AT-S63 v4.1.0 Web Browser User Guide for Stand
Contents
1. cceccceceececeeeeeeeeeeeeeceeeeeceaeeseeeeeeeeaeeeeeeeeesaeeeseneeeeaaes 266 Section IV Spanning Tree Protocols cscsssccsssssssssccssssssssscccssssssssccccssssssssees 20D Chapter 18 Spanning Tree and Rapid Spanning Tree Protocols cccccececeeeeeeseeeeeeeeseeeeessnaaes 271 Enabling or Disabling a Spanning Tree Protocol ccecccccesceeceeeeeeeeeeeeeeeeeeeaeeecaeeeeeaeeeesaeeeseseeeesiaeeseneeeee 272 CONTQUMING Si EE EE 274 Configuring STP Bridge SettingS ccceecccceceeeeeeeeeeeeeaeeceeeeeeeeaaesecaeeeseaaesseaeeeseaaeesgeeeeeseaaeseeneeessaeesseneees 274 Configuring STP Port Gettngs 277 Displaying the STP Settings ET 278 Resetting STP to the Default Geng 280 Configuring NEE 282 Configuring RSTP Bridge Settings ecccceceeseeeeeeeeeeeeeeeeeeeeeeeaee sense eeseaaeseeaeeeceaaesseeeeesaaeeeeneeeeseeeeeaeeee 282 Configuring RSTP Port Settings EE 285 Displaying R STP Settings EE 286 Resetting RSTP to the Default Settings ccceccececeeeeeeeeeeeeeeeeeeeeeeeecaaaeeeeeeeeecaaaeeeeaeeeseeaeseeeeeeseeeeesneeeee 289 Chapter 19 Multiple Spanning Tree Protocol cccccccccececeeceeeeeeeeeceeeeeeeeaeeeeeeeeeceaeeeseaeeeseaeeeeaeeesaes 291 Enabling MS TP iienaa tol itn alii na dee he E eaten eee 292 Bis W ll le WOEN EE 294 Configuring MSTP Parameters A 294 Gonfiguring the CIST Priority ET 297 Managing MST Is ageet NEE ged Reeg EE hii eects 298 Creating a2. Figure 65 Create Policy Page 5 Configure the following parameters as necessary ID Specifies an ID number for the policy Every policy on the switch must be assigned a unique number The range is 0 to 255 The default is 0 This parameter is required Description Specifies the policy description A description can be up to 15 alphanumeric characters including spaces 179 Chapter 14 Quality of Service 180 Remark DSCP Specifies whether the ingress DSCP value is overwritten Select one of the following options from the list None Disables this function All All packets are remarked DSCP Value Specifies a replacement value to write into the DSCP TOS field of the packets The range is 0 to 63 A new DSCP value can be set at all three levels flow group traffic class and policy A DSCP value specified in a flow group overrides a DSCP value specified at the traffic class or policy level A DSCP value specified at the policy level is used only if no value has been specified at the flow group and traffic class levels ToS Specifies a replacement value to write into the Type of Service ToS field of IPv4 packets The range is 0 to 7 A ToS value can be set at all three levels flow group traffic class and policy The ToS value in a flow group overrides the value specified at the traffic class or policy level while the ToS value in a traffic class overrides the value in a policy Move ToS to Priority
3. 0 2 ccceseeeeeeeececeeeeeeeeseaeeeeeeeeessaeeeseneeeeaas 265 SNMPv3 Target Parameters Table Tab Monitoring 0 c cccececeececeeeeeeeeeseaeeeeeneeeesaeeeseaeeeeaas 266 SNMPv3 Community Table Tab MOnitoring c ccesesceeseeeeeeeeeeeceaeeeseneeeseaeeeseaeeesecaeeeseneeesaes 267 Spanning Tree Tab CGonfouratton 272 Configure STP Parameters Tab Configuration 0 cc ccccceeeeeeeeeececeeeeeaeeeseaeeeeeaeeeeecaeeeeaeeeeaes 275 SIP Settings Port s Pages rae aeaa ae iaiaaeaia a a avers aa eevee ee ee 277 Spanning Tree Tab Monitoring cccccceeeeeeeeeeeeeeeeaeeceeeeeeeeaeeseceeeeseaaeeseeeeeeseaeeeeeneeesiaeeenaaeesaas 279 Monitor STP Parameters Tab Monitoring ccccccceseeceeeeeeeeeeeeceeeeeeseaaesecaeeeseaaeeseeeeeesaaeenaeees 279 STP Settings Pagg isis etal else ga ee a a Le eee ental oie 280 Configure RSTP Parameters Tab Confouratton 283 RSTP Settings Port 5 Page sias age eee 0 etnies 285 Monitor RSTP Parameters Tab Monitoring 287 RSTP Port Status Page ET 287 RSTP SettingS Page eeschter ere N a e Aa eaaa aa Eege eeh 288 Spanning Tree Tab CGonfouratton 292 Configure MSTP Parameters Tab Configuration cccccceceeseceeeeeeeeeeeeeeeeeeeesaeeseeeeeeeeeaeeeeaes 295 Add New MST I Page ricci tie NEES need et eee te 298 ModifysMSTl Page EE 300 MSTP Settings Port s Page nuvi dis We ieee a Ge eon aie ee 302 Monitor MSTP Parameters Tab Monitoring 0
4. Row Status Active Figure 83 Add New SNMPv3 Access Page In the Group Name field enter a descriptive name of the group The Group Name can consist of up to 32 alphanumeric characters You are not required to enter a unique value here because the SNMPv3 Access Table entry is indexed with the Group Name Security Model and Security Level parameter values However a unique group name makes it easier for you to tell the groups apart There are four default values for this field that are reserved for SNMPv1 and SNMPv2c implementations o defaultV1GroupReadOnly Oo defaultV1GroupReadWrite o defaultV2cGroupReadOnly Oo defaultV2cGroupReadWrite Note The Context Prefix field is a read only field The Context Prefix field is always set to null In the Read View Name field enter a value that you configured with the View Name parameter in the SNMPv3 View Table 221 Chapter 17 SNMPv3 222 10 This parameter allows the users assigned to this Group Name to view the information specified by the View Table entry This value does not need to be unique In the Write View Name field enter a value that you configured with the View Name parameter in the SNMPv3 View Table This parameter allows the users assigned to this Security Group to write or modify the information in the specified View Table This value does not need to be unique In the Notify View Name field enter a value that you configured with the V
5. Total number of GARP JoinEmpty messages received for all attributes in the GARP application Section V Virtual LANs AT S63 Management Software Web Browser User s Guide Table 12 GVRP Counters Continued Parameter Meaning Transmit GARP Messages JoinEmpty Total number of GARP JoinEmpty messages transmitted for all attributes in the GARP application Receive GARP Messages JoinIn Total number of GARP JoinlIn messages received for all attributes in the GARP application Transmit GARP Messages JoinIn Total number of GARP JoinlIn messages transmitted for all attributes in the GARP application Receive GARP Messages LeaveEmpty Transmit GARP Messages LeaveEmpty Total number of GARP LeaveEmpty messages received for all attributes in the GARP application Total number of GARP LeaveEmpty messages transmitted for all attributes in the GARP application Receive GARP Messages Leaveln Total number of GARP Leaveln messages received for all attributes in the GARP application Transmit GARP Messages Leaveln Total number of GARP Leaveln messages transmitted for all attributes in the GARP application Receive GARP Messages Empty Total number of GARP Empty messages received for all attributes in the GARP application Transmit GARP Messages Empty Total number of GARP Empty messages transmitted for all attributes in the GARP application Receive
6. Figure 164 Mgmt ACL Tab Configuration Section VII Management Security Section VI Management Security AT S 63 Management Software Web Browser User s Guide The table in the Management ACL List lists the existing ACEs on the switch The bottom portion is used to add entries as explained in Creating an ACE on page 402 4 Click either Enable MGMT ACL or Disable MGMT ACL The default setting is disabled 5 Click Apply The new status of the management ACL is immediately activated on the switch Note Your management session will immediately end and you will not be able to reestablish it if you activate the feature without an ACE that identifies your management station To recover establish a local management session on the switch and deactivate the feature or create an ACE that identifies the remote management station 6 To permanently save your changes select the Save Config option in the Configuration menu 401 Chapter 27 Management Access Control List Creating an ACE 402 To add a new ACE to the management ACL perform the following procedure 1 2 From the home page select Configuration From the Configuration menu select the Mgmt Security option Select the Mgmt ACL tab The tab is shown in Figure 164 on page 400 To add a new ACE click Add The Add New MACL page is shown in Figure 165 MACL ID Mgmt ACL Entry IP Address 1 256 0 0 0 Application Type
7. To modify an entry SNMPv3 SecurityToGroup Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 In the SNMPv3 section click the button next to Configure SecurityToGroup Table and then click Configure at the bottom of the tab The SNMPv3 SecurityToGroup Table tab is shown in Figure 85 on page 228 Section Ill SNMP v3 Section Ill SNMP v3 AT S 63 Management Software Web Browser User s Guide 4 Click the button next to the SecurityToGroup Table entry to be 5 changed and then click Modify The Modify SNMPv3 SecurityToGroup page is shown in Figure 87 Mody SNMPVSSecuriyToGrouy Security Model 3 Security Name hoa Group Name swengineering Storage Type NonVolatile ze Row Status Active Figure 87 Modify SNMPv3 SecurityToGroup Page In the Group Name field enter a Group Name that you configured in the SNMPv3 Access Table See Creating an Access Table on page 220 There are four default values for this field that are reserved for SNMPv1 and SNMPv2c implementations o defaultV1GroupReadOnly Oo defaultV1GroupReadWrite o defaultV2cGroupReadOnly Oo defaultV2cGroupReadWrite In the Storage Type field select one of the following storage t
8. CPU is the address of the switch Type The type of the address static or dynamic Section Basic Operations AT S63 Management Software Web Browser User s Guide Adding Static Unicast and Multicast MAC Addresses This section contains the procedure for assigning a static unicast or multicast address to a port A switch port can have up to 255 static MAC addresses To add a static address to the MAC address table perform the following procedure 1 From the Home page select Configuration 2 From the Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 19 on page 74 3 To add a static unicast address click Add in the View Add Unicast MAC Addresses section To add a static multicast address click Add in the View Add Multicast MAC Addresses section The Add MAC Address page is shown in Figure 21 MAC Address Port Number VLAN ID Section Basic Operations Figure 21 Add MAC Address Page 4 Configure the following parameters as necessary MAC Address Specifies the new static unicast or multicast MAC address Port Number Specifies the number of the port on the switch where the static address is to be assigned For a static unicast address you can enter only one port For a static multicast address you must specify the port when the multicast application is located as well as the ports w
9. O Selecting Save Config after changing the active configuration file overwrites the settings in the file with the current operating settings of the switch CO You can specify a configuration file on a flash memory card for those systems that support a flash card However the switch does not copy the configuration file to its file system Instead it uses and updates the file directly on the card If you remove the card the switch will not allow you to save any further configuration changes until you reinsert the flash card or specify another active boot configuration file Furthermore removing a flash card and resetting the switch causes the switch to return to its default settings To change the switch s active configuration file perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Utilities option 3 Select the File System tab The File System tab for an AT 9400 series switch with a compact flash card is shown in Figure 30 on page 104 4 Inthe Default Configuration File field enter the name of the file to be the new active configuration file When entering the file name note the following 107 Chapter 8 File System 108 o Be sure to include the cfg extension o Precede the name with cflash if the file is stored on a flash card in the switch 5 Click Apply The switch searches the file system or flash memory card for the file
10. Section Il Advanced Operations 119 Chapter 10 Event Logs and Syslog Client Displaying Events 120 This procedure explains how to display the events in an event log You can view all or just specific events of a log To view the events in an event log perform the following procedure 1 From the home page select either Monitoring or Configuration 2 From the Configuration menu select the System option 3 Select the Event Log tab The Event log tab is shown in Figure 33 on page 119 4 Configure the parameters in the Display Filter Settings of the tab according to the types of events to be displayed 5 After configuring the parameters click View The parameters in the Display Filter Settings section are defined here Log Location Defines the event log to be viewed Options are Oo Temporary Memory Displays the events from the log stored in temporary memory This log stores approximately 4 000 events Select this option if the switch has been running for some time without a reset or power cycle This is the default Oo Permanent NVS Displays the events from the log stored in nonvolatile memory which stores up to 2 000 events Select this option to view the events that occurred prior to a recent reset or power cycle Severity Selections Defines the severity of the events to be displayed You can select more than one severity by using the Ctrl key when making your selections The default is error warning an
11. Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 In the SNMPv8 section click the button next to Configure Target Parameters Table and then click Configure at the bottom of the tab The SNMPv3 Target Parameters Table tab is shown in Figure 94 on page 245 Click the button next to the Target Parameters Table entry to be deleted and then click Remove A warning message is displayed Click OK Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide 6 To permanently save your changes select the Save Config option in the Configuration menu Modifying a To modify an entry in the SNMPv3 Target Parameters Table perform the Target following procedure Parameters Table 4 From the home page select Configuration Entry Se The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 2 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 3 In the SNMPv38 section click the button next to Configure Target Parameters Table and then click Configure at the bottom of the tab The SNMPv3 Target Parameters Table tab is shown in Figure 94 on page 245 4 Click the button next to the Target Parameters Table entry to be changed and then click Modify The Modify SNMPv3 Target Parameter page is shown in Figure 96 on page 249 Modify SNMPva Target Parameter Target Parameters Name snmpy3manager1 00 Message P
