same feature on a device from a different manufacturer For this reason static trunks are typically employed only between devices from the same vendor That is not to say that an Allied Telesis layer 2 managed switch cannot form a static trunk with a device from another manufacturer but there is the possibility that the implementations of static trunking on the two devices might not be Section Using the Menus Interface AT S84 Management Software User s Guide compatible Also note that a static trunk does not provide for redundancy or link backup If a port in a static trunk loses its link the trunk s total bandwidth is diminished Though the traffic carried by the lost link is shifted to one of the remaining ports in th
165. in Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 21 on page 88 2 From the Advanced Switch Configuration Menu type V to select VLAN Management The VLAN Management Menu is shown in Figure 28 on page 114 3 Type S to select Set Port Config Section Using the Menus Interface Displaying the VLANs Section Using the Menus Interface AT S84 Management Software User s Guide The VLAN Port Configuration Menu is shown in Figure 28 on page 114 Type V to select Set Port VID The following prompt is displayed Set PVID gt Enter port number Type the number of the port whose PVID value you want to configure and press Enter You can configure only one port at a time The following prompt is displayed Enter PVID for port n Type the new PVID for the port and press Enter The PVID should equal the VID of the VLAN where you want the port to be an untagged member Note If you specify a PVID that does not correspond to any VIDs on the switch the management software creates a new VLAN with a VID that equals the PVID The VLAN is not assigned any name 7 Repeat steps 4 through 6 to configure additional ports To display a list of the VLANs on the switch perform the following procedure 1 From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 21 on page 88 From the Advance
166. in different VLANs that need to communicate with each other a router or Layer 3 switch is required to interconnect the VLANs The switch can support up to a total of 255 VLANs Section Using the Menus Interface AT S84 Management Software User s Guide Untagged VLAN Figure 26 illustrates how VLANs with untagged port members can be interconnected In this example the Sales VLAN spans two AT 9000 24 Gigabit Ethernet switches while the Production and Engineering VLANs are limited to just one switch Sales VLAN VID 2 Engineering VLAN VID 3 g S pp mk Production VLAN ee B VID 4 S S ee P j Sales VLAN ot aly _ 2 VID 2 eee Figure 26 Untagged VLAN Section Using the Menus Interface 109 Chapter 8 Virtual LANs and GVRP The table below lists the port numbers for the Sales Engineering and Production VLANs on the switches In this example all ports are untagged members of their respective VLANS 110 Sales VLAN Engineering VLAN Production VLAN VID 2 VID 3 VID 4 AT 9000 24 Gigabit Ports 1 3 5 7 20 Ports 9 11 13 21 23 None Ethernet Switch PVID 2 amp 24 top PVID 3 AT 9000 24 Gigabit Ports 1 2 4 None Ports 10 12 18 20 Ethernet Switch PVID 2 24 PVID 4 bottom Note the following concerning the example O Sales VLAN This VLAN spans both switches It has a VID
167. in eea e ea a a ae i a a aaia 148 RSTP Auto Detect Port Trunk Costs ooo nnee iie EE EE E E AE E a E O EA 148 Port Priority Value Increment nirre unaia teaa aaepe adian ai eae anpii eatin aianei 149 RSTP Point to Point Status tasoon aii aeai Eeee addaa E i 163 RSTP Point to Point Status sei aointean a a a a E e a a idl ia aiaa ai 276 Command Modes a E a Ea EnA A e EA nE A a A E a A anaE aaa a Eina 299 User EXEC Command Mode CommandS ceccecesceeeeeeeeeeneeeceneeenneeeeenaeeeeeeaeeenneeeeeaeeeseeeeeenneeeeneeeeseaeeenneeeees 300 Privileged EXEC Command Mode CommandS 00 cccceecseeeeeeeceenneeceeeeeeenneeeeaaeeeceeeeesseeeseaaeeseneeeesneeeeenaeeeeeaees 301 Global Configuration Command Mode Commands ceeeeseeeeeceeeeeeeeeeeeeeeeeeeeeeaeeceeeeeesneeeennaeeeseeeeennnneeenaes 301 Interface Configuration Command Mode Commands ecccceesseeeeeeeeeeeeeceeneeeseeeeeesaeeeseaeeseneeeesneeenenaeeseenees 303 VLAN Configuration Command Mode Commands ccceccceeeseeeeereeeeeneeeceaeeeeneeeeesaeeeeeaeeseneeeeeaeseeaeeeseeeeee 305 Command Line Syntax Conventions 0 cece ceeeeeeeneeeeeeeeeeeeneeeeaaeeeeeeeeesaeeeenaaeeeeeaaeeseeeeeeeaeeseeaaeeseneeeeeneeeenaas 308 11 Tables Preface This guide contains instructions on how to use the AT S84 management software to manage and monitor the AT 9000 24 Gigabit Ethernet switch The AT S84 management software has three management interfaces menus web browser and CLI
168. ing Started with the Command Line Interface 310 Section Basic Features Appendix A AT S84 Default Settings This appendix lists the AT S84 factory default settings It contains the following sections in alphabetical order Basic Switch Default Settings on page 312 SNMP Default Settings on page 314 Port Configuration Default Settings on page 315 Quality of Service on page 316 IGMP Snooping Default Settings on page 317 RSTP Default Settings on page 318 802 1x Network Access Control Default Settings on page 319 RADIUS Server Default Settings on page 320 Broadcast Storm Control Default Settings on page 321 02 oauan n 311 Appendix A AT S84 Default Settings Basic Switch Default Settings System Reboot Default Settings User Interface Configuration Default Settings Management Interface Default Settings 312 This section lists the default settings for basic switch parameters The following topics are covered OdQ0Q0Q00 0 System Reboot Default Settings next Ping Default Settings on page 313 User Interface Configuration Default Settings on page 312 Management Interface Default Settings on page 312 System IP Configuration Default Settings on page 313 System Administration Configuration Default Settings on page 313 The following table lists the system reboot default settings Setting Default
169. ing procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 From the Basic Switch Configuration menu type N to select SNMP Configuration The SNMP Configuration menu is shown in Figure 16 on page 63 Type D to select Delete SNMP Trap Receiver The following prompt is displayed Delete SNMP trap receivers gt Enter entry number gt Type the number of the entry you want to delete 67 Chapter 4 SNMP 68 Section Using the Menus Interface Chapter 5 Port Configuration Section l Using the Menus Interface This chapter contains the procedures for viewing and adjusting the parameter settings for the ports on the switch This chapter contains the following sections Displaying the Port Parameters on page 70 Enabling or Disabling a Port on page 72 Setting a Port s Speed and Duplex Mode on page 73 Changing the Flow Control Setting on page 75 Changing the Back Pressure Setting on page 76 02 a n n n Displaying Port Statistics on page 77 69 Chapter 5 Port Configuration Displaying the Port Parameters To display the parameter settings for the ports on the switch perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 2 From the Basic Switch Confi
170. int and Edge Ports on page 149 6 Enter T for True or F for False to change the Admin OperEdge status 7 Type P to select P to P Status Section II Menus Interface Section Il Menus Interface AT S84 Management Software User s Guide The following prompt is displayed Select port number to be changed gt Port number is in range from 1 to 9 O to set all ports 8 Enter the number of the port you want to change or type 0 zero to apply the settings to all ports on the switch The following prompt is displayed Set point to point for port n gt A T F This parameter defines whether the port is functioning as a point to point port The possible settings are Auto True and False For an explanation of this parameter refer to Point to Point and Edge Ports on page 149 9 Enter A for Auto T for True or F for False according to the operating status your network requires following the guidelines in Table 6 Table 6 RSTP Point to Point Status Admin Operation Port Duplex Operation Auto True Full False Half True True Full or Half False False Full or Half 10 Type M to select Restart Port Migration 11 The following prompt is displayed Select port number to be changed gt Enter the number of the port you want to change The following prompt is displayed Restart the protocol migration process for port n Y N This parameter resets an RSTP port allowing it to send RSTP BPDUs Wh
171. itch receives a frame it examines the frame header to see if it contains a VLAN tag tagged frame or no tag untagged frame After switching the frame to an outgoing port and before transmitting it the switch determines if the tag information should be kept in the header or should be stripped out and made into an untagged frame Incoming Frames Tagged frames received by the switch are only accepted not dropped or discarded if the tag information contained in the frame is equal to one of the VIDs of which the port is a member If the tag information contained in the frame does not match one of these VIDs the frames are dropped or discarded Untagged frames received by the switch are always accepted by all ports on the switch As described in Port VLAN Identifier on page 106 each untagged frame received by the switch is assigned a VLAN number equal to the PVID The switch then forwards this frame to one of the other member ports of that VLAN 107 Chapter 8 Virtual LANs and GVRP Guidelines for Creating a VLAN 108 Outgoing Frames Frames being transmitted from the switch retain their VLAN tag information in the frame header if the frame s tag does not match the PVID of the port a tagged member of that VLAN These frames are tagged after transmission from the switch The VLAN tag information in the header of the frame is stripped from the frame s header if the tag matches the PVID of the port an untagged membe
172. ity and Path Cost Click Apply To configure the advanced RSTP port settings perform the following procedure From the Basic Config menu select Rapid Spanning Tree gt RSTP Adv Port Config 275 Chapter 25 RSTP The RSTP Advanced Port Configuration page opens as shown in Figure 86 RSTP Advanced Port Configuration PartTrunk Link State Role AdminOperEdge Admin OperPteP Migration Al Trua w Auto Restart Apply 1 Up Forwarding Root Feise False Auto True RSTPs Reston Appty Down Discarding Disabled False yJFalse Auto False init Restert Apply Down Discarding Disabled Folse False Auto JFalse init_ Resten Apply Down Discarding Disabled False JFalse Awo JFalse finit Restart Appt 5 Down Discarding Disabled Folse False Auto False nit Restart Anoy 6 Down Discarding Disabled False False Auo False Init Restor Appt 7 Up FonwardingDesigneted Felse False Auto True RSTPy Restart App Down Discarding Disabled Felso J False Auto JFalse nit Restart Appi a Doym Discarding Disabled False False Asio False Init Restert Apply 10 Down Disearding Disabled False False Auo MiFalse Init r Restart
173. l as to view the current settings and contains the following items of information in the middle portion Root Port The active port on the switch that is communicating with the root bridge If the switch is the root bridge for the LAN then there is no root port and the root port parameter will be 0 Root Path Cost The sum of all the root port costs of all the bridges between the 153 Chapter 11 Rapid Spanning Tree Protocol RSTP 154 switch s root port and the root bridge including the switch s root port cost Time Since Topology Change The time in seconds since the last topology change took place When RSTP detects a change to the LAN s topology or when the switch is rebooted this parameter is reset to 0 seconds and begins incrementing until the next topology change is detected Topology Change Count An integer that reflects the number of times RSTP has detected a topology change on the LAN since the switch was initially powered on or rebooted The following parameters refer to the designated root bridge Designated Root This parameter includes two fields the root bridge priority and the MAC address of the root bridge For example 1000 00C08F1211BB shows the root bridge priority as 1000 and OOC08F1211BB as the MAC address Hello Time The hello time See Hello Time and Bridge Protocol Data Units BPDUs on page 149 This parameter affects only the root bridge Maximum Age The maximum amount of tim
174. lt authentication protocol is disabled Note For more information on the RADIUS authentication protocol refer to the RFC 2865 standard Section Using the Menus Interface AT S84 Management Software User s Guide Configuring the RADIUS Server To configure the RADIUS client perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 2 From the Basic Switch Configuration Menu type U to select User Interface Configuration The User Interface Configuration Menu is shown in Figure 7 on page 38 3 Type R to select RADIUS Server Configuration The RADIUS Server Configuration Menu is shown in Figure 49 aT 9000 24 Local Management System B Basic Switch Configuration gt RADIUS Server Configuration Menu Server IP Address 0 0 0 0 Shared Secret Response Time 10 seconds Maximum Retransmission 3 a A lt COMMAND gt Set Server I P Set Shared se c ret Set R esponse Time Set M ax Retransmission Q uit to previous menu Command gt E Figure 49 RADIUS Server Configuration Menu 4 To set the RADIUS server s IP address do the following a Type Ito select Set Server IP The following prompt is displayed Enter IP address for RADIUS server gt b Type the IP address of the RADIUS server and press Enter 5 To configure the shared secret do the f
175. lt settings Setting Default SNMP Status Disabled SNMP Read Community public Read only SNMP Write Community private Read Write Trap Authentication Enabled 314 Section Basic Features AT S84 Management Software User s Guide Port Configuration Default Settings The following table lists the port configuration default settings Port Configuration Setting Default Status Enabled Mode Auto Flow Ctrl Enabled Back Pressure Disabled 315 Appendix A AT S84 Default Settings Quality of Service 316 The following table lists the default mappings of IEEE 802 1p priority levels to egress port priority queues IEEE 802 1p Priority Level Port Priority Queue Oor1 QO lowest 2or3 Q1 4or5 Q2 6 or 7 Q3 highest Section Basic Features IGMP Snooping Default Settings AT S84 Management Software User s Guide The following table lists the IGMP Snooping default settings Setting Default IGMP Snooping Status Disabled IGMP Snooping Age Out Timer 280 seconds Maximum Multicast Groups 64 Multicast Router Ports Mode Auto Detect 317 Appendix A AT S84 Default Settings RSTP Default Settings The following table describes the RSTP default settings Setting Default Global RSTP Status Disabled Hello Time 2 Sec Bridge Forwarding 15 Maximum Age 20 Sec For
176. m a supplicant The switch requests the identity of the client and begins relaying authentication prompts between the client and the authentication server Force Unauthorized Places the port in the unauthorized state ignoring all attempts by the client to authenticate The switch cannot provide authentication services to the client through the interface Force Authorized Disables IEEE 802 1x authentication and causes the port to transition to the authorized state without any authentication exchange required The port transmits and receives normal traffic without 802 1x based authentication of the client This is the default setting Quiet Period Sets the number of seconds that the port remains in the quiet state following a failed authentication exchange with the client The default value is 60 seconds The range is 0 to 65 535 seconds Transmission Period Sets the number of seconds that the switch waits for a response to an EAP request identity frame from the client before retransmitting the request The default value is 30 seconds The range is 1 to 65 535 seconds Supplicant Timeout Sets the switch to client retransmission time for the EAP request frame The default value for this parameter is 30 seconds The range is 1 to 600 seconds Server Timeout Sets the timer used by the switch to determine authentication server 283 Chapter 26 802 1x Network Access Control 284 timeout conditions The default value for this para
177. mark feature to save the link to the switch Section II Using the Web Browser Interface 203 Chapter 16 Starting a Web Browser Management Session Quitting a Web Browser Management Session To exit a web browser management session close the web browser 204 Section Il Using the Web Browser Interface Chapter 17 Basic Switch Parameters Section II Web Browser Interface This chapter contains the following sections Q Oaooaogoaqaqaaoadauau ua Configuring an IP Address Subnet Mask and Gateway Address on page 206 Enabling and Disabling the DHCP Client on page 208 Configuring System Administration Information on page 209 Setting the User Interface Configuration on page 211 Enabling or Disabling the Web Server on page 214 Enabling or Disabling the Telnet Server on page 215 Configuring SNTP on page 216 Viewing System Information on page 217 Rebooting a Switch on page 219 Pinging a Remote System on page 220 Viewing the System Log on page 222 Returning the AT S84 Management Software to the Factory Default Values on page 224 205 206 Chapter 17 Basic Switch Parameters Configuring an IP Address Subnet Mask and Gateway Address This procedure explains how to change the IP address subnet mask and gateway address of the switch Before performing the procedure note the following An IP address and subnet mask are not required
