Managed Layer 3 access switch user ManuaL
Contents
1. Control Thi iti Bridge Setting iis ex qo an a OLOR RR GR RU ao om an OR LO A Is screen split into x _ System Auth Control Authentication Method Bridge Global Setting a and Port Setting 18 POr SORIO GOR eRe rari Sat et fe MEADS AP STAT RIT SCAT NCAP SAL SCRPSEIA MCT SLATS SCALE ST STC BUCS used to configure various por Authentication Control parameters of 802 1x Multi host Disable Reauthentication Disable which uses either a mE nS M R ADIUS server or a Reauthentication Time 1 65535 Sec Quiet Period 1 65535 Sec local database to Retransmission Time 1 65535 Sec Max Reauthent Attempt zz 1 10 authenticate port users suestvuan 1 255 Modif System Auth Control Select to enable the ae RUTHORUED Pe En Dissie y es authentication asemena AUTHORIZED Disable ForseAulhorie Disstie 13800 Authentication Method erste Amo io Dime pese pone n RADIUS or Local fifsssnenstiuz humoren Disable oceauored Disshis 13600 database can be festenemeti JUS AUTHORIZED Disable Farenuiomeed pisstis som selected to authenticate Mesonero AUTHORIZED Disable Forcehudhorzed Disable jsou the port user I AAA Port Highlight a port to configure from the port list window at the bottom of the screen Multi host If enabled all hosts connected to the selected port are allowed to us2. Category such as PuTTY and 3 Session Basic options for your PuTTY session access your switch via the I e Specify your connection by host name or IP address Internet by entering the edem Host Name or IP address Port correct IP address NOTE Bel 192 168 0 254 23 The factory default is Features Protocol 192 168 0 254 Connect E lie Raw O Telnet ORIogin SSH directly via the console een Load save or delete a stored session port to configure a unique Posen Saved Sessions IP address A command Selection Colours Default Sett prompt program suchas on efault Settings PuTTY will provide you Data with the option of choosing Proxy either Telnet or SSH Tenet Secure Shared SSH is Ded an encrypted protocol Kex Close window on exit that s ideal for ISP workers enl Odlways ONever Only on clean exit who need to be extra ae unnels M careful when managing their switches 1 SYSTEM OVERVIEW 2 Click Open to display a command prompt screen GINTELLINET Switch login admin Switch gt enable Turn on privileged mode command exit Exit current mode and down to previous mode list Print command list ping send echo messages quit Exit current mode and down to previous mode show show running system information telnet Open a telnet connection CcCraceroure Trace route to destination web pass internal use only Switch list enable exit list ping WORD ping ip WORD quit
3. Stk w isd disabled Actor Sys ID 00 0c 05 8 85 5 a Partner Admin Sys 1D 00 00 00 00 00 00 E Eg Bssset dicahled Refresh j Refresh Refresh Partner Oper Sys ID 00 00 00 00 00 00 2 2 7 3 2 6 Channel Group Counters Internal Neighbor Sys ID Five additional screens two shown are available in this subsection for viewing various statistics and data such as Channel Group above left and Sys ID above right 2 2 7 4 Mirroring Port Mirroring together with a network traffic analyzer helps you monitor network traffic You can monitor the selected ports for egress or ingress packets Mirroring Mirror Mode disable Stack ID h gt Monitor Port hM Tr amp hhh Ahhh hhk e n ere FETT FETT Lll LER C E Egress C B Both Monitor Port Ingress Port Egress Port Submit Mirror Mode Enables or disables the mirror function for the selected group Stack ID For a stand alone switch only ID 1 is available Monitor Port Receives the copies of all the packets in the selected mirrored ports NOTE The monitor port cannot belong to any link aggregation group and cannot operate as a normal switch port It does not switch packets or do address learning Ingress Egress Both Mirrors a port selected from the selection panel Click Submit to set the changes to the connected switch Click Refresh to display the values of the switch To eventually m
4. WEB MANAGEMENT GC INTELLINET 2 2 9 Filters The switch can filter certain traffic types according to packet header information from Layer 2 to Layer 4 Each filter set includes a couple of rules You have to attach the filter set to certain ports to make the filter work 2 2 9 1 Filter Set The switch defines two modes of rules MAC mode and IP mode Only the same mode of rules can be bundled together to form a filter set Each mode has different fields to configure e g you can use IP mode rules to filter FTP packets You can select MAC Filter enter a name and then add it You also can select IP Filter enter an ID name and then add it Click Submit to commit the settings Click Refresh to display current switch settings You can also edit entries or selections Click on a filter set you want to edit or remove then click Edit to display the Filter Rule page or click Remove to remove the filter set A filter set consists of a particular type of rules with rules having the same fields for filtering packets belonging to the same type e g two rules that filter packets with two destination IP addresses would be of the same type but a rule filtering a source IP address does not belong to that same type Four types of rules can apply to ports at the same time If there are more than four types applied the system automatically disables the rules The Filter Rule screens present attributes of rule modes on
5. Check Relationship to create a Set Community name uncheck Relationship to create a Get Community name Click Submit to commit the settings Click Refresh to display current switch settings To eventually make all changes permanent in Flash memory click on Save Configuration listed at the bottom of the Configuration Menu and click Save SINTELLINET ea 22834 View VACM View is used to view the views Groans Users information of SNMPv3 VACM Group View Name Enter the security group name View Subtree Enter the view subtree that the view belongs to The subtree is the OID to match the OID in the SNMPv3 message The match is good when the subtree is shorter than the OID in the SNMPv3 message View Type Select the view type Included or Excluded when the view subtree matches the Oid in the SNMPv3 message 2 2 8 3 2 Groups SNMPv3 VGU Table This screen is used to configure the information of SNMPv3 VACM Group Group Name Enter the security group View Name Subtree OID name Sue EE IE Read View Enter the Read View Security Model ys y Write View none e EEA name the group belongs to The eee ee emos related SNMP messages are Get o U NS GetNext and GetBulk Group Name Security Model Security Level Read View Write View Notify View Write View Enter the Write View name the group belongs to The related SNMP message is Set
6. Notify View Enter the Notify View name the group belongs to The related SNMP messages are Trap and Report Security Model Enter the security model the group belongs to Any is suitable for v1 v2 or v3 USM is SNMPv3 related Security Level Enter the Security Level name the group belongs Only NoAuth AuthNopriv or AuthPriv can be chosen 2 2 8 3 3 Users SNMPv3 VGU Table This screen is used to configure the cJ Ci information of SNMPv3 USM User User Name Enter the user name of a m E zai specific security group Group Name Enter the security group ee tene name Auth Algorith Ep Auth Password Auth Algorithm Select the protocol Pavan Passo that SNMP User and Security UserName Group Name Authentication Algorithm Private Algorithm Group belong to NoAuth MD5 or SHA1 If NoAuth is selected there s no need to enter a password Auth Password Enter the password that the Auth Algorithm Protocol belongs to The password needs to be at least eight digits or characters Priv Algorithm Select the protocol that SNMP User and Security Group belong to NoPriv or DES If NoPriv is selected there s no need to enter a password Priv Password Enter the password that the Priv Algorithm Protocol belongs to The password needs to be at least eight digits or characters Security Level Select the level the group belongs to NoAuth AuthNopriv or AuthPriv Submit e
7. http 192 168 0 254 in the Web address location box then press Enter The login screen shown above subsection 2 1 4 is displayed 2 Enter the default username and password admin for both the first time you log in These can subsequently be changed recommended for security purposes through the CLI interface See subsection 2 3 2 Click OK 3 The Welcome home screen will display each time you log in presenting the Configuration Menu on the left side of the screen and the following Web GUI options Welcome to Switch manager gt Filer s pc Submit the edited settings on the browser page to the Switch to be effective Refresh the displayed settings from Ihe Switch Create a new provisional record for user to edit me Settings on browser page tor adding to the indexed table Add the edited provisional record to the table of the browser page to be submitted Modify the highlighted record of the table on the browser page with the edited provisional 0303 Remove the highlighted record of the table from Ihe browser page Detach all ports from tne settings Ike VLAN port mirronng etc Attach all ports to me settings on tne browser page 13 WEB MANAGEMENT ES Click New to create a new entry for editing to the table temporary until Submit is clicked Click Add to add the new entry to the table temporary until Submit is clicked Click Modify to save changes to an e
8. is clicked Click Remove to remove a selected entry temporary until Submit is clicked Click Modify to update an existing MAC address entry temporary until Submit is clicked Click Submit to commit the settings Click Refresh to display current switch settings To eventually make all changes permanent in Flash memory click on Save Configuration listed at the bottom of the Configuration Menu and click Save 2 2 7110 VLAN Configuration You can create up to 4094 VLAN Configuration VLAN groups and show them on this screen VLAN1 Kaenon mm is the default VLAN which is created by the system Por Seccion Ir PusHul i ee tal A ES 1 3 5 7 9 11 13 15 17 18 21 23 and can t be removed Aaa khkk Ahhh This feature prevents the Tere FET FETE 12 14 16 switch from malfunctioning You can remove any existing mom Add ID Modify J Remove Remove VLAN except VLAN You can assign the port to h VLAN ID cass VLAN Name PEG Status Trunk Ports um be a tagged port or an 1 1 4 b untagged port by clicking on the port on the selection par Bp Submit Retrosh e An untagging port will remove o VLAN tags from the transmitted ae A tagging port will tag all packets transmitted from this port e Ifthe port is left blank it is not a member of the selected VLAN group If one untagging port belongs to two or more VLAN groups at the same time it
9. to the switch must be the same as the VLAN of the system management interface Click Submit to commit the settings Click Refresh to display current switch settings To eventually make all changes permanent in Flash memory click on Save Configuration listed at the bottom of the Configuration Menu and click Save Authentication Primary Server IP Authentication Primary Server Key Authentication Secondary Server IP Authentication Secondary Server Key SINTELLINET EEE 2 2 11 Traffic Chart These statistical chart screens present network flow information You can specify the time limits for chart refresh updates and the charts let you monitor different types of network traffic Most MIB II counters are displayed in these charts Auto Refresh Set the time interval at which new data is retrieved from the switch Color Assign a different color to each variable After the variables have been set click Draw to allow the browser to draw the graphic chart Each new drawing will reset the Statistics display 2 2 11 1 Traffic Comparison Chart This screen shows one statistic for all the ports in one graphic chart Statistics inbound Octet Rate WOctets in tho periodic timo dedhwlth Amn Refresic 5 Seconta Color Light Rut i zy EN 2 2 11 2 Group Chart The statistics window shows all the discards or error counts for the specified
10. To eventually make all changes permanent in Flash memory click on Save Configuration listed at the bottom of the Configuration Menu and click Save EDEN This screen is used to define users in the local database of the switch User Name Enter a new username Password Enter a password for the Confirm Password User Name Password new user Confirm Password Enter the password en aoso EG again UserName VLAN ID Modify Vian ID Specify the VLAN ID assigned to the 802 1x authenticated clients Click Add to add the new user Click Modify when the modifications are complete Click Remove to remove a selected user Click Submit to make the settings permanent Click Refresh to refresh the settings to current values 2210 3 RADIUS RADIUS This screen is configured with primary and secondary field options in order to use an external RADIUS server Authentication Server IP The IP address of the Authentication Primary Server Port RADIUS server Authentication Server Port The port number that the RADIUS server is listening to Confirm Authentication Key Authentication Server Key The key that is used for communications between the switch and the RADIUS server Authentication Secondary Server Port Confirm Authentication Key Re enter the key entered above NOTE The VLAN of the RADIUS server connected cu authentication Key