12. on page 201 199 200 Section Ill SNMP v3 Chapter 17 SNMPv3 Section Ill SNMP v3 This chapter provides the following procedures for configuring SNMPv3 parameters using a web browser management session WS WS WS WS US WS WS WS US du Configuring the SNMPv3 Protocol on page 202 Enabling or Disabling SNMP Management on page 203 Configuring the SNMPv3 User Table on page 206 Configuring the SNMPv3 View Table on page 214 Configuring the SNMPv3 Access Table on page 220 Configuring the SNMPv3 SecurityToGroup Table on page 227 Configuring the SNMPv3 Notify Table on page 233 Configuring the SNMPv3 Target Address Table on page 238 Configuring the SNMPv3 Target Parameters Table on page 245 Configuring the SNMPv3 Community Table on page 252 Displaying SNMPv3 Tables on page 258 201 Chapter 17 SNMPv3 Configuring the SNMPv3 Protocol 202 To configure the SNMPv38 protocol you need to first enable SNMP access on the switch Then you configure the SNMPv3 tables See the following procedures Oagoagaaqadaa n Enabling or Disabling SNMP Management on page 203 Configuring the SNMPv3 User Table on page 206 Configuring the SNMPv3 View Table on page 214 Configuring the SNMPv3 Access Table on page 220 Configuring the SNMPv3 SecurityToGroup Table on page 227 Configuring the SNMPv3 Notify Table on page 233 Configuring
13. 1 Page lof 1 Authentication Mode 802 1x Supplicant Mode Single Port Control Auto Quiet Period 60 Seconds Tx Period 30 Seconds Supplicant Timeout 30 Seconds Server Timeout 30 Seconds Reauth Enabled Enabled Reauth Period 3600 Seconds Max Requests 2 VLAN Assignment Enabled Secure VLAN ON Control Direction Both Piggyback Mode Disabled Guest VLAN 0 Figure 150 Authenticator Port Parameters Page 367 Chapter 23 802 1x Port based Network Access Control If you selected more than one authenticator port the page includes a Next button Use the button to scroll the page to view the settings of the other ports For definitions of the authenticator port settings refer to Configuring Authenticator Port Parameters on page 357 The Supplicant Port Parameters Page is displayed for supplicant ports as shown in Figure 151 T suppicant Port Parameters 11 Total Ports 1 Page lof 1 Port AuthPeriod HeldPeriod MaxStart StartPeriod User Name User Password 11 30 60 3 30 Figure 151 Supplicant Port Parameters Page For definitions of the supplicant port settings refer to Configuring Supplicant Port Parameters on page 363 368 Section VI Port Security AT S63 Management Software Web Browser User s Guide RADIUS Accounting Configuring RADIUS Accounting Section VI Port Security The AT S63 Management Software supports RADIUS accounting for ports operating in
14. 393 Chapter 26 TACACS and RADIUS Protocols Configuring the RADIUS Client Settings To configure the RADIUS client perform the following procedure 1 From the home page select Configuration 2 Select the Mgmt Protocols option The Mgmt Protocols tab is displayed with the Server based Authentication tab selected by default as shown in Figure 158 on page 388 In lower section of the Server based Authentication tab click RADIUS Configuration and click Configure The RADIUS Client Configuration page is shown in Figure 159 4 394 Global Encryption Key Global Server Timeout 1 60 AT 30 second s Port IP Address 1 65535 Encryption Key 0 0 0 0 1812 Not Defined 0 0 0 0 1812 Not Defined 0 0 0 0 1812 Not Defined Figure 162 RADIUS Client Configuration Page Configure the following parameters as necessary Global Encryption Key Specify the global encryption key If all of the RADIUS servers have the same encryption secret you can enter the key here If the servers have different keys you must specify the keys with the servers IP addresses The maximum key length is 39 characters Global Server Timeout Specify the maximum amount of time the switch should wait for a response from a RADIUS server If the timeout expires without a response the switch queries the next RADIUS server in the list If Section VII Management Security AT
15. 5 Inthe diagram of the switch at the bottom of the MSTP Spanning Tree Expanded page click the port to be configured You can configure more than one port at a time 6 Click Modify The MSTP Settings Port s page is shown in Figure 124 sT Settings Pors 5 O O OOO O O Port Priority 0 15 Point To Point_ 8 16 128 Auto Detect Port Internal Path Cost 0 200000000 Port External Path Cost 0 200000000 0 0 Auto Update 0 MSTI List Priority amp Internal Cost S Seel Edge Port 3 MST No 8 4 MSTI Enable Migration Check Figure 124 MSTP Settings Port s Page 7 Configure the following parameters as necessary The port parameters can be divided into two groups generic parameters and MSTl specific parameters A generic port parameter is set just once on a port and applies to all of a ports MSTIs assignments Generic parameters are O External path cost 302 Section IV Spanning Tree P rotocols Section IV Spanning Tree Protocols AT S63 Management Software Web Browser User s Guide o Point to point port o Edge port An MSTI specific parameter can be set on a per MSTI basis This means that you can assign a different value to a MSTI specific parameter for each spanning tree instance where a port is a member These parameters are o Internal path cost o Port priority When setting an MSTI specific parameter use the MSTI List in the window to select the
16. Active Figure 99 Modify SNMPv3 Community Page In the Community Name field enter a Community Name of up to 64 alphanumeric characters The value of the Community Name parameter acts as a password for the SNMPv3 Community Table entry This parameter is case sensitive Note Allied Telesis recommends that you select SNMP Community Names carefully to ensure these names are known only to authorized personnel In the Security Name field enter a name of an SNMPv1 and SNMPv2c user This name must be unique Enter a value of up to 32 alphanumeric characters Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide Note Do not use a value configured with the User Name parameter in the SNMPv3 User Table 7 Inthe Transport Tag field enter a name of up to 32 alphanumeric characters The Transport Tag parameter links an SNMPv3 Community Table entry with an SNMPv3 Target Address Table entry Add the value you configure for the Transport Tag parameter to the Tag List parameter in the Target Address Table as desired See Creating a Target Address Table Entry on page 238 8 Inthe Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the SNMPv3 Community Table After making changes to an SNMPv3 Community Table entry with a Volatile storage type the Save Config option is not d
17. Click the button next to the port trunk to be deleted and click Remove You can delete only one trunk at a time The port trunk is deleted from the switch To permanently save your changes select the Save Config option in the Configuration menu Section Basic Operations AT S63 Management Software Web Browser User s Guide Displaying the Port Trunks Section Basic Operations To display the port trunks perform the following procedure 1 2 From the home page select Monitoring From the Monitoring menu select the Layer 1 option Select the Port Trunking tab The Port Trunking tab is shown in Figure 25 n Name Marketing r 00 30 84 AB EF CD C See J Por Trunking system Total Trunks 1 Page 1 of 1 ID Name Type Ports E Lg IE Figure 25 Port Trunking Tab Monitoring The Port Trunking tab displays a table with the following columns of information ID The ID number of the trunk Name The name of the trunk Type The load distribution method The possible settings are SA Source MAC address Layer 2 DA Destination MAC address Layer 2 SA DA Source MAC address destination MAC address Layer 2 SI Source IP address Layer 3 DI Destination IP address Layer 3 91 Chapter 6 Static Port Trunks 92 SI DI Source IP address destination IP address Layer 3 Ports The ports of the trunk Section Basic Operations Chap
18. For example if you use the default 20 all bridges delete current configuration messages after 20 seconds This parameter can be from 6 to 40 seconds The default is 20 seconds In selecting a value for maximum age the following must be observed MaxAge must be greater than 2 x HelloTime 1 MaxAge must be less than 2 x ForwardingDelay 1 Bridge Identifier The MAC address of the bridge The bridge identifier is used as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority value This value cannot be changed Root Bridge The MAC address of the root bridge of the spanning tree domain This value cannot be changed and is only displayed when RSTP is activated on the switch Root Priority The priority value on the root bridge of the spanning tree domain This parameter is only displayed when RSTP is enabled on the switch To change the priority value on the root bridge you must start a management session on the switch functioning as the root bridge and change its bridge priority value After you have made your changes click Apply To permanently save your changes select the Save Config option in the Configuration menu Section IV Spanning Tree Protocols AT S63 Management Software Web Browser User s Guide Configuring To configure RSTP port parameters perform the following procedure RSTP Port 1 Perform steps 1 to 4 in Configuring RSTP Bridge Settings o
19. From the Monitoring menu select the Layer 2 option Select the GVRP tab The GVRP tab is shown in Figure 134 on page 335 In the View GVRP Parameters section click View GVRP State Machine for VLAN and enter the VLAN number in the box Click View The GVRP State Machine for VLAN page is shown in Figure 137 Port App Reg Port App Reg Port App Reg Port App Reg Aa Fix Aa Fix Aa Fix Aa Fix Aa Fix Aa Fix Aa Fix Fix Aa Fix Aa Fix Fix Aa Fix Aa Fix Fix Aa Fix Aa Fix Fix Aa Fix Aa Fix Fix Aa Fix Aa Fix Fix Aa Fix Figure 137 GVRP State Machine for VLAN Page The GVRP State Machine for VLAN page provides the information shown in Table 11 Table 11 GVRP State Machine Parameters Parameter Meaning Port Port number on the switch this port belongs to the GARP application If the GARP application has no ports No ports have been assigned is displayed 338 Section V Virtual LANs Section V Virtual LANs AT S63 Management Software Web Browser User s Guide Table 11 GVRP State Machine Parameters Continued Parameter Meaning App Applicant state machine for the GID index on that particular port One of Normal Participant Management state Vo Very Anxious Observer Ao Anxious Observer Qo Quiet Observer Lo Leaving Observer Vp Very Anxious Passive Mem
20. MAC Limit This column specifies the maximum number of dynamic MAC addresses the port learns 352 Section VI Port Security Chapter 23 02 1x Port based Network Access Control This chapter contains instructions on how to configure the 802 1x Port based Network Access Control feature on the switch The chapter contains the following sections Oo Setting Port Roles on page 354 o Enabling or Disabling 802 1x Port based Network Access Control on page 356 o Configuring Authenticator Port Parameters on page 357 o Configuring Supplicant Port Parameters on page 363 o Displaying the Port based Network Access Control Parameters on page 365 a RADIUS Accounting on page 369 Section VI Port Security 353 Chapter 23 802 1x Port based Network Access Control Setting Port Roles 354 To set port roles for port based network access control perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Network Security option 3 Select the 802 1x Port Access tab The 802 1x Port Access tab is shown in Figure 144 AT 9424T SP System Name Marketing C Addr 00 30 84 AB EF CD Authentication Method RADIUS EAP ze Trigger Type Start Stop v Port Number Type 1813 Network v Cl Enable Update Update Interval Figure 144 802 1x Port Access Tab Configuration The image of the swi
21. Source IP Mask Defines a traffic flow by a source IP address The address can be of a specific node or a subnet You do not need to include a source IP mask if you are filtering on the IP address of a specific end node A mask is required however when filtering on a subnet A binary 1 indicates the switch should filter on the corresponding bit of the IP address while a 0 indicates that it should not For example the Class C subnet address 149 11 11 0 would have the mask 255 255 255 0 Destination IP Address Destination IP Mask Defines a traffic flow by its destination IP address The address can be of a specific node or a subnet You do not need to include a source IP mask if you are filtering on the IP address of a specific end node A mask is required however when filtering on a subnet A binary 1 indicates the switch should filter on the corresponding bit of the IP address while a 0 indicates that it should not For example the Class C subnet address 149 11 11 0 would have the mask 255 255 255 0 TCP Source Port Defines a traffic flow by source TCP port To set this parameter IP Protocol must be set to TCP TCP Destination Port Defines a traffic flow by destination TCP port To set this parameter IP Protocol must be set to TCP Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide TCP Flags Defines a traffic flow
22. The changes are immediately activated on the ACE If desired repeat Steps 4 to 6 to modify more ACEs To permanently save your changes select the Save Config option in the Configuration menu Section VII Management Security Deleting an ACE AT S63 Management Software Web Browser User s Guide Section VI Management Security To delete an ACE from the Management ACL perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Mgmt Security option 3 Select the Mgmt ACL tab The tab is shown in Figure 164 on page 400 4 Select the ACE to be deleted from the Management ACL List section in the tab and click Remove The ACE is deleted from the switch 5 To permanently save your changes select the Save Config option in the Configuration menu 405 Chapter 27 Management Access Control List Displaying the Management Access Control List To display the management access control list and its access control entries perform the following procedure 1 From the home page select Monitoring 2 From the Monitoring menu select the Mgmt Security option 3 Select the Mgmt ACL tab The Mgmt ACL tab is shown in Figure 167 AT 9424T SP System Name Marketing MAC Addr 00 30 84 4B EF CD Total Mgmt ACLS 2 Page lof 1 Browse Mgmt ACL Entries ID IP Address 144 144 144 11 IP Mask 266 255 255 255 Applic