178. meter is 10 seconds The range is 1 to 60 seconds Maximum Request Sets the maximum number of times that the switch retransmits an EAP Request packet to the client before it times out the authentication session The default value for this parameter is 2 retransmissions The range is 1 to 10 retransmissions Re auth Period Specifies the time period between periodic reauthentication of the client The default value is 3600 seconds The range is 1 to 65 535 seconds Re auth Status Specifies if reauthentication should occur according to the reauthentication period The options are Enabled or Disabled When you are finished configuring the parameters click Apply If the port control setting is Auto and you want to return the EAPOL machine state on the port to the initialized state select Yes for the Initialize parameter and click Apply If the port control setting is Auto and you want the node connected to the port to reauthenticate with the RADIUS server select Yes for the Re auth Initialize parameter and click Apply Section II Web Browser Interface Chapter 27 RADIUS Authentication Protocol Section II Web Browser Interface This chapter explains how to configure the RADIUS client on the switch You can use the RADIUS client with 802 1x network access control to control who can forward packets through the switch The chapter contains the following section O Configuring the RADIUS Client on page 286 Note F
179. mmand O Enter the DISABLE or EXIT commands to return to the User EXEC mode O Enter the LOGOUT command to quit the command mode and return to the Main Menu Global Switch config o Enter the CONFIGURE command to enter this mode Configuration from the Privileged EXEC mode mode O Enter the END or EXIT commands to return to the Privileged EXEC mode O Enter the LOGOUT command to quit the command mode and return to the Main Menu Section Basic Features 299 Chapter 30 Getting Started with the Command Line Interface Table 8 Command Modes Continued Command Mode Prompt Enter and Exit Commands Configuration Interface Switch config if o From the Global Configuration mode type interface Ethernetl port Oo Enter the END or EXIT commands to return to the Global Configuration mode O Enter the LOGOUT command to quit the command mode and return to the Main Menu Configuration VLAN Switch config vian Oo From the Global Configuration mode type interface vlan7d Oo Enter the END or EXIT commands to return to the Global Configuration mode Oo Enter the LOGOUT command to quit the command mode and return to the Main Menu User EXEC Command Mode 300 The User EXEC command mode is the default command mode that is available from the Main Menu It permits access to basic commands To access any of the other modes you must first access the User EXEC mode The commands i
180. mode and there are no participating STP or RSTP devices connected to it 150 Section Il Menus Interface Mixed STP and RSTP Networks Section Il Menus Interface AT S84 Management Software User s Guide Hub Figure 39 Edge Port A port can be both a point to point and an edge port at the same time Figure 40 illustrates a port functioning as both a point to point and edge port You must manually configure the edge port status yy a m Peers sin isu Point to Point and Edge Port Workstation Full duplex Mode Figure 40 Point to Point and Edge Port Determining whether a bridge port is point to point edge or both can be a bit confusing For that reason do not change the default values for this RSTP feature unless you have a good grasp of the concept In most cases the default values work well RSTP IEEE 802 1w is fully compliant with STP IEEE 802 1d Your network can consist of bridges running both protocols STP and RSTP in the same network can operate together to create a single spanning tree domain The switch monitors the traffic on each port for BPDU packets When you set the switch to RSTP mode all the ports operate in that mode and reject STP BPDU packets When you set the switch to operate in STP compatible mode the ports can receive either RSTP or STP BPDU 151 Chapter 11 Rapid Spanning Tree Protocol RSTP Rapid Spanning Tree and VLANs 1
181. n Figure 70 on page 237 In the bottom half of the page enter the IP address for each trap receiver Enter the community string to associate with that trap receiver Select Enable from the list Click Apply To disable a trap receiver perform the following procedure 1 From the Basic Config menu select SNMP Config The SNMP Configuration page is shown in Figure 70 on page 237 To the right of the trap receiver you want to disable select Disable from the list Click Apply To delete a trap receiver perform the following procedure 1 From the Basic Config menu select SNMP Config The SNMP Configuration page is shown in Figure 70 on page 237 To the right of the trap receiver you want to disable select Delete from the list Click Apply Section Il Web Browser Interface Chapter 20 Port Trunking This chapter contains the following procedures for working with port trunking O Setting Up a Port Trunk on page 240 O Setting Up an LACP Trunk on page 242 Note For background information on trunking refer to Port Trunking Overview on page 82 Section II Web Browser Interface 239 Chapter 20 Port Trunking Setting Up a Port Trunk 240 This section contains the following procedures for working with port trunks 0 Creating a Port Trunk next o Enabling or Disabling a Port Trunk on page 241 Creating a Port This procedure explains how to create
182. n Menu is shown in Figure 4 AT 9000 24 Local Management System Main Menu gt Basic Switch Configuration Menu System A dministration Configuration System I P Configuration S N MP Configuration P ort Configuration U ser Interface Configuration Rapid S panning Tree Configuration Storm C ontrol Configuration SN T P Configuration Q uit to previous menu Command gt Figure 4 Basic Switch Configuration Menu 32 Section Using the Menus Interface AT S84 Management Software User s Guide 2 From the Basic Switch Configuration Menu type I to select System IP Configuration The System IP Configuration Menu is shown in Figure 5 AT 9000 24 Local Management System Basic Switch Configuration gt System IP Configuration Menu MAC Address 00 06 5H B2 65 84 IP Address 0 0 0 0 Subnet Mask 0 0 0 0 Gateway 0 0 0 0 DHCP Mode Disabled Set I P Address Set Subnet M ask Set Default G ateway Enable Disable D HCP Mode Q uit to previous menu Command gt Figure 5 System IP Configuration Menu The top portion of the menu displays the current IP address subnet mask and gateway address for the switch The menu also displays the switch s MAC address The MAC address cannot be changed The menu also displays the current status of the DHCP client on the switch The Enable Disable DHCP Mode option is described in Enabling and Disabling the DHCP Client on page 35 3 To set the switch s IP addre
183. n in Figure 65 Ping Test Result RESULT Destination IP Address 149 35 8 54 Pass 100 Average Time 69ms Back to Ping Test Figure 65 Ping Test Results Page 5 Click Back to Ping Test to return to the Ping Test Configuration page Section Il Web Browser Interface 221 Chapter 17 Basic Switch Parameters Viewing the System Log 222 The system log displays system level events in the switch such as logging in to the management software To view the system log perform the following procedure 1 From the Tools menu select System Log The System Log page opens as shown in Figure 66 System Log Clear All Refresh ID Date Time L Type Description 1 01 01 1900 00 00 05 System Switch start 2 01 01 1900 00 00 06 PCFG Port 2 link up 3 01 01 1900 00 00 09 SNTP Get SNTP time 08 03 2006 14 29 00 4 08 03 2006 14 29 05 IP DHCP get IP address 149 35 8 43 gt 5 08 03 2006 14 30 18 Console Login from console 6 01 01 1900 00 00 05 System Switch start 7 01 01 1900 00 00 06 PCFG Port 2 link up 8 01 01 1900 00 00 09 1 SNTP Get SNTP time 08 04 2006 09 15 06 9 08 04 2006 09 15 10 I IP DHCP get IP address lt 149 35 8 43 gt 1 08 04 2006 09 19 04 Console Login from console 1 01 01 1900 00 00 05 System Switch start 01 01 1900 00 00 06 PCFG Port 1 link up 01 01 1900 00 00 09 1 SNTP Get SNTP time 08 07 2006 15 10 48 a a oln DN So hal e o
184. n the User EXEC mode are accessible from any of the other modes with the exception of the ENABLE command which is only accessible from the User EXEC mode The prompt changes to Switch gt to indicate the User EXEC mode See Table 9 for a list of the commands that can be accessed from the User EXEC mode and a brief description of each command Table 9 User EXEC Command Mode Commands Command Definition ENABLE Changes mode from the User EXEC mode to the Privilege EXEC mode EXIT Exits the User EXEC mode and returns you to the Main Menu LOGOUT Exits the command line interface and returns you to the Main Menu MODE Displays the available command modes PING Pings a specified IP address to check connectivity to another system Section Basic Features Privileged EXEC Command Mode Global Configuration Command Mode Section Basic Features AT S84 Management Software User s Guide The commands in the Privileged EXEC command mode permit you to perform system level commands such as rebooting the system copying configuration files and clearing statistics To access this mode you must first access the User EXEC command mode The prompt changes to Switch to indicate the Privileged EXEC mode See Table 10 for a list of commands that can be access from the Privileged EXEC command mode Table 10 Privileged EXEC Command Mode Commands Command Description CLEAR Clears the int
185. nd line interface is described in Section III Using the Command Line Interface on page 295 28 Section Using the Menus Interface AT S84 Management Software User s Guide Quitting from a Local Management Session Section Using the Menus Interface To quit a local management session return to the Main Menu and type Q for Quit When you are finished managing the switch make sure to exit from a management session Quitting from a local session prevents unauthorized changes to the switch s configuration if you leave your workstation unattended Note A local management session automatically times out if there is no management activity during a pre defined length of time referred to as the timeout period The timeout feature is intended to protect the parameter settings on the switch from unauthorized changes should you leave your management station unattended during a management session The default timeout value is 10 minutes To change the timeout default value refer to Setting the User Interface Configuration on page 38 29 Chapter 2 Getting Started with the Menus Interface 30 Section Using the Menus Interface Chapter 3 Basic Switch Parameters This chapter contains the following sections 0 Configuring the IP Address Subnet Mask and Gateway Address on page 32 Enabling and Disabling the DHCP Client on page 35 Configuring System Administration Information on p
186. ne Interface S tatistics Q uit Command gt Figure 93 Main Menu A command line prompt is displayed in Figure 94 The default switch name is Switch gt and the arrow prompt indicates the user executive mode After you name the switch with the HOSTNAME command the new switch name replaces Switch For example if you rename the switch San Jose the prompt changes to San Jose gt Switch gt Figure 94 Command Line Prompt User Executive Mode Section Basic Features 307 Chapter 30 Getting Started with the Command Line Interface Command Formatting 308 Command Line Interface Features Command Line The AT S81 command line interface follows same formatting conventions for all of the command modes There are command line interface features which apply to the general use of the command line and command syntax conventions which apply when entering the commands See the following sections The following features are supported in the command line interface Command history Use the up and down arrow keys Context specific help Press the question mark key to see a list of legal parameters or display all of the available commands for a particular command mode There are two formatting options command List the keywords or arguments that are required by a particular command A space between a command and a question mark is required abbreviated command Provides a lis
187. necessary System Description Specifies the model number of the switch You cannot change this parameter System Name Specifies a name for the switch for example Sales The name is optional and may contain up to 50 characters Note Allied Telesis recommends that you assign a name to the switch A name can help you identify the switch when you manage it and can also help you avoid performing a configuration procedure on the wrong switch System Location Specifies the location of the switch The location is optional and may contain up to 50 characters System Contact Specifies the name of the network administrator responsible for 209 Chapter 17 Basic Switch Parameters managing the switch This contact name is optional and may contain up to 50 characters 3 Click Apply 210 Section II Web Browser Interface AT S84 Management Software User s Guide Setting the User Interface Configuration This procedure explains how to adjust the user interface and security features on the switch With this procedure you can o Change the console timer used to automatically end inactive local management sessions o Change the AT S84 management login user name and password o Enable and disable the web server used to manage the switch from a remote management station with a web browser To set the switch s user interface configuration perform the following procedure 1 From the Basic Config menu select Use
188. ng Q uit to previous menu Command gt Figure 25 Port Mirroring Menu 3 Type S to select Set Mirroring Port The following prompt is displayed Set monitoring port gt Enter port number gt 4 Type the number of the port where the network analyzer is connected and press Enter You can specify only one port 5 Type M to select Set Mirrored Port The following prompt is displayed Set monitored port gt Enter port number gt 6 Type the number of the port whose ingress and egress traffic you want to monitor and press Enter You can specify only one port Section Using the Menus Interface 99 Chapter 7 Port Mirroring 7 Type E to select Enable Disable Port Mirroring The following prompt is displayed Enable or Disable monitoring E D gt 8 Type E to enable port mirroring You can now connect your data analyzer to the mirroring port 100 Section Using the Menus Interface AT S84 Management Software User s Guide Enabling or Disabling Port Mirroring Section Using the Menus Interface To enable or disable port mirroring perform the following procedure 1 From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 21 on page 88 From the Advanced Switch Configuration Menu type M to select Port Mirroring Configuration The Port Mirroring Menu is shown in Figure 25 on page 99 Type E to select Enable Disable Port Mirroring
189. ng Force authorized Supplicant with l 802 1x Client ISN RADIUS Software E Authentication digii l Server Figure 46 Example of the Authenticator Role Port 2 is set to Auto The end node connected to the port must use its 802 1x client software and provide a username and password to send or receive traffic from the switch Port 8 is set to the Force authorized setting so that the end node connected to the port does not have to provide a user name or password to send or receive traffic from the switch In the example the node is the RADIUS authentication server Since the server cannot authenticate itself its port must be set to Force authorized in order for it to pass traffic through the port Port 7 is set to Force unauthorized to prevent anyone for using the port Section Using the Menus Interface General Steps Network Access Control Guidelines Section Using the Menus Interface AT S84 Management Software User s Guide As mentioned earlier the switch itself does not authenticate the user names and passwords from the clients That is the responsibility of the authentication server which contains the RADIUS server software Instead a switch acts as an intermediary for the authentication server by denying access to the network by the client until the client has provided a valid username and password which the authentication server validates Following are the general steps to implementing 802 1x Netw