11. Use the mac address table aging time configuration command on the switch stack or ona stand alone switch to set the length of time that a dynamic entry remains in the MAC address SINTELLINET NENE ERES table after the entry is used or updated The real aging time is triple the command input radix number CLI Syntax mac address table aging time lt 1 255 gt Example config mac address table aging time 100 This example shows how to configure the mac address table aging time to 300 seconds 2 3 3 17 3 No Aging Time Disables the aging timer of the mac address table CLI Syntax no mac address table aging time Example config no mac address table aging time 2 3 3 17 4 Show MAC Address Table Aging Time CLI Syntax show mac address table aging time Example SWITCH show mac address table aging time 2 3 3 18 Static Addresses 2 3 3 18 1 Add Static MAC Address You can add aMAC address to the switch address table The MAC address added this way will not age out from the address table CLI Syntax mac address table static MAC_ADDR vlan VLANID interface IFNAME Example config mac address table static 0000 1111 2222 1 gi1 0 2 2 3 3 18 2 Show MAC Address Table This shows static and dynamic MAC addresses CLI Syntax show mac address table Example SWITCH show mac address table 2 3 3 19 VLAN 2 3 3 19 1 Show VLAN Name String Use the show vlan user EXEC command to display the parameters for all configured VLANs or one VLAN i
12. useful if you re unfamiliar with the CLI commands All the CLI commands are case sensitive 2 3 1 Power On Power On Self Test POST is executed during the system booting period It tests system memory LEDs and hardware chips on the switchboard It displays system information as the result of system testing and initialization You can ignore all information until the prompt Switch login appears 2 3 1 1 Boot ROM Command Mode During the POST process you can enter a Boot ROM Command mode by pressing the Enter key Type the key to show the help messages for all available commands NOTE Although the commands are helpful in some situations it is strongly recommended that users not use them if they don t know the command function GINTELLINET 2 3 1 2 Boot ROM Commands Two types of boot ROM commands can be used e command The current settings will be displayed command with new setting The current setting will be replaced by a specified new setting Command Parameters Usage Notes Baudrate Baud rate 9600 You must set up the terminal emulator with 38400 the same baud rate to make it work 57600 bdinfo none none print Board Info structure echo string none echo the string to console ethaddr none none get MAC address gatewayip IP address xxx xxx xxx xxx Set gateway IP address go none none boot firmware image or help none none print online help imls none none list all images found in flash ipaddr IP a
13. 44 H mm 17 4 x 7 2 x 1 7 in weight 4 0 kg 8 8 lbs Operating temperature 0 50 C 32 122 F Operating humidity 10 80 RH non condensing Storage temperature 20 70 C 4 158 F amp INTELLINET IRRE NOTES SINTELLINET SINTELLINET NOTES NOTES SINTELLINET SINTELLINET NOTES INTELLINET BRINGING NETWORKS TO LIFE www intellinet network com Are you completely satisfied with this product Please contact your INTELLINET NETWORK SOLUTIONS dealer with comments or questions Copyright INTELLINET NETWORK SOLUTIONS All products mentioned are trademarks or registered trademarks of their respective owners
14. 802 1Q standard that allows for the control of VLANs GVRP will run only on zc Disabled jp Norma 802 1Q trunk ports and is used primarily to prune traffic from en Disabled VLANs that doesn t need to be fastethernett 0 2 Disabled fastethernet1 0 3 Disabled State passed between trunking switches Hrastememenor Disabled There are some parameters for I sss Bissbled I fi h Di d configuring GVRP on the GVRP pee ering Disabled Mode screen the second screen ffastethemettiav Disabled fastethernet1 0 10 Disabled option is GVRP Timer shown below GVRP Enable By default GVRP is not enabled for the switch You must first enable GVRP on the switch before you can configure the 802 1Q ports for GVRP operation Port Mode Enable disable GVRP on the individual 802 1Q trunk port GVRP must be configured on both sides of the trunk to work correctly GVRP ports are in GVRP normal registration mode These ports E NEN c ANO o Submit Refresh Default 20 Default 60 Default 1000 messages from i i Interface Join Timer Hold Timer Leave Timer LeaveAll Timer neighboring switches to prune the VLANs fastethernet1 0 2 Disabled 0 astethernet1 0 3 Disabled 0 1 running across the fastethernet1 014 Disabled 802 1Q trunk link If astethernet1 0 5 Disabled 0 fastethernet1 0 6 Disabled the device on the other astethernet1 0 7 Disabled ey tet
15. ID for a specific L3 interface NOTE Click Advanced gt gt to display the other two OSPF screens 2 2 6 3 2 Interfaces This screen is used to specify some protocol parameters for a specific OSPF interface Network Type Support broadcast only Cost Specify the cost for sending packets of this interface an SINTELLINET ETWORK SOLUTIONS Priority Set a priority OSPF to help determine a the OSPF DR and EA BDR for a network Transmit Delay Set the estimated number of seconds to wait before sending a link update packet Hello Interval Set the number of seconds HERE between two hello packets Default is set at 10 seconds Dead Interval Set am the number of seconds after the last hello packet was received before notifying its neighbor that the OSPF router is down Default is set at 40 seconds Retransmit Interval Specify the number of seconds between transmitting link state advertisements 2 2 6 3 3 Area This screen is for configuring OSPF areas Select an Area aun I e imu h Selecta Area JOA Derautcost 06777210 area ID to be Shortcut Stub nodefmed v configured Default Cost Default cost for a stub area sending a packet to the outside world Stub A stub area is nota transit area since there is only one connection to the stub area Selecting from the pull down menu use this attribute to specify characteristics of this area no defined no
16. Multicast 2 3 3 14 1 MAC Address Table Multicast Use the mac address table multicast configuration command on the switch to add multicast static addresses to the MAC address table CLI Syntax mac address table multicast MACADDR vian VLANID interface IFLIST Example config mac address table multicast 0100 5e11 1111 vlan 2 interface gi1 0 3 1 EEN amp INTELLINET 2 3 3 14 2 No MAC Address Table Multicast Use the no mac address table multicast configuration command on the switch to remove the multicast static port from the MAC address table CLI Syntax no mac address table multicast MACADDR vlan VLANID interface IFLIST Example config no mac address table multicast 0100 5e11 1111 vlan 2 interface gi1 0 3 1 2 3 3 14 3 Show MAC Address Table Multicast Use the show mac address table multicast user EXEC command to display the Layer 2 multicast entries for all VLANs Use the command in privileged EXEC mode to display specific multicast entries CLI Syntax show mac address table multicast Example SWITCH show mac address table multicast 2 3 3 15 IGMP Snooping 2 3 3 15 1 Default IP IGMP Snooping This command sets the ip igmp snooping feature to default CLI Syntax default ip igmp snooping Example config default ip igmp snooping 2 3 3 15 2 IP IGMP Snooping This command sets the IGMP snooping function to enabled globally CLI Syntax ip igmp snooping Example config ip igmp snooping 2 3 3 15 3 Interv
17. cab few moments until the next Publisher Sun Microsystems Inc screen License Agreement ne instal appears 4 After reading the License gt A While Files From the Internet can be useful this File type can potentially harm Ag reement select Typi cal Y your computer Only install software from publishers you trust What s the risk setup the recommended option vs Custom setup Click Accept 5 If Internet Explorer is set as the default browser on your system then the Java Runtime Environment 5 0 Update 5 Google Programs 6st tonstellthe free Google Toobar TR FAS Runtime Environment 5 0 Update 5 1 Google Toolbar Install a free program with the Java Runtime Environment dialog box will appear By E Google Toolbar for Internet Explorer default Google Toolbar for DE ERDE ees Qua Internet Explorer is selected Autofill web forms wich a single cick Click Next to begin installing selected program features including the JRE on your system By installing this application you agree to the appropriate terms of use and privacy policy You can remove this application easily at any time 6 The Progress screen displays to indicate installation status once the process has begun Depending on connection speed the process takes between five and 30 minutes A few brief dialog boxes will m confirm the last steps of the Fio hier e eia installation process then a concluding message will appear with
18. commit the settings Click Refresh to display current switch settings To eventually make all changes permanent in Flash memory click on Save Configuration listed at the bottom of the Configuration Menu and click Save 2 2 7 2 Link Aggregation Static This screen is for configuring the link aggregation static group port trunking The switch provides a maximum of 32 link aggregation groups with the maximum achieved in a stacking configuration Trunk ID This r number identifies Link Aggregation Static E in unkiD t 32r Protocol Static Port Selection Criterion group name Port Selection 4 amp 9 1 1 15 Criterion This is aa Adal the algorithm to distribute packets among the ports 2 4 6 8 10 12 4 16 of the link Detach aggregation group mu Pes Poncmeron Pos according to the source MAC address Submit Refresh destination MAC Emm c address source and destination MAC address source IP address destination IP address or source and destination IP address INTELLINET Port These port icons are listed the same way as on the front panel Click on the icon to select the group members click the selected port again to remove it from the group Click New to create a new entry temporary until Submit is clicked Click Modify to change the settings of an existing entry temporary until Submit is clicked Click Remove to r
19. configure parameters then click Modify Changes will be updated in the display window To save any changes and make them effective immediately click Submit Click Refresh to refresh the settings 2 2 6 4 2 DVMRP This function is used for Multicast Route Multicast Route configuring DVMRP GMN DvMRP EIMON Distance Vector Proc ewoxDwPis eae y RETA Network DVMRP is Enable or disable Network Address DVMRP Enabled DVMRP for a specific network A Select the corresponding j Submit f Refresh network address to configure parameters then click Modify Changes will be updated in the display window To save any changes and make them effective immediately click Submit Click Refresh to refresh the settings NOTE Before setting this page make sure that P Multicast Route Mode on the IGMP screen is set to DVMRP ee mn d Multicast Route This screen for configuring PIM DM Protocol SEE Independent Multicast Dense Mode Status Enable or disable PIM DM for a specific interface Select the corresponding interface to configure parameters then click osae ETA vlani disable WEB MANAGEMENT SINTELLINET wo K SOLUTIO Modify Changes will be updated in the display window To save any changes and make them effective immediately click Submit Click Refresh to refresh the settings NOTE The system only supports PIM DM version 2
20. port IT IN d rer Port Setection astothimt 101 Auto Betresic 5 Seconds Color Light Hed le Draw EN 7INTELLINET 2 2 11 3 History Chart Display information for different ports and statistics items on this chart Since this shows the history of the statistics information the line chart keeps the old data even when it is refreshed Statistics nbournt Octets Port Selecione festuthernet 1071 Auto Reti esh Seconds e Color Light Red 2 2 12 Save Configuration Click Save to make the settings permanent by saving to the Flash memory Submit only saves changes to the RAM memory such changes will be lost if the switch is turned sult If you want to reset the switch s configuration click OK to reset the configuration file to factory defaults A system reboot will follow this restoration process NOTE You will lose all of your own configurations when you choose to restore the factory default configurations 2 3 Command Line Interface This section describes how to use console interface to configure the switch The switch provides RS 232 connectors to connect to your PC Use a terminal emulator on your PC such as HyperTerminal or command line interpreter to configure the switch Configure the terminal emulator with a baud rate of 9600 8 bit data no parity 1 stop bit and no flow control Once you re in CLI mode typing will display all available command help messages This is very
21. port is operating at 100 Mbps or link is down On green Port is operating at 100 Mbps If LED B is also on port is operating at 1000 Mbps If LED Bis on port is operating at 10 Mbps or link is down 1 2 Installation 1 2 1 Location Position The location of the switch can greatly affect its performance Consider these guidelines before placement connection and operation Choose a location that complies with the acceptable temperature and humidity ranges listed in the Specifications section Avoid placing the switch in the vicinity of strong electromagnetic field generators such as motors vibration dust and direct sunlight Allow at least 10 cm of space at the front and rear of the unit for ventilation As the switch is capable of connecting up to 28 network devices employing a combination of twisted pair and fiber cabling paths check that all cords connectors can be safely secured You have three options for positioning the switch For desktop use choose a clean flat surface with convenient access to an AC power outlet and affix the four included self adhesive rubber pads to the bottom of the unit For vertical mounting use the underside of the switch as a template to measure and mark out the position of the holes on the vertical surface where the unit is to be installed Then use the two screws provided to mount the switch firmly in place For rack mounting attach brackets to each side of the switch and place the brac