23. 1 4094 Protocol IP TOSDSCP None Source IP Address i Source IP Mask LAL UU 1 Destination IP Address Destination IP Mask RH Uu IP Protocol User Specified IP Protocol User Specified EN Figure 42 Create Classifier Page IP Protocol 5 Configure the following parameters as desired ID Specifies an ID number for the classifier Every classifier on the switch must have a unique ID number The range is 1 to 9999 This parameter is required Description Specifies a description for the classifier A description can be up to fifteen alphanumeric characters Spaces are allowed Destination MAC Defines a traffic flow by its destination MAC address Source MAC Defines a traffic flow by its source MAC address 136 Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide Ethernet Format Defines a traffic flow by the format of the Ethernet packets Selections are O Untagged Ethernet II untagged packets 0 Tagged Ethernet II tagged packets 0 802 2 untagged Ethernet 802 2 untagged packets 0 802 2 tagged Ethernet 802 2 tagged packets Priority Defines a traffic flow by the user priority level in tagged Ethernet frames The range is 0 to 7 VLAN ID Defines a traffic flow of tagged packets by its VLAN ID number The range is 1 to 4094 Protocol Defines a traffic flow by the protocol specified in the Ethertype field of the MAC
24. 244 25 traffic Figure 40 Classifier Tab Configuration The tab lists the current classifiers on the switch The columns are defined here ID The ID number of the classifier Description A description of the classifier No of References The number of active and inactive ACLs and QoS policies where the classifier is currently assigned An active ACL or QoS is assigned to at least one switch port while an inactive ACL or QoS policy is not assigned to any port If this column is O zero the classifier is not assigned to any ACLs or policies active or inactive 134 Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide No of Active Associations The number of active ACLs and QoS policies where the classifier is currently assigned An active ACL or QoS policy is assigned to at least one port Click Create The Create Classifier page is shown in Figure 41 Description 1 9999 Destination MAC Source MAC Ethernet Format Any zl Priority 0 7 1 4094 Protocol User Specified Protocol User Specified ze Figure 41 Create Classifier Page 135 Chapter 11 Classifiers Some of the variables and settings display additional selections For example selecting IP as the Protocol displays the selections shown in Figure 42 D 2 1 9999 DR Fi Ethernet Format Any Priority VLAN ID Da
25. 296 Rapid Spanning Tree Protocol RSTP 284 Spanning Tree Protocol STP 276 bridge priority Rapid Spanning Tree Protocol RSTP 283 Spanning Tree Protocol STP 275 bridge protocol data unit BPDU 284 CG ciphers available parameter 385 CIST priority parameter 297 Class of Service CoS configuring 154 mapping to egress queues 156 schedule displaying 161 scheduling configuring 158 settings displaying 159 Common and Internal Spanning Tree CIST configuring 297 community name SNMPVS protocol 253 256 CoS See Class of Service CoS D data compression parameter 385 daylight savings time DST 32 Denial of Service DoS defense configuring 186 enabling or disabling 188 mirror port 188 settings displaying 189 document conventions 20 DoS See Denial of Service DoS Defense duplex mode configuring 45 E edge port Multiple Spanning Tree Protocol MSTP 305 encryption keys displaying 374 enhanced stacking changing switches 58 configuring 56 setting switch status 56 event log clearing 124 disabling 118 displaying 120 enabling 118 modifying full action 125 saving to a file 126 severity codes 123 software module list 121 407 Index F factory defaults resetting switch 35 flash memory displaying files in 104 flow control configuring 46 flow group configuring 164 deleting 168 displaying 168 modifying 167 force version Multiple Spanning Tree Protocol MSTP 296 Rapid Spanning Tree Protocol RSTP 283
26. 304 Table 8 MSTP Auto Update Port Trunk Internal Path Costs Port Speed Port Cost 1000 Mbps 2 000 MSTI List The MSTIs defined on the switch You can use this list when setting the port priority and port internal path cost parameters to assign different values to a port for each MSTI when the port is a member Before setting priority or internal path cost select the appropriate MSTI where you want the new setting to be applied on the port The default is all MSTIs on the switch The MSTI List shows all of the spanning tree instances on the switch and not just those where the selected port is currently a member If you select an MSTI where the port is not a member you can pre configure the parameter in the event you later add the port as a member of the MSTI through a VLAN assignment Enable Migration Check This parameter is displayed only when MSTP is enabled This parameter resets a port allowing it to send RSTP BPDUs When an MSTP bridge receives STP BPDUs on an MSTP port the port transmits STP BPDUs The port continues to transmit STP BPDUs indefinitely Point to Point This parameter defines whether the port is functioning as a point to point port The possible settings are Yes No and Auto Detect For an explanation of this parameter refer to Point to Point and Edge Ports in Chapter 22 Spanning Tree and Rapid Spanning Tree Protocols in the AT S63 Management Software Features Guide P
27. 410 SNMPv3 Notify Table entry creating 233 deleting 235 displaying 263 modifying 236 SNMPv3 SecurityToGroup Table entry creating 227 deleting 230 displaying 262 modifying 230 SNMPv3 Target Address Table entry creating 238 deleting 241 displaying 264 modifying 242 SNMPv3 Target Parameters Table entry creating 245 deleting 248 displaying 265 modifying 249 SNMPv3 User Table entry creating 206 deleting 209 displaying 258 modifying 210 SNMPv3 View Table entry creating 214 deleting 217 displaying 260 modifying 217 SNTP See Simple Network Time Protocol SNTP software information 38 Spanning Tree Protocol RSTP parameters displaying 278 Spanning Tree Protocol STP bridge forwarding delay 276 bridge hello time 276 bridge identifier 277 bridge max age 276 bridge parameters configuring 274 bridge priority 275 disabling 272 292 enabling 272 292 parameters displaying 278 port cost 278 port priority 277 resetting to defaults 280 SSH See Secure Shell SSH SSL See Secure Sockets Layer SSL static MAC address adding 77 deleting 79 static unicast MAC address displaying 74 STP ID 344 STP See Spanning Tree Protocol STP supplicant port start period 364 supplicant timeout 360 switch hardware information 38 software information 38 switch name configuring 26 switch rebooting 33 system date setting 30 system file downloading 110 uploading 114 system name configuring 27 system time setting 30 T TA
28. G GARP VLAN Registration Protocol GVRP configuration displaying 335 configuring 332 counters displaying 341 database displaying 337 disabling 334 enabling 334 GIP connected ports ring displaying 344 GVRP state machine displaying 338 port configuration displaying 336 global encryption key configuring 394 396 global secret configuring 390 393 global server timeout configuring 390 393 GVRP See GARP VLAN Registration Protocol GVRP H hardware information 38 held period 364 hello time Rapid Spanning Tree Protocol RSTP 284 Spanning Tree Protocol STP 276 host key ID parameter 382 host nodes displaying 195 host router timeout interval configuring 193 l IGMP See Internet Group Management Protocol IGMP Snooping Internet Group Management Protocol IGMP snooping configuring 192 disabling 192 enabling 192 intrusion action 350 intrusion action port configuring 352 408 L limited port security level 349 local interface displaying IP address 37 locked port security level 349 login timeout parameter 383 MAC address aging time changing 81 MAC address table displaying 74 MAC addresses adding 77 deleting dynamic 80 deleting multicast 79 displaying 74 MACs available parameter 385 management access control list adding an ACE 402 deleting an ACE 405 disabling 400 enabling 400 modifying an ACE 404 management access levels 28 manager access 28 manager password configuring 28 master switch ass
29. If it finds the file it displays the file name in the Default Configuration File field along with the word Exists The file is now the active boot configuration file on the switch If the switch can not locate the file it displays the name of the previous boot configuration file Repeat steps 4 and 5 being sure to enter the name correctly 6 Do one of the following O To configure the switch using the parameter settings in this boot configuration file do not select Save Config Instead reset or power cycle the switch O To overwrite the settings in the configuration file with the switch s current operating settings select Save Config Section Il Advanced Operations Chapter 9 File Downloads and Uploads Section Il Advanced Operations This chapter explains how to upload and download files such as a new AT S63 image file onto the switch This chapter contains the following sections 0 Downloading a File on page 110 0 Uploading a File on page 114 109 Chapter 9 File Downloads and Uploads Downloading a File 110 This procedure explains how to download a file from a TFTP server on your network to the switch using the web browser interface You can download any of the following files m o m AT S63 image file Boot configuration file CA certificate Here are the general guidelines to follow when performing this procedure m You must use TFTP to download a file f
30. If you are only using RADIUS for 802 1x port based access control and not manager accounts leave the check box empty The switch can still access the RADIUS configuration information for 802 1x port based access control 5 Click Apply 6 To permanently save your changes select the Save Config option in the Configuration menu To configure TACACS go to Configuring the TACACS Client Settings on page 390 To configure RADIUS go to Configuring the RADIUS Client Settings on page 394 389 Chapter 26 TACACS and RADIUS Protocols Configuring the TACACS Client Settings To configure the TACACS client perform the following procedure 1 From the home page select Configuration 2 Select the Mgmt Protocols option The Mgmt Protocols tab is displayed with the Server based Authentication tab selected by default as shown in Figure 158 on page 388 In lower section of the Server based Authentication tab click TACACS Configuration and click Configure The TACACS Client Configuration page is shown in Figure 159 Global Secret Global Server Timeout 1 300 30 second s 1 0 0 0 0 2 0 0 0 0 3 0 0 0 0 Figure 159 TACACS Client Configuration Page 4 Configure the following parameters as necessary 390 Global Secret Specify the global secret If all of the TACACS servers have the same encryption secret you can enter the key h
31. MAC Addr 00 30 84 AB EF CD Spanning Tree Active Protocol Version Layer 2 C Enable Spanning Tree Cem rste O MSTP Configure Spanning Tree Parameters Configure Figure 109 Spanning Tree Tab Configuration 4 To select a spanning tree version from the Active Protocol Version parameter click STP RSTP or MSTP The default is RSTP Note Only one spanning tree protocol can be active on the switch at a time 5 To enable or disable spanning tree click the Enable Spanning Tree check box A check indicates that the feature is enabled while no check indicates that the feature is disabled The default is disabled 6 Click Apply A change to the status of the spanning tree protocol is immediately implemented on the switch 272 Section IV Spanning Tree Protocols AT S63 Management Software Web Browser User s Guide 7 To permanently save your changes select the Save Config option in the Configuration menu 8 If you activated STP go to Configuring STP on page 274 If you activated RSTP go to Step Configuring RSTP on page 282 If you activated MSTP go to Chapter 19 Multiple Spanning Tree Protocol on page 291 Section IV Spanning Tree Protocols 273 Chapter 18 Spanning Tree and Rapid Spanning Tree Protocols Configuring STP This section contains the following procedures Configuring STP Bridge Settings next Configuring STP Port Settings on
32. Mgmt ACL Entry IP Mask TELNET lo lo 0 0 WEB E j S PING JALL Ki Figure 165 Add New MACL Page 5 Configure the following parameters in the Add New MACL page MACL ID Specifies an identification number for the access control entry Every ACE must have a unique number The range is 1 to 256 Mgmt ACL Entry IP Address Specifies the IP address of a management workstation to be allowed management access to the switch for example 149 11 11 11 Alternatively you can specify a subnet You must enter an IP address If you enter an IP address of a specific management node that node will be permitted remote management access to the switch If you enter a subnet any management node in the subnet will be permitted remote management access to the switch Section VII Management Security Section VI Management Security AT S63 Management Software Web Browser User s Guide Mgmt ACL Entry IP Mask Specifies a mask that indicates the parts of the IP address the switch should filter on A binary 1 indicates the switch should filter on the corresponding bit of the address while a 0 indicates that it should not If you are filtering on a specific IP address use the mask 255 255 255 255 If you are filtering on a subnet the mask will depend on the address For example to allow all management workstations in the subnet 149 11 11 0 to manage the switch you would enter the mask 255 255 255 0 Application S
33. Replaces the value in the 802 1p priority field with the value in the ToS priority field on IPv4 packets Options are yes Replaces the value in the 802 1p priority field with the value in the ToS priority field on IPv4 packets no Does not replace the preexisting 802 1p priority level This is the default Move Priority to ToS Replaces the value in the ToS priority field with the 802 1p priority field on IPv4 packets Options are yes Replaces the value in the ToS priority field with the 802 1p priority field on IPv4 packets no Does not replace the ToS priority field This is the default Send to Mirror Port Copies the traffic that meets the criteria of the policy s classifiers to a destination mirror port Options are Yes Copies the traffic that meets the criteria of the classifiers to a destination mirror port You must specify the destination port by creating a port mirror For instructions refer to Creating a Port Mirror on page 94 Section Il Advanced Operations Modifying a Policy Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide No Does not copy the traffic to a destination mirror port This is the default Traffic Class List Specifies the traffic class to be assigned to the policy The traffic class must already exist A policy can have more than one traffic class To select more than one traffic class hold down the Ctrl key when making your selections Ingress