190. ng the Menus Interface Default SNMP Community Strings Section l Using the Menus Interface AT S84 Management Software User s Guide device You can enable it again later or even delete it When a community string is enabled then it is available for use Trap Receivers A trap is a signal sent to one or more management workstations by the switch to indicate the occurrence of a particular operating event on the device There are numerous operating events that can trigger a trap For instance resetting the switch or the failure of a cooling fan are two examples of occurrences that cause a switch to send a trap to the management workstations You can use traps to monitor activities on the switch Trap receivers are the devices typically management workstations or servers that you want to receive the traps sent by the switch You specify the trap receivers by their IP addresses You assign the IP addresses to the community strings Each community string can have up to four trap IP addresses It does not matter which community strings you assign your trap receivers When the switch sends a trap it looks at all the community strings and sends the trap to all trap receivers on all community strings This is true even for community strings that have a access mode of only Read If you are not interested in receiving traps then you do not need to enter any IP addresses of trap receivers The AT S84 management software provides two def
191. ng the Menus Interface 41 Chapter 3 Basic Switch Parameters Disabling or Enabling the Web Server 42 The AT S84 management software is shipped with web server software The software is available so that you can remotely manage the switch with a web browser from any management station on your network The instructions for managing a switch with a web browser are described in Chapter 16 Starting a Web Browser Management Session on page 199 The default setting for the web server is enabled To disable or enable the web server perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 2 From the Basic Switch Configuration Menu type U to select User Interface Configuration The User Interface Configuration Menu is shown in Figure 7 on page 38 3 From the User Interface Configuration Menu type W to select Enable Disable Web Server The following prompt is displayed Enable or Disable web server E D gt 4 Type D to disable the web server or E to enable it Section Using the Menus Interface AT S84 Management Software User s Guide Disabling or Enabling the Telnet Server Section Using the Menus Interface This procedure describes how to enable or disable the Telnet server on the switch The default setting for the Telnet server is enabled To disable or enable the Telnet server perfo
192. ntagged packets received on the port are stored on the egress queue Override Displays whether the priority level in ingress tagged frames is being used or not If No the override is deactivated and the port is using the priority levels contained within the frames to determine the egress queue If Yes the override is activated and the tagged packets are stored in the egress queue specified in the Queue column Section Il Web Browser Interface 265 Chapter 23 Quality of Service QoS 266 2 Tochange the egress queue where ingress untagged frames received on a port are to be stored on the egress port refer to Table 2 on page 127 The range is 0 lowest to 3 highest The default is 0 For example if you select 3 for queue 3 for a port all ingress untagged packets received on the port are stored in egress queue 3 on the egress port If you perform Step 3 and override the priority level in ingress tagged packets this also applies to tagged packets as well If the selected port is part of a port trunk all ports in the trunk are automatically assigned the same egress queue To configure a tagged port so that the switch ignores the priority tag in ingress tagged frames select Enable from the Override column for the corresponding port The default for this parameter is disabled meaning that the priority level of tagged frames is determined by the priority level specified in the frame itself 4 Click Apply Note Th
193. nterface Port 4 AT S84 Management Software User s Guide O Ports used to interconnect switches should be set to the port control setting of Force authorized This is illustrated in Figure 47 802 1x Port Control Setting Force authorized aia if Switch A Port 16 802 1x Port Control Setting Force authorized RADIUS Authentication Port 3 Server 802 1x Port Control Setting Force authorized a a ki spens ERTA ie Switch B PN Arii m Ports 6 20 Pe 802 1x Port Control co ye i Setting Auto ic Supplicants with cS 5 802 1x Client Software Figure 47 Authentication Across Multiple Switches 173 Chapter 12 802 1x Network Access Control Configuring 802 1x Network Access Control To configure 802 1x network access control perform the following procedure 1 From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 21 on page 88 2 From the Advanced Switch Configuration Menu type X to select 802 1x Port Based Access Control Configuration The Port Based Access Control Configuration Menu is shown in Figure 48 AT 9000 24 Local Management System Advanced Switch Configuration gt Port Based Access Control Configuration Menu NAS ID Nas1 Port No eb Port Status Authorized Port Control Force Authorized Transmission Period seconds Supplicant Timeout second
194. o an authenticator port on the switch The switch allows only one supplicant to log on per port 171 Chapter 12 802 1x Network Access Control 172 Note Connecting multiple supplicants to a switch port set to the Auto setting does not conform to the IEEE 802 1x standard This can introduce security risks and can result in undesirable switch behavior To avoid this Allied Telesis recommends use the Force authorized setting on those ports that are connected to more than one end node such as a port connected to another switch or to a hub O A username and password combination is not tied to the MAC address of an end node This allows end users to use the same username and password when working at different workstations O After a supplicant has successfully logged on the MAC address of the end node is added to the switch s MAC address table as an authenticated address It remains in the table until the end user logs off the network The address is not timed out even if the end node becomes inactive Note End users of access control should be instructed to always log off when they are finished with a work session This prevents unauthorized individuals from accessing the network through unattended network workstations O There should be only one port in the authenticator port control setting of Auto between a client and the authentication server Section Using the Menus Interface Section Using the Menus I
195. oad Download menu is shown in Figure 54 AT 9000 24 Local Management System Configuration File Upload Download gt TFTP Configuration File Upload Download TFTP Server IP 0 0 0 0 Config File Name Retry Count Set TFTP Slerver IP Address Set Configuration F lile Name U pload configuration File D ownload Configuration File Set R etry Count Q uit to previous menu Command gt Figure 54 TFTP Configuration File Upload Download Menu 4 Type S to select Set TFTP Server IP Address The following prompt is displayed Enter IP address of TFTP server 194 Section Using the Menus Interface Downloading a Configuration File Section Using the Menus Interface 10 11 AT S84 Management Software User s Guide Type the IP address of the TFTP server and press Enter Type F to select Set Configuration File Name The following prompt is displayed Enter file name gt Enter the file name of the switch configuration file on the TFTP server and press Enter Note There is no default name for the configuration file Type R to select Set Retry Count The following prompt is displayed Enter retry count gt Enter the number of times you want the switch to retry in the event a problem occurs during the download process The range is 1 to 20 The default is 5 times To begin the upload type U to select Upload Configuration File The following prompt is displayed Upload file Y N gt Type Y for y
196. oii bee i oiiae A cevbecuevdsesb sabecdocgee such geusuddbuscencesebendenseteves 47 Switch Tools Configuration Menu cc ceecseceeeeeeeneeceeeeenneeeeeaeeseeeeeesneeeeeaaeeeeeeaeesaeeeeaeeeeeaeesnneeeeseeeseeaeeesneeeenaa 50 System Reboot MENU snanar a akee e E AEA E EEE Eaa EANA EEn EE dh EEn EA dan EA EARE ARE ANEAN dienes tienes 51 Ae A Ee aN ae D E EE A TE T E E E E E E EATE 52 Ping RESUItS wisetetesses Atkin eh Sie ee EAT att ei Ses ek Ge eo e as a at 54 system Log Menu jw 4 wiih in ee He a a ee ee E ee eh 55 SNMP Configuration MON ics 2 scsese creo ode eveRangseebseededesttpblatets e aip aaia e aaaea iad iata 63 Port Configuration Menu siinon adei i a a Sigadecenteeteg iade i aaas 70 Statistics Men nenret a a e a ee aa a a aa ede 77 Static Port Trunk Example marein ananin done pee EE esc EN senile siesta ener he 82 LAGP Trunk BXample E E Sa cac ts tiiecfaccph saree Ns E coe ca dacds ceusgaacndadasse eeu sa basecagacs teataadues eduveadha shea 84 Advanced Switch Configuration M nu ccccceeccesseeecesneeeeeeeeeeeneeeesaeeeseeaeesnneeeesaaeesesaeeesneeeeaeeeseaaeeeseeeeesnaeeeeenas 88 Mrunk Gontiguration i Menu ti eves sseiee 8 a a eee siete aia ae ete 89 LAGP Port Priority MGM sicsccets siet e a ara raa A E E Ra enra EAE Ea aAa ata aA aae aaan T aa ae aai 93 LACP Group Status Menu E T E 95 Port Mirroring Men sarisini ann eben ete ne doce a li go cu soedees nee dendl Magus see gnne sec eee gee ebb cee eee Gae arr dae 99 Un
197. ollowing Section Using the Menus Interface 181 Chapter 13 RADIUS Authentication Protocol a Type C to select Shared Secret The following prompt is displayed Enter secret string for server gt b Enter the encryption key of the RADIUS server 6 To set the response time do the following a Type R to select Set Response Time The following prompt is displayed Enter response time gt b Enter the amount of time in seconds the switch should wait for a response from the RADIUS server The range is 1 to 120 seconds The default is 10 seconds 7 To configure the maximum retransmissions do the following a Type M to select Max Retransmission The following prompt is displayed Enter maximum retransmissions gt b Enter the number of times the switch should retransmit to the RADIUS server in the event that the server does not respond The range is 1 to 254 The default is 3 182 Section Using the Menus Interface AT S84 Management Software User s Guide Displaying the RADIUS Server Settings Section Using the Menus Interface To display the RADIUS client status and settings perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 From the Basic Switch Configuration Menu type U to select User Interface Configuration The User Interface Configuration Menu is shown in Figure 7 on page 38 Typ
198. ollowing parameters refer to the designated root bridge Designated Root This parameter includes two fields the root bridge priority and the MAC address of the root bridge For example 1000 00C08F1211BB shows the root bridge priority as 1000 and OOCO08F1211BB as the MAC address Hello Time The hello time See Hello Time and Bridge Protocol Data Units BPDUs on page 149 This parameter affects only the root bridge Maximum Age The maximum amount of time that BPDUs are stored before being deleted on the root bridge Forward Delay The time interval between generating and sending configuration messages by the root bridge The lower section provides information about the bridge The following parameters refer to the switch Bridge ID The MAC address of the bridge The bridge identifier is use as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority You cannot change this setting Bridge Hello Time This is the time interval between generating and sending configuration messages by the bridge This parameter is active only when the switch is the root bridge Bridge Maximum Age The length of time after which stored bridge protocol data units BPDUs are deleted by the bridge Bridge Forward Delay This is the time interval between generating and sending configuration messages by the bridge 273 Chapter 25 RSTP Configuring RSTP Port Settings Configuring the
199. on Section II Web Browser Interface The sections in this chapter explain the two methods to viewing and changing the parameter settings of the individual ports on the switch The first method shows how to use the Port Configuration page to view and configure multiple ports at one time The second is typically used to configure just one port at a time There is also a section for viewing port statistics The sections are ao Viewing and Configuring Multiple Ports on page 226 Oo Viewing and Configuring a Single Port on page 229 o Displaying Port Statistics on page 232 225 Chapter 18 Port Configuration Viewing and Configuring Multiple Ports This procedure allows you to configure the ports on the switch using the Port Configuration page This page allows you to view and configure the parameter settings of all the switch ports at one time To configure the ports perform the following procedure 1 From the Basic Config menu select Port Config The Port Configuration page opens as shown in Figure 67 The page lists all the ports on the switch and their current settings Port Configuration Back Pre re Disable m Apply Port Index Trunk Type Link Status Admin Status Mode Flow Co All Enable m Auto Disable Apply 000TX Down Enable Auto Disable m Apply 2 1000TX Down Enable M Auto m
200. onfiguration Members Page Untagged ports of the VLAN are indicated with a U and tagged ports with a T Section Il Web Browser Interface 255 Chapter 22 Virtual LANs Modifying a VLAN 256 This procedure allows you to perform the following functions O Change the name of a VLAN O Add or remove tagged ports from a VLAN Before performing this procedure note the following a You cannot change the VID of an existing VLAN o You cannot add an untagged port to a VLAN using this procedure That function requires changing a port s VID value as explained in Configuring the PVID of Untagged Ports on page 252 O You cannot remove an untagged port from a VLAN using this procedure To remove an untagged port from a VLAN you must assign it as an untagged member of another VLAN by changing its PVID as explained in Configuring the PVID of Untagged Ports on page 252 To change the name of a VLAN or to add or remove tagged ports perform the following procedure 1 From the Advanced Config menu select VLAN Config gt VLAN Info The VLAN Information page opens as shown in Figure 78 VLAN Information GVRP Status Disable m Apply Resetto Default VLAN ID Name VLAN Type VLAN Action 1 Default VLAN Permanent modify 2 two Static modify delete Figure 78 VLAN Information Page Use the Next Page and Previous Page buttons to scroll through the list of VLANs 2 Inthe VLAN
201. onfiguration File The following prompt is displayed Download file Y N gt Type Y for yes to begin the downloading or N for no to cancel the procedure After the downloading is complete reset the switch to implement the new settings Section Using the Menus Interface Section IT Using the Web Browser Interface The chapters in this section provide information and procedures for using the web browser interface in the AT S84 management software The chapters include m 022 0 02 O02 08 2 7 0 0 00000000 Section ll Using the Web Browser Interface Chapter 16 199 Chapter 17 Chapter 18 Chapter 19 Chapter 20 Chapter 21 Chapter 22 Chapter 23 Chapter 24 Chapter 25 Chapter 26 Chapter 27 Chapter 28 Chapter 29 Starting a Web Browser Management Session on page Basic Switch Parameters on page 205 Port Configuration on page 225 SNMP on page 235 Port Trunking on page 239 Port Mirroring on page 245 Virtual LANs on page 249 Quality of Service QoS on page 261 IGMP on page 267 RSTP on page 271 802 1x Network Access Control on page 281 RADIUS Authentication Protocol on page 285 Broadcast Storm Control on page 287 Working with System Files on page 289 Note The menus interface is described in Section Using the Menus Interface on page 23 and the command line interface is des
202. or background information refer to 802 1x Network Access Control Overview on page 168 and RADIUS Overview on page 180 285 Chapter 27 RADIUS Authentication Protocol Configuring the RADIUS Client To configure the RADIUS client perform the following procedure 1 From the Basic Config menu select User Interface gt RADIUS Config The RADIUS Configuration page opens as shown in Figure 89 RADIUS Configuration Server IP Address 0 0 io 0 Shared Secret Response Time 10 Sec 1 120 Maximum Retransmission 3 1 254 Aeey Figure 89 RADIUS Configuration Page 2 Enter the RADIUS server s IP address in the Server IP Address field 3 To specify the server s encryption key enter the encryption key in the Shared Secret field 4 To change the response time setting enter a value in the Response Time field The response time is the amount of time in seconds the switch waits for a response from the RADIUS server The range is 1 to 120 seconds The default is 10 seconds 5 To change the maximum retransmissions setting enter a new value in the Maximum Retransmissions field This parameter specifies the number of times the switch should retransmit to the RADIUS in the event the server does not respond The range is 1 to 254 The default is 3 6 Click Apply to save your changes 286 Section Il Web Browser Interface Chapter 28 Broadcast Storm Control This chapter contains the