22. radius 2 3 3 27 Port Security 2 3 3 27 1 Show Port Security This is used to show the port security configuration status and MAC addresses information CLI Syntax show port security address interface IFNAME Example SWITCH show port security SWITCH show port security interface gi1 0 1 SWITCH show port security address SWITCH show port security interface gi1 0 1 address SINTELLINET NENE ERES 2 3 3 27 2 Clear Port Security This command is used to clear port security dynamic MAC addresses CLI Syntax clear port security dynamic address MAC interface IFNAME Example SWITCH clear port security dynamic SWITCH clear port security dynamic address 0023 1313 2313 SWITCH clear port security dynamic interface gi1 0 1 2 3 3 27 3 Switchport Port Security This command is used to set the port security configuration and MAC addresses CLI Syntax switchport port security mac address MAC maximum VALUE violation protect restrict shutdown reup Example config interface gi1 0 1 config if switchport port security config if switchport port security mac address 0023 1313 2313 config if switchport port security maximum 20 config if switchport port security violation protect config if switchport port security reup 2 3 3 27 4 Switchport Port Security Aging This command is used to set the port security aging configuration CLI Syntax switchport port security aging time TIME type absolute inactivity Exam
23. shot images have been modified to fit the format of this user manual SINTELLINET ar 1 HARDWARE 1 1 Front Panel Connections amp Indicators The Managed Layer 3 Access Switch utilizes ports with copper and SFP fiber port connectors functioning under Ethernet Fast Ethernet Gigabit Ethernet standards v INTELLINET 262728 PWRI PWR2 B 10 C 100 1 1 1 10 100Base TX Ports The 10 100Base TX ports 1 above support network speeds of either 10 Mbps or 100 Mbps and can operate in half and full duplex transfer modes These ports also offer automatic MDI MDI X crossover detection that gives true Plug and Play capability just plug the network cables into the ports and the ports will adjust according to the end node devices NOTE Cat3 cables or better are recommended for 10 Mbps connections Cat5 or better for 100 Mbps 1 1 2 10 100 1000Base T Ports The switch has four Gigabit 10 100 1000Base T ports 2 above for RJ 45 connectors that have the same features as the above mentioned 10 100 ports The only difference is that the Gigabit copper ports support network speeds of 10 100 1000 Mbps These four ports are located next to the four SFP type fiber slots and each of these RJ 45 ports is interchangeable with a corresponding SFP slot The Gigabit copper port will have the same number as its corresponding SFP slot This means that once an SFP slot is connected the corresponding RJ 45 port 25 26 27 or 28 won t function 1 1 3 SF
24. show arp show gyrp statistics IFNAME show ip forwarding u pan 3 On the Switch login line type the pre set password the factory default is admin Type 2 and press the Enter key for a list of the main commands As shown above the list command has been entered below the last main command listed 2 1 3 SNMP Based Management and Settings You can manage the Managed Layer 3 Access Switch with SNMP Manager software referred to as an agent that runs locally on the device The SNMP agent decodes the incoming SNMP messages and responds to requests with MIB Management Information Base objects that are defined and stored in the database The SNMP agent updates the MIB objects to generate statistics and counters The Simple Network Management Protocol SNMP is an application layer specifically designed for managing and monitoring network devices SNMP enables network management stations to read and modify the settings of gateways routers switches and other network devices Use SNMP to configure system features for proper operation to monitor performance and to detect potential problems in the switch switch group or network In short SNMP defines both the format of the MIB specifications and the protocol used to access this information over the network 2 1 3 1 MIB Objects The Management Information Base MIB stores management and counter information The switch uses the standard MIB II Management I
25. specific port CLI Syntax mac access group WORD in Example config if mac access group mac_acl_1 in 2 3 3 24 Port Access Control 2 3 3 24 1 Default System Authentication Control This command sets dot1x system authentication control to default CLI Syntax default dot1x system auth control Example config default dot1x system auth control 2 3 3 24 2 Dot1x Default This command resets the configurable 802 1x parameters to the default values CLI Syntax dot1x default Example config interface gi1 0 1 config if dot1x default 2 3 3 24 3 Dot1x Guest VLAN Use the dot1x guest vlan interface configuration command on the switch to specify an active VLAN as an 802 1X guest VLAN Use the no form of this command to return to the default setting CLI Syntax dot1x guest vlan lt 1 255 gt NEE amp INTELLINET Example config interface gi1 0 1 config if dot1x guest vlan 3 2 3 3 24 4 Dot1x Initialize Interface Use the dot1x initialize privileged EXEC command on the switch to manually return the specified 802 1X enabled interface to an unauthorized state before initiating a new authentication session on the interface CLI Syntax dot1x initialize interface IFNAME Example config dot1x initialize interface gi1 0 1 2 3 3 24 5 Dot1x Max Req Use the dot1x max req interface configuration command on the switch to set the maximum number of times that the switch sends an Extensible Authentication Protocol EAP reque
26. user EXEC command to display the parameters for all configured VLANs or one VLAN if the VLAN ID or name is specified on the switch CLI Syntax show vlan name string Example SWITCH show vlan VLAN1 NOTE VLAN is for system purposes like firmware upgrade management etc 2 3 3 5 2 Create a VLAN Entry Use the vlan id command to create a vlan entry on the Switch Use the name string command to create a vlan entry with a string on the Switch CLI Syntax vlan id Example config vlan 3 config vlan name vlan3 2 3 3 5 3 Interface VLAN VLAN ID This command changes the operation to vlan interface command mode CLI Syntax interface vian VLAN ID Example interface vlan 1 2 3 3 5 4 IP Address This command sets the ip address for a specific interface CLI Syntax ip address A B C D M Example config if ip address 192 168 20 121 24 NOTE This won t show you the interface name Remember which interface you re configuring 2 3 3 5 5 IP Helper Address This command enables a DHCP relay for a specific interface CLI Syntax ip helper address A B C D Example config if ip helper address 192 168 1 180 SINTELLINET NENE ERES 2 3 3 5 6 IP OSPF This command sets up OSPF interface parameters CLI Syntax ip ospf Example config if ip ospf 2 3 3 5 7 IP PIM This command sets up PIM DM interface parameters CLI Syntax ip pim Example config if ip pim dense mode 2 3 3 5 8 IP RIP This command sets up RIP interface parameter
27. will confuse the switch and cause flooding traffic To prevent this the switch only allows one untagging port to belong to one VLAN at the same time To assign an untagging port from one VLAN to another it first needs to be changed into something else in the original VLAN VLAN ID Requires the VLAN ID to be entered when a new VLAN is created Name Requires that a name be assigned for the VLAN DHCP Snooping If displayed Requires that a name be assigned for the VLAN Click New to create a new entry temporary until Submit is clicked Click Add to add new entry to list of entries temporary until Submit is clicked Click Modify to temporarily save changes to an existing entry temporary until Submit is clicked Click Remove to remove selected entry temporary until Submit is clicked Click Attach All to select all ports for a selected entry temporary until Submit is clicked Click Detach All to unselect all ports for a selected entry temporary until Submit is clicked aia INTELLINET Click Submit to commit the settings Click Refresh to display current switch settings To eventually make all changes permanent in Flash memory click on Save Configuration listed at the bottom of the Configuration Menu and click Save The Generic Attribute Registration fam Protocol GARP VLAN Registration Protocol GVRP is an application defined in the IEEE
28. 0 lani 3 Bridge 3 SNMP ES Filters 3 Security ES Traffic Chart IN Save Configuration Destination Enter the destination of the IP address Netmask Enter the subnet mask of the destination for generating the IP range to be routed Gateway IP Enter the gateway IP address of the next router the packets are to be sent to Metric Enter a metric value 1 15 The lower the metric value the more preferred the route Click Add after entering a new static route The newly added entry displays in the list window Delete the selected route by clicking Remove Routes that are added or removed will be stored in the configuration file immediately 2 2 6 2 RIP This section is used to activate the RIP routing protocol When RIP is turned on the switch will exchange routing information with neighbor switches that are also running RIP Three subsections present additional options Basic Passive Interfaces and RIP Version the latter two being accessible from the Basic screen as explained below A Deme EA SINTELLINET 2 2 6 2 1 Basic Network RIP is Enable Disable the RIP function for all Layer 3 interfaces All active L3 interfaces will be shown on the screen and you can then enable disable the RIP function for each NOTE Click Advanced gt gt to display the other two RIP screens 2 2 6 2 2 Passive Interfaces RIP If an interface doesn t need to receive and forward routing AAA updates dis
29. 2 config if qos egress bandwidth 100 10 SINTELLINET NENE ERES 2 3 3 22 SNMP 2 3 3 22 1 Show RMON Statistics To show rmon statistics IFNAME status CLI Syntax show rmon statistics IFNAME Example SWITCH show rmon statistics gi1 0 1 2 3 3 22 2 Show SNMP Server Community To show snmp server community CLI Syntax show snmp server community Example SWITCH show snmp server community 2 3 3 22 3 SNMP Server Host This command sets the SNMP host information CLI Syntax snmp server host A B C D Example config snmp server host 192 168 8 31 2 3 3 23 Filter 2 3 3 23 1 Deny Any Host Use this deny MAC access list configuration command on the switch to prevent non IP traffic from being forwarded if the conditions are matched Use the no form of this command to remove a deny condition from the named MAC access list CLI Syntax deny any host MACADDR VLANID Example config deny any host c2f3 220a 12f4 1 2 3 3 23 2 Filter Set This command defines an extended MAC access list using a name enter access list configuration mode CLI Syntax mac access list extended WORD Example config mac access list extended mac_acl_1 2 3 3 23 3 Filter Conditions This command specifies one or more conditions denied or permitted to decide if the packet is forwarded or dropped CLI Syntax permit deny any any Example config permit any any 2 3 3 23 4 Filter Attach This command is used to assign filter rule for a
30. CP IP Helper Address This is the IP address of your DHCP server Select the corresponding interface and configure the interface parameters then click Modify The field you changed will update the associated content in the display window To save any changes and make them effective immediately click Submit Click Refresh to refresh the display NOTE There is one important thing to remember regarding DHCP and VLANs Because each VLAN is a separate IP subnet you must configure your DHCP server to deliver IP addresses that are appropriate for each subnet With Windows 2000 s DHCP server you do this by setting up a separate DHCP realm for each VLAN Not all DHCP servers have this capability If your existing DHCP server works only with flat LANs you ll probably have to upgrade to a more sophisticated package SPECIAL NOTE It is strongly recommended that each interface have its own VLAN i e one VLAN should not be assigned for two interfaces Otherwise it will create confusion while RIP is enabled It is also recommended that only one physical port be assigned to the VLAN used for the L3 interface When assigning multiple ports to one L3 interface the L3 traffic will always go through the the port with lowest ID The traffic load sharing is not supported in this case 2 2 5 Router Reports Router Reports on the Config Menu displays the routing table of the switch parading Router Report 3 Physical Interface S IP Interface aa Routing
31. Community name Click Submit to commit the settings Click Refresh to display current switch settings To eventually make all changes permanent in Flash memory click on Save Configuration listed at the bottom of the Configuration Menu and click Save 2 2 8 2 Trap Setting By setting trap destination IP loci accom Version Coni addresses and ZOLL LL D ONE m community names a you can enable the Hoot IP Address Version Community SNMP trap function to send trap packets in different versions v1 or v2c Click Submit to commit the settings Click Refresh to oc display current switch settings To eventually make all changes permanent in Flash memory click on Save Configuration listed at the bottom of the Configuration Menu and click Save 2 2 8 3 SNMPv3 VGU Table Two concepts delineated on the three subsection screens that follow represent the new security features defined by SNMPv3 1 The User based Security Model USM which provides authentication encryption and decryption of SNMPv3 packets and 2 The View based Access Control Model VACM which provides access control On each of these option screens click Add to add the new entry to the list temporary until Submit is clicked Click Modify to temporarily save changes to an existing entry temporary until Submit is clicked Click Remove to remove a selected entry temporary until Submit is clicked