34. Tees seng torpor O VLAN ID Default Priority Override Priority I M k L Port Bo D Figure 54 CoS Setting for Port Page Section Il Advanced Operations 159 Chapter 13 Class of Service 160 The CoS Setting for Port page displays a table that contains the following columns of information Port The port number VLAN ID The VLAN where the port is an untagged member Default Priority The default priority level assigned to ingress untagged packets on this port Override Priority Whether the priority level in tagged packets should be overridden 5 Click Close Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide Displaying the QoS Schedule To display the QoS schedule perform the following procedure 1 From the Home page select Monitoring 2 From the Monitoring menu select the Services option 3 Select the Queuing and Scheduling tab The Queuing and Scheduling tab is shown in Figure 55 AT 9424T SP Queuing amp Scheduling CoS Priority to Egress Queues CoS Oto PO CoS 1toPO QoS PriorityQ 1 QoS PriorityQ 0 CoS 2to PQ CoS 3to POQ QoS PriorityQ 2 QoS PriorityQ 3 CoS 4 to PQ CoS 5to PQ QoS PriorityQ 4 QoS PriorityQ 5 CoS 6 to PQ CoS 7 to PQ QoS PriorityQ 6 QoS PriorityQ 7 Egress Weights Select Schedule Strict Priority Queue 0 Weight Weighted Weight 0 Queue 1 Weight Weighted Weight 0 Queue 2 Weight Weighte
35. determining whether a multicast router is still active The switch makes the determination by watching for queries from the router If the switch does not detect any queries from a multicast router during the specified time interval the router is assumed to be no longer active on the port The actual timeout may be ten seconds less that the specified value For example a setting of 25 seconds can result in the switch classifying a host node or multicast router as inactive after just 15 seconds A setting of 10 seconds or less can result in the immediate timeout of an inactive host node or router Maximum Multicast Groups Specifies the maximum number of IGMP multicast groups the switch can learn This parameter is useful with networks that contain a large number of multicast groups The range is 0 to 255 groups The default is 64 multicast groups 193 Chapter 16 IGMP Snooping Note The combined number of multicast address groups for IGMP and MLD snooping cannot exceed 255 4 Click Apply Changes to the IGMP snooping parameters are immediately implemented on the switch 5 To permanently save your changes select the Save Config option in the Configuration menu 194 Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide Displaying a List of Host Nodes You can use the AT S63 Management Software to display a list of the multicast groups on a switch as well as the host nodes You can
36. instructions on how to obtain an RMA number go to the Support section on our web site at www alliedtelesis com You can contact Allied Telesis for sales or corporate information through our web site at www alliedtelesis com New releases of the management software for our managed products are available from the following Internet sites o Allied Telesis web site www alliedtelesis com o Allied Telesis FTP server ftp ftp alliedtelesis com If the FTP server prompts you to log on enter anonymous as the user name and your email address as the password 21 Preface 22 Section I Basic Operations Section Basic Operations This section has the following chapters Chapter 1 Basic Switch Parameters on page 25 Chapter 2 Port Parameters on page 41 Chapter 3 Enhanced Stacking on page 55 Chapter 4 SNMPv1 and SNMPv2c on page 63 Chapter 5 MAC Address Table on page 73 Chapter 6 Static Port Trunks on page 83 WS WS WS WS vo a Chapter 7 Port Mirroring on page 93 23 24 Section Basic Operations Chapter 1 Basic Switch Parameters Section Basic Operations This chapter contains the following sections Configuring the Switch s Name Location and Contact on page 26 Changing the Manager and Operator Passwords on page 28 Setting the System Date and Time on page 30 Rebooting a Switch on page 33 Pinging a Remote Sy
37. the Target Address Table as desired See Creating a Target Address Table Entry on page 238 In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the SNMPv3 Community Table After making changes to an SNMPv3 Community Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 Community Table After making changes to an SNMPv3 Community Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesis recommends this storage type Section Ill SNMP v3 Deleting an SNMPv3 Community Table Entry Modifying an SNMPv3 Community Table Entry Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Community Table entry takes effect immediately 10 Click Apply 11 To permanently save your changes select the Save Config option in the Configuration menu To delete an entry in the SNMPv3 Community Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selecte
38. 1 2 From the Home page select Configuration From the Configuration menu select the Layer 2 option Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 109 on page 272 Verify there is no check in the Enable Spanning Tree check box If there is a check click the option to remove it Spanning tree must be disabled in order for you to return it to its default settings Section IV Spanning Tree Protocols Section IV Spanning Tree Protocols AT S 63 Management Software Web Browser User s Guide 5 Click Configure The Configure STP Parameters tab is shown in Figure 110 on page 275 6 Click Defaults The STP settings are returned to their default values 7 To permanently save your changes select the Save Config option in the Configuration menu 281 Chapter 18 Spanning Tree and Rapid Spanning Tree Protocols Configuring RSTP This section contains the following procedures Configuring RSTP Bridge Settings next Configuring RSTP Port Settings on page 285 Displaying RSTP Settings on page 286 Resetting RSTP to the Default Settings on page 289 AN Caution The bridge provides default RSTP parameters that are adequate for most networks Changing them without prior experience and an understanding of how RSTP works might have a negative effect on your network You should consult the IEEE 802 1w standard before changing any of the RSTP parameters UU UU Config
39. An action of Permit means the port accepts the packets that meet the criteria of the classifiers assigned to the ACL An action of Deny means the port discards the packets unless the packets also match the criteria of a Permit ACL in which case the packets are accepted by the port because a Permit ACL overrides a Deny ACL Active Whether or not the ACL is active A status of Yes means that the ACL Section Il Advanced Operations 151 Chapter 12 Access Control Lists is assigned to at least one port on the switch A status of No means the ACL is not assigned to any ports and therefore is inactive Classifier List The classifiers assigned to the ACL Port List The port assignments of the ACL 4 To view the same information for each ACL select the ACL and click View The View ACLs page opens as shown in Figure 49 L_ i ID Description 237 Local Classifier List Port List 1 34 Action Deny Figure 49 View ACLs Page 5 Click Close 152 Section Il Advanced Operations Chapter 13 Class of Service Section Il Advanced Operations This chapter contains instructions on how to configure Class of Service CoS This chapter contains the following procedures Configuring CoS on page 154 Mapping CoS Priorities to Egress Queues on page 156 Configuring Egress Scheduling on page 158 Displaying the CoS Settings on page 159 Displaying the QoS Schedule o
40. EF CD Enable SNMP Access C Enable Authentication Failure Trap SNMPv1 amp SNMPv2c Configure SNMPv1 amp SNMPv2c Communities SNMPv3 SNMP Engine ID 80 00 00 CF 03 00 30 84 AB EF CD Configure User Table O Configure View Table O Configure Access Table O Configure SecurityToGroup Table O Configure Notify Table O Configure Target Address Table O Configure Target Parameters Table Configure Community Table Figure 75 SNMP Tab Configuration 4 Click the Enable SNMP Access checkbox to enable or disable SNMP management A check in the box indicates that the feature is enabled meaning that the switch can be managed from an SNMP management station No check indicates that the feature is disabled The default is disabled Use this parameter to enable the switch to be remotely managed with an SNMP application program Note If the Enable SNMP Access check box is not checked the switch cannot be managed through SNMP This is the default If you want the switch to send authentication failure traps click the Enable Authentication Failure Traps checkbox A check in the box indicates that the switch sends the trap 6 Click Apply Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide 7 To permanently save your changes select the Save Config option in the Configuration menu Section Ill SNMP v3 205 Chapter 17 SNMPv3 Configuring the SNMPv3 User Table 206 Crea
41. Figure 156 Secure Shell Tab Configuration Configure the following parameters as necessary Status Enables and disables the SSH server The default is Disabled SSH must be disabled to configure the protocol parameters Note You cannot disable the SSH server when there is an active SSH connection Host Key ID Specifies the ID number of the encryption key for the SSH host The key must already exist on the switch To view key ID numbers refer to Displaying the Encryption Keys on page 374 The default is Not Defined Section VII Management Security Section VI Management Security 5 6 AT S63 Management Software Web Browser User s Guide Note You cannot create encryption keys from the web browser interface but you can from the menus and command line interfaces Server Key ID Specifies the ID number of the encryption key for the SSH server The key must already exist on the switch The default is Not Defined Server Expiry Time Sets the time in hours for a server key to expire This timer determines how often a server key is regenerated for security purposes A server key is only valid for the time period configured in the Server Key Expiry Expiration Time timer Allied Telesis recommends setting this field to 1 to regenerate the key every hour Login Timeout Specifies the time in seconds it takes to release the SSH server from an incomplete SSH client connection The default is 180 seconds
42. Figure 81 Modify SNMPv3 View Page nenn nent 218 Figure 82 SNMPv3 Access Table Tab Configuration ccccccecceeceeeeeeeneeeeeaeeeeeaeeseeeeesaaeeseeeeeeeeaaeeeeeeeaas 220 Figure 83 Add New SNMPv3 Access Page c cccceceeeeeeeeeeeecaeeeeeneeeceaeeeeeaaeeseaaeeeeaaeeseaeeeeseaaesecaeeeseaaeseeneeseas 221 Figure 84 Modify SNMPv3 Access Page cc ceceeeeeceeeeeececeeeeeeaaeeeeeeeeeeaaeseeeeeeeceaeesseaeeseaeeeseaaeeeeeeeessaeeeseneees 225 Figure 85 SNMPv3 Security ToGroup Table Tab Contouraton 228 Figure 86 Add New SNMPv3 Security ToGroup Page 228 Figure 87 Modify SNMPv3 Security ToGroup Page 231 Figure 88 SNMPv3 Notify Table Tab Confouratton 234 Figure 89 Add New SNMPv3 Notify Page cccececeeeseeeeeeeeeceaaeeeeeeeeceaaeeeeeeeeeseaeeeseaeeseeaeeeseaaeeseeeeeseeseaeees 234 Figure 90 Modify SNMPv3 Notify Page cccceceseceeeceeceeeeeeeceeeeeeaaeeseeeeeeeeaaeseaeeeeeaaeesecaeeeseaaeeseeeesiaeesseneees 236 Figure 91 SNMPv3 Target Address Table Tab Configuration 0 ccccccccseeeeeeeeeeeeeeeeeeeeseaeeeeaeeeesaeeeseneees 239 Figure 92 Add New SNMPv3 Target Address Page ssessseesseeesseessneeeiseirssrtnnsrnsntnnsttnnstnnnnnnnnnnssrnnstnnnnnn nt 239 Figure 93 Modify SNMPv3 Target Address Page tt 242 Figure 94 SNMPv3 Target Parameters Table Tab Confiourattont 245 Figure 95 Add New SNMPv3 Target Parameters Page 246 Figure 96 Modify SNMPv3 Target Parameter Page 249 Figure 97 SNMPv3 Co
43. Port List Specifies the ingress port to which the policy is to be assigned A policy can be assigned to more than one ingress port To select more than one port hold down the Ctrl key when you make your selections A port can be an ingress port of only one policy at a time Egress Port Specifies the egress port to which the policy is to be assigned You can enter only one egress port A port can be an egress port of only one policy at a time If a port is already an egress port of a policy you must remove the port from its current policy assignment before adding it to another policy Redirect Port Specifies a port to where the traffic is to be redirected Traffic that matches the defined traffic flow is redirected to the specified port You can specify only one port When you are finished configuring the parameters click Apply If the new policy was assigned ports it is now active on the designated ports To permanently save your changes select the Save Config option in the Configuration menu To modify a policy perform the following procedure 1 2 From the home page select Configuration From the Configuration menu select the Services option Select the Policies tab The Policies tab is shown in Figure 64 on page 178 Select the policy to be modified from the list and click Modify 181 Chapter 14 Quality of Service Deleting a Policy 182 The Modify Policy page is shown in Figure 66 m r OSSO
44. TACACS or RADIUS 388 To enable or disable server based authentication or to select a different authentication protocol perform the following procedure 1 From the Home page select Configuration 2 From the Configuration menu select the Mgmt Protocols option The Mgmt Protocols page is displayed with the Server based Authentication tab selected by default as shown in Figure 158 Server based Authentication C Enable Server based Authentication Authentication Method Tacacs O RADIUS Mgmt Protocols TACACS Configuration RADIUS Configuration Figure 158 Server based Authentication Tab Configuration 3 To select an authentication protocol in the Authentication Method section of the tab click either RADIUS or TACACS The default is TACACS Note The switch supports only one authentication protocol at a time Furthermore you cannot change to a different authenticator protocol when this feature is enabled 4 To enable or disable the authentication feature click the Enable Server based Authentication check box A check in the box indicates the feature is enabled No check indicate the feature is disabled The default is disabled Section VII Management Security Section VI Management Security AT S63 Management Software Web Browser User s Guide Note The Enable Server based Authentication check box only applies to new TACACS or RADIUS manager accounts
45. The new priority level will apply to all ingress untagged packets If you perform Step 5 and override the priority level in tagged packets the new priority level will also apply to all ingress tagged packets If you are configuring a tagged port and you want the port to ignore the priority tag in the packets click the Override Priority option A check in the box indicates this feature is activated All tagged packets are directed to the egress queue specified in Step 4 Note The switch does not change the tagged information in a tagged packet A tagged packet exits the switch with the same priority level that it had when it entered The default for this parameter is No meaning that the priority level of a tagged packet is determined by the tagged information in the packet itself Click Apply Configuration changes are immediately activated on the switch To permanently save your changes select the Save Config option in the Configuration menu 155 Chapter 13 Class of Service Mapping CoS Priorities to Egress Queues This procedure explains how to change the default mappings of CoS priorities to egress priority queues To change the mappings perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Services option 3 Select the Queuing amp Scheduling tab The Queuing amp Scheduling tab is shown in Figure 52 AT 9424T SP Queuing