203. ork Access Control 1 You must install RADIUS server software on one or more of your network servers or management stations Authentication protocol server software is not available from Allied Telesis You need to install 802 1x client software on those workstations that are to be supplicants You must configure and activate the RADIUS client software in the AT S84 management software The default setting for the authentication protocol is disabled You will need to provide the following information O The IP address of a RADIUS servers 0 The encryption key used by the authentication server For instructions refer to Chapter 13 RADIUS Authentication Protocol on page 179 You must configure the authenticator port settings as explained in Configuring 802 1x Network Access Control on page 174 in this chapter Following are the guidelines for using this feature m m o o Ports set to Auto do not support port trunking or dynamic MAC address learning The appropriate setting for a port on an AT 8000 8POE Fast Ethernet Switch connected to an authentication server is Force authorized the default setting This is because an authentication server cannot authenticate itself The authentication server must be a member of the Default VLAN by communicating with the switch through a port that is an untagged member of the Default VLAN Allied Telesis does not support connecting more than one supplicant t
204. ormation Total RX Bytes Number of bytes received on the port Total RX Pkts Number of packets received on the port Good Broadcast Number of valid broadcast packets received on the port 232 Section II Web Browser Interface Section Il Web Browser Interface AT S84 Management Software User s Guide Good Multicast Number of valid multicast packets received on the port CRC Align Errors Number of packets with a cyclic redundancy check CRC error but with the proper length 64 1518 bytes received on the port Undersize Pkts Number of packets that were less than the minimum length specified by IEEE 902 3 64 bytes including the CRC received on the port Oversize Pkts Number of packets that exceeded the maximum length specified by IEEE 902 3 1518 bytes including the CRC received on the port Fragments Number of undersized packets packets with alignment errors and packets with FCS errors CRC errors received on the port Jabbers Number of electrical signal errors detected on the port Collisions Number of packet collisions on the port 64 Byte Pkts Number of 64 byte packets sent or received by the port The minimum length of an Ethernet packet is 64 bytes 65 127 Pkts Number of 65 to 127 byte packets sent or received by the port 128 255 Pkts Number of 128 to 255 byte packets sent or received by the port 256 511 Pkts Number of 256 to 511 byte packets sent or received by the port 512 1023 Pkts
205. owing prompt is displayed Enter system contact gt b Type the name of the network administrator responsible for managing the switch The contact name is optional and can contain up to 50 characters Section Using the Menus Interface 37 Chapter 3 Basic Switch Parameters Setting the User Interface Configuration 38 This procedure explains how to adjust the user interface and security features on the switch With this procedure you can change various settings that control user access to the switch To set the switch s user interface configuration perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 2 From the Basic Switch Configuration Menu type U to select User Interface Configuration The User Interface Configuration Menu is shown in Figure 7 AT 9000 24 Local Management System Basic Switch Configuration gt User Interface Configuration Menu Console UI Idle Timeout 5 Min Telnet UI Idle Timeout 5 min Telnet Server Enabled SNMP Agent Enabled web Server Enabled User Name manager lt COMMAND gt Set C onsole UI Time Out Enable Disable Te net Server Set T lelnet UI Time Out Enable Disable S NMP Agent Change Administrator User N ame Enable Disable w leb Server Change Administrator P assword Q uit to previous menu R ADIUS Server Configuration Command gt Figure 7
206. pe U to select Quiet Period The following prompt is displayed Enter quiet period gt This parameter sets the number of seconds that the port remains in the quiet state following a failed authentication exchange with the client The default value is 60 seconds The range is 0 to 65 535 seconds Enter a number for the quiet period 13 To configure the reauthentication period do the following a b Type E to select Re Auth Period The following prompt is displayed Enter re authentication period gt This parameter specifies the time period between periodic reauthentication of the client The default value is 3600 seconds The range is 1 to 65 535 seconds Enter a number for the re authentication period 14 To enable or disable reauthentication do the following a b Type A to select Re Auth Status The following prompt is displayed Enable or Disable re authentication E D gt This parameter specifies if reauthentication should occur according to the reauthentication period The options are Enabled or Disabled Type E to enable reauthentication or D to disable reauthentication 177 Chapter 12 802 1x Network Access Control 178 15 If the port control setting is Auto and you want to return the EAPOL machine state on the port to the initialized state do the following a Type Ito select Initialize The following prompt is displayed would you initialize authenticator Y N gt b Typing Y re
207. problem Rebooting the device does not change any of the device s parameter settings Caution The switch does not forward network traffic during the reboot process Some network traffic may be lost To reboot the switch perform the following procedure 1 From the Main Menu type T to select Switch Tools The Switch Tools Configuration Menu is shown in Figure 11 AT 9000 24 Local Management System Main Menu gt Switch Tools Configuration Menu Software U pgrade C onfiguration File Upload Download System R eboot P ing Execution Q uit to previous menu Command gt Figure 11 Switch Tools Configuration Menu 2 From the Switch Tools Configuration Menu type R to select System Reboot 50 Section Using the Menus Interface AT S84 Management Software User s Guide The System Reboot Menu is shown in Figure 12 AT 9000 24 Local Management System Main Menu gt System Reboot Menu Reboot Status Stop Reboot Type Normal Set Reboot O ption Start R eboot Process Q uit to previous menu Command gt Figure 12 System Reboot Menu 3 From the System Reboot menu type O to select Set Reboot Option The following prompt is displayed Select reboot option F I N gt 4 Type N to select Normal This reboot type does not change the current configuration Note The F and I options are described in Returning the AT S84 Management Software to the Factory Default Values on page 57
208. procedure for configuring the broadcast storm control feature on the switch O Configuring Broadcast Storm Control on page 288 Note For background information on broadcast storm control refer to Broadcast Storm Control Overview on page 186 Section II Web Browser Interface 287 Chapter 28 Broadcast Storm Control Configuring Broadcast Storm Control To configure the broadcast storm control feature perform the following procedure 1 From the Basic Config menu select Storm Control The Broadcast Storm Control page opens as shown in Figure 90 Broadcast Storm Control Storm Control Status Disable v Threshold Value Low v Figure 90 Broadcast Storm Control Page 2 From the Storm Control Status list select Enable to activate the feature or Disable to deactivate it The default setting is disabled 3 If you are activating the feature from the Threshold Value list select the desired threshold Possible values are a High 3000 broadcast packets per second o Medium 500 broadcast packets per second 0 Low 100 broadcast packets per second 4 Click Apply 288 Section II Web Browser Interface Chapter 29 Working with System Files Section II Web Browser Interface The procedure in this chapter explains how to download a new version of the AT S84 management software onto the switch or upload or download a configuration file The sections include O Downloading
209. r 10 IGMP Snooping on page 137 Chapter 11 Rapid Spanning Tree Protocol RSTP on page 145 Chapter 12 802 1x Network Access Control on page 167 Chapter 13 RADIUS Authentication Protocol on page 179 Chapter 14 Broadcast Storm Control on page 185 Chapter 15 Working With System Files on page 189 2 2 0000000000000000 Note The web browser interface is described in Section Il Using the Web Browser Interface on page 197 and the command line interface is described in Section Ill Using the Command Line Interface on page 295 Section l Using the Menus Interface 23 24 Section Using the Menus Interface Chapter 2 Getting Started with the Menus Interface Section l Using the Menus Interface This chapter provides information and instructions on how to access the menus interface of the AT S84 management software by starting a local management session This chapter contains the following sections O Starting a Local Management Session on page 26 Oo Using the Menus Interface on page 28 0 Quitting from a Local Management Session on page 29 25 Chapter 2 Getting Started with the Menus Interface Starting a Local Management Session You establish a local management session with the AT 9000 24 Gigabit Ethernet switch by connecting a terminal or personal computer with a terminal emulation program to the RS 232 console port on the front p
210. r Interface gt User Interface The other selection on this menu RADIUS is described in Chapter 27 RADIUS Authentication Protocol on page 285 The User Interface page is shown in Figure 60 User Interface Console Ul Idle Time Out 30 Min 0 60 0 means no timeout Telnet Ul Idle Time Out 30 Min 1 60 Telnet Server Enable SNMP Agent Enable v S Enable v User Narr Password New User Name New Password Verify New Password Apply Figure 60 User Interface Page The User Interface page has three parts O Console and Telnet UI Idle Time Out settings Section Il Web Browser Interface 211 Chapter 17 Basic Switch Parameters 212 o Server and SNMP settings o User name and password settings Note For information about the SNMP Agent selection refer to Enabling or Disabling the SNMP Agent on page 236 2 To configure the console UI time out parameters do the following a In the Console UI Time Out field enter a new value The range is 0 to 60 minutes The default is 5 minutes A timeout value of 0 causes the console connection to never times out The console idle time out parameter specifies the length of time a local management session can be inactive before the management software automatically ends it The purpose of this parameter is to prevent unauthorized individuals from configuring the switch should you leave your management workstation unattended This parameter appli
211. r of the VLAN These frames are untagged after transmission from the switch The following are guidelines for creating a VLAN O Each VLAN must be assigned a unique VID If a particular VLAN spans multiples switches each part of the VLAN on the different switches should be assigned the same VID A port can be an untagged member of only one VLAN ata time Each port must be assigned a PVID the default is 1 This value must match one of the VIDs assigned to the port If you need to change the PVID value you must configure it on a port after you assign a port toa VLAN For instructions refer to Configuring the Port PVID on page 116 A VLAN that spans multiple switches requires a port on each switch where the VLAN is located to function as an interconnection between the switches where the various parts of the VLAN reside This port may be defined as an untagged member of a VLAN where the port is connected to another switch via another untagged port member of the VLAN This means that all traffic on this inter switch port contains traffic for that VLAN only See Figure 26 on page 109 Another scenario is where the port could be an untagged member of one VLAN and a tagged member of one or more VLANs The port would then be connected to another switch via a port with the same VLAN membership This means that the traffic on this inter switch port is for any or all of the VLANs of which the port is a member If there are end nodes
212. resources of other departments can be visible to the marketing VLAN members accessible or accessible only to specified individuals A few benefits of a VLAN architecture are described in the following sections Increased In traditional Layer 2 switched networks broadcast packets are sent to Performance each and every individual port Grouping users into logical networks limits broadcast traffic to users performing similar functions or users within individual workgroups High traffic the danger of broadcast storms router latency and data collisions are significantly reduced and the efficiency of the entire network is improved Improved _ VLANs provide a fundamental improvement in the design administration Manageability and management of LANs Before VLANs physical changes to a network were made at the switch in the wiring closet For example if an employee transferred to a new department changing that employee s LAN segment assignment often required a physical wiring change at the switch As a software base solution VLANs eliminate the restriction of existing network design and cabling infrastructure and allow the centralized configuration of switches located in many different locations VLAN memberships are changed quickly and efficiently from the management console rather than in a wiring closet Increased VLANs provide additional security not available in a shared media network Security environment Because a switched ne
213. ress any key to continue Press any key 121 Chapter 8 Virtual LANs and GVRP GVRP GVRP Overview 122 This section describes GVRP and contains the following topics oO GVRP Overview next o Enabling or Disabling GVRP on page 123 The GARP VLAN Registration Protocol GVRP allows network devices to share VLAN information The main purpose of GVRP is to allow switches to automatically discover some of the VLAN information that would otherwise need to be manually configured in each switch This is helpful in networks where VLANs span more than one switch Without GVRP you must manually configure your switches to ensure that the various parts of a VLAN can communicate across the different switches GVRP which is an application of the Generic Attribute Registration Protocol GARP does this for you automatically Figure 31 provides an example of how the GVRP feature works eT Port 3 peeo wana Port 4 Switch 1 Static VLAN Sales VID 11 Reece LUT eer Port 2 Switch 3 Static VLAN Sales VID 11 Switch 2 Guidelines Figure 31 GVRP Example Switches 1 and 3 contain the Sales VLAN but switch 2 does not Consequently the end nodes of the two parts of the Sales VLANs are unable to communicate with each other Without GVRP you would need to configure switch 2 by creating a Sales VLAN on the switch and adding ports 2 and 3 as mem
214. ribed in Section Using the Menus Interface on page 23 and the web browser interface is described in Section II Using the Web Browser Interface on page 197 295 296 Section II Using the Web Browser Interface Chapter 30 Getting Started with the Command Line Interface This chapter describes the command modes of the AT S84 management software command line interface and how to access them This chapter includes the following sections o CLI Command Modes Introduction on page 298 o Starting the Command Line Interface on page 307 o Command Formatting on page 308 Section Basic Features 297 Chapter 30 Getting Started with the Command Line Interface CLI Command Modes Introduction 298 The command line interface in the AT S84 management software is accessible from the Main Menu The commands offer the same functionality as the menus interface For instructions on how to access the command line interface see Starting the Command Line Interface on page 307 This chapter describes the CLI command modes and how to access the command line interface In addition it provides command formatting information In the AT S84 management software there is a hierarchy of commands which are called command modes There are five command modes User EXEC Privileged EXEC Global Configuration Interface Configuration VLAN Configuration OQ 000 When you enter the CLI interface you