32. MANAGED LAYER 3 ACCESS MANUAL MODEL 523868 NETW OR K SOLUTIONS INT 523868 UM 0807 01 INTRODUCTION Thank you for purchasing the INTELLINET NETWORK SOLUTIONS Managed Layer 3 Access Switch Model 523868 This is a high performance managed SNMP switch that provides users with 24 10 100 Mbps Ethernet and four Gigabit combo ports The Web SNMP management provides remote control capability that gives flexible network management and monitoring options Whether managed through an in band SNMP management station an Internet Web browser or an out of band RS 232 console port the Managed Layer 3 Access Switch facilitates network operational control and diagnosis For increased bandwidth application it can accommodate up to 32 trunk groups with LACP link aggregation Moreover these trunk ports are set up with a fail over function to provide redundant backup if one or more ports are malfunctioning It also supports both 802 1Q VLAN and GVRP VLAN registration thereby simplifying network traffic segmentation broadcast domain extension and other associated benefits of constructing VLANs The abundance of popular features highlighted below translates into increased efficiency and performance in network administration and the easy to follow instructions in this user manual help make setup and operation quick and simple Integrated 10 100 Mbps LAN switch with Auto MDI MDI X support Supports virtual server port forwa
33. NOTE Before enabling IP Multicast Route Mode on the IGMP screen must be set to PIM DM 2 2 6 5 VRRP The Virtual Router Redundancy Protocol VRRP is designed to eliminate the weak point inherent in the static default routed environment VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN The VRRP router controlling the IP address es associated with a virtual router is called the master and forwards packets sent to these IP addresses The election process provides dynamic fail over in the forwarding responsibility should the master become unavailable Any of the virtual router s IP addresses on a LAN can then be used as the default first hop router by end hosts The advantage gained from using VRRP is a higher availability default path without requiring any configuration of dynamic routing or router discovery protocols on every end host VRRP Interface selected by table Mirtual ID 1 255 Virtual IP Priority 1 254 255 reserved def 100 Add For new ID for this Interface Advertisement Interval 1 255 def 1 Modify For same ID for this Interface Preempt Mode def Preempt Clear all VRRP Parameters Interface Virtual ID Virtual ID One virtual router ID can be used as the default gateway for one or several VLANs The range is 1 255 Virtual IP This can be any IP address that belongs to the VLAN to be managed In gener
34. P Slots for SFP Modules The four SFP slots 3 above are designed to house Gigabit SFP modules that support network speeds of 1000 Mbps These slots are interchangeable with the four 1000Base T ports to their left and the slots have the same port numbers as their corresponding 1000Base T ports This means that once an SFP slot is connected via an SFP module the correspondingly numbered 1000Base T port 25 26 27 or 28 won t function 1 1 4 LEDs The switch is equipped with Unit LEDs 4 above which indicate the status of the device and Port LEDs which display what is happening with all of the connections Unit LED Condition Status POST Flashing Indicating POST Power On Self Test function upon start up On POST function successfully performed On Green Primary power normal Off Primary power off or failure On Green Backup power normal Off Backup power off or failure E CONNECTIONS amp INDICATORS VY INTELLINET Port LED Condition Status 10 100 On green Port operating at 100 Mbps copper Off Port operating at below 100 Mbps ACT On green Illuminated when connectors are attached Flashing green Data traffic passing through port Off No valid link established on port A 25 28 On green Illuminated when connectors are attached Gigabit E net Flashing green Data traffic passing through port O No valid link established on port Port is operating at 10 Mbps If LED C is also on port is operating at 1000 Mbps If LED C is on
35. P Status Currentroots Bridge Parameters Port Parameters or disable STP Modes Three modes are available in the drop down menu STP RSTP Rapid STP and MSTP Multiple STP If MSTP is enabled the following four attributes are en LANGroup 00 T enabled at the same time Region Name This is an alphanumeric configuration ZZ name Revision This is a we rr configuration revision EZ E number to identify the region along with Region Name Instance ID You can configure MSTP on your switch to map multiple VLANs into a single STP instance VLAN Group A group associates each of the potential 4094 VLANS to the given instance 2 2 7 1 2 Current Roots This screen not shown displays information about the current root bridge MAC address priority maximum age hello timer forwarding delay timer and path cost 2 2 7 1 3 Bridge Parameters The spanning tree parameters of BPDU bridge protocol data unit transmission can be configured on this screen Hello Time This is the interval fi between the generation of configuration ffc BPDUs Max Age This is a timeout value to be used by all bridges in the LAN Forward Delay This is a timeout value to be used by all bridges in the LAN Bridge Priority This is the switch priority in the LAN Transmission Limit The root switch of the instance always sends a BPDU or Mrecord with a cost of 0 and the transmission limit set to the maximum value 2 2 7 1 4 Po
36. Roving PA __Desinston ask eco ve mte Rrk tant 0000 0000 220 728 199 33 9 SNMP connected 127000 4000 c cens connected 220 228 255 32 Want 2 Socunty e 3 Traffic Chart 3 Save Configuration Lm 0 WEB MANAGEMENT SINTELLINET Routing Protocol This is the routing protocol type of the route If it s connected the destination is on the local LAN segment connected to the interface Destination The destination IP address will be masked to generate an IP range as the objective IP addresses of packets to be routed Mask This is the mask for generating a range of IP addresses Connected via This is the IP address of the next router for routing to another network Interface This is the interface or VLAN ID from which the packets are routed outside 2 2 6 Routing Routing on the Config Menu presents Static Route RIP OSPF Multicast Route and VRRP 2 2 6 1 Static Route This section is used to add a routing entry into the switch routing table A routing entry added this way will never be deleted by the system hence the designation as static The parameters below must be input in order to configure a static route Contig Menu wegen Static Route Management Dip Sip i Reboot Destination Bi Firmware Upgra Physical Interface Netmask Ex 255 255 255 0 D IP Interface Router Report D DI c Ro ute rs 0 15 D Multicast Route Gateway IP Metric Interface Y VRRP 0 0 0 0 168
37. a user named Tony CLI Syntax delete user WORD Example delete user tony 2 3 3 4 Physical Interface Commands 2 3 3 4 1 Interface Mode Use the auto negotiation configuration command on the switch to set the auto negotiation COUMANDURSRREREISE amp INTELLINET Status of the port CLI Syntax auto negotiation Example config interface gi1 0 2 config if auto negotiation This example shows how to use the auto negotiation configuration command on the switch to enable the auto negotiation mode 2 3 3 4 2 Interface Duplex Use the duplex configuration command on the switch to set duplex status of the port CLI Syntax duplex full half Example config interface gi1 0 2 config if duplex full This example shows how to use the duplex configuration command on the switch to set full duplex on the interface 2 3 3 4 3 Interface Flow Control Use the flow control configuration command on the switch to set flow control status of the port CLI Syntax flowcontrol rx tx both onloff Example config interface gi1 0 2 config if flowcontrol both on This example shows how to use the flow control configuration command on the switch to set flow control both on 2 3 3 4 4 Show L2 Interface Use the show I2 interface command on the switch to show 12 interface status CLI Syntax show I2 interfaces IFNAME Example SWITCH show I2 interface gi1 0 2 2 3 3 5 IP Interface 2 3 3 5 1 Show VLAN Name String Use the show vlan
38. able the sending of the updates through it The particular subnet will continue to advertise other interfaces of routing updates Passive Interface disable ET and routing updates from other routers on that interface will continue TENE to be received and processed ni paan Passive Interface Enable disable the passive interface function for a specific L3 interface If an interface is enabled as passive the RIP update messages will not be sent out through it except to RIP neighbors 2 2 6 2 3 RIP Version r RIP The Managed Layer 3 Access Switch can support RIPv1 RIPv2 amp or both Incoming Packets Used to Incoming Packets RIP Version specify the RIP version for the ee z interpretation of incoming RIP Outgoing Packets RIP version TET packets Outgoing Packet Used to specify Instance the RIP version for sending en Botti Versions RIP version 2 RIP packets to a neighboring Submit pRetrosh router 2 2 6 3 OSPF This section is used to configure the Open Shortest Path First OSPF routing protocol Three subsections present additional options Basic Interfaces and Area P Address 192 168 0 016 w 226 31 Basic w 00 FEE You can use this page to add L3 M interfaces to specific OSPF areas 3 IP Address All active L3 IP Address Area interfaces are displayed you can select any one of them to configure as an OSPF interface eu fm Area Specify the area
39. ake all changes permanent in Flash memory click on Save Configuration listed at the bottom of the Configuration Menu and click Save 2 2 7 5 Static Multicast This screen is for adding multicast addresses into the multicast table The switch can hold up to 256 multicast entries All the ports in the group will forward the specified multicast packets to other ports in the group SINTELLINET EEE Static Multicast _ MAC Address cos VLAN ID h E Page Down 1 3 5 7 s J1 33 38 1 319 21 23 S688 Ahh Ahh 2 4 6 8 170 23 4 6 18 20 2 24 MAG Address a Ports Cos VLAN ID Select a port from the selection panel or select an existing group address from the window list MAC Address Assign the multicast address CoS Assign the priority for the Class of Service of VLAN frames VLAN ID Select the VLAN group a VLAN based feature Click Submit to commit the settings Click Refresh to display current switch settings To eventually make all changes permanent in Flash memory click on Save Configuration listed at the bottom of the Configuration Menu and click Save 2 2 7 6 IGMP Snooping This screen with subsections of Setting and Multicast Group which options that help reduce the multicast traffic on the network by allowing the IGMP snooping function to be turned on or off 2 2 7 6 1 Setting E disabled Enable IGMP Snooping Select to VLANID Status Immediate Leav
40. al it can be the same as the interface IP address acting as the master router Priority This is the virtual router priority used by this VRRP router in selecting the master for this virtual router The range is 1 254 default is 100 with higher values meaning higher priority The value of 255 decimal is reserved for the router that owns the IP addresses associated with the virtual router Zero is reserved for the master router to indicate that it is releasing responsibility for the virtual router The range 1 254 decimal is available for VRRP routers backing up the virtual router Advertisement Interval This is the time interval between advertisements in seconds Default is 1 second Preempt Mode Controls whether a higher priority backup router preempts a lower priority master Values are True to allow preemption and False to prohibit preemption Default is True 2 2 7 Bridge The Bridge page group contains Layer 2 configurations The 12 subsections are Spanning Tree Link Aggregation Static LACP Mirroring Static Multicast IGMP Snooping Traffic Control Dynamic Addresses Static Addresses VLAN Configuration GVRP and QoS CoS 2 2 7 1 Spanning Tree This section is for configuring the Spanning Tree Protocol Four subsections present additional options STP Status Current Roots Bridge Parameters and Port Parameters SINTELLINET Een 2 2 7 1 1 STP Status Spanning Tree This screen lets you enable ST
41. al Time This command sets the interval time for the IGMP queries sent by the switch CLI Syntax ip igmp snooping last member query interval TIMEVALUE Example config ip igmp snooping last member query interval 100 2 3 3 16 Traffic Control 2 3 3 16 1 Storm Control Use the storm control configuration command on the switch to set the limit rate of the port s total bandwidth used by broadcast dlf multicast CLI Syntax storm control broadcast dlf multicast LIMIT RATE Example config storm control broadcast 25 2 3 3 16 2 No Storm Control Use the no storm control configuration command on the switch to disable the limit rate of the port s total bandwidth used by broadcast dlf multicast CLI Syntax no storm control broadcast dlf multicast Example config if no storm control broadcast 2 3 3 16 3 Show Storm Control Use the show storm control configuration command on the switchto show the limit rate of the port s total bandwidth used by broadcast dlf multicast CLI Syntax show storm control IFNAME broadcastlalfimulticast Example SWITCH show storm control gi1 0 1 broadcast 2 3 3 17 Dynamic Addresses 2 3 3 17 1 Clear Dynamic MAC Address Use the write configuration command on the switch stack or stand alone switch to clear dynamic L2 MAC addresses in the database CLI Syntax clear mac address table dynamic address MAC_ADDR Example config clear mac address table dynamic address 0000 1111 2222 2 3 3 17 2 Aging Time