46. The priority number for the bridge This number is used in determining the root bridge for STP The bridge with the lowest priority number is selected as the root bridge If two or more bridges have the same priority value the bridge with the numerically lowest MAC address becomes the root bridge When a root bridge goes off line the bridge with the next priority number automatically takes over as the root bridge This parameter can be from 0 zero to 61 440 in increments of 4096 with 0 being the highest priority For a list of the increments refer to Table 5 275 Chapter 18 Spanning Tree and Rapid Spanning Tree Protocols 276 Table 5 Bridge Priority Value Increments Increment Bridge Increment Bridge Priority Priority 0 0 8 32768 1 4096 9 36864 2 8192 10 40960 3 12288 11 45056 4 16384 12 49152 5 20480 13 53248 6 24576 14 57344 7 28672 15 61440 Bridge Hello Time The time interval between generating and sending configuration messages by the bridge This parameter can be from 1 to 10 seconds The default is 2 seconds Bridge Forwarding Delay The waiting period in seconds before a bridge changes to a new state for example becomes the new root bridge after the topology changes If the bridge transitions too soon not all links may have yet adapted to the change resulting in network loops The range is 4 to 30 seconds The default is 15 seconds Bridge Max Age The lengt
47. Topology 260 seconds Ka Single Host Port Edge Maximum Multicast Groups 0 to 256 Multi Hosts Port Intermediate 64 Multicast Router Ports Mode Auto Detect O Manual Select Figure 72 IGMP Tab Configuration Configure the following parameters as necessary Enable IGMP Snooping Status Enables and disables IGMP snooping on the switch A check in the box indicates that IGMP snooping is enabled Multicast Host Topology Defines whether there is only one host node per switch port or multiple host nodes per port Possible settings are Edge Single Host Port and Intermediate Multi Host Port The Single Host Port Edge setting is appropriate when there is only one host node connected to each port on the switch This setting causes the switch to immediately stop sending multicast packets out a switch port when a host node signals its desire to leave a multicast group by sending a leave request or when the host node stops sending reports and times out The switch forwards the leave request to the router and simultaneously ceases transmission of any further multicast packets out the port where the host node is connected Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide The Multi Host Port Intermediate setting is appropriate if there is more than one host node connected to a switch port such as when a port is connected to an Ethernet hub to which
48. Traffic Class Remark Priority Replaces the user priority value in the packets with the new value specified in the Priority parameter if set to Yes If set to No which is the default the packets retain their preexisting priority level when they leave the switch ToS Specifies a replacement value to write into the Type of Service ToS field of IPv4 packets The range is 0 to 7 A ToS value can be set at all three levels flow group traffic class and policy The ToS value in a flow group overrides the value specified at the traffic class or policy level while the ToS value in a traffic class overrides the value in a policy Move ToS to Priority Replaces the value in the 802 1p priority field with the value in the ToS priority field on IPv4 packets Options are yes Replaces the value in the 802 1p priority field with the value in the ToS priority field on IPv4 packets no Does not replace the preexisting 802 1p priority level This is the default Move Priority to ToS Replaces the value in the ToS priority field with the 802 1p priority field on IPv4 packets Options are yes Replaces the value in the ToS priority field with the 802 1p priority field on IPv4 packets no Does not replace the ToS priority field This is the default Flow Group List Specifies the flow groups assigned to this traffic class Use lt Ctrl gt click to select more than one When you are finished configuring the parameters click Apply Th
49. V Virtual LANs AT S 63 Management Software Web Browser User s Guide Uplink Port This item only applies when the switch is operating in the IEEE 802 1Q compliant multiple VLAN mode or the non IEEE 802 1Q compliant multiple VLAN modes It displays the uplink port for the VLANs The lower part of the tab displays a table that contains the following columns of information VLAN ID The VID number of the VLAN Client Name The name of the VLAN If the switch is operating in one of the multiple VLAN modes the names of the VLANs start with Client with the exception of the VLAN containing the uplink port which starts with Uplink Uplink Port This column contains NA meaning Not Applicable for tagged port based and MAC address based VLANs For a protected ports VLAN this column contains the uplink port s for a port group Tagged uplink ports are designated with T and untagged uplink ports with U If the switch is operating in one of the two multiple VLAN modes this column displays the uplink port for the ports on the switch Type The VLAN type The possible settings are Port Based The VLAN is a port based or tagged VLAN MAC Based The VLAN is a MAC address based VLAN Protected The VLAN is a protected ports VLAN GARP The VLAN was created by GARP Protocol The protocol associated with this VLAN The possible settings are Blank The VLAN is a port based tagged protected port o
50. address of the local interface If DHCP or BOOTP is checked the interface obtained its IP address from a DHCP or BOOTP server on the network If Static is checked the IP address was set manually IP Address This parameter displays the IP address of the local management interface This address is either manually assigned to the interface or obtained from a DHCP or BOOTP server Subnet Mask This parameter specifies the subnet mask for the interface The IP address and subnet mask fields will be empty if no interface has been designated as the local interface Default Gateway For AT 9400 Switches that support IPv4 routing such as the AT 9424Ts and AT 9448Ts XP switches this field displays the IP address of the next hop of the switch s default route The switch uses the default route when it receives a network packet for routing but cannot find a route for it in the routing table This field will contain 0 0 0 0 if no default route is defined on the switch For AT 9400 Switches that do not support IPv4 packet routing such as the AT 9424T GB and AT 9424T SP switches this field displays the default gateway address This is the IP address of a router interface on your network The switch s management software uses this address as the next hop to reaching a remote network device such as a remote management workstation or a syslog server when the switch s local interface and the remote device are on different subnets The default
51. amp Scheduling Configure CoS Priority to Egress Queues CoS Oto PQ Q1 QoS PriorityQ 1 CoS 2to PQ CoS 3to PQ Q2 QoS PriorityQ 2 v Q3 QoS Por 3 v CoS 1to PQ Q0 QoS PriorityQ 0 CoS 4to PO _ Q4 QoS PriorityQ 4 CoS 6to PA es Op QoS PriorityQ 6 v Cos 5to PO Op QoS PriorityO 5 x CoS 7 to PQ Q7 QoS PriorityO 7 v Configure Egress Weights Select Schedule Strict Priority O Weighted Priority Queue 0 Weight Weighted Queue 4 Weight Weighted D 0 15 0 0 15 Queue 1 Weight Weighted 0 0 15 Queue 2 Weight Weighted 0 0 15 Queue 3 Weight Weighted Queue 5 Weight Weighted 0 0 15 Queue 6 Weight Weighted a 0 15 Queue 7 Weight Weighted D 0 15 D 0 15 Figure 52 Queuing amp Scheduling Tab Configuration Note The Configure Egress Weights section in the tab is explained in the next procedure Configuring Egress Scheduling on page 158 156 Section Il Advanced Operations AT S 63 Management Software Web Browser User s Guide The default values are listed in Table 4 Table 4 Default Mappings of IEEE 802 1p Priority Levels to Egress Priority Queues IEEE 802 1p Priority Egress Port Priority Level Queue 0 Q1 1 QO Q2 Q3 Q4 Q5 Q6 Q7 NIOJ O AJ OIN 4 In the Configure CoS Queues to Egress Queues section of the tab click the list for a CoS priority whose queue assignment
52. chitra Authentication Protocol SHA e Authentication Password Confirm Authentication Password Privacy Protocol Privacy Password Confirm Privacy Password Storage Type NonVolatile v Row Status Active Figure 77 Add New SNMPv3 User Page 5 Inthe User Name field enter a name or logon id that consists of up to 32 alphanumeric characters Section Ill SNMP v3 207 Chapter 17 SNMPv3 208 6 9 In the Authentication Protocol field enter an authentication protocol This is an optional parameter Select one of the following MD5 This value represents the MD5 authentication protocol With this selection users SNMP entities are authenticated with the MD5 authentication protocol after a message is received This algorithm generates the message digest The user is authenticated when the authentication protocol checks the message digest With the MD5 selection you can configure a Privacy Protocol SHA This value represents the SHA authentication protocol With this selection users are authenticated with the SHA authentication protocol after a message is received This algorithm generates the message digest The user is authenticated when the authentication protocol checks the message digest With the SHA selection you can configure a Privacy Protocol None This value represents no authentication protocol When messages are received users are
53. entries for example hwengtag swengtag testengtag In the Target Parameters field enter a Target Parameters name This name can consist of up to 32 alphanumeric characters The value configured here must match the value configured with the Target Parameters Name parameter in the Target Parameters Table In the Storage Type field enter one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Target Address Table After making changes to a Target Address Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonvVolatile Select this storage type if you want the ability to save an entry in the Target Address Table After making changes to an Target Address Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesis recommends this storage type 243 Chapter 17 SNMPv3 244 13 Click Apply to update the SNMPv3 Target Address Table 14 To permanently save your changes select the Save Config option in the Configuration menu Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide Configuring the SNMPv3 Target Parameters Table Creating a Target Parameters Table Section Ill SNMP v3 Entry You can create delete and modify an SNMPv3 Target Parameters Table entry See the following pro
54. esseessseeeeeesnnseeersstnnsesrnesrnnennntttntsttnsstensstnnstnnsnnn nenn nnennnne 112 Event Log Tab Configuration ccececcececeeeeeeeeeceeeeeeeeeecaaeeeseeeeceeaeeesaaeesecaeeeseaaeeseeeesaeeeeeeeeess 119 Event Log Example Displayed in Normal Mode AAA 123 Event Log Example Displayed in Full Mode 124 Modifying Event Log Output 1 WiINGOW ccececeeeeeeeceeeeeeeeeeeeeeeeeeeeaaeeedeeeeesaaeeeseaeeeseaeeeeeaeeeeeess 125 Create Event Log Output Page nenu nnnnnnnt 128 View Event L og Output e E 130 Modify Event Log Output Page 0 cccecceceeeeeeeeneeeeeeeeeeeeaeeseaeeeeeeaaeceeaeeeesaaeesecaeeesaaeseeeeeeeenaeeseeaees 131 Classifier Tab COnpigtiration escct ses irii renea ele Seege deen deet geed ergo er 134 Create Classifier Page ccccccccesccecseeeeeeeneeeceaeeeseneeceaaeceeeaeeeceaeeeseaaeseeaeeeseaaesegeeeeesaaeseeaeeeseaeeneaaes 135 Create Classifier Page IP Protocol 136 Modify Classifier Page 140 Classifier Tab MONITORING EE 143 ACK Tab Configuration WEE 146 Create ACES Page EE 147 Figures Figure 47 Modify ACLs Page niione anaa ited ened aa a a eel 149 Figure 48 ACL Tab Monitoring ccececceeeeceeeeeeeeeceeaeeeeeeee cease eeceaeeseeaeeeeeaeeseaeeesaaaeseeeeeeseaaeeseaeesecaeeeseeetee 151 Figur 49 View AGES Kaes Tee eege e dene in ena avi ein 152 Figure 50 CoS Tab Configuration cccccccccseceeeeeececeeeeeeeeeceeaeeeceeeeseeaeeeeaaeeeceaeeeseaaeeseeeeeseeaee
55. for Port page opens as shown in Figure 71 T bes monitor for Pors 58 Status Type Mirror Port Disable IP_OPTION Disable Enable IP_OPTION Disable Enable IP_OPTION Disable Enable IP_OPTION Disable Figure 71 DoS Monitor for Ports Page The page displays a table that contains the following columns of information Port The port number Status Whether DoS is enabled or disabled on the port Type The type of DoS prevention Mirror Port Whether the examined traffic is copied to a mirror port Section Il Advanced Operations Chapter 16 IGMP Snooping Section Il Advanced Operations This chapter describes how to configure the IGMP snooping feature on the switch The sections in the chapter include o Configuring IGMP Snooping on page 192 o Displaying a List of Host Nodes on page 195 o Displaying a List of Multicast Routers on page 197 191 Chapter 16 IGMP Snooping Configuring IGMP Snooping To configure IGMP snooping perform the following procedure 1 2 From the home page select Configuration From the Configuration menu select the Multicast option The Multicast page is displayed with the IGMP tab selected by default as shown in Figure 72 3 192 Multicast AT 9424T SP System Name Marketing MAC Addr 00 30 84 4B EF CD C Enable IGMP Snooping Host Roger Timeout Interval 0 to 86400 Multicast Host
56. forward or discard unknown ingress unicast packets The possible settings are Enabled The port discards unknown ingress unicast packets Disabled The port forwards unknown ingress unicast packets This is the default setting Egress Unknown Unicast Filter Use this parameter to configure a port to forward or discard unknown egress unicast packets The possible settings are Enabled The port discards unknown egress unicast packets Disabled The port forwards unknown egress unicast packets This is the default setting Ingress Unknown Multicast Filter Use this parameter to configure a port to forward or discard unknown ingress multicast packets Possible settings are Enabled The port discards unknown ingress multicast packets Disabled The port forwards unknown ingress multicast packets This is the default setting Egress Unknown Multicast Filter Use this parameter to configure a port to forward or discard unknown egress multicast packets Possible settings are Enabled The port discards unknown egress multicast packets Disabled The port forwards unknown egress multicast packets This is the default setting Flow Control Sets flow control on a port This option only applies to ports operating in full duplex mode A switch port uses flow control to control the flow of ingress packets The switch sends a special pause packet to stop the end node from sending frames The pause packet notifies the end node to