215. ries to the local area networks connected to its ports A node wanting to become a member of a multicast group responds to a query by sending a report A report indicates an end node s desire to become a member of a multicast group Nodes that join a multicast group are referred to as host nodes After becoming a member of a multicast group a host node must continue to periodically issue reports to remain a member After the router has received a report from a host node it notes the multicast group that the host node wants to join and the port on the router where the node is located Any multicast packets belonging to that multicast group are then forwarded by the router out the port If a particular port on the router has no nodes that want to be members of multicast groups the router does not send multicast packets out the port This improves network performance by restricting multicast packets only to router ports where host nodes are located There are three versions of GMP versions 1 2 and 3 One of the differences between the versions is how a host node signals that it no longer wants to be a member of a multicast group In version 1 it stops sending reports If a router does not receive a report from a host node after a predefined length of time referred to as a time out value it assumes that the host node no longer wants to receive multicast frames and removes it from the membership list of the multicast group In version 2
216. ring command making port 6 the mirrored port Switch port mirror 6 Section Basic Features VLAN Configuration Command Mode Section Basic Features AT S84 Management Software User s Guide The VLAN Configuration command mode allows you to configure VLAN commands To access this mode you must first access the User EXEC Privileged EXEC and Global Configuration modes From the Global Configuration command mode type interface vlan7d The prompt changes to Switch config vlan to indicate the VLAN Configuration mode Then enter VLAN commands After you have accessed the VLAN Configuration mode the commands you enter apply to the VLAN specified in the Interface Configuration mode To configure another VLAN you must first exit the Interface Configuration mode and then specify the new VLAN ID in the Global Configuration mode before returning to the Interface Configuration mode See Table 13 for list of commands that can be accessed from the VLAN Configuration command mode Table 13 VLAN Configuration Command Mode Commands Commands Description END Exits from the VLAN Configuration mode to the Global Configuration mode EXIT Exits from the VLAN Configuration mode to the Global Configuration mode GETVLAN Displays VLAN ID information INTERFACE Changes mode to the Interface Configuration command mode LOGOUT Exits the command line interface and returns to the Main Menu MEMBER Se
217. rk Access Control cccccceccceeeeeeeeeeeeeeeeeeeeeeeeeeeceeeeeeeseneeeeeeeseeeeeeeeeseeeaeeeeeeeeaeeeees 282 Chapter 27 RADIUS Authentication Protocol 0 00 0 cece ceeeeee eee eeeeeee eee eeeeeeeeeeseeeeeeeteeeaaeeeeeeeaeees 285 Configuring the RADIUS Client eesin deaa iaae ari aera aia eiia aera deridderi 286 Chapter 28 Broadcast Storm Control c c ccceccccceeee eect cece eeaaeaeeeeeeeeeeeeeesceaaaaeaaeceeeeeeeseeesecseesseaeees 287 Configuring Broadcast Storm Control eccccceccceeeeeeeeccneee AEE r E E EEEE AEE RA E EEE ENT 288 Chapter 29 Working with System Files 0 0 0 0 cc ceceeeeeeeee eee eeee ease ee seeeeeeeeeeeeeeeeeseneaeeeeseeeaeeeetenaaeees 289 Downloading a New Management Software Image Using TFTP cecccceeeeeeteeeeeeeeeneeeeeeeteeeeeeeetneeeeeeetea 290 Uploading or Downloading a Configuration File c cc eeeeeceeeeeeenne teeter entrees eeeeaeeeeeeeeaeeeeeeeaaeeeeeeseneeeeeneeaas 292 Section HI Using the Command Line Interface csssseecsssceecsssceeessseees 29S Chapter 30 Getting Started with the Command Line Interface 00 00 00 eee cece eee eteeaeeeeteeaaeeees 297 CLI Command Modes Introduction a orar kena T nn eee teenie eee T r 298 Command Formatting Conventions yesreise aaa EErEE AREAREN Aai AAs AARE AEAEE TERREA VARTER PE ARTAR ES 299 Wser EXEC Command ModE ane eE A eect aA eee eee eae 300 Privileged EXEC Command Mode ccccscccccceceteeeeccceensnedcc
218. rm the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 2 From the Basic Switch Configuration Menu type I to select User Interface Configuration The User Interface Configuration Menu is shown in Figure 7 on page 38 3 From the User Interface Configuration Menu type L to select Enable Disable Telnet Server The following prompt is displayed Enable or Disable Telnet server E D gt 4 Type D to disable the Telnet server or E to enable it 43 Chapter 3 Basic Switch Parameters Configuring SNTP The AT S84 software is shipped with the client version of the Simple Network Time Protocol SNTP You can configure AT S84 to obtain the current time and date from an SNTP or Network Time Protocol NTP server located on your network or on the internet SNTP is a reduced version of the NTP However the SNTP client software is interoperable with NTP servers To configure SNTP perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 2 From the Basic Switch Configuration Menu type T to select Set SNTP Server IP The SNTP Configuration Menu is shown in Figure 8 AT 9000 24 Local Management System Basic Switch Configuration gt SNTP Configuration Menu Time HH MM SS 00 19 58 Date YYYY MM DD
219. rmation Section MAC Address The MAC address of the switch You cannot change this information System IP Address The IP address of the switch Refer to Configuring the IP Address Subnet Mask and Gateway Address on page 32 to manually assign an IP address or Enabling and Disabling the DHCP Client on page 35 to activate the DHCP client Subnet Mask The subnet mask for the switch Refer to Configuring the IP Address Subnet Mask and Gateway Address on page 32 to manually assign a subnet mask or Enabling and Disabling the DHCP Client on page 35 to activate the DHCP client Gateway Default gateway IP address Refer to Configuring the IP Address Subnet Mask and Gateway Address on page 32 to manually assign a gateway address or Enabling and Disabling the DHCP Client on page 35 to activate the DHCP client Section Using the Menus Interface AT S84 Management Software User s Guide Automatic Network Features Section DHCP Mode The status of the DHCP client on the switch For information about setting this parameter refer to Enabling and Disabling the DHCP Client on page 35 2 Press any key to return to the previous menu Section Using the Menus Interface 49 Chapter 3 Basic Switch Parameters Rebooting the Switch This procedure reboots the switch and reloads the AT S84 management software from flash memory You might reboot the device if you believe it is experiencing a
220. rnet port forwarding network traffic while also continuing to transmit LACPDU packets O The port with the highest priority in a trunk group carries broadcast packets and packets with an unknown destination For background information refer to LACP Port Priority Parameter on page 85 O Prior to creating a trunk group between an AT 9000 24 Gigabit Ethernet switch and another vendor s device refer to the vendor s documentation to determine the maximum number of active ports the Section Using the Menus Interface Section Using the Menus Interface AT S84 Management Software User s Guide device can support in a trunk If the number is less than eight the maximum number for the AT 9000 24 Gigabit Ethernet switch you should probably assign a higher system LACP priority to the other vendor s switch If it is more than eight assign the higher priority to the AT 9000 24 Gigabit Ethernet switch This can avoid a possible conflict between the devices if some ports are placed in the standby mode when the devices create the trunk For background information refer to LACP Port Priority Parameter on page 85 LACPDU packets are transmitted as untagged packets 87 Chapter 6 Port Trunking Setting Up a Port Trunk This section contains the following procedures for working with port trunks o Creating a Port Trunk next o Modifying a Port Trunk on page 90 o Enabling or Disabling a Port Trunk
221. rowser Interface Section Il Web Browser Interface AT S84 Management Software User s Guide Back Pressure Sets back pressure on all the ports You cannot set back pressure on an individual port Choose Disable or Enable and click Apply Port Index The port number You cannot change this parameter Trunk The trunk group number A number in this column indicates that the port has been added to a trunk For information about configuring a trunk refer to Chapter 20 Port Trunking on page 239 Type The port type The port type is 10 100TX for 10 100Base T twisted pair ports and 1000Base F for the SFP fiber port Link Status The status of the link between the port and the end node connected to the port The possible values are Up A valid link exists between the port and the end node Down The port and the end node have not established a valid link Admin Status The operating status of the port You can use this parameter to enable or disable a port You may want to disable a port and prevent packets from being forwarded if a problem occurs with the node or cable connected to the port After the problem has been fixed you can enable the port to resume normal operation You can also disable an unused port to secure it from unauthorized connections The possible values are Enabled The port is able to send and receive Ethernet frames This is the default setting for a port Disabled The port is disabled Mode
222. rowser Management Session ccccceceeeeeseeeneeeeeeeeeeeeeeeeseneaeeeeeseeeaeeeeeseeeaaeeeeseeaaeeeeseaaees 204 Chapter 17 Basic Switch Parameters ccccccccececeececee cee ee cette ee eeceaeaaecaeeeeeeeeeeeteseceaccesaeeeeeeseeeeeeeeees 205 Configuring an IP Address Subnet Mask and Gateway Address ceccceeeeeeceeeeeeeeecneeeeeeencaeeeeeeenaeeeeenenaaes 206 Enabling and Disabling the DHCP Client 000 0 cece eeeeeene eee eeeee eee eeeeaeeeeseseaeeeeseeaeeeeseeeiaeeeeseiaeeeeesenaees 208 Configuring System Administration Information ccceeeceeeceeeeeene eee ee encneeeeeeecaaeeeeeeeaaeeeeeeeiaeeeeeeeieeeeesenaees 209 Setting the User Interface Configuration ec eect ee eente erect entrees eee atte eeeeaaeeeeeeeaaeeeeeeeaeeeesteieetessenaaes 211 Enabling or Disabling the Web Server ececccccceeeeeeeeeeeeeeneeeeeeeeaeeeeeeeeeaaeeeseeeaaeeeeeeeaaeeeeeeeedaeeeseeiaeeeeenenaees 214 Enabling or Disabling the Telnet Server eee cccccceeeeeeeeeeeeeee ee eeeeeaaeeeeeeeaaaeeeeeeeaaeeeeeeeaaeeeeeeeeieeeeeeeceeeeeeeiaaes 215 GOnTiQuring SNTP doiaren n a a aia ai A T TE balla dente SAAE a e Ea 216 Viewing System Information iaai ratar ne eiae ARE Aea AAA EER ANEN aAA Aea AAAS EAEAN A er AEAT EAA LADNER 217 Rebooting a Switch v icede eee ste ete el dena ede eae ai EA E E AA AE E a 219 Pinging a Remote System santnane A r E A a e a e 220 Viewing the System Log akeiensdrniiisi niii i i e a r a ie eii
223. rusively monitor the ingress and egress traffic on a port on the switch by having the traffic copied to another switch port By connecting a network analyzer to the port where the traffic is being copied to you can monitor the traffic on the other port without impacting its performance or speed The port whose traffic you want to mirror is called the mirrored port The port where the traffic will be copied to is called the mirroring port Observe the following guidelines when using this feature m o g You can mirror only one port at a time The mirrored and mirroring ports must be on the same switch This feature copies both the ingress and egress traffic of the mirrored port The mirroring port cannot be used for normal Ethernet switching Section Using the Menus Interface AT S84 Management Software User s Guide Configuring Port Mirroring To set up port mirroring perform the following procedure 1 From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 21 on page 88 2 From the Advanced Switch Configuration Menu type M to select Port Mirroring Configuration The Port Mirroring Configuration Menu is shown in Figure 25 AT 9000 24 Local Management System Advanced Switch Configuration gt Port Mirroring Configuration Menu Mirroring Port Mirrored Port Status S et Mirroring Port Set M irrored Port E nable Disable Port Mirrori
224. s Server Timeout seconds Maximum Request Quiet Period seconds Re authentication Period 3600 seconds Re authentication Status Disabled lt COMMAND gt N AS ID Server Time o ut I nitialize P ort No M aximum Request R e auth Initialize Port C ontrol Q uJiet Period Q uit to previous Page T ransmission Period R e auth Period Supp l icant Timeout Re a uth Status Command gt Figure 48 Port Based Access Control Configuration Menu 174 Section Using the Menus Interface Section Using the Menus Interface AT S84 Management Software User s Guide Type P to select Port No The following prompt is displayed Enter port number gt Enter the number of the port on the switch you want to configure You can configure only one port at a time The Port Based Access Control Configuration Menu is updated with the current settings of the selected port Type N to select NAS ID This parameter assigns an 802 1x identifier to the switch that applies to all ports The NAS ID can be up to sixteen characters Valid characters are 0 to 9 a to z and A to Z Spaces are allowed Specifying an NAS ID is optional The following prompt is displayed Enter NAS ID gt Type a name for the NAS ID Note Port Status displays the current 802 1 status of the port as either authorized or unauthorized This is not an adjustable parameter To configure the port control type do the following a Type C to select
225. s for example 2 7 15 as a range of ports separated by a hyphen for example 2 4 or both for example 2 7 15 17 7 When the VLAN is complete type A to select Apply and apply the VLAN settings The VLAN Management Menu is displayed again with information about the VLAN you just created The VLAN is now active on the switch 8 If you intend to define a port as an untagged member of a VLAN you will need to change the PVID of the port to match the VLAN s VID Refer to Configuring the Port PVID on page 116 This procedure adjusts a port s VID value By default every port has a PVID assigned to it The PVID value determines if a port is a tagged or untagged member of a VLAN A port is an untagged member of a VLAN whose VID value matches its PVID A port is a tagged member of a VLAN whose VID does not match the PVID The PVID must equal on of the port s VIDs A port can be a tagged member of a VLAN only if the port is a member of more than one VLAN at the same time When you create a new VLAN the ports of the new VLAN are initially designated as tagged members of the new VLAN The PVIDs of the ports retain the previous settings after the ports become members of a new VLAN If you want the ports to function as untagged members of a new VLAN you must change the PVID values to match the VID of the VLAN as shown in the following procedure To adjust the PVID value of a port perform the following procedure 1 From the Ma
226. s determined by the bandwidth requirements of the network traffic will pass network traffic Additional ports within an active trunk will dynamically be added or deleted by the LACP feature depending on the increase or decrease of the network traffic When a trunk is set to Passive status the trunk ports are available to be activated by their link partners If the trunk receives LACP data unit packets from an Active link partner it automatically transitions to an Active status The trunk ports will not transmit LACP data units unless the link partners are in the Active status A trunk set to Manual status is effectively a static trunk and has none of the benefits of the LACP feature The trunk ports of an active trunk will not send or receive LACPDUs The switch administrator must manually add or delete trunk ports from a trunk The switch uses this parameter to determine which ports are to be active and which are to be in the standby mode in situations where the number of ports in the aggregate trunk exceeds the highest allowed number of active ports This parameter can be adjusted on each port and is a number from 1 to 255 The lower the number the higher the priority Ports with the highest priorities are designated as the active ports in an aggregate trunk For example if both 802 3ad compliant devices support up to four active ports and there are a total of eight ports in the trunk the four ports with the lowest priority settings are de
227. s not interfere with the forwarding of network packets by the device Chapter 1 Overview Remote Connection 20 Using an SNMP Network Management Application You can use any management station on your network that has the Telnet application an SNMP manager or as web browser to manage an AT 9000 24 Gigabit Ethernet switch These are referred to as remote connections In order for you to manage a switch using a remote connection the switch must have an IP address and subnet mask To manually assign an IP address refer to Configuring the IP Address Subnet Mask and Gateway Address on page 32 To configure the switch to obtain its IP configuration from a DHCP server refer to Enabling and Disabling the DHCP Client on page 35 The initial assignment of an IP address must be made through a local management session For instructions on how to start a remote management session to use the web browser interface refer to Establishing a Remote Connection to Use the Web Browser Interface on page 200 You can use the Simple Network Management Protocol SNMP to run a network management application such as AT View to manage the switch through a remote connection A familiarity with how to use management information base MIB objects is necessary for this type of management The AT S84 management software supports the following MIBs SNMP MIB II RFC 1213 Bridge MIB RFC 1493 Remote Network MIB RFC 1757 Allie