42. ction amp FCO Wald nee 3 MES D o c 6 1 1 Front Panel Connections amp Indicators o capio eerta ceto dea 6 E11 AAA 6 EZ 101001000B466 T POTS anne era 6 1 13 SFP Slots for SFP Modules an ae 6 A 6 PA T 121 Location Polieren 7 122 Powenng erus er 7 1 2 3 Installing the SFP Modules and Fiber Cable 8 1 2 4 Connecting Copper Cable essere 8 1 2 5 Connecting the Console Port Cable esee 8 1 2 6 Connecting to Computers or a LAN c cccccssssssscsssssssrsersssssesaeseessssassneees 8 2 SWITCH MANAGEMENT OPERATION eren 8 2 1 System OVI VIG tia 8 2 1 1 Configuration Using the Console Port RS 232 sess 9 2 1 1 1 Using HyperTerminal to Set the IP Address 9 2 1 2 Configuration Using Telnet and SSH sess 10 2 1 3 SNMP Based Management and Settings sss T1 PA EO MEM 209 00 RR m 11 2A CV MEE CU t 11 2 1 4 Initial Connection to the Switch ccccssssssesssssscssssseseessssssssseseesseeseess 12 2 2 Wep Management srren n AAEE E 13 ZI EO ee nee 13 MES o A ee eee ee 14 23 24 Manage Mr engere 14 2222 ODD ue eee QUNM INE 14 2223 A ee cta RUE 14 2 2 2 4 Firmware Upgrade ori 14 223 Physical DEN ee ee ne ce c ere een 15 2231 Interfac
43. ddress xxx xxx xxx xxx set tftp client IP address loadbx none none load binary file over serial line X modem netmask mask XXX XXX XXX XXX set network mask ing host XXX XXX XXX XXX send ICMP ECHO REQUEST to network host pwd none none reset switch password reset none none perform reset of the CPU serverip IP address xxx xxx xxx xxx set tftp server IP address slot slot 1 2 auto select boot slot to boot tftpboot filename Example load image via network using TFTP protocol 3112single img version none none print monitor version 2 3 2 Login and Logout To enter the CLI mode you must present a valid username and password With the first login you can enter admin as the username without a password For security reasons change the username and password after login If you forget the username and password you can contact the support team or restore the default user account in the Boot ROM Command mode pwd If you select the second choice the default username admin will be restored Type exit to leave the CLI mode safely This action allows you to secure the CLI mode The next user has to log in again with an authorized username and password 2 3 3 CLI Commands The switch provides CLI commands for all managed functions so you can set up the switch as easily as using a Web interface NOTE Always use or list to get the available commands list and help Always use end to get back to the root direc
44. e globally enable IGMP snooping in all existing VLAN interfaces By default IGMP snooping is globally enabled on the switch If global Submit Refresh snooping is disabled you cannot enable VLAN snooping If global snooping is enabled you can enable or disable VLAN snooping Last Member Query Interval Without Immediate Leave see below when the switch receives an IGMP leave message from a subscriber on a receiver port it sends out an IGMP query on that port and waits for IGMP group membership reports If no reports are received in a configured time period the receiver port is removed from multicast group membership Status If global snooping is enabled you can enable or disable VLAN snooping Immediate Leave When enabled the switch immediately removes a port when it detects an IGMP version 2 leave message on that port You should use the Immediate Leave feature only when there is a single host present on every port in the VLAN Immediate Leave is supported with only IGMP version 2 hosts If the static entries occupy all 256 spaces IGMP snooping normally does not work The switch only allows 256 Layer 2 multicast groups asad Modify WEB MANAGEMENT GC INTELLINET 2 2 7 7 Traffic Control Traffic Control protects the switch bandwidth from flooding packets including broadcast packets multicast packets and unicast packets caused by destination address lookup failure The limit number is a threshold that limits
45. e Configuration nennen 15 223 2 AAA RU HERR TE er ERA CUR oL 15 Zu a I o ee EE 16 2 25 ROEI ICON eii 16 ra uM e A A EE E IAEE 17 2201 AAA RE 17 2202 ea 17 LO DS ota 18 220 Multicast ROU nern 19 Bohn INTELLINET PLN ss 21 22 1 Spanning gt See ee es ee rere nen eee ep ener 21 2 2 1 2 Link Aggregation Static sess 23 La MA is 24 2274 MONO o ies 29 22 1 9 Statie MUN CASE secs tiani att rtr rk n ated 25 2210 OMPI its 26 2212 Weare CONTO en 21 2 2 1 8 Dynamic AQUesses eir rere iere sanear Zi 2 2 79 Static Addresses 28 227 0 VLAN COMO ION ee 28 LAI OVRE 29 PA ON its 29 LS Na 31 LEN MEME NIIS ERR 31 2292 WAN SCI ao 31 2293 2 0 ESS VOU AO sl 31 A A 33 LL91 TD E Nm 33 2292 MAMA ierann aAA ER 34 A A 34 2 2 10 1 Port Access CODLUOL caecitate iii 34 22102 Dial ln SOR arcu rrt trema ete eee edu neve aisla 35 LaS A EEEE TEE 35 2 217 Veto eg e ee a ne Te 36 2 2 11 1 Traffic Comparison Chart oooconcccccnicnnocononcocnnononanonanonncnnnonnnrnos 36 22112 OU ea 36 2 AN History Chail eaea 37 2 2 12 Save Configuratio ne ee een 37 2 9 Command Line WUC ACE ins os 37 2al A asia 37 2 3 1 1 Boot ROM Command Mode seen 37 2 3 1 2 Boot ROM COMNMA Scion caian ata 38 Ze kodin AO ria 38 233 CLU EG nn ass 38 2 3 4 Miscellaneous Commands esses 50 3 Ns 50 NOTE Some screen
46. e fields in the Interface Configuration window and check the results in the Runtime Status window 2 2 3 1 Interface Configuration ES Config Menu o 3 System hysical Interface A Physical Interface ATA rw ve Interface Configuration Rur 3 IP Interface Runtime Statu D Router Reports DHCP Snoop Disable Ir o ES Routing o ES Bridge T m unirustod a lt co o Filters r1 ol both off M Modify rl sey ode wo gt ES Traffic Chart m BE ze Save Configuration Interface Status Flow Control DHCP Snooping fastethernett 0 1 Enable both off Untrusted fastethernet1 0 2 Enable fastethernet1J0 10 Enable auto bothoff Untusted No T Submit Refresh Port Select the port to configure Status Enable disable the port Mode Set the speed and duplex mode Flow Control Enable disable the 802 3x flow control mechanism DHCP Snoop Enable disable the DHCP snooping function Snooping Assign the selected port to be an untrusted or trusted port Select the corresponding port number and configure the port setting then click Modify The field you change will update the content of the display window However the new settings do not take effect until Submit is clicked 2 2 3 2 Runtime Physical Interface Status Interface Configuration Runtime Status Ethernet Link The mss link IS connected Interface Ethernet Link STP Statu
47. e for MAC rule one for IP rule If the MAC field is left blank the rules will disregard the MAC value In the IP rule setup you can select any of the five types source IP destination IP protocol source application port or destination application port The Action field determines if the packet should be dropped or forwarded when it matches the rule If a packet matches two rules with different actions the packet will follow the rule listed first SINTELLINET amp MAC Finer Name m 5 fte e 1 99 IP standard access Kst 100 400 W eodomiend omms lind 1300 1909 IP standard access st expanded range 2000 2699 IP extended access list expanded range MAC Filter Name Ingress Ports iP Filter ID EI Filter Rule Hier Pate MAC nos MAC Mame T Aten pena Seurce MAC c0 Desnnaten MAC Type Aw TW dew MAC MAC Crees Poet Sowre MAC Source Mark MAS Destnaton MAC Destoaton Mas Y gt Filter Rule Filter Pula ioe P Name 22 Acton permit X Source IP Destasatiun P Twe T v Twe p m Wildcard Witicerd arci Brewaldcard DetiP DetWidcar D y WEB MANAGEMENT 2 2 9 2 Filter Attach Filter Attach A filter set is idle if you did not attach ittoany we ln ingress port Use this screen to attach a filter set to ingress ports Click Attach All to apply the filter set to all the ports of the system Er fo Click Detach All to r
48. e the port if one of the hosts passed the authentication If disabled only one host is allowed to use the port Authentication Control If Force Authorized is selected the selected port is force authorized Esa GINTELLINET i e traffic from all hosts is allowed to pass If Force Unauthorized is selected the selected port is blocked and no traffic can go through If Auto is selected the behavior of the selected port is controlled by the 802 1x protocol All ports should be set to Auto under normal conditions Reauthentication Once enabled the switch will try to authenticate the port user again when the re authentication time is up Reauthentication Time If Reauthentication is enabled this is the time period the switch uses to re send authentication request to the port user see above Quiet Period If authentication failed the switch waits upon this time period before sending another authentication request to the port user Retransmission Time lf the port user failed to respond to authentication request from the switch the switch waits for this time period before sending another authentication request to the port user Max Reauthent Attempt This is the re try count ifthe port user failed to respond to authentication requests from the switch Guest VLAN Specify a guest VLAN to clients that are not 802 1x capable Click Submit to commit the settings Click Refresh to display current switch settings
49. emove all the filters from the attached ports Click Submit to commit the settings Click Refresh to display current switch settings To eventually make all changes permanent in Flash memory click on Save Configuration listed at the bottom of the Configuration Menu and click Save NOTE You may not detach certain ports after issuing an Attach All command If you wish to detach ports use the Detach All command NOTE Once the filter set is attached to the ingress ports it will filter the packets according to the ingress port and the packet fields in the rules e g a set with a single rule to filter out the destination MAC address 00 10 20 30 40 50 is attached to Ingress Port 3 but a packet with the destination MAC 00 10 20 30 40 50 from Port 3 is not permitted 2 2 10 Security The switch supports the 802 1x port based security feature Only authorized hosts are allowed to access the switch port Traffic from unauthenticated hosts will be blocked Authentication can be provided via a RADIUS server or the local database in the switch The switch also supports dynamic VLAN assignment through the 802 1x authentication process NOTE The VLAN information for the users ports should be configured in the authentication server before enabling this feature 2 2 10 1 Port Access Port Access Control 1 3 5 7 9 TE 1X 98 7 19 21 23 Ae hkhk AA 2 4 6 B 40 12 Ww 18 20 22 24 I7 ingress
50. emove an existing entry temporary until Submit is clicked Click Attach All to select all ports for a selected entry temporary until Submit is clicked Click Detach All to unselect all ports for a selected entry temporary until Submit is clicked Click Submit to commit the settings Click Refresh to display current switch settings To eventually make all changes permanent in Flash memory click on Save Configuration listed at the bottom of the Configuration Menu and click Save It s important that you check the runtime link speed and duplex mode to make sure the trunk is physically active Go to Physical Interface subsection 2 2 3 2 and check the link mode on the runtime status screen for the trunk ports If all the trunk members are in the same speed and full duplex mode then the trunk group is set up successfully If one of the members is not in the same speed or ful duplex mode the trunk is not set correctly Check the link partner and change the settings to have the same speed and full duplex mode for all the members of your trunk group To reiterate All ports in the link aggregation group must operate in full duplex mode at the same speed All ports in the link aggregation group must be configured in auto negotiation mode or full duplex mode This configuration will make the full duplex link possible If you set the ports in full duplex force mode then the link partner must have
51. ermanent in Flash memory click on Save Configuration listed at the bottom of the Configuration Menu and click Save 2 2 2 2 IP Setup IP Setup IP Address This is the IP address for the switch Network Mask This is the network mask for this network stereo Default Gateway This is the default gateway of the network Click Submit to commit the settings Click Refresh to Bil display current switch settings To eventually make all T7019 ezi801 changes permanent in Flash memory click on Save Configuration listed at the bottom of the Configuration Submit Refresh Menu and click Save 2 2 2 3 Reboot Reboot Clicking Reboot rebooting the system stops the network traffic and terminates the Web interface connection ee 2 2 2 4 Firmware Upgrade Firmware Upgrade Enter the TFTP server IP address and firmware filename e g enter 192 168 1 155 and 3112Single v10 img ase nn Click Upgrade to update the switch s firmware from the TFTP server Click Upload to load the assigned File Name el firmware to the switch then reboot the system after a ex 570 Rimage img successful firmware update You ll need to log in to the Web interface again Upgrade WEB MANAGEMENT INTELLINET 2 2 3 Physical Interface Physical Interface on the Config Menu displays Ethernet port status in real time Two options are available Configure the port in th