57. header in an Ethernet II frame Possible values are Oo User Specified o IP o ARP o RARP User Specified Protocol Defines a traffic flow by the protocol number specified in the Ethertype field of the MAC header in an Ethernet II frame To use this parameter the Protocol parameter must be set to User Specified The number can be entered in either decimal or hexadecimal format If the latter precede the number with 0x The range is 1536 0x600 to 65535 OXFFFF TOS DSCP Defines a traffic flow by its Type of Service or DSCP value To set this parameter the Protocol parameter must be set to IP Options are o TOS Type of Service o DSCP TOS Defines a traffic flow by its Type of Service value The range is 0 to 7 To set this value the TOS DSCP parameter must be set to TOS DSCP Defines a traffic flow by its DSCP value The range is 0 to 63 To set this value the TOS DSCP parameter must be set to DSCP 137 Chapter 11 Classifiers 138 IP Protocol Defines a traffic flow by the following Layer 3 protocols a User Specified oO TCP o UDP oO ICMP o IGMP User Specified IP Protocol Defines a traffic flow of an Layer 3 protocol by its protocol number To set this parameter the IP Protocol parameter must be set to User Specified The number can be entered in either decimal or hexadecimal format If the latter precede the number with Ox The range is 0 0x0 to 255 OxFF Source IP Address
58. in Figure 98 Community Index Community Name Security Name Transport Tag Storage Type Row Status 10456 m u rthy s antaClaraCA333 swengtag swenginform NonVolatile Active Figure 98 Add New SNMPv3 Community Page 5 Inthe Community Index field enter a numerical value for this Community This parameter is used to index the other parameters in an SNMPv3 Community Table entry Enter a value of up to 32 alphanumeric characters 6 In the Community Name field enter a Community Name of up to 64 alphanumeric characters Section Ill SNMP v3 253 Chapter 17 SNMPv3 254 The value of the Community Name parameter acts as a password for the SNMPv3 Community Table entry This parameter is case sensitive Note Allied Telesis recommends that you select SNMP Community Names carefully to ensure these names are known only to authorized personnel In the Security Name field enter a name of an SNMPv1 and SNMPv2c user This name must be unique Enter a value of up to 32 alphanumeric characters Note Do not use a value configured with the User Name parameter in the SNMPv3 User Table In the Transport Tag field enter a name of up to 32 alphanumeric characters The Transport Tag parameter links an SNMPv3 Community Table entry with an SNMPv3 Target Address Table entry Add the value you configure for the Transport Tag parameter to the Tag List parameter in
59. information about the SNMPv3 SecuritytoGroup Table see Chapter 21 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide To create an entry in the SNMPv3 SecurityToGroup Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 2 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 3 In the SNMPv8 section click the button next to Configure SecurityToGroup Table and then click Configure at the bottom of the tab 227 Chapter 17 SNMPv3 The SNMPv3 SecurityToGroup Table tab is shown in Figure 85 AT 9424T SP System Name Marketing MAC Addr 00 30 84 4B EF CD SNMPv3 SecurityToGroup Table Total Entries 19 Page Sof 5 Security Name Group Name Storage Type Row Status Security Model jenny swengineering NonVolatile Active Mgmt Protocols chitra testengineering NonVolatile Active debashis swengineering NonVolatile Active Figure 85 SNMPv3 SecurityToGroup Table Tab Configuration 4 To create an SNMPv3 SecurityToGroup Table entry click Add The Add New SNMPv3 SecurityToGroup page is shown in Figure 86 Security Model Security Name E chita Group Name ltestengineering Storage Type NonVolatile v Row Status Active Figure 86 Add New SNMPv3 Secur
60. intended MSTI It should be noted that the MSTI List shows all of the spanning tree instances on the switch and not just those where the selected port is currently a member If you select an MSTI where the port is not a member you can pre configure the parameter in the event you later add the port as a member of the MSTI through a VLAN assignment Port Priority This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the regional root bridge The range is 0 to 240 in increments of 16 The default value is 8 priority value is 128 For a list of the increments refer to Table 6 Port Priority Value Increments on page 278 Port Internal Path Cost The port cost of the port if the port is connected to a bridge which is part of the same MSTP region The range is 0 to 200 000 000 The default setting is Auto detect which sets port cost depending on the speed of the port Table 7 lists the MSTP port cost with Auto Update when a port is not part of a port trunk Table 7 MSTP Auto Update Port Internal Path Costs Port Speed Port Cost 10 Mbps 2 000 000 100 Mbps 200 000 1000 Mbps 20 000 Table 8 lists the MSTP port costs with Auto Update when the port is part of a port trunk Table 8 MSTP Auto Update Port Trunk Internal Path Costs Port Speed Port Cost 10 Mbps 20 000 100 Mbps 20 000 303 Chapter 19 Multiple Spanning Tree Protocol
61. into both fields The default password is friend The password is case sensitive AN Caution Do not use spaces or special characters such as asterisks and exclamation points in a password if you are managing the switch from a web browser Many web browsers cannot handle special characters in passwords Operator Password Confirm Operator Password Use these parameters to change the operator s login password for the switch The password can be from 0 to 16 characters in length The same password is used for both local and remote management sessions To create a new password enter the new password into both fields The default password for operator is operator The password is case sensitive Section Basic Operations Section Basic Operations AT S 63 Management Software Web Browser User s Guide A Caution Do not use spaces or special characters such as asterisks and exclamation points in a password if you are managing the switch from a web browser Many web browsers cannot handle special characters in passwords Note A change to a password is immediately activated on the switch You must use the new password the next time you start a management session of the switch 3 Click Apply to activate your change on the switch 4 To permanently save your changes select the Save Config option in the Configuration menu 29 Chapter 1 Basic Switch Parameters Setting t
62. is not activated is Disabled Role The RSTP role of the port Possible roles are Root The port that is connected to the root switch directly or through other switches with the least path cost Alternate The port offers an alternate path in the direction of the root switch Backup The port on a designated switch that provides a backup for the path provided by the designated port Designated The port on the designated switch for a LAN that has the least cost path to the root switch This port connects the LAN to the root switch Edge Port Whether or not the port is operating as an edge port The possible settings are Yes and No P2P Whether or not the port is functioning as a point to point port The possible settings are Yes and No Version Whether the port is operating in RSTP mode or STP compatible mode Port Cost The port cost of the port An example of the RSTP Settings page is shown in Figure 119 Total Ports Selected 1 Page 1 of 1 Edge Port Point to Point Cost Priority Auto Detect Auto Update 128 Figure 119 RSTP Settings Page The RSTP Settings page displays a table with the following columns of information Port The port number Section IV Spanning Tree P rotocols AT S 63 Management Software Web Browser User s Guide Edge Port Whether or not the port is operating as an edge port The possible settings are Yes and No Point to Point Whether or not t
63. is to be changed and select the new queue For example to direct all ingress tagged packets with a CoS priority of 5 to egress queue Q3 you would use the list in CoS 5 to PQ and select Q3 QoS PriorityQ 3 5 If desired repeat Step 4 to change the egress queue assignment of other CoS priorities 6 Click Apply 7 To permanently save your changes select the Save Config option in the Configuration menu Section Il Advanced Operations 157 Chapter 13 Class of Service Configuring Egress Scheduling 158 This procedure explains how to select and configure a scheduling method for Class of Service Scheduling determines the order in which the ports handle packets in their egress queues For an explanation of the two scheduling methods refer to the AT S63 Management Software Features Guide Scheduling is set at the switch level You can not set this at the port level To change scheduling perform the following procedure 1 2 From the home page select Configuration From the Configuration menu select the Services option Select the Queuing amp Scheduling tab The Queuing amp Scheduling tab is shown in Figure 52 on page 156 Note The Configure CoS Queues to Egress Queues section in the tab is explained in the previous procedure Mapping CoS Priorities to Egress Queues on page 156 To select a scheduling method click either Strict Priority or Weighted Priority in the Configure Egress Weights
64. multiple host nodes are connected With this setting selected the switch continues sending multicast packets out a port even after it receives a leave request from a host node on the port This ensures that the remaining active host nodes on the port continue to receive the multicast packets Only after all of the host nodes connected to a switch port have transmitted leave requests or have timed out does the switch stop sending multicast packets out the port If a switch has a mixture of host nodes that is some connected directly to the switch and others through an Ethernet hub you should select the Intermediate Multi Host Port Intermediate selection Multicast Router Ports Mode Specifies whether the router ports are determined automatically or if you enter them manually If you want the switch to determine the ports automatically select Auto Detect which is the default To enter them yourself click Manual Select and enter the ports in the field Host Router Timeout Interval Specifies the time period in seconds at which the switch determines that a host node is inactive An inactive host node is a node that has not sent an IGMP report during the specified time interval The range is from 0 second to 86 400 seconds 24 hours The default is 260 seconds If you set the timeout to zero 0 the timer never times out and the timeout interval is essentially disabled This parameter also controls the time interval used by the switch in
65. not authenticated With the None selection you cannot configure a Privacy Protocol Note You may want to assign NONE to a super user In the Authentication Password field enter an authentication password of up to 32 alphanumeric characters In the Confirm Authentication Password field re enter the authentication password Note If you have the nonencrypted version of the AT S60 software then the Privacy Protocol field is read only Note You can only configure the Privacy Protocol if you have configured the Authentication Protocol with the MD5 or SHA values In the Privacy Protocol field enter one of the following options DES Select this value to make the DES privacy or encryption protocol the Section Ill SNMP v3 Deleting a User Table Entry Section Ill SNMP v3 10 11 12 13 14 AT S63 Management Software Web Browser User s Guide privacy protocol for this User Table entry With this selection messages transmitted between the host and the switch are encrypted with the DES protocol None Select this value if you do not want a privacy protocol for this User Table entry With this selection messages transmitted between the host and the switch are not encrypted In the Privacy Password field enter a privacy password of up to 32 alphanumeric characters In the Confirm Privacy Password field re enter the privacy password In the Storage Type field enter one of the followi
66. option is displayed on the Configuration menu Allied Telesis recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 View Table entry takes effect immediately 10 Click Apply to update the SNMPv3 View Table 11 To permanently save your changes select the Save Config option in the Configuration menu To delete an entry in the SNMPv3 View Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 In the SNMPv3 section click the button next to Configure View Table and then click Configure The SNMPv3 View Table tab is shown in Figure 79 on page 215 Click the button next to the View Table entry to be deleted and then click Remove A warning message is displayed Click OK To permanently save your changes select the Save Config option in the Configuration menu To modify an entry in the SNMPv3 View Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 217 Chapter 17 SNMPv3 218 2 Select the SNMP tab The SNMP tab is shown in Figure 75 on
67. port The port sends the name to the authentication server for verification when the port logs on to the network The username can be from be from 1 to 16 alphanumeric characters A to Z ato z 1 to 9 Do not use spaces or special characters such as asterisks or exclamation points The username is case sensitive User Password Specifies the password for the switch port The port sends the password to the authentication server for verification when the port logs on to the network The password can be from 1 to 16 alphanumeric characters A to Z a to z 1 to 9 Do not use spaces or special characters such as asterisks or exclamation points The password is case sensitive 7 Click Apply Changes to the supplicant settings are immediately implemented on a port 8 To permanently save your changes select the Save Config option in the Configuration menu 364 Section VI Port Security AT S 63 Management Software Web Browser User s Guide Displaying the Port based Network Access Control Parameters You can display information about the port based network access control status and settings of the ports on the switch This section contains the following procedures D o Displaying the Port Status next Displaying the Port Settings on page 367 Displaying the To display the port based network access control port status perform the Port Status following procedure 1 2 From the Home page select Monit