228. s procedure reboots the switch and reloads the AT S84 management software from flash memory You might reboot the device if you believe it is experiencing a problem Rebooting the device does not change any of the device s parameter settings Caution The switch does not forward network traffic during the reboot process Some network traffic may be lost To reboot a switch perform the following procedure 1 From the Tools menu select System Reboot The System Reboot Configuration page opens as shown in Figure 63 System Reboot Configuration Reboot Status Stop v Reboot Type Normal Reset v Apply Figure 63 System Reboot Configuration Page 2 For the Reboot Type select Normal Reset This is the default setting Note The two other Reboot Type options Reset to Factory Default and Reset to Factory Default Except IP Address are described in Returning the AT S84 Management Software to the Factory Default Values on page 224 3 For the Reboot Status select Start to start the reboot 4 Click Apply The switch immediately begins to reload the AT S84 management software This process takes approximately one minute to complete You can not manage the device during the reboot After the reboot is finished you can log in again if you want to continue to manage the device Section Il Web Browser Interface 219 Chapter 17 Basic Switch Parameters Pinging a Remote System This procedure
229. s shown in Figure 82 on page 268 2 Click on the MAC address of the multicast group you want to view The IGMP Snooping Group Members page opens as shown in Figure 83 IGMP Snooping Group Members VLAN ID 1 Multicast Group 01 00 5E 7F FF FA Port Number 1 213 4 516 718 9 10 11112 13 14 15 16 17 18 19 20 21 22 23 24 x Note X group member Figure 83 IGMP Snooping Group Members Page Section Il Web Browser Interface 269 Chapter 24 IGMP 270 Section II Web Browser Interface Chapter 25 RSTP This chapter contains the following procedures for working with the Remote Spanning Tree Protocol RSTP o Basic RSTP Configuration on page 272 o Configuring RSTP Port Settings on page 274 o Viewing the RSTP Topology on page 278 Note For background information on RSTP refer to RSTP Overview on page 146 Section II Web Browser Interface 271 Chapter 25 RSTP Basic RSTP Configuration To configure the RSTP settings perform the following procedure 1 From the Basic Config menu select Rapid Spanning Tree gt RSTP Config The Rapid Spanning Tree Configuration page opens as shown in Figure 84 Rapid Spanning Tree Configuration Global RSTP Status Enable Protocol Version RSTP x Enabling Spanning Tree will cause the system to temporarily stop responding Root Port 1 Root Path Cost 200000 Time Since Topology Change 471 Seconds Topology
230. s to see reports from end nodes that want to remain members of multicast groups and by processing leave requests By default IGMP snooping is disabled on the switch 139 Chapter 10 IGMP Snooping Configuring IGMP 140 To configure IGMP perform the following procedure 1 From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 4 on page 32 From the Advanced Switch Configuration Menu type I to select IGMP Snooping Configuration The IGMP Configuration Menu is shown in Figure 35 AT 9000 24 Local Management System Advanced Switch Configuration gt IGMP Configuration Menu IGMP Snooping Status Disabled IGMP Snooping Age Out Timer 280 seconds VLAN ID Multicast group address lt COMMAND gt N ext Page E nable Disable IGMP Snooping P revious Page S et Age Out Timer V iew group members Q uit to previous menu Command gt Figure 35 IGMP Configuration Menu Type E to select Enable Disable IGMP Snooping The following prompt is displayed Enable or Disable IGMP snooping E D gt Type E to enable IGMP snooping or D to disable IGMP snooping If you are activating the feature type S to Set Age Out Timer The following prompt is displayed Section II Menus Interface AT S84 Management Software User s Guide Enter age out time gt 6 Specify the age out time in seconds The range is 280 to 420 seconds and the default
231. seeenenecs 21 Section I Using the Menus Interface ccsccccsssssscsssssecssccscccssscscscsssssssssesses 29 Chapter 2 Getting Started with the Menus Interface 0 0 0 2 ec cence eee ente rete ee tee eee eeetaeeeeeetneeeeeeread 25 Starting a Local Management Session 0 ccececceeeeeeeeneeeeeee tenets eee eaae eee eeeaaeeeeeeeaaeeeeeeeaaeeeeeeeaaeeeeseeiaeeeeeneeaas 26 Using the Menus lnteriace c 22252 cccedetsiecciancescoectecancndecead dd ockewas date tecaesadnd Peete dah EEEN ENA A EREE 28 Quitting from a Local Management SeSSION c ceeeeeeeeee eee eene eee ee eae ee eeeeaaeeeeeeeaeeeeseeeaeeeeeeeaaeeeeseenaeeeeeeeeaas 29 Chapter 3 Basic Switch Parameters cccccccccceeeeeeeeeeceecaeeeeeeeeeeeteceacaaeaecaeeeeeeeeeeeseesensasaeeaeeeeeess 31 Configuring the IP Address Subnet Mask and Gateway Address ececccceeeeenneeeeeeeenneeeeeeenaaeeeeetenaeeeeeeeaas 32 Enabling and Disabling the DHCP Client ooe eraen erna L LEEA REE AENEAS ET RENEA ELAN EE nE ARERI LENEE AEE AA IEEE ERE ASEITA 35 Configuring System Administration Information sseeeeeesseesesneeseeerreesrirnresesennestnsnnestntnneantennneettennaantdaedtnenneennnn 36 Setting the User Interface Configuration cceccceeeeeeneeeeeeeeene eee eeeeaeeeeeeeaaeeeeeesaaeeeeeeeaaeeeeseeaaeeeeseeneeeeeeeeaas 38 Disabling or Enabling the Web Servel cccceecsecceeeeneeeeeeeeenaeeeeeeeaaeeeeeeeeaaeeeeseeeaeeeeeeeeaeeeeeeeeia
232. ser Interface Rage i cx sczctesccats seotayssczensut atat aeaiee paea eiaei ea ua upapesilt aa adedi toiii 211 SNTP Configuration Page ssc cesccecccsccuc be tevg eeii aan d oaa ti ene Sees 216 Switchilnformationi Pagesat a Reeth see a a a a a a 217 System Reboot Configuration Page ec eecceeeeceeeeneeceeeeeeeneeeceeaeeeeeeeeaeeeeeeaeeeaeeeseaeeeseeaeeneeeseeeeseeaeesseeeenaas 219 Ping Test Configuration Page ccccccccceceeseeceeeeeeeeeeeeeeeescaaeeeeececaeeeeeesecaeeeeeeeecaaeeseseeaeeeeeesecaeeeeeeseeeeeeeseneaees 220 Ping Test Results Paje vivsssinecesis rae desing a aang Rand araniitiaindaraab diana Sarees 221 SYSIEMILOG Page 5 aiviA se aie eee eat leant aia tia Sto a dog Bk hor EL crane ia Rea ag 222 Port Configuration Page k era aa a a aR E a A A a e a Spebuutiebantie nucecbavsdne sence saves 226 Configuration Of Port PAG iscccc siececenceascecesusend ceecntessesnessiesscgespdncepesssenueps enegtesszaecarasdbevendnssaeespuseesaecteedessiaedeess 229 Statistics Pages nereo iiid i fated sedi ade a tn cess aa Dek e R seth ecnete ceed E 232 SNMP Configuration Page sv s cc svesecueecscenecdenes seettes seveeuunee eee cecedsecedyetieescted eae cesses edeeeceestieevsdeedevvuee Ea aea 237 Trunk Gonfiguration Page ice cee case cseccshsuscthes teetaneecetbbetdvecetsecures seoensdcesotuacnsduceeubauie sted rina naprid casebeeed iade iiinis 240 LACP Port Priority Page we ceccccissceceduscceclec antie e ee i a iNe eee iaee s
233. signated as the active ports and the others are placed in standby mode If an active link goes down on a active port the standby port with the highest priority is automatically activated to take its place The default value of a port s priority number is equal to 1 The selection of the active links in an aggregate trunk is dynamic It changes as links are added removed lost or reestablished For example if an active port loses its link and is replaced by another port in the standby mode the reestablishment of the link on the originally active port causes it to return to the active state by virtue of its having a higher priority while the port that replaced it is returned to the standby mode In the unusual event that you set this parameter to the same value for some or all of the ports of an aggregate trunk the selection of active ports is based on port numbering The lower the port number the higher the priority 85 Chapter 6 Port Trunking 86 LACP Trunk Guidelines Two conditions must be met in order for a port that is a member of an aggregate trunk to function in the standby mode First the number of ports in the trunk must exceed the highest allowed number of active ports and second the port must be receiving LACPDU packets from the other device A port functioning in the standby mode does not forward network traffic but it does continue to send LACPDU packets If a port that is part of a trunk group does not receiv
234. ss do the following a Type Ito select Set IP Address The following prompt is displayed Enter new IP address gt b Type the IP address for the switch and press Enter 4 To set the switch s subnet mask do the following a Type M to select Set Subnet Mask The following prompt is displayed Enter new subnet mask gt Section Using the Menus Interface 33 Chapter 3 Basic Switch Parameters 34 b Type the subnet mask for the switch and press Enter 5 To set the switch s gateway address do the following a Type G to select Set Default Gateway The following prompt is displayed Enter new gateway IP address gt Type the gateway IP address for the switch and press Enter Section Using the Menus Interface AT S84 Management Software User s Guide Enabling and Disabling the DHCP Client This procedure explains how to activate and deactivate the DHCP client on the switch When the client is activated the switch obtains its IP configuration such as its IP address and subnet mask from a DHCP server on your network Before performing the procedure note the following An IP address and subnet mask are not required for normal network operations of the switch Values for these parameters are only required if you want to remotely manage the device with a web browser o The DHCP client is disabled by default on the switch o The DHCP client does not support BOOTP servers To activate or deactivate t
235. st be equal to the VID of the VLAN where you want the port to be an untagged member For example to make Port 10 an untagged member of a VLAN that has a VID of 12 you would change its PVID to 12 Note If you specify a PVID that does not correspond to any VIDs on the switch the management software creates a new VLAN with a VID that equals the PVID The VLAN is not assigned any name 3 Click Apply Section Il Web Browser Interface 253 Chapter 22 Virtual LANs 254 4 Repeat steps 2 and 3 to change the PVID values of other ports Section II Web Browser Interface AT S84 Management Software User s Guide Displaying the VLANs To display the VLANs perform the following procedure 1 From the Advanced Config menu select VLAN Config gt VLAN Port Config The VLAN Information page is shown in Figure 78 on page 256 and provides the following columns of information VLAN ID The VLAN ID number Name The VLAN s name VLAN Type The VLAN type as either permanent or static The Default VLAN is permanent and all other VLANs are static 2 To view the ports of a VLAN click the VID of the VLAN An example of the VLAN Configuration Members page opens as shown in Figure 77 VLAN Configuration Members T Tagged Port U Untagged Port YLANID 2 VLAN Name tech pubs Port Number 11 2 3 4 5 6 7 89 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Tagged Untagged TITIT Figure 77 VLAN C
236. standby mode in situations where the number of ports in the aggregate trunk exceeds the highest allowed number of active Priority ports The port with the lowest numerical value has the highest priority To configure the LACP port priority perform the following procedure 1 From the Main Menu type A to select Advanced Switch Configuration The Advanced Switch Configuration Menu is shown in Figure 21 on page 88 2 From the Advanced Switch Configuration Menu type T to select Trunk Configuration The Trunk Configuration Menu is shown in Figure 22 on page 89 3 From the Trunk Configuration Menu type O to select Set Port Priority The LACP Port Priority Menu is shown in Figure 23 AT 9000 24 Local Management System Yy Trunk Configuration gt LACP Port Priority Menu Port Priority 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 1 9 1 10 1 n a T lt COMMAND gt SSSHssSSSssHs AAA EE S et Port Priority N ext Page P revious Page Q uit to previous menu Command gt 7 Figure 23 LACP Port Priority Menu 4 From the LACP Port Priority Menu type S to select Set Port Priority The following prompt is displayed Section Using the Menus Interface 93 Chapter 6 Port Trunking Enter port no gt 5 Type the number of the port whose priority you want to set The following prompt is displayed Enter port priority gt 6 Enter a number for the priority of the port The range is 1 to 255 and the default is 1 Verifying the To vi
237. t of commands that begin with a particular character string There is no space between the command and the question mark O Keyword abbreviations Any keyword can be recognized by typing an unambiguous prefix for example type sh and the software responds with show O Tab key Pressing the Tab key fills in the rest of the keyword For example typing di and pressing the Tab key enters disable on the command line The following table describes the conventions used in the command Syntax interface Conventions Table 14 Command Line Syntax Conventions Convention Description Example lt string gt A string of alphanumeric Switch 24 characters lt int gt Integer 202 lt ip gt IP address 192 168 0 1 lt interface gt Port instance Ethernet1 15 lt mask gt Subnet mask 255 255 240 0 Section Basic Features AT S84 Management Software User s Guide Table 14 Command Line Syntax Conventions Continued lt mac add gt MAC address 00 02 15 af 2e 02 lt sec gt Second 12 lt min gt Minute 12 lt port gt Port instance Ethernet1 2 stack 1 port 2 lt trunk ID gt Trunk group ID 4 lt vlanID gt VLAN instance including name vlan3 and VLAN identifier lt port list gt A list of ports separate entries 1 2 3 4 6 20 24 with a comma or dash lt traffic class gt Traffic class number 5 Section Basic Features 309 Chapter 30 Gett
238. tagged VLAN p marr vee dite essen tins ah eerie ern ener ee de ie sneer pein RE 109 TAQGGSO NW WAN crs sacte A EE EEE E suettancterss E NEEE EE AAE A A E E 111 VLAN Management Menu s ciie ir dene ki eiddio tiee dede etine dnde daden ddi eede dei dan odau diedie dedida ieden iia 114 VLAN Creation Men sisian a anain a aata 115 Config VLAN Member Menusi ninne oh Vl dine eee eine end E aE a aa 118 GVRPEXAM PI x cess ceccs cask sceees cenceadsas a ceeaabt cha aieia piaeas aae a aee aidean eie dadai eon eae pa iTi 122 Quality of Service Configuration MenU ecceeecceceseeeeeeneeeseneeeceaaeeeeeeeeeesaeeeeeaaeeseeeeeesaeeseaaeesseeeeessaeeeseaeeseeaees 129 inraffic Class Configuration Menu ssoi cosa cetesc cece dee ces eee dsb ecde del ces cana debed casted dvaach vuecdecdeesneestde octactedsaeeduadinenesgeedece 130 Port Priority Configuration Meny siririn neinn a aa aa aana EAr Ea aAA AR AEEA ENAKAN Eaa R 133 IGMP Configuration Menu ceeceeeseeceeerseeeneeceeeeeeceeeeeeceeeeeeaaeeeeeaaeesaeeeesaaeeceeaeesneeeseaeeseeeeeeeneeeeeeaeeesnaeeenieeeee 140 MAC Address Displayed on IGMP Configuration Menu ccccecseceeerceeeneeeceneeeneeeeeeeeeseaaeesseeeeseeeeaeeeeneeeee 143 View Group Members Me nuy 2ce se f sczc e a a e ee a aa a aerea adaa aa dieete aR a a a EAN EAE 143 Point to Point POMS eAsistent aata begia Sedino a eala e ae aaia aa aa ce 150 Edge Port cise de oeei A ae A 151 Point to Point and Edge Ports 2 i0hi se
239. tch perform the following procedure 1 From the Basic Config menu select IP Config The IP Configuration page is shown in Figure 58 on page 206 2 For the DHCP Mode select Enable or Disable 3 Click Apply When you enable DHCP the switch immediately begins to send queries to the DHCP server It continues to send queries until it receives a response with its new IP address Note Enabling DHCP ends your web browser management session To resume managing the switch use a local connection and the menus interface to view the IP address assigned by the DHCP server Then enter that address in a web browser s URL field 208 Section II Web Browser Interface AT S84 Management Software User s Guide Configuring System Administration Information This section explains how to assign a name to the switch as well as the location of the switch and the name of the switch s administrator Entering this information is optional To set a switch s administration information perform the following procedure 1 From the Basic Config menu select Admin Config The Administration Configuration page is shown in Figure 59 Administration Configuration AT 9000 24 1 3 6 14 1 207 14 system Description em Object ID ystern Name System Location System Contact Apply Section Il Web Browser Interface Figure 59 Administration Configuration Page 2 Configure the following parameters as