52. f the VLAN ID or name is specified on the switch CLI Syntax show vlan name string Example SWITCH show vlan name VLAN1 2 3 3 19 2 VLAN VID Use the vlan vid command to create a vlan entry on the switch CLI Syntax vlan vid Example config vlan 2 2 3 3 19 3 Name String Use the name string command to create a vian entry with a string on the switch CLI Syntax name string Example config vlan name VLAN2 2 3 3 19 4 Access VLAN Set access mode characteristics of all interfaces and Set Virtual LAN CLI Syntax switchport access vlan lt 1 4094 gt Example config interface fa1 0 2 config if switchport access vlan 1 2 3 3 19 5 Allowed VLANs Use the switchport trunk allowed vlan configuration command on the switch to add or remove the VLANs that are allowed to receive and send traffic on this interface in tagged format when in trunking mode CLI Syntax switchport trunk allowed vlan add remove VLANLIST Example config interface fa1 0 2 config if switchport trunk allowed vlan add 1 NENEN amp INTELLINET 2 3 3 20 GVRP 2 3 3 20 1 Clear GVRP Statistics Use the clear gvrp statistics configuration command on the switch to clear all the GVRP Statistics information on one or all interfaces CLI Syntax clear gvrp statistics IFNAME Example SWITCH clear gvrp statistics gi1 0 2 2 3 3 20 2 Default GVRP Configuration This command sets the GVRP configuration to default CLI Syntax default gvrp con
53. figuration Example SWITCH default gvrp configuration 2 3 3 20 3 GVRP Mode This command sets the GVRP feature to globally be enabled or disabled on the switch CLI Syntax gvrp mode enable disable Example SWITCH gvrp mode enable 2 3 3 20 4 Show GVRP Configuration To show gvrp configuration IFNAME status CLI Syntax show gvrp configuration IFNAME Example SWITCH show gvrp configuration gi1 0 1 2 3 3 20 5 Show GVRP Statistics To show gvrp statistics IFNAME status CLI Syntax show gvrp statistics IFNAME Example SWITCH show gvrp statistics gi1 0 1 2 3 3 21 CoS QoS 2 3 3 21 1 Queue CoS Map Use the queue cos map configuration command on the switch to select the CoS queue that a given priority should map into CLI Syntax queue cos map PRIORITY QUEUE Example SWITCH queue cos map 1 3 2 3 3 21 2 Show Queue CoS Map This command shows the information of CoS and priority mapping CLI Syntax show queue cos map Example config show queue cos map 2 3 3 21 3 QoS Mode This command sets gos mode to highfirst mode CLI Syntax gos mode high_first Example config qos mode high_first 2 3 3 21 4 Show QoS Mode This command shows the gos mode CLI Syntax show qos mode Example config show qos mode 2 3 3 21 5 QoS Egress Bandwidth This command is used to set the QoS bandwidth informational parameter for the outgoing packets CLI Syntax qos egress bandwidth LIMIT RATE BURST RATE Example config int gi1 0
54. forward Ports 24 x RJ 45 Fast Ethernet ports 4 RJ 45 Gigabit ports 4 SFP Mini GBIC transceiver module slots Certifications FCC Class A CE Mark EN 60950 Configuration Options Full and half duplex per Fast Ethernet port Port link speed 10 Mbps 100 Mbps or auto negotiation for Fast Ethernet ports Port ingress egress control VLAN Port based Tag based 4096 VLANs with GVRP for dynamic VLAN registration Quality of Service QoS 6 priority levels priority options First Come First Serve High First and Weighted Round Robin WRR CoS Queue Mapping Ingress Egress bandwidth Port Mirroring for all ports with sniffer port configuration Port Aggregation Trunking 32 groups with up to 8 member ports per trunk SNMP Management with Host Table Trap Setting and SNMPv3 VGU Table configuration Management Agent SNMP Support MIB Il Bridge MIB Ethernet MIB RMON MIB SNMP Standards amp Protocols RFC 1213 MIB II RFC 1493 Bridge MIB RFC 1643 Ethernet Interface MIB RFC 1757 RMON RFC 1112 2236 IGMP Snooping v1 v2 RFC 1350 TFTP LEDs Power Supply 1 Power Supply 2 Post function Link Speed per Fast Ethernet port 10 100 Mbps Link Speed per Gigabit port 10 100 1000 Mbps e Link Activity per port Power Internal power supply 100 to 240 V AC 50 60 Hz Power consumption 40 Watts maximum Environmental Metal housing 19 rackmount 1 U Dimensions 440 W x 184 L x
55. hernet1 0 8 Disabled side is not capable of Wi ctememeton Disabled sending GVRP astethernet1 0 10 Disabled A astethernet1 0 11 Disabled messages or if you do astethernet1 0 12 Disabled fastethernet1 0 13 Disabled not want to allow the astethemet1 0 14 Disabled switch to prune any of A the VLANs use the fixed mode Fixed mode ports will forward for all VLANs that exist in the switch database Ports in forbidden mode forward only for VLAN 1 2 2 712 QoS CoS Three screens are presented in QoS CoS Quality of Service Class of Service 802 1p Priority QoS Queue Mapping and QoS Bandwidth 2 2 7 12 1 802 1p Priority Each port has eight egress queues These queues can either be configured with the Weighted Round Robin WRR scheduling algorithm or with one queue as a strict priority queue and the other queues for WRR The strict priority queue must be empty before the other queues are 10 eco Poy ry e e BII IMI NM M ninio Diojojojojojojojojojojo BOY pog pou EY pog poi poi ES ojojojojojojojolo ejoijojojico jojo eOjojoiljojoljojo Submit Refresh INTELLINET BEE EEE serviced You can use the strict priority queue for mission critical and time sensitive traffic There are three options First Come First Service The first come frame has the highest priority High First A packet s priority depends on its CoS value Weighted Round Robin WRR If WRR scheduling algorithm is enabled the ratio of
56. kets in the rack s slots Insert and tighten two screws to secure the bracket to the rack on each side 1 2 2 Powering On the Unit The switch uses an AC power supply 100 240 V AC 50 60 Hz or 48 V DC The power on off switch is located at the rear of the unit adjacent to the AC power connector and the system fans The switch s power supply automatically self adjusts to the local power source and may be powered on without having any or all LAN segment cables connected 1 Plug the power cable directly into the receptacle located at the back of the device 2 Plug the power adapter into an available socket NOTE For international use you may need to change the AC power adapter cord Use only a power cord set that has been approved for the receptacle type and electrical current in the country you re in 3 Check the front panel LEDs as the device is powered on to verify that the PWR LEDs are lit If they re not check that the power cable is correctly and securely plugged in WARNING Because invisible laser radiation may be emitted from the aperture of the ports when no cable is connected avoid exposure to laser radiation and do not stare into open apertures SINTELLINET 1 2 3 Installing the SFP Modules and Fiber Cable 1 Slide the selected SFP module into one of the four Gigabit SFP slots below the RS 232 port making sure the SFP module is aligned correctly with the inside of the slot 2 Insert and slide the modu
57. l LACP operation add set or disable for the trunk group ports on the switch CLI Syntax lacp aggregation link trunk STACKID disable lt 1 12 gt Example SWITCH lacp aggregation link trunk 1 disable 2 2 3 3 12 4 LACP Port Priority This command sets the port priority for the Link Aggregation Control Protocol LACP on the switch CLI Syntax lacp port priority lt 1 65535 gt Example config interface fa1 0 2 config if lacp port priority 1000 2 3 3 12 5 LACP System Priority This sets the system priority for the Link Aggregation Control Protocol LACP on the switch CLI Syntax lacp system priority lt 1 65535 gt Example config lacp system priority 20000 2 3 3 13 Mirroring 2 3 3 13 1 Mirror Mode To set the port mirror mode CLI Syntax mirror mode Example config mirror mode 2 2 3 3 13 2 Mirror Setting This command mirrors the source interface list traffic to the destination interface The mirror type supports received traffic transmitted traffic or both CLI Syntax mirror IFLIST to IFNAME rx tx both Example config mirror gi1 0 3 5 to gi1 0 9 both 2 3 3 13 3 Show Mirror To show current mirror features CLI Syntax Show mirror Example SWITCH show mirror 2 3 3 13 4 No Mirror This command resets the source interface s received or transmitted traffic or both to the destination interface CLI Syntax no mirror SRCIFLIST rx tx both Example config no mirror gi1 0 1 gi1 0 4 rx 2 3 3 14 Static
58. le into the SFP slot until it clicks into place removing any rubber plugs that may be present in the SFP module s mouth 3 Align the fiber cable s connector with the SFP module s mouth and slide the connector in until a click is heard To pull the connector out first push down the release clip on top of the connector Check the corresponding port LED on the front panel to be sure the connection is valid see subsection 1 1 4 TIP To properly connect fiber cabling check that the fiber terminators are clean You can clean the cable plugs by wiping them gently with a clean tissue or cotton ball moistened with a little ethanol Dirty fiber terminators on fiber optic cables will impair the quality of the light transmitted through the cable and lead to degraded performance on the port 1 2 4 Connecting Copper Cable The 10 100Base TX RJ 45 Ethernet port fully supports auto sensing and auto negotiation 1 Insert one end of a Category 3 4 5 5e twisted pair cable into an available RJ 45 port on the switch and the other end into the port of the network node 2 Check the corresponding port LED on the front panel to ensure the connection is valid see subsection 1 1 4 1 2 5 Connecting the Console Port Cable The console port DB 9 provides the out of band management facility 1 Use null modem cable to connect the console port on the front panel of the switch to the computer COM port 2 Configure the HyperTerminal settings as explained i
59. minal attached to the console port The console port is set at the factory with the following default COM port properties Baud rate 38 400 Data size 8 bits Parity None Stop bits 1 Flow Control None NOTE Configure your own terminal to match these settings otherwise the connection will not work 2 1 1 1 Using HyperTerminal to Set the IP Address 1 Verify that a console cable RJ 45 to DB9 for the RS 232 connection between the switch and the workstation exists 2 Launch the terminal emulation program on the remote workstation and power on the switch Confirm that the correct COM port is selected Connect To gt 57000 Enter details for the phone number that you want to dial Country region ned States 1 Area code Connect using y 3 Enter the correct parameters according to the defaults presented above Click OK COR Properties Port Settings Bits per second Data bits Parity Stop bits Flow control None v Restore Defaults SINTELLINET secre ME 3 The prompt screen will display The default login is admin with no preset password just press the Enter key 4 The prompt Turn on privileged mode command Switch gt will Exit current mode and down to previous mode display For a Print command list list of main Send echo messages commands Exit current mode and down to previous mode t ann d Show running system informatio
60. n ype j an Open a telnet connection press Enter Trace route to destination For a list of internal use onl subcommands type a main command such as list and press Enter After a successful login type the following command lines to change the device IP network mask and gateway address The xxx segments represent values between 0 and 255 Be sure to enter your IP address information in this form including the periods separating the segments as the configuration program will not accept any other format e set ethO ip xxx Xxx XXX XXX set eth netmask xxX xXX XXX XXX set ethO gateway XXXJ00CXXX XXX Once the new information has been entered the system will confirm whether the operation is successful and restart automatically Record the new address information and store it in a secure location NOTE With HyperTerminal the command lines are the same as for Telnet You can continue using HyperTerminal along with the instructions given in the following sections Otherwise log out by typing exit and pressing the Enter key Then you can configure the switch via an HTTP Web browser or by using Telnet with menu driven or command line interfaces NOTE Remember that IP addresses are unique If an address isn t available contact your Internet service provider to obtain one 2 1 2 Configuration Using Telnet and SSH 1 Activate your workstation s command prompt program X Pul TY Configuration
61. n the next section s 1 2 6 Connecting to Computers or a LAN Use Ethernet cable either crossover or straight through to connect computers or hubs or other switches directly to the Managed Layer 3 Access Switch ports NOTE Use a twisted pair Category 5 Ethernet cable to connect the 1000Base T port otherwise the link speed cannot reach 1 Gbps 2 SWITCH MANAGEMENT OPERATION 2 1 System Overview This system can be managed three ways Out of band through the console port on the front panel e In band by using Telnet or By using Web based management accessible through a Web browser which allows you to configure the switch monitor the LED panel and display statistics graphically after a successful installation EM eee amp INTELLINET 2 1 1 Configuration Using the Console Port RS 232 Prior to accessing the switch s onboard agent software that supports SNMP see subsection 2 1 3 below via a network connection first configure the switch by giving it a valid IP address subnet mask and default gateway using an out of band connection or the BOOTP protocol After configuring the switch s IP parameters you can access the onboard configuration program from anywhere in the attached network or via the Internet by using Telnet from any computer attached to the network or by using a Web browser Internet Explorer 4 0 or above or Netscape Navigator 4 0 or above Access the switch via a terminal emulator Such as HyperTer