68. read only field in the web browser interface The Active value indicates the SNMPv3 User Table entry takes effect immediately 12 Click Apply to update the SNMPv3 User Table 13 To permanently save your changes select the Save Config option in the Configuration menu 213 Chapter 17 SNMPv3 Configuring the SNMPv3 View Table 214 Creating a View Table Entry You can create delete and modify an SNMPv3 View Table entry See the following procedures o Creating a View Table Entry on page 214 0 Deleting a View Table Entry on page 217 0 Modifying a View Table Entry on page 217 For reference information about the SNMPv3 View Table see Chapter 21 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide To create an entry in the SNMPv3 View Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 2 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 3 Inthe SNMPv3 section click the button next to Configure View Table and then click Configure at the bottom of the tab Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide The SNMPv3 View Table tab is shown in Figure 79 Mgmt Protocols SNMPv3 View Table Total Entries 6 Page 1 of 2 SubTree View Name OID S
69. refer to the Starting an AT S63 Management Session Guide 19 Preface Document Conventions This document uses the following conventions Note Notes provide additional information Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data Warning Warnings inform you that performing or omitting a specific action may result in bodily injury 20 AT S63 Management Software Web Browser User s Guide Contacting Allied Telesis Online Support Email and Telephone Support Returning Products Sales or Corporate Information Management Software Updates This section provides Allied Telesis contact information for technical support and for sales and corporate information You can request technical support online by accessing the Allied Telesis Knowledge Base www alliedtelesis com support kb aspx You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions For Technical Support via email or telephone refer to the Allied Telesis web site at www alliedtelesis com Select your country from the list on the web site and then select the appropriate tab Products for return or repair must first be assigned a return materials authorization RMA number A product sent to Allied Telesis without an RMA number will be returned to the sender at the sender s expense For
70. select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 From the Monitoring menu select Mgmt Protocols The Mgmt Protocols page is displayed with the Server based Authentication tab displayed by default as shown in Figure 13 on page 61 Select the SNMP tab Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide The SNMP tab is shown in Figure 100 AT 9424T SP arketing 4B EF CD SNMP Access Enabled Authentication Failure Trap Disabled Mgmt Protocols SNMPv1 amp SNMPv2c View SNMPv1 amp SNMPv2c Communities SNMPv3 SNMP Engine ID 80 00 00 CF 03 00 30 84 AB EF CD View User Table O View View Table O view Access Table Oview SecurityToGroup Table O View Notify Table O View Target Address Table Oview Target Parameters Table O View Community Table Figure 100 SNMP Tab Monitoring 4 Inthe SNMPv3 section click the button next to View User Table and then click View at the bottom of the tab Section Ill SNMP v3 259 Chapter 17 SNMPv3 The SNMPv3 User Table tab is shown in Figure 101 System Name Marketing MAC Addr 00 30 84 AB EF CD C Home SG SNMPv3 User Table E Leet SE Authentication Privacy IT layer2 k User Name Protocol Protocol Sal ae Type Row Status ___Momt Security blaze SHA DES NonvVolat
71. the SNMPv3 Target Address Table on page 238 Configuring the SNMPv3 Target Parameters Table on page 245 Configuring the SNMPv3 Community Table on page 252 Note Use the SNMPv3 Community Table only if you are configuring the SNMPvV3 protocol with an SNMPv1 or an SNMPv2c implementation Allied Telesis does not recommend this configuration Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide Enabling or Disabling SNMP Management Section Ill SNMP v3 In order to allow an SNMP manager or host to access the switch you need to enable SNMP access In addition to allow the switch to send a trap when it receives a login attempt from an unauthenticated user you need to enable authentication failure traps This section provides a procedure to accomplish both of these tasks To enable SNMP access and authentication failure traps perform the following procedure 1 From the Home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 2 From the Configuration menu select the Mgmt Protocols option The Mgmt Protocols page is displayed with the Server based Authentication tab selected by default as shown in Figure 158 on page 388 3 Select the SNMP tab 203 Chapter 17 SNMPv3 204 The SNMP tab is shown in Figure 75 Mgmt Protocols AT 9424T SP System Name Marketing Addr 00 30 84 4B
72. the View Name to see the subtree specified above Excluded Enter this value to not permit the View Name to see the subtree specified above In the Storage Type field enter a storage type for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Target Parameters Table After making changes to an Target Parameters Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonVolatile Select this storage type if you want the ability to save an entry in the View Table After making changes to a View Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesis recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 View Table entry takes effect immediately Click Apply To permanently save your changes select the Save Config option in the Configuration menu 219 Chapter 17 SNMPv3 Configuring the SNMPv3 Access Table 220 Creating an Access Table You can create delete and modify an SNMPv3 Access Table entry See the following procedures Oo Creating an Access Table on page 220 O Deleting an Access Table Entry on page 223 o Modifying an Access Table Entry on page 224 For information about the SNMPv3 Access Table see Chapter
73. the bottom of the tab The SNMPv3 Notify Table tab is shown in Figure 88 on page 234 Click the button next to the table entry to be changed and then click Modify The Modify SNMPv3 Notify page is shown in Figure 90 voam swevs nouv Z Notify Name swenginform Notify Tag lswenginformtag Notify Type gt Inform sl Storage Type NonVolatile sl Row Status Active Figure 90 Modify SNMPv3 Notify Page In the Notify Tag field enter a description name of the Notify Tag Enter a name of up to 32 alphanumeric characters Section Ill SNMP v3 Section Ill SNMP v3 6 AT S63 Management Software Web Browser User s Guide In the Notify Type field enter one of the following message types Trap Indicates this notify table is used to send traps With this message type the switch does not expects a response from the host Inform Indicates this notify table is used to send inform messages With this message type the switch expects a response from the host In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Notify Table After making changes to an Notify Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonvVolatile Select this storage type if you want the ability to save an entry in the Notify Table
74. the same on all bridges in a region Different regions can have the same revision level without conflict The range is 0 zero to 255 Click Apply To permanently save your changes select the Save Config option in the Configuration menu Proceed to the next procedure to configure the CIST priority To configure the CIST priority perform the following procedure 1 2 From the home page select Configuration From the Configuration menu select the Layer 2 option Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 109 on page 272 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 121 on page 295 In the Configure CIST Parameters section set the CIST Priority the priority number for the bridge This number is used to determine the root bridge of the bridged network This number is analogous to the RSTP bridge priority value The bridge in the network with the lowest priority number is selected as the root bridge If two or more bridges have the same bridge or CIST priority values the bridge with the numerically lowest MAC address becomes the root bridge Click Apply To permanently save your changes select the Save Config option in the Configuration menu 297 Chapter 19 Multiple Spanning Tree Protocol Managing MSTIs This section contains the following procedures g o m Creating an MSTI on page 298 Modifying an MSTI on page 299 Dele
75. to 12 hours Note If the interface on the local subnet from where the switch is reaching the server is using DHCP to set its IP configuration it automatically attempts to determine this value In this case you do not need to configure a value for the UTC Offset parameter 31 Chapter 1 Basic Switch Parameters Daylight Savings Time DST Enables or disables the system s adjustment for daylight savings time The default is enabled Note The switch does not set DST automatically If the switch is ina locale that uses DST you must remember to enable this in April when DST begins and disable it in October when DST ends If the switch is in a locale that does not use DST this option should be set to disabled all the time Status Enables or disables the SNTP client on the switch The default is disabled Server IP Address Specifies the IP address of an SNTP server Note If the local interface on the switch is obtaining its IP address and subnet mask from a DHCP server you can configure the server to provide the interface with an IP address of an NTP or SNTP server If you configured the server to provide this address then you do not need to enter it here Poll Interval Specifies the number of seconds the switch waits between polling the SNTP or NTP server The default is 600 seconds The range is from 60 to 1200 seconds 5 When you finish configuring the parameters click the Apply buttons If yo
76. to 255 dynamic and static MAC addresses Secured Instructs a port to forward frames using only static MAC addresses The port does not learn any dynamic MAC addresses and deletes any dynamic addressees that it has already learned Only those end nodes whose MAC addresses are entered as static addresses are able to forward frames through the port After activating this security level you must enter the static MAC addresses of the end nodes to be allowed to forward frames through the port Locked Instructs a port to immediately stop learning new dynamic MAC addresses Frames are forwarded using the dynamic MAC addresses already learned by the port has and any static MAC addresses assigned to the port Dynamic MAC addresses learned by the port prior to the activation of this security level never time out from the MAC address table even when the corresponding end nodes are inactive The port will not learn any new dynamic addresses 349 Chapter 22 MAC Address based Port Security 350 You can continue to add new static MAC addresses to a port operating under this security level If you select the Limited security level additional options are displayed in the window for you to configure They are defined here Intrusion Action Specifies what the switch should do if a port receives an invalid frame Options are o Discard Discards the invalid frame o Trap Discards the invalid frame and sends an SNMP trap o Discar
77. 21 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide To create an entry in the SNMPv3 Access Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 2 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 3 In the SNMPv3 section click the button next to Configure Access Table and then click Configure at the bottom of the tab The SNMPv3 Access Table tab is shown in Figure 82 AT 9424T SP System Name Marketing MAC Addr 00 30 84 4B EF CD SNMPv3 Access Table Total Entries 6 Page 2 of 6 Group Name Security Model testengineering v3 Security Level Context Prefix AuthPriv Mgmt Protocols Read View Context Match internet Exact Write View Storage Type private NonVolatile Notify View Row Status internet Active Figure 82 SNMPv3 Access Table Tab Configuration Section Ill SNMP v3 Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide 4 To create an SNMPv3 Access Table entry click Add 5 The Add New SNMPv3 Access page is shown in Figure 83 Group Name swengineering Context Prefix Read View internet Write View internet Notify View internet Security Model Ivi Ja Security Level Privacy Context Match Storage Type
78. 3 6 AT S63 Management Software Web Browser User s Guide Modifysnwpvsaccess Group Name testengineering Context Prefix H Read View internet Write View private Notify View H internet Security Model v3 Security Level AuthPriv Context Match Exact Storage Type NonVolatile sl Row Status Active Figure 84 Modify SNMPv3 Access Page Note The Context Prefix field is a read only field The Context Prefix field is always set to null In the Read View Name field enter a value that you configured with the View Name parameter in the View Table This parameter allows the users assigned to this Group Name to view the information specified by the View Table entry This value does not need to be unique In the Write View Name field enter a value that you configured with the View Name parameter in the View Table This parameter allows the users assigned to this Security Group to write or modify the information in the specified View Table This value does not need to be unique In the Notify View Name field enter a value that you configured with the View Name parameter in the View Table This parameter allows the users assigned to this Group Name to send traps permitted in the specified View This value does not need to be unique 225 Chapter 17 SNMPv3 226 9 10 11 Note The Context Match field is a read only field The Context Match fiel
79. 3 displaying 183 modifying 181 port configuring parameters basic 42 disabling 44 enabling 44 resetting to defaults 54 statistics displaying 51 status displaying 49 port control 802 1x port based access control 359 force authorized 359 force unauthorized 359 port cost Multiple Spanning Tree Protocol MSTP 303 AT S63 Management Software Web Browser User s Guide Rapid Spanning Tree Protocol RSTP 285 Spanning Tree Protocol STP 278 port mirror creating 94 deleting 99 disabling 98 displaying 100 modifying 97 port parameters configuring basic 42 Multiple Spanning Tree Protocol MSTP 294 Rapid Spanning Tree Protocol RSTP 282 Spanning Tree Protocol STP 274 port participating parameter 350 port priority Multiple Spanning Tree Protocol MSTP 303 Rapid Spanning Tree Protocol RSTP 285 Spanning Tree Protocol STP 277 port security displaying 351 intrusion action 352 port security levels MAC 349 port speed configuring 44 port trunk creating 84 deleting 90 displaying 91 modifying 88 port based access control See 802 1x Port based Network Access Control port based VLAN creating 316 deleting 323 displaying 326 modifying 321 Public Key Infrastructure PKI settings displaying 376 Q QoS See Quality of Service QoS Quality of Service QoS See also traffic class flow group and policy 163 quiet period configuring 360 R RADIUS configuring 394 disabling 388 displaying settings 396 enabling 388 server