240. te Ri eel a ate I ni a ete a a aa 151 VLAN Fragmentation te20c4 008 erie ive entire a sonnet ie eee eE ate AEN EEE nb EG EAEE Wits 152 RSTP Configuration MON pais tinsi sete sh cocececceszteeees cence aenpedveobenes cueevarscscueesaunediateceensbs ati daiaire iadaa 153 RSTP Basic Port Configuration Menu 0 ccceeeececeeeeeeeeeeeeenneeeeeaaeeeeeeeeeeeaeeeceaaeesaeeeeeaeeseneaeesneeeeeeaeeeseaeeseneeeee 159 RSTP Advanced Port Configuration M nu c ce eeeeeeeescecenneeeseeeeecneeeeeeaeeeceaaeeeseeeeeaeeseeaaeeeeeeeeeeaeeeseeaeeseneeeee 162 Topology Information Menus a t Tr a a gee sacta cf deecacta a E A Aa Ea aE nE Epai aa 164 Example of the Authenticator Role eecceeeneeceerneeeneeeeeeneeeeeeeeeeseeeeeeaaeeeeeeeeesaeeeeeeeseeaeeeeneeeeeeaeeeseaeeeneeeee 170 Authentication Across Multiple Switches ccc eececeeeeeeeneeeeeeeeeeenneeeeeaaeeeeeeeeecneeeeeeaeeeseeeeesaeeeseaaeeseneeeesnteeenaas 173 Port Based Access Control Configuration Menu ecceeeeeceeeeeeeeeneeeeeeneeecenaeeeneeeesaaeeeeeaaeeenieeeeeaeeeseaeesnneeeeed 174 RADIUS Server Configuration Menu eeceeeeececeeeeeeeeeeeenneeeeesaeeeeneeeeeeeeeseaaeeeneeeenaeeeseeaeesneeeeseaeeeseaeeesneeeeed 181 Storm Control Configuration Menu ce eeceeececeseeeeeenneeceeeeeeeeeeeeaaeeceeeeeesneeeeeaaeeseneeeesieaseaeeseneeeessneeesenaeeseeaees 187 Figures Figure 51 Figure 52 Figure 53 Figure 54 Figure 55 Figure 56 Figure 57 Figure 58 Figure 59 Figure 60 Figur
241. te enter ee eee eaaeee eee eaaeeeeeeeaaeeeeeesaaeeeeeseiaeeeeeseieeeeeenenaees 241 Setting Up ansLAGP TMK serr Sarratea ra cnsddeae ech AA O TA ET Aa E da eusadenepvevataabecuutceeks 242 Creating an LAGP Trunk ciiscccciieieves fotesade a a A NEA EAE SE A nendidee weuseet 242 Configuring the LACP Port Priority 2 0 00 cece et nee eee e a a tenes E a AAA 242 Verifying the LACP Group Settings escris i E e aS EEEE E E da E E NEARE 243 Disabling anm LACP TMNK 2 eiia a L A A R A A E EART E RTE A A R A 244 Chapter 21 Port Mirroring i orreee Aaa ee EESE a EAE AARSE EESK LEANE TEPEE EE ES 245 Goniguring Port Mirroring isernia Reeri REE EEN AEEA aad EAE EE EEEE AAE AEAEE ENERE 246 Bisabling POr Mionnan aa a AT as ea T aa asa 247 Chapter 22 Virtual LANS mere era e cia ie eee a eda tte ede de ie dels cade le ees aa iaa a ae a aE EEEa aa aaa a a 249 Creating a VEAN iss cccieiic debe aA saint cave ssasgteeees r r A dadevvestugel pelenaties 250 Configuring the PVID of Untagged Ports ssiersis niniin eiieeii adii AA eai A 252 Displaying the VLAN S ohir radi es AA OR AOSE ATE TA AEE a AT AA SA AAS AAEE AET ATERT TEARS 255 Moditying a VLAN sersan aE E aAA AESA ANEA Misael cae ST ANA A AA AAAS E ERa 256 AT S84 Management Software User s Guide Deleting a VLAN neir 2b sien deve teip ekea sernai ating EE uate EEE AAPEA iNT ELER N AE EEA A EA vin cevevia dedvaviei dana 258 Beletog AVLANG santaa EAEE RTA a SEAN AAEE AAAA AAE E REEE OA EERE AAAA 259 Enabling
242. th cost 10 Type S to select Set Port STP Status Section II Menus Interface Configuring the Advanced RSTP Port Settings Section Il Menus Interface 11 AT S84 Management Software User s Guide Select port number to be changed gt Port number is in range from 1 to 9 O to set all ports This parameter enables or disables RSTP on a specified port or a group of ports in a trunk Enter the number of the port you want to change or type 0 zero to apply the settings to all ports on the switch The following prompt is displayed Enable or Disable STP for port n E D gt 12 Type E to enable or D to disable STP on the port To configure the advanced RSTP port settings perform the following procedure 1 From the Main Menu type B to select Basic Switch Configuration The Basic Switch Configuration Menu is shown in Figure 4 on page 32 From the Basic Switch Configuration Menu type S to select Rapid Spanning Tree Configuration The Rapid Spanning Tree Configuration Menu is shown in Figure 42 on page 153 From the Rapid Spanning Tree Configuration Menu type A to select RSTP Advanced Port Configuration 161 Chapter 11 Rapid Spanning Tree Protocol RSTP The RSTP Advanced Port Configuration menu is shown in Figure 43 nt 9000 24 Local Management System Port Trunk N ext Page Link P revious Page Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding Forwarding Forwar
243. this parameter is disabled meaning that the priority level of tagged frames is determined by the priority level specified in the frames themselves 6 To set the priority queue for a trunk do the following a Type T to select Set Trunk Priority Queue The following prompt is displayed Enter trunk group number gt 134 Section Using the Menus Interface Section Using the Menus Interface AT S84 Management Software User s Guide b Enter the trunk number that you want to configure You can C configure only one trunk at a time A prompt similar to the following is displayed Enter queue for trunk group m gt Enter the queue number for the trunk 135 Chapter 9 Quality of Service QoS 136 Section Using the Menus Interface Chapter 10 IGMP Snooping Section II Menus Interface This chapter describes how to configure the OGMP snooping feature on the switch and includes the following sections o IGMP Snooping Overview on page 138 0 Configuring IGMP on page 140 Oo Viewing the Multicast Groups on page 142 137 Chapter 10 IGMP Snooping IGMP Snooping Overview 138 The Internet Group Management Protocol IGMP enables routers to create lists of nodes that are members of multicast groups A multicast group is a group of end nodes that want to receive multicast packets from a multicast application The router creates a multicast membership list by periodically sending out que
244. ticator O The authentication server responds with an EAP Request packet to the supplicant via the authenticator o The supplicant responds with an EAP Response MDS packet containing a username and password O The authentication server sends either an EAP Success packet or EAP Reject packet to the supplicant o Upon successful authorization of the supplicant by the authentication server the switch adds the supplicant s MAC address to the MAC address as an authorized address and begins forwarding network traffic to and from the port O When the supplicant sends an EAPOL Logoff prompt the switch removes the supplicant s MAC address from the MAC address table preventing the supplicant from sending or receiving any further traffic from the port Authenticator All of the ports on the AT 9000 24 Gigabit Ethernet switch are Ports authenticator ports An authenticator port can have one of three settings These settings are referred to as the port control settings The settings are 0 Auto Activates 802 1x authentication An authenticator port with this setting does not forward network traffic to or from the end node until the client has entered a username and password that the authentication server must validate The port begins in the unauthorized state sending and receiving only EAPOL frames All other frames including multicast and broadcast frames are discarded The authentication process begins when the link state of the port
245. ticular command mode the software displays a command not found message For Section Basic Features AT S84 Management Software User s Guide example you can enter the SHOW SNMP command from the Privileged EXEC command mode but you cannot enter this command from the VLAN Configuration mode Command The following formatting conventions are used in this manual Formatting screen text font This font illustrates the format of a command and Conventions command examples O screen text font Italicized screen text indicates a variable for you to enter o Brackets indicate optional parameters 0 Vertical line separates parameter options for you to choose from See the following sections for a description of each command mode including a list of the commands available from each mode Oo User EXEC Command Mode on page 300 Oo Privileged EXEC Command Mode on page 301 0 Global Configuration Command Mode on page 301 Oo Interface Configuration Command Mode on page 303 oO VLAN Configuration Command Mode on page 305 Table 8 Command Modes command Prompt Enter and Exit Commands Mode User EXEC Switch gt 0 Access this command mode by typing C at the Main mode Menu This is the default command mode o Enter the LOGOUT or EXIT commands to quit the command mode and return to the Main Menu Privileged Switch 0 Access this mode from the User EXEC mode with the EXEC mode ENABLE co
246. tify the end node to stop transmitting for a specified period of time The possible values are Enabled The port is allowed to use flow control This is the default setting for all ports on the switch Disabled The port does not use flow control 3 Click Apply to save the configuration 228 Section II Web Browser Interface AT S84 Management Software User s Guide Viewing and Configuring a Single Port The procedure in this section allows you to view or configure the parameter settings of one port on the switch To view and configure the parameter settings for more than one port at a time refer to Viewing and Configuring Multiple Ports on page 226 To view or configure the parameter settings of a single port perform the following procedure On the home page in the front panel image click the port that you want to configure A sample Configuration of Port page is shown in Figure 68 Configuration of Port Go To Port 10 Port Type 1000TX Trunk ID x Operation Status Up Admin Status Enable Speed Mode Auto 100F Flow Ctrl Disable Mac Address 00 00 90 24 00 0C Back To Front Panel Figure 68 Configuration of Port Page 2 Section Il Web Browser Interface Adjust the following port settings as needed Not all parameters are adjustable Port Type The port type The port type is 1000TX for 10 100 1000Base T twisted pair ports and 1000BaseF for an optional SFP fiber optic port
247. to select Broadcast Storm Status The following prompt is displayed Enable or Disable broadcast storm control E D gt 4 Type E to enable broadcast storm control or D to disable broadcast storm control 5 If you are activating the feature type T to select Threshold The following prompt is displayed Enter threshold level gt 6 Specify the broadcast threshold Choices are ao H for High 3000 broadcast packets per second o M for Medium 500 broadcast packets per second Section Using the Menus Interface 187 Chapter 14 Broadcast Storm Control L for Low 100 broadcast packets per second 188 Section Using the Menus Interface Chapter 15 Working With System Files Section l Using the Menus Interface The procedures in this chapter explain how to download a new version of the AT S84 management software onto the switch and how to download or upload the configuration file The sections are a Downloading a New Management Software Image Using TFTP on page 190 o Uploading or Downloading a Configuration File on page 193 Note For information on how to obtain new releases of the AT S84 management software refer to Management Software Updates on page 15 189 Chapter 15 Working With System Files Downloading a New Management Software Image Using TFTP Before downloading a new version of the AT S84 management software onto the switch note the following o Th
248. trunk or Disable to disable it 3 Click Apply Section Il Web Browser Interface 241 Chapter 20 Port Trunking Setting Up an LACP Trunk Creating an LACP Trunk Configuring the LACP Port Priority 242 This section contains the following procedures for working with LACP trunks Creating an LACP Trunk next Configuring the LACP Port Priority on page 242 Verifying the LACP Group Settings on page 243 Disabling an LACP Trunk on page 244 QOQQ0Q0 0 Note You must create a trunk group before you can configure it as an LACP trunk For more information about LACP trunks refer to LACP Trunks on page 84 To create an LACP trunk perform the following procedure 1 From the Advanced Config menu select Trunk Config The Trunk Configuration page is shown in Figure 71 on page 240 2 From the list at the end of the port list for the trunk you want to make into an LACP trunk choose Active 3 Click Apply To configure the LACP port priority perform the following procedure 1 From the Advanced Config menu select Trunk Config and then Port Priority Config Section II Web Browser Interface AT S84 Management Software User s Guide The LACP Port Priority page opens as shown in Figure 72 LACP Port Priority System Priority 32768 stem ID 00 00 90 24 00 02 Port Priority 0 255 7 4 Verifying the LACP Group Settings Figure 72 LACP Port Priorit
249. ts a static VLAN member MODE Displays the available command modes NAME Sets the VLAN name NO Negates a command or sets its defaults PING Pings a specified IP address to check connectivity to another system 305 Chapter 30 Getting Started with the Command Line Interface 306 VLAN Example To create a new VLAN with a VLAN ID of 2 access the Interface Configuration mode and specify the VLAN ID Perform the following procedure 1 From the User EXEC mode enter enable You now have access to the Privileged EXEC Configuration mode as indicated by the Switch config prompt 2 From the Privileged EXEC Configuration mode enter configure You now have access to the Global Configuration mode as indicated by the Switch config prompt 3 Create a VLAN with a VLAN ID of 2 interface vlan2 You have created a VLAN with an ID of 2 You have access to the VLAN Configuration mode as indicated by the Switch config vlan prompt Section Basic Features AT S84 Management Software User s Guide Starting the Command Line Interface To start the command line interface perform the following procedure 1 From the Main Menu see Figure 93 type C to choose Command Line Interface AT 8000 8POE Local Management System Enter the character in square brackets to select option Main Menu G eneral Information B asic Switch Configuration A dvanced Switch Configuration Switch T lools C ommand Li
250. tual LANs and GVRP 124 Section Using the Menus Interface Chapter 9 Quality of Service QoS This chapter contains the procedures for configuring the Quality of Service QoS parameters of the switch This chapter contains the following sections 0 QoS Overview on page 126 o Mapping CoS Priorities to Egress Queues on page 129 o Configuring CoS on page 132 Section l Using the Menus Interface 125 Chapter 9 Quality of Service QoS QoS Overview 126 When a port on an Ethernet switch becomes oversubscribed its egress queues contain more packets than the port can handle in a timely manner the port may be forced to delay the transmission of some packets resulting in the delay of packets from reaching their destinations A port may be forced to delay transmission of packets while it handles other traffic and in some situations some packets destined to be forwarded to an oversubscribed port from other switch ports may be discarded Minor delays are often of no consequence to a network or its performance But there are applications referred to as delay or time sensitive applications that can be impacted by packet delays Voice transmission and video conferencing are two examples If packets carrying data for either of these are delayed from reaching their destination the audio or video quality may suffer This is where QoS can be of value It allows you to manage the flow of traffic through
251. turns the EAPOL machine state on the port to the initialize state Typing N cancels the step 16 If the port control setting is Auto and you want the node connected to the port to reauthenticate with the RADIUS server do the following a Type R to select Re auth Initialize The following prompt is displayed Initialize re authentication CY N gt b Typing Y returns the port to the unauthenticated state and the re authentication period to zero The user must enter a valid username and password to continue to use the switch port Typing N cancels the reauthentication Section Using the Menus Interface Chapter 13 RADIUS Authentication Protocol Section l Using the Menus Interface This chapter describes how to configure the RADIUS client software on the switch You can use the RADIUS client with 802 1x network access control to control who can forward packets through the switch Sections in the chapter include 0 RADIUS Overview on page 180 0 Configuring the RADIUS Server on page 181 o Displaying the RADIUS Server Settings on page 183 179 Chapter 13 RADIUS Authentication Protocol RADIUS Overview RADIUS Implementation Guidelines 180 RADIUS Remote Authentication Dial In User Services is an authentication protocol for enhancing the security of your network The protocol transfers the task of authenticating network access from a network device to an authentication protocol server