62. nformation Base module so consequently values for MIB objects can be retrieved from any SNMP based network management software MIB values can be either read only or read and write 2 1 3 2 Traps Traps are messages that notify network personnel of events that occur on the switch The events can be as serious as a reboot someone accidentally turns the switch off or as minor as a port status change The switch generates traps and sends them to the trap recipient or network manager Typical traps include trap messages for Authentication Failure Topology Change and Broadcast Multicast Storm 9 INTELLINET 2 1 4 Initial Connection to the Switch The switch supports user based security that allows you to prevent unauthorized users from accessing the switch or changing its settings This feature requires Java Runtime Environment JRE 5 0 Update 5 which if not already on your computer can be easily installed in as little time as five minutes by following these steps 1 Open your network browser you must be connected to the Internet and enter the factory default IP address of the switch 192 168 0 254 in the address bar If a pop up screen appears and advises you to click on it to install do so 2 If the security warning shown Internet Explorer Security Warning at right displays click Install 3 The initial Java Installer Do you want to install this software screen will display Wait a Name jinstall 1 4 windows i586
63. on on the managed node CLI Syntax snmp server location WORD Example config snmp server location Central Taipei Type in the new location description in the location description field 2 3 3 3 12 IP Address and Network Mask Displays the switch s IP address This IP address is used for managing purposes i e network applications such as the http server SNMP server tftp server SSH and Telnet server of the switch are all using this IP address in interface vlanf CLI Syntax ip address A B C D M Example config interface vlan 1 config if ip address 192 168 20 121 24 2 3 3 3 13 Reboot Use this command to reboot the system CLI Syntax reboot Example reboot 2 3 3 3 14 Refresh Default Config File Use this command to copy a default config file to replace the current one CLI Syntax Refresh default config file Example SWITCH Refresh default config file 2 3 3 3 15 Show Running Config To show running config file CLI Syntax show running config Example SWITCH show running config 2 3 3 3 16 Write Memory Use the write file configuration command on the switch stack or stand alone switch to write configuration to the file CLI Syntax write memory Example SWITCH write memory 2 3 3 3 17 Assign a New User Account Add a user e g a user named Tony whose password is tony123456 CLI Syntax add user WORD WORD Example add user tony tony123456 2 3 3 3 18 Delete a New User Account Delete a user account e g for
64. ort s window temporary until Submit is clicked Click Submit to commit the settings Click Refresh to display current switch settings To eventually make all changes permanent in Flash memory click on Save Configuration listed at the bottom of the Configuration Menu and click Save QoS CoS LELLLM 1 EZ Liar Lts 4 HS ie Y Ay L nmi dh l a IT u 1 _ QoS Cos gt buch eo cc Oo cor a a 0 m 0 E p cs oc E MEM UM um MT 3 CER OOGO 4 i fastetnermeri nn 3 WEB MANAGEMENT GINTELLINET 2 2 8 SNMP This series of screens Host Table Trap Setting and SNMPv3 VGU Table with subsections presents SNMP configuration options 2 2 8 1 Host Table Host Table This screen links the host IP a d dress to a communi ty Host IP Address Mask Community Relationship name Enter an IP address i and community name Network Relationship Community 0 0 0 0 0 0 0 0 ro public then click Add to add the 0 0 0 0 0 0 0 0 ry private new entry to the list temporary until Submit EET is clicked Click Modify to temporarily save changes to an existing entry temporary until Ce Submit is clicked Click Remove to remove a selected entry temporary until Submit is clicked Check Relationship to create a Set Community name uncheck Relationship to create a Get
65. ple config interface gi1 0 1 config if switchport port security aging time 20 config if switchport port security aging type absolute 2 3 4 Miscellaneous Commands show monitor Shows the environment variables like temperature fan speed and voltage show sysleds Shows the three system LEDs SYSTEM RPS and FAN show modelname Shows the model name of the switch show version Shows the hardware boot rom and firmware version ping Ping the remote host show ip route Display the entries in the routing table 3 SPECIFICATIONS Standards IEEE 802 1d Spanning Tree Protocol IEEE 802 1s Multiple Spanning Tree Protocol IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1p Traffic Prioritization IEEE 802 1q VLAN Tagging IEEE 802 3 10Base T Ethernet IEEE 802 3ab Twisted Pair Gigabit Ethernet IEEE 802 3ad Link Aggregation IEEE 802 3u 100Base TX Fast Ethernet IEEE 802 3x flow control for full duplex mode IEEE 802 3z 1000Base SX LX LHX e SNMPv1 v2c v3 Simple Network Management Protocol General Media support 10Base T Cat3 4 5 UTP STP RJ 45 100Base TX Cats UTP STP RJ 45 1000Base T Cat5e UTP STP RJ 45 nn amp INTELLINET Packet filter forwarding rate 1 488 000 pps 1000 Mbps 148 800 pps 100 Mbps 14 880 pps 10 Mbps Buffer memory 32 MBytes MAC address table 16384 entries e Backplane speed 12 8 Gbps Switch architecture store and
66. ration command on the switch to configure trunk aggregation group CLI Syntax aggregation link trunk STACKID group lt 1 32 gt PORTLIST Example SWITCH aggregation link trunk 1 group 1 1 2 2 3 3 11 2 Trunk Load Balancing Use the aggregation link trunk group configuration command on the switch to configure trunk load balancing by using source based or destination based forwarding methods CLI Syntax aggregation link trunk STACKID load balance group lt 1 32 gt src mac Idst mac src dst mac src ip dst ip src dst ip Example SWITCH aggregation link trunk 1 load balance group 1 2 3 3 11 3 Show Aggregation Link Trunk To show aggregation link trunk status CLI Syntax show aggregation link trunk STACKID GROUPID Example SWITCH show aggregation link trunk 1 1 2 3 3 12 LACP 2 3 3 12 1 Clear LACP Counters Use the clear lacp counters configuration command on the switch to clear the statistics for SINTELLINET NENE ERES all aggregated port sets CLI Syntax clear lacp counters STACKID Example clear lacp counters 1 2 3 3 12 2 LACP Aggregation Link Trunk This command sets the Link Aggregation Control Protocol LACP operation add set for the trunk group ports on the switch CLI Syntax lacp aggregation link trunk STACKID add set group lt 1 32 gt PORTLIST Example SWITCH lacp aggregation link trunk 1 set group 1 1 2 2 3 3 12 3 Disable LACP Aggregation Link Trunk This command sets the Link Aggregation Control Protoco
67. rding and DMZ demilitarized zone Supports DDNS dynamic DNS Supports VPN pass through IPSec PPTP L2TP 94 Mbps WAN to LAN throughput for wired networks WOL Wake On LAN function sends a wakeup signal to any computer in the LAN Integrated scheduler to limit Internet access to client computers in the LAN Remote management function enable disable and management port Easy installation through Web based user interface Firmware updates via Web based user interface Lifetime Warranty Package Contents Managed Layer 3 Access Switch Power cable 19 rackmount brackets User manual FCC Warning This equipment has been tested and found to comply with the limits for a class A device pursuant to part 15 of FCC rules These limits are designed to provide reasonable protection against harmful interference in a commercial installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communication Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at the user s own expense CE This is a class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures SINTELLINET TABLE OF CONTENTS section page introdu
68. rt Parameters This screen contains a display window to see and edit the current configurations for each port Select a port edit it then click Modify to change the port setting for spanning tree Instance ID For MSTP multiple STP only configure MSTP on your switch to map multiple VLANs into a single STP instance Path Cost The valid range is 1 65535 The higher cost is more likely to be blocked by STP if a network loop is detected WES MANAGEMENT SINTELLINET ETWORK SOLUTIONS Port State Root Cast Path Cost fastethernett 0 1 Disabled 0 250 astethernet1 0 2 Disabled astethernet1 0 3 Disabled fastethernet1 0 4 Disabled Biastethernet1 0 5 Disabled Biastethernet1 0 6 Disabled astethernett O Disabled nerne LU m Uisanien mm L2 P M Priority This is to set the port priority in the switch Here a low value indicates a high priority The port with the lower priority is more likely to be blocked by STP if a network loop is detected The valid range is 0 255 Link Type By default the link type is determined from the duplex mode of the interface A full duplex port is considered to have a point to point connection a half duplex port is considered to have a shared connection Edge Port An edge port is the same as a Port Fast enabled port and you should enable it only on ports that connect to a single end station Click Submit to
69. s CLI Syntax ip rip Example config if ip rip 2 3 3 6 RIP 2 3 3 6 1 Router RIP The router rip command is necessary to enable RIP To disable RIP use the no router rip command RIP must be enabled before carrying out any ofthe RIP commands CLI Syntax router rip Example config router rip 2 3 3 6 2 No Router RIP Disable RIP CLI Syntax no router rip Example config no router rip 2 3 3 6 3 Version RIP can be configured to process either Version 1 or Version 2 packets The default mode is Version 2 CLI Syntax version 1 2 Example config router version 1 2 3 3 6 4 Network Set the RIP enable interfaces via network Interfaces with addresses matching the network s are enabled CLI Syntax network A B C D M Example config router network 35 0 0 0 8 2 3 3 7 OSPF 2 3 3 7 1 Router OSPF Enable or disable the OSPF process Multiple OSPF processes are not supported so you can t specify an OSPF process number CLI Syntax router ospf Example config router ospf 2 3 3 7 2 Router ID Assign an OSPF Router ID in IP address format CLI Syntax ospf router id a b c d Example config router ospf router id 10 0 0 3 2 3 3 7 3 Area Set the OSPF area ID CLI Syntax network a b c d m area a b c d Example config router network 102 192 2 24 area 192 192 2 254 2 3 3 8 Multicast Route Enable or disable Multicast Route functions which include DVMRP and PIM DM NR amp INTELLINET CLI S
70. s Duplex Speed Flow Cor fastethernet1 0 1 Connected forwarding Full 100 both off E NA NA 1 or not connected fastethernet1 0 2 NotConnected NA NA NA M STP Status STP IS jasieinemetinn enabled or disabled fastetherett 0 5 on the port fastethemett 0 B Duplex Full duplex A Plrastemementiora A half duplex or NA Speed This is the vid fastethemett O 11 link speed fastethemet1 0712 Not Connected Flow Contro The Pereema It Gonnsciea RA NA NA Ina 3 setting of the fastethemett O 15 fastethemet1 0f 8 802 3x flow control fastethernet1 0 17 otConnected N NA ba mechanism on both directions of the port gt Refresh SINTELLINET PE 2 2 4 IP Interface IP Interface on the Config Menu allows users to see the Layer 3 interface status in real time and configure the interface in the following fields IP Interface interface e Mask 0 0 0 0 v MAC Status Interface Address Sube Mask MAC Bieten DHCPIPHelperAddress vant 07188051 24424500 000605085 lup NUU Ls m w ir P Submit T Interface Select the interface to be configured vlan1 is used by the system IP This is the interface IP address Mask This is the interface subnet mask MAC This is the MAC address of this interface Status This is the up down status of this interface DH
71. sable Enter enable mode and turn on privileged mode command CLI Syntax enable Example SWITCH enable 2 3 3 3 5 End This command lets the user end the current mode and go to enable mode CLI Syntax end Example SWITCH end 2 3 3 3 6 Exit This command lets the user end the current mode and go to the previous mode CLI Syntax exit Example SWITCH exit 2 3 3 3 7 Help This command lists all the commands of the operational mode CLI Syntax list Example SWITCH list Example SWITCH 2 3 3 3 8 Hostname Displays the given name of the switch This is an RFC 1213 defined MIB object in System Group and provides administrative information on the managed node CLI Syntax hostname WORD Example config hostname Switch If you enter a name in the Name Description field the switch s system name changes to the new one SINTELLINET NENE ERES 2 3 3 3 9 Date 2 3 3 3 10 System Contact Displays contact information regarding the switch This is an RFC 1213 defined MIB object in System Group and provides contact information on the managed node CLI Syntax snmp server contact WORD Example config snmp server contact clerk central com tw If you enter the contact info in the Contact Description field the switch s contact info will change to the new info 2 3 3 3 11 System Location Displays the physical location of the switch This is an RFC 1213 defined MIB object in System Group and provides the location informati
72. ss table if the address is not learned again within the aging time limit Set the aging time by entering 10 to 1 000 000 in seconds Click Submit to commit the settings Click Refresh to display current switch settings Look up MAC addresses by checking and filling in the options for port VLAN ID and or MAC address then clicking Query The address window will display the results of the query 7 INTELLINET _ MAC Address Destination Address VLAN ID 0040 F436 45B8 1 Fa1 0 1 0040 0120 3A8D 1 Faun DDOF EA32 FA71 ao Fat sort 0013 A93E 560A 1 Fa1 0 1 1 Fa1 01 1 Fa1 0M 0001 294 2800 0008 8B1B 353A 1 Fa1 0 1 0003 3072 4C6D 1 Fa1 0 1 ODDFEATI2EC3 0001 284C 2C01 OOF EA 1 2EC3 Fa1 0 1 Age BMting Sa Aginetime 550 Destination Port 10 1000000 seconds WEB MANAGEMENT 2 2 7 9 Static Addresses Static Addresses This screen allows youto EEE add a MAC address to the Metams Lahr switch address table The SENE h MAC address added in this way will not age out from the address table These are called static addresses MAC Address Enter the l MAC address EE CM VLAN ID Enter the VLAN ID that the MAC belongs to Stack ID For a stand alone switch only ID 1 is available Port Selection Select the port which the MAC belongs to Click Add to create a new static MAC address with the above information temporary until Submit
73. st identity frame assuming that no response is received to the client before restarting the authentication process Use the no form of this command to return to the default setting CLI Syntax dot1x max req 1 10 Example config interface fa1 0 1 config if dot1x max req 2 2 3 3 24 6 Dot1x Port Control Use the dot1x port control interface configuration command on the switch to enable manual control of the authorization state of the port Use the no form of this command to return to the default setting CLI Syntax dot1x port control auto force authorized force unauthorized Example config interface gi1 0 1 config if dot1x port control force authorized 2 3 3 25 Dial In User 2 3 3 25 1 Dot1x Username Password Add a user into the local radius database CLI Syntax dot1x username WORD password WORD Example config dot1x username test password 12345 2 3 3 25 2 Show Dot1x User Show a dot1x dial in user CLI Syntax show dot1x username Example SWITCH show dot1x test 2 3 3 26 RADIUS 2 3 3 26 1 RADIUS Settings This command sets the radius server ip radius key and radius port for 802 1X configuration CLI Syntax dot1x radius server ip A B C D key RADIUS KEY PORTID Example config dot1x radius server ip 192 168 1 38 key 123456 1812 2 3 3 26 2 Show Dot1x Radius Show dot1x radius server ip radius key and radius port for 802 1X configuration CLI Syntax show dot1x radius Example SWITCH show dot1x
74. t a stub area no summary do not inject inter area routes into the stub summary allow injecting inter area routes into the stub Shortcut Enable Disable the shortcut of the OSPF area no defined disable or enable 2 2 6 4 Multicast Route This section is used to configure the Multicast Route feature It offers two different methods DVMRP and PIM DM to establish a multicast route and also includes IGMP Internet Group Management Protocol which is automatically enabled disabled with the Multicast Route Protocol allowing hosts to communicate in order to track data destined to a specific multicast group The Multicast Route function uses this information to build and maintain a multicast distributed tree oo es SINTELLINET PE 2 2 6 4 1 IGMP This screen is for configuring the IP multicast route mode and IGMP Internet Group Management Protocol parameters IP Multicast Route IGMP Query Interval 1 65535 seconds Mode Configure a one NUS r multicast route GMP Query Max Response Time 1 25 seconds NM protocol to run or disable NEM LLL Select which a version to run Default is V2 A IGMP Query Interval Set the number of seconds between two query packets Default is set at 125 seconds IGMP Query Max Response Set the response time when the host reports to its multicast group Default is set at 10 seconds NOTE When setting IGMP select the corresponding interface to
75. the confirmation Installation Completed OK Click Finish ie J2SE Runtime Environment 5 0 Update 5 Progress Installing The program features you selected are being installed Please wat while the Install Wizard installs J25E Runtime Environment 5 0 Update S This may take several minutes SYSTEM OVERVIEW SINTELLINET After completing the installation process I YET the program will display the screen at right every time you enter the IP address The default username and password are both admin Click OK to enter the switch s Site 192 168 0 254 management interface NOTE If you still have problems accessing UserName admin the hyperlink Check the firewall in your PC or the Password firewall that your company uses This firewall could be blocking access to the Please type your user name and password hyperlink Make sure you have downloaded the latest version of Java Runtime Environment This software will run on J aVa any of the normal Windows systems as well as on Unix 2 2 Web Management The Managed Layer 3 Access Switch provides Web pages that allow equipment management through the Internet The Java Runtime Environment JRE is required to run Java applet programs that are automatically downloaded from the switch during management functions See subsection 2 1 4 above 2 2 1 Login 1 Open your Web browser enter the factory default IP address
76. the same setting otherwise the link aggregation could operate abnormally All ports in the link aggregation group must have the same VLAN setting All ports in the link aggregation group are treated as a single logical link that is if any member changes an attribute the others will change also For example a trunk group consists of Port 1 and 2 If the VLAN of Port 1 changes the VLAN of Port 2 also changes with Port 1 2 2 7 3 LACP LACP This screen serios is for configuring the LACP Link Y AT Aggregation Control MER A rene Protocol group t trunking Th por a Ue ae ah khkk switch provides a maximum 0132 ink mg ME FPFF Sey aggregation groups and up to eight ports per group with the maximum achieved in a stacking configuration For a stand alone switch the maximum number of groups is six since it supplies only 12 ports 2 2 7 3 1 Mode Trunk ID This number identifies the trunk group in addition to the group name Port Selection Criterion This is the algorithm to distribute packets among the ports of the link aggregation group according to source MAC address destination MAC address source and destination MAC address source IP address destination IP address or source and destination IP address Port These port icons are listed the same way as on the front panel Click on the icon to select the group members click the selected port again to remove it from the group WEB MANAGEMENT SINTELLINET
77. the total number of the selected type of packets For example ifthe broadcast and multicast options are selected the total amount of packets per second for those two types will not exceed the limit value Select an interface and assign the desirable settings then click Modify Traffic Control Broadcast _ Enabled Port Multicast Enabled Destination Lookup Failure _ Enabled Port Broadcast Multicast Destination Lookup Failure fastethernet1 0 1 disabled disabled disabled fastethernet1 0 2 disabled disabled fastethernet1 0 4 disabled disabled i Limit 0 262143 pkts sec Limit 0 262143 pkts sec Limit 0 262143 pkts sec Modify fastethernet1 0 5 disabled disabled i fastethernet1 0 6 disabled disabled i fastetherneti 0 7 disabled disabled i fastethernet1 0 8 disabled disabled i disabled Click Submit to commit the settings Click Refresh to display current switch settings To eventually make all changes permanent in Flash memory click on Save Configuration listed at the bottom of the Configuration Menu and click Save 2 2 7 8 Dynamic Addresses Dynamic Addresses This screen displays the fastethernet1 0 9 results of dynamic MAC address lookups by port QUAD oc oe we ee ee ies VLAN ID or specified MAC address The dynamic Min fastethernet 10 w address is the MAC address C VLANID D 1 9594 learned by the switch It will age out of the addre
78. the weights is the ratio of frequency in which the WRR scheduler de queues packets from each queue Click Submit to commit the settings Click Refresh to display current switch settings To eventually make all changes permanent in Flash memory click on Save Configuration listed at the bottom of the Configuration Menu and click Save 2 2 7 12 2 QoS Queue Mapping QoS CoS The switch supports eight egress TI queues for each port with a strict priority scheduler that is each CoS value can map into one of the eight queues Queue 8 has the highest priority to transmit packets Click Submit to commit the settings Click Refresh to display current switch settings To eventually make all changes permanent in Flash memory click on Save Configuration listed at the bottom of the Configuration Menu and click Save 2 2 7 12 3 QoS Bandwidth Some VLAN tag related field settings for each port are included on this screen Select a port to configure from the list window Ingress Bandwidth Enter the maximum 1 10000 ingress bandwidth in 64kbps steps for Po gress OW Oxitsrs Egress BW biss Default CoS the selected port l Egress Bandwidth Enter the maximum egress bandwidth in 64kbps steps for the selected port Default CoS Every untagged packet received from this port will be assigned to this CoS value in the VLAN tagged Click Modify to change the content in the selected p
79. tory enable mode 2 3 3 1 User Account 2 3 3 1 1 Add User Add a new user or modify an existing user s password CLI Syntax add user user name password Example SWITCH add admin 123 2 3 3 1 2 Delete User Delete an existing user CLI Syntax delete user user name Example SWITCH delete user admin NEE amp INTELLINET 2 3 3 2 Backup and Restore 2 3 3 2 1 Backup Startup Configuration File Backup the startup configuration file Quagga conf of the switch to the TFTP server CLI Syntax copy startup config tftp URL Example SWITCH copy startup config tftp 192 168 8 56 2 3 3 2 2 Restore Startup Configuration File Restore the startup configuration file Quagga conf of the switch from TFTP server CLI Syntax copy tftp URL startup config Example SWITCH copy tftp 192 168 1 2 startup config 2 3 3 3 System Management Configuration 2 3 3 3 1 Firmware Upgrade Upgrade new firmware into the switch CLI Syntax archive download sw overwrite tftp ImageFile Example SWITCH archive download sw overwrite tftp 192 168 1 3 3112single img NOTE It is strongly recommended that you back up startup config before upgrading 2 3 3 3 2 Configure Terminal Use the write configuration command on the switch to configure CLI Syntax configure terminal Example SWITCH configure terminal 2 3 3 3 3 Enable Enter enable mode and turn on privileged mode command CLI Syntax enable Example SWITCH enable 2 3 3 3 4 Di
80. xisting entry temporary until Submit is clicked Click Remove to remove a selected entry temporary until Submit is clicked Click Attach All to select all ports for a selected entry temporary until Submit is clicked Click Detach All to unselect all ports for a selected entry temporary until Submit is clicked Click Submit to save changes to the RAM memory of the switch Click Refresh to display current settings of the switch for viewing the effect of changes WARNING Clicking Submit only configures the switch hardware and saves the y Nes to RAM memory Such changes will be lost if the switch is powered off To save changes permanently in the switch s Flash memory click on Save Configuration listed at the bottom of the Configuration Menu Once the Save Configuration screen displays click Save to store all configurations permanently in the Flash memory 2 2 2 System System on the Config Menu presents Management IP Setup Reboot and Firmware Upgrade Model Name The product name is listed MAC Address The switch s MAC Model Name address is listed Mie et System Name The user assigned name to identify the system editable iuis eth System Contact Enter info as desired Feen A System Location Enter info as desired Click Submit to commit the settings Fa Click Refresh to display current switch settings To eventually make all changes Submit Refrest p
81. yntax ip multicast routing ROUTING PROTOCOL Example config router ip multicast routing PIM DM 2 3 3 9 VRRP Enable or disable VRRP functions for a specific IP interface CLI Syntax standby VRID 1 255 ip a b c d m Example config if standby 1 ip 192 168 1 1 24 2 3 3 10 Spanning Tree 2 3 3 10 1 Clear Spanning Tree Counters Use the clear spanning tree counters configuration command on the switch to clear spanning tree statistics CLI Syntax clear spanning tree counters Example SWITCH clear spanning tree counters 2 3 3 10 2 Clear Spanning Tree Counters Interface IFNAME Use the clear spanning tree counters configuration command on the switch to clear spanning tree statistics on one interface CLI Syntax clear spanning tree counters interface IFNAME Example SWITCH clear spanning tree counters interface gi1 0 2 2 3 3 10 3 Default Spanning Tree This command sets spanning tree parameters to default CLI Syntax default spanning tree Example SWITCH default spanning tree forward time 2 3 3 10 4 Show Spanning Tree Active To show spanning tree active CLI Syntax show spanning tree active Example SWITCH show spanning tree active 2 3 3 10 5 Spanning Tree Enable and Disable Enable Disable the spanning tree CLI Syntax spanning tree enable disable Example SWITCH spanning tree disable 2 3 3 11 Link Aggregation 2 3 3 11 1 Trunk Aggregation Group Use the aggregation link trunk group configu
Download Pdf Manuals
Related Search