252. twork A root bridge is selected by the bridge priority number and sometimes the bridge s MAC address also referred to as the bridge identifier The bridge with the lowest bridge priority number in the network is selected as the root bridge If two or more bridges have the same bridge priority number of those bridges the one with the lowest MAC address is designated as the root bridge Section II Menus Interface Section Il Menus Interface AT S84 Management Software User s Guide You can designate which switch on your network you want as the root bridge by giving it the lowest bridge priority number You might also consider which bridge should function as the backup root bridge in the event you need to take the primary root bridge offline and assign that bridge the second lowest bridge identifier number You can change the bridge priority number for the switch The bridge priority has a range of 0X0000 to OXFOO0 and is specified in multiples of 0x1000 After the convergence process has completed there is only one path between the switch and the root bridge The active port on the switch through which the bridge is communicating with the root bridge is called the root port Each switch in the spanning tree domain has a root port with the exception of the root bridge which has no root port Designated Bridge and Designated Port The switch that is directly connected to the root port of the switch is called the designated bridge
253. twork only delivers frames to intended recipients and only broadcast frames to other members of the VLAN a network administrator can segment users requiring access to sensitive information into separate VLANs from the rest of the general user community 104 Section Using the Menus Interface Section Using the Menus Interface AT S84 Management Software User s Guide VLANs can be used to control the flow of data in your network since the traffic generated by an end node in a VLAN is restricted to the other end nodes in the same VLAN In addition VLANs can prevent data from flowing to unauthorized end nodes 105 Chapter 8 Virtual LANs and GVRP VLAN Overview This VLAN overview contains the following sections VLAN Name next VLAN Identifier on page 106 VLAN Port Members on page 106 Port VLAN Identifier on page 106 Incoming and Outgoing Tagged and Untagged Frames on page 107 OQ0Q0Q0a00 0 Guidelines for Creating a VLAN on page 108 VLAN Name To create a port based VLAN you must give it a name The name should reflect the function of the network devices that are be members of the VLAN Examples include Sales Production and Engineering VLAN Identifier Every VLAN in a network must have a unique number assigned to it This number is called the VLAN identifier VID This number uniquely identifies a VLAN in the switch and the network The factory VID is 1 for all ports If
254. uit to previous menu Command gt Section Using the Menus Interface Figure 22 Trunk Configuration Menu To add a trunk member type A to select Add Trunk Member The following prompt is displayed Enter trunk group number gt Select a trunk group number from 1 to 4 and press Enter The following prompt is displayed Enter port members from 1 to 24 up to 8 ports for trunk 7 gt Enter the ports you want to include in the trunk and press Enter You can specify the ports individually separated by commas for example 1 2 5 as a range of ports separated by a hyphen for example 2 4 or both for example 1 3 12 16 To set the trunk status type S to select Set Trunk Status The following prompt is displayed Enter trunk group number gt Type the trunk group number and press Enter The following prompt is displayed Set trunk group n status A P M D gt 89 Chapter 6 Port Trunking Modifying a Port 90 Trunk 8 Type M to select Manual Trunk for a basic trunk without LACP handling The A and P options apply to LACP trunks See Setting Up an LACP Trunk on page 92 for more information The trunk is now operational on the switch 9 Configure the port trunk on the other switch and connect the cables This procedure adds and removes ports from a port trunk Note Disconnect the cables from the ports of the trunk on the switch before modifying it Adding or removing ports from a trunk without
255. ure 18 Management System Main Menu gt Statistics Menu Port 1 lt Counter Name Total RX Bytes Total RX Pkts Good Broadcast Good Multicast CRC Align Errors Undersize Pkts Oversize Pkts Fragments Jabbers collisions 64 Byte Pkts 65 127 Pkts 128 255 Pkts 256 511 Pkts 512 1023 Pkts 1024 1522 Pkts Elapsed Time Since System Up 003 23 27 17 lt Total lt Avg S gt 1074684 275 11092 2 8842 2235 0 0 0 0 0 771 9521 588 212 OOO0OO0ONOOCOOCOOCOOCOOOON lt COMMAND gt s elect N ext P rev Port Since R eset s t op Refresh Q uit Command gt Section Using the Menus Interface Figure 18 Statistics Menu The statistics for port 1 are displayed in a table that contains the following columns of information Total The total count for this statistic Avg s The average count of that statistic per second The table contains the following items of information Total RX Bytes Number of bytes received on the port Total RX Pkts Number of packets received on the port 77 Chapter 5 Port Configuration 78 Good Broadcast Number of valid broadcast packets received on the port Good Multicast Number of valid multicast packets received on the port CRC Align Errors Number of packets with a cyclic redundancy check CRC error but with the proper length 64 1518 bytes received on the port Undersize Pkts Number of packets that were less than the minimum length specified by IEEE 90
256. usdddeduceegbee dunieegecuens suede celts 243 LAGP Group Status Page iisisti aeiaai aeai i a aii 243 Port Mirr ring Page 05h inne eel il Nene hee edie i eee eae 246 Create VLAN Page irsccesesciss inai dete ecunetsetueneath bese ayensbteteeeyscreus canes sbbehesuee dente ceuetes deGaeneeueceh dadehehuahsddenehceweee 250 PVID PAG C s sa3isscccei A Was ches ea a Ra geen Bea AEE dhe Hoo ia ded eda e a eeaee sae Maced hee Soci 253 VLAN Configuration Members Page ccceeeeseceeeeeceeecaee cece eeaeeeeceeeaaeceeeeeaaaeeeeeeecaaeaeesaeaeseeseseaeeeeeneeeaees 255 VLAN Information Page a E ceeds La Ee get dee ae cede a e ih coh a E inate 256 Modify VLAN Page iti cee tec cesses ana fee Seanad EAEAN uncesigcnenadeadsdacadigarseraeesed dead cdussdaateacuadhdends 257 Traffic Class Configuration Page i s r E EE E E E a E 262 Port Priority Configuration Pag s naeted a a aa a e a aaa e a a a E a iaa aaia 265 IGMP Snooping Pagesos innan inocenta sudps ssedebanssceneasedphesuesdubuoeder reid a aaa anA eidet Eiei 268 IGMP Snooping Group Members Page ceecceceeceeseeeeeeeeeeeeeneeeenaeeeseaaeeenaeeeeeaeeeseaaeeesneeeseaeeneaeeeseeeeeenaeeeeeaas 269 Rapid Spanning Tree Configuration Page eeccesseeeeeeeeeeeeeeeeeeeeceeaeeeseeeeeeaaeeeseaaeeseneeeeeeeeseeaeeesneeeensaeeeenaas 272 RSTP Basic Port Configuration Page 2 2 0 c ccccscccce cece cesuaceeeeseevesbieeesdeeebusacedectedesseeesseceddedeededecebvesshvessbieeveces 274 RST
257. username and password Authentication server The authentication server is the network device that has the RADIUS server software This is the device that does the actual authenticating of the user names and passwords from the supplicants The AT 9000 24 Gigabit Ethernet switch does not authenticate the usernames and passwords from the end users Rather the switch acts as an intermediary between a supplicant and the authentication server during the authentication process 168 Section Using the Menus Interface AT S84 Management Software User s Guide Authentication Below is a brief overview of the authentication process that occurs Process gt etween a supplicant authenticator and authentication server For further details refer to the IEEE 802 1x standard O Either the authenticator that is a switch port or the supplicant can initiate an authentication prompt exchange The switch initiates an exchange when it detects a change in the status of a port such as when the port transitions from no link to valid link or if it receives a packet on the port with a source MAC address not in the MAC address table O An authenticator starts the exchange by sending an EAP Request Identity packet A supplicant starts the exchange with an EAPOL Start packet to which the authenticator responds with a EAP Request Identity packet 0 The supplicant responds with an EAP Response Identity packet to the authentication server via the authen
258. value of 2 and consists of four untagged port members on the top switch and three untagged port members on the bottom switch The two parts of the VLAN are connected by a direct link from port 4 on the top switch to port 1 on the bottom switch This direct link allows the two parts of the Sales VLAN to function as one logical LAN segment Port 20 is used as a connection to the router other VLANs and the WAN Engineering VLAN This VLAN is on the top switch only and consists of four untagged port members The workstations are connected to ports 3 5 and 7 Port 24 is used as a connection to the router other VLANs and the WAN Production VLAN This VLAN has the VLAN of 4 and is on the bottom switch only The workstations are connected to ports 3 6 and 8 Port 21 is used as a connection to the router other VLANS and the WAN Section Using the Menus Interface AT S84 Management Software User s Guide Tagged VLAN Figure 27 illustrates how tagged and untagged ports can be used to Example interconnect IEEE 802 1Q based products Zz ee ee oe ir S an gt N Engineering VLAN VID 3 ae Heese AT 9000 24 Gigabit Ethernet Switch Router Production VLAN VID 4 Sales VLAN VID 2 Figure 27 Tagged VLAN Section Using the Menus Interface 111 Chapter 8 Virtual LANs and GVRP 112 The port assignments for the VLANs are as follows
259. vileged EXEC and Global Configuration modes From the Global Configuration mode type interface ethernet1 port You can specify a port or a range of ports Separate a list of ports with commas or a dash The prompt changes to Switch config if to indicate the Interface Configuration mode See the Port Mirroring Example on page 304 for a procedure that describes how to set the port mirroring in the Interface Configuration mode After you have accessed the Interface Configuration mode the commands you enter apply to the ports specified in the Global Configuration mode To perform port specific commands on another group of ports you must first exit the Interface Configuration mode and then specify the new ports in the Global Configuration mode before returning to the Interface Configuration mode For a list of commands that can be accessed from the Interface Configuration command mode see Table 12 on page 303 Table 12 Interface Configuration Command Mode Commands Commands Description DEFAULT Sets priority for a port PRIORITY DOT1X Sets the 802 1 protocol configuration END Exits from the Interface Configuration Command Mode to the Global Configuration Command Mode EXIT Exits from the Interface Configuration Command Mode to the Global Configuration Command Mode FLOW CTRL Sets the parameters for the flow control feature GETPORT Provided information about the ports LOGOUT Exits
260. ward Delay 15 Sec Hello Time 2 Sec Bridge Maximum Age 20 Sec Bridge Forward Delay 15 Sec 318 Section Basic Features AT S84 Management Software User s Guide 802 1x Network Access Control Default Settings The following table describes the access control default settings per port Settings Default NAS ID Nas1 Port Status Authorized Port Role None Port Control Force Authorized Transmission Period 30 seconds Supplicant Timeout 30 seconds Server Timeout 30 seconds Maximum Request 2 Quiet Period 60 seconds Re authentication Period 3600 seconds Re authentication Status Disabled 319 Appendix A AT S84 Default Settings RADIUS Server Default Settings 320 The following table lists the default settings for RADIUS accounting Settings Default Server IP Address 0 0 0 0 Response Time 10 seconds Maximum Retransmissions 3 Section Basic Features AT S84 Management Software User s Guide Broadcast Storm Control Default Settings The following table lists the default settings for broadcast storm control Settings Default Broadcast Storm Status Disabled Threshold Low 321 Appendix A AT S84 Default Settings 322 Section Basic Features Index Numerics 802 1x Port based Network Access Control authentication process 169 authenticator port described 168 configuring 174 281 default settin
261. y Page 2 Inthe priority column enter a priority number for the port s 3 Click Apply To verify the LACP group settings perform the following procedure From the Advanced Config menu select Trunk Config and then LACP Group Status The LACP Group Status page opens as shown in Figure 73 Section Il Web Browser Interface LACP Group Status System Priority 32768 System ID 00 00 90 24 00 02 Key 1 This group doesn t exist Key 2 Aggregator Attached Port List 4 4 7 7 9 9 20 20 Key 3 This group doesn t exist Key 4 This group doesn t exist Figure 73 LACP Group Status Page 243 Chapter 20 Port Trunking 244 Disabling an LACP Trunk The LACP Group Status page displays the following information about the LACP group System Priority The system priority as defined by IEE 802 3ad You cannot change this System ID The MAC address of the system Key The key for this trunk group The page also contains a table that displays the following information Aggregator The port that is operating as the aggregator Attached Port List The ports assigned to the aggregator To create an LACP trunk perform the following procedure 1 From the Advanced Config menu select Trunk Config The Trunk Configuration page is shown in Figure 71 on page 240 2 From the list at the end of the port list for the trunk you want to disable choose Passive 3 Click Apply Section II Web Browser Inter
262. y ports allows the switch to maintain the maximum possible bandwidth of the trunk For example assume you create an LACP trunk of ports 11 to 18 ona switch and the switch is using ports 11 to 16 as the active ports and ports 17 and 18 as reserve If an active port loses its link the switch automatically activates one of the two reserve ports to maintain maximum bandwidth of the trunk Figure 20 illustrates this example Allied Telesyey ies ee ee pee v m Ww K n n Damur BSE pegaga MSASA i renee Seeee eeeees em M Reserve Ports 17 18 TTT Figure 20 LACP Trunk Example The AT 9000 24 Gigabit Ethernet switch can have up to four trunks A maximum of eight ports of each trunk can be assigned by the switch administrator You can configure each trunk s status as Active Passive Manual or Disabled Section Using the Menus Interface LACP Port Priority Parameter Section Using the Menus Interface AT S84 Management Software User s Guide When a trunk is created its default status is Disabled This means that the trunk does not pass network traffic or send receive LACP data units LACPDU until the trunk status is changed accordingly When a trunk is set to Active status the trunk ports are all available as part of the active LACP trunk The trunk ports of an active trunk will all send and receive LACPDUs A minimum number of trunk port
263. y problems Allied Telesis recommends creating a port trunk only between AT 9000 24 Gigabit Ethernet switches A port trunk between an AT 9000 24 Gigabit Ethernet switch and a device from another manufacturer might result in undesirable trunk behavior 83 Chapter 6 Port Trunking LACP Trunks 84 LACP Trunk Status An LACP Link Aggregation Control Protocol trunk is another type of port trunk It performs the same function as a static trunk It increases the bandwidth between two network devices by distributing the traffic load over multiple physical links The advantage of an LACP trunk over a static port trunk is its flexibility While implementations of static trunking tend to be vendor specific the AT S84 implementation of LACP is compliant with the IEEE 802 3ad standard This makes it interoperable with equipment from other vendors that also comply with the standard Therefore you can create a trunk between an Allied Telesis device and networking devices from other manufacturers Another advantage is that ports in an LACP trunk can function in a standby mode This adds redundancy and resiliency to the trunk If a link in a static trunk goes down the overall bandwidth of the trunk is reduced and restoring it requires reestablishing the link or manually modifying the trunk by adding another port to it In contrast an LACP trunk can activate ports in a standby mode when an active link fails The automatic activation of standb
264. you must change their PVID values to match the VID of the VLAN as explained in this procedure You can also use this procedure to change the VLAN assignment of an untagged port With this procedure you can move an untagged port from one VLAN to another by changing its PVID value To adjust the PVID value of a port perform the following procedure 1 From the Advanced Config menu select VLAN Config gt VLAN Port Config Section II Web Browser Interface AT S84 Management Software User s Guide The VLAN Port Configuration page opens as shown in Figure 76 VLAN Port Configuration Port PID 1 4094 Apply 1 1 App z4 b 5 D s pa 1 42 lt BK w gt 5 gal zq on gt ma ga zg b 13 gal lt 5 gal s b ia D lt T 1a oa lt b 5 ga lt Da 14 kal lt T ka gel lt lt Da 5 gel s pa 5 gal lt b a 14 lt gt 5 D s lt b 5 La s gt 14 za 4 pa 5 4a lt b 5 oa K pa 18 gel lt gt 5 D s 1 1 1 1 1 1 1 1 1 1 1 1 App 1 1 1 1 1 1 1 1 1 1 1 gt a wl lt lt Figure 76 PVID Page 2 Click the PVID field of the port whose value you want to change and enter the new PVID value for the port The PVID mu
Download Pdf Manuals
Related Search