80. 3 minutes The range is 60 to 600 seconds Click Apply To permanently save your changes select the Save Config option in the Configuration menu 383 Chapter 25 Secure Shell SSH Displaying the SSH Settings To view the Secure Shell settings perform the following procedure 1 2 From the Home page select Monitoring From the Configuration menu select the Mgmt Protocols option Select the Secure Shell tab The Secure Shell tab is shown in Figure 157 Mgmt Protocols Secure Shell Secure Shell Settings SSH Versions Supported 1 3 1 5 2 0 Status Disabled Server Port 22 Host Keyld Not Defined Server Key ID Not Defined Server Key Expiry Time 0 Login Timeout 180 Authentication Available Password Ciphers Available 3DES 128 bit AES 192 bit AES 256 bit AES Arcfour RC4 MAC s Available hmac sha1 hmac md5 Data Compression Available 384 Figure 157 Secure Shell Tab Monitoring The Secure Shell tab provides the following information SSH Versions Supported The versions of SSH supported by the AT S63 Management Software Status Whether the SSH server is enabled or disabled Server Port The well known port number for SSH The default is port 22 Host Key ID The encryption key ID of the host key Section VII Management Security Section VI Management Security AT S63 Management Software Web Browser User s Guide Server Key ID The encrypti
81. AIDA Source amp Dest L2 Address Trunk Port Regular Port Figure 24 Modify Trunk Page 5 To change the name of the trunk click the Trunk Name field and enter the new name The name can be up to 16 alphanumeric characters No spaces or special characters such as asterisks and exclamation points are allowed Each trunk must have a unique name 6 To add or remove ports from a trunk click the ports in the graphical image of the switch A selected port changes to white An unselected port is black A static port trunk can contain up to eight ports 7 Click Apply Changes to a port trunk are activated on the switch 8 To permanently save your changes select the Save Config option in the Configuration menu 9 Reconnect the cables to the ports of the trunk Section Basic Operations 89 Chapter 6 Static Port Trunks Deleting a Port Trunk 90 AN Caution Disconnect the cables from the port trunk on the switch before performing this procedure Deleting the trunk without first disconnecting the cables can result in the formation of a loop in your network topology This can cause a broadcast storm and poor network performance To delete a port trunk from the switch perform the following procedure 1 2 From the home page select Configuration From the Configuration menu select the Layer 1 option Select the Port Trunking tab The Port Trunking tab is shown in Figure 22 on page 85
82. After making changes to an Notify Table entry with a NonVolatile storage type the Save Config option is not displayed on the Configuration menu The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Notify Table entry takes effect immediately Click Apply to update the SNMPv3 Notify Table To permanently save your changes select the Save Config option in the Configuration menu 237 Chapter 17 SNMPv3 Configuring the SNMPv3 Target Address Table Creating a Target 238 Address Table Entry You can create delete and modify an SNMPv3 Target Address Table entry See the following procedures Oo Creating a Target Address Table Entry on page 238 o Deleting a Target Address Table Entry on page 241 0 Modifying Target Address Table Entry on page 242 For reference information about the SNMPv3 Target Address Table see Chapter 21 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide To create an entry in the SNMPv3 Target Address Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 2 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 3 In the SNMPv8 section click the button next to Configure Target Address Table and then click Configure at the b
83. Browser User s Guide The System Information section displays the following information MAC Address The MAC address of the switch Model Name The model name of the switch Serial Number The serial number of the switch System Name The name of the switch To set the name refer to Configuring the Switch s Name Location and Contact on page 26 Administrator The name of the network administrator responsible for managing the switch To set the name of the administrator refer to Configuring the Switch s Name Location and Contact on page 26 Comments The location of the switch for example 4th Floor rm 402B To set the location refer to Configuring the Switch s Name Location and Contact on page 26 BOOTP DHCP The source of the IP address of the local interface This field will be DHCP or BOOTP if the local interface obtained its IP configuration from a DHCP or BOOTP server Alternatively if the IP address was set manually this field will be Static This field will be blank if the switch does not have a local interface IP Address The IP address of the local interface Subnet Mask The subnet mask of the local interface Default Gateway For AT 9400 Switches that support IPv4 routing such as the AT 9424Ts and AT 9448Ts XP switches this field displays the IP address of the next hop of the switch s default route The switch uses the default route when it receives a net
84. CACS configuring 390 disabling 388 displaying settings 392 enabling 388 server timeout configuring 394 tagged VLAN creating 316 deleting 323 displaying 326 modifying 321 threshold 350 traffic class configuring 170 deleting 176 displaying 176 modifying 175 tx period configuring 360 U unavailable status defined 56 uplink port configuring 324 displaying 317 327 user name configuring 364 user password configuring 364 V versions supported SSH parameter 384 virtual LAN VLAN creating 316 deleting 323 displaying 326 mode selecting 324 modifying 321 VLAN type port based or tagged VLAN 319 AT S63 Management Software Web Browser User s Guide 411 Index 412
85. CACS Settings RADIUS Settings Server based Authentication Authentication Method Mgmt Protocols Figure 160 Server Based Authentication Tab Monitoring The upper part of the page shows whether server based authentication is enabled or disabled and the authentication method The lower part of the page is used to view the settings of an authentication client 3 Inthe lower portion of the tab click TACACS Settings 4 Click View 392 Section VII Management Security Section VI Management Security AT S63 Management Software Web Browser User s Guide The TACACS client configuration page is shown in Figure 161 ee dient Configuration Global Secret Global Server Timeout 1 300 Winner 30 second s 1 2 3 149 32 14 237 RC Corp 149 32 14 248 RC Corp 149 32 14 248 Figure 161 TACACS Client Configuration Page The upper portion of the page provides the following information Global Secret The TACACS server encryption secret Global Server Timeout The maximum amount of time the switch waits for a response from a TACACS server The lower portion of the page displays a table with the following columns of information Server The server number one of three IP Address IP addresses of up a network server containing TACACS server software Encryption Key Encryption key for the server This parameter is blank if the key is specified in the global secret
86. Class on page 170 6 When you are finished modifying the parameters click Apply The changes are immediately implemented in the traffic class 7 To permanently save your changes select the Save Config menu selection Section Il Advanced Operations 175 Chapter 14 Quality of Service Deleting a Traffic This procedure explains how to delete a traffic class If the traffic class to 176 Class e deleted is already part of a QoS policy assigned to one or more switch ports you must first modify the policy by removing the port assignments before you can delete the traffic class You can reassign the ports back to the policy after you have deleted the traffic class To delete a traffic class perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Services option ES Select the Traffic Class tab The Traffic Class tab is shown in Figure 60 on page 170 4 Select the traffic class to be deleted and click Delete The traffic class is deleted from the switch 5 To permanently save your changes select the Save Config menu selection Displaying the To display the traffic classes perform the following procedure Traffic Classes 1 From the Home page select Monitoring 2 From the Monitoring menu select Services 3 Select the Traffic Class tab The Traffic Class tab is shown in Figure 63 Traffic Class Page lof 1 Current Traffic Classes D
87. DUs indefinitely Type C to reset the MSTP port to transmit RSTP BPDUs Section IV Spanning Tree Protocols 285 Chapter 18 Spanning Tree and Rapid Spanning Tree Protocols Displaying RSTP 286 Settings Point to Point This parameter defines whether the port is functioning as a point to point port The possible settings are Yes No and Auto Detect For an explanation of this parameter refer to Point to Point and Edge Ports in Chapter 22 Spanning Tree and Rapid Spanning Tree Protocols in the AT S63 Management Software Features Guide Edge Port This parameter defines whether the port is functioning as an edge port The possible settings are Yes and No For an explanation of this parameter refer to Point to Point and Edge Ports in Chapter 22 Spanning Tree and Rapid Spanning Tree Protocols in the AT S63 Management Software Features Guide After you have configured the parameters click Apply To permanently save your changes select the Save Config option in the Configuration menu To display RSTP parameter settings perform the following procedure 1 2 3 4 From the Home page select Monitoring From the Monitoring menu select the Layer 2 option Select the Spanning Tree tab The Spanning Tree tabs is shown in Figure 112 on page 279 This tab displays information on whether spanning tree is enable or disabled and which protocol version STP or RSTP is active Click View Se
88. GARP Messages Bad Message Receive GARP Messages Bad Attribute Number of GARP messages that had an invalid Attribute Type value an invalid Attribute Length value or an invalid Attribute Event value Number of GARP messages that had an invalid Attribute Value value Section V Virtual LANs 343 Chapter 21 GARP VLAN Registration Protocol Displaying the GIP Connected Ports Ring 344 To display the GIP connected ports ring perform the following procedure 1 2 From the Home page select Monitoring From the Monitoring menu select the Layer 2 option Select the GVRP tab The GVRP tab is shown in Figure 134 on page 335 In the View GVRP Parameters section click View GIP Connected Ports Ring Click View The GIP Connected Ports Ring page is shown in Figure 139 GIP Context S li sem mm O Figure 139 GIP Connected Ports Ring Page The GIP Connected Ports Ring page displays a table that contains the following columns of information GIP Context ID A number assigned to the instance for the GIP context STP ID Present if the GARP application is GVRP identifies the spanning tree instance associated with the GIP context Ring The ring of connected ports Only ports presently in the spanning tree Forwarding state are eligible for membership in the GIP connected ring If no ports exist in the GIP connected ring No ports are connected is displayed If the GA
89. Management Software AT S63 Web Browser User s Guide For Stand alone AT 9400 Switches AT S63 Version 2 2 0 for AT 9400 Layer 2 Switches AT S63 Version 4 1 0 for AT 9400 Basic Layer 3 Switches MAW Allied Telesis PN 613 001026 Rev C Copyright 2009 Allied Telesis Inc All rights reserved No part of this publication may be reproduced without prior written permission from Allied Telesis Inc Allied Telesis and the Allied Telesis logo are trademarks of Allied Telesis Incorporated Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation All other product names company names logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners Allied Telesis Inc reserves the right to make changes in specifications and other information contained in this document without prior written notice The information provided herein is subject to change without notice In no event shall Allied Telesis Inc be liable for any incidental special indirect or consequential damages whatsoever including but not limited to lost profits arising out of or related to this manual or the information contained herein even if Allied Telesis Inc has been advised of known or should have known the possibility of such damages Contents Prelat 2 Auge e Eege Neen ge eee an dh a ee geen deena aes 15 How This Guide is Organized 16 Ire OR eegne 18 NN Eeer aise ee
90. Modify Ge e CET 182 Figure 67 Policies Tab Monitoring ere ieira ideni aA Eie aAa AAE ERA 183 Figure 68 DoS Tab CGonfiouraton nnne 186 Figure 69 DoS Configuration for Ports Page c cccccceseeceeeeeeeeceeeeeeeeeeeaaeeeceeeeeceaeeeseaeeseaeeeseaaeeseeeeessaeesseneees 187 Figure 70 DoS Tab Monitoring ccccccccceeeeeeeeeceeneeeeeeeeeceeeeeeeaaeeeeeeeeeeaaeeeeeeeeesaaaesseaeeeseaeeeseaaeseeeeeessaeesseneees 189 Figure 71 DoS Monitor for Ports Page ccccccccsecceeeeeeeeeeeeeeeeeeceaaeeeeeeeescaaeseeeeeeecaaeeeseaeeeseaeeessaaeeseeeeessaeesseneees 190 Figure 72 IGMP Tab CGonfiouraton nnen nnnt 192 Figure 73 GMP Tab Monitoring aean aiani a a a a a a a 195 Figure 74 View Multicast Routers List Page ssesssseessssrreesssnnnnsrnnnnnstnnnnnnttnnnennnnnnnnnnnnnnnnnnnnnnntntnnnnnnannnnnnnnnne 197 Figure 75 SNMP Tab Configuration cccccceeeeeeceeeeceeeeeeeee cee eeeeaeee seas eeeaaeesecaeeeeaaaeseeeeeeseaaeseeeeeseceeeeseetee 204 Figure 76 SNMPv3 User Table Tab Configuration ceccccceceeeeeeeeeeeeeeeeeeeeeeceaaeeeeeeeeeeaeeeeeaeeeseeeeeeeeeees 207 Figure 77 Add New SNMPV3 User Page cess eeeeaeeeeaeeeeaaeesecaeeeeaaaeseeeeeesaaeseeneeeesiaeeeeeeeee 207 Figure 78 Modify SNMPv3 User Page ssessesisssirsssrrsssrssissstisstiisttktsstnntttnnttntt tnt nnnnt nanat E nast nn nnn nnen n nnn nnnt 211 Figure 79 SNMPv3 View Table Tab Confouratton nent 215 Figure 80 Add New SNMPv3 View Page 215
91. O ID Description H Send Remark DSCP DSCP Value NONE si pe ToS Move ToS To Priority 0 71 HO Si Move Priority To ToS Send To Mirror Port NO e NO ei Traffic Class List Ingress Port List De 2 Je Egress Port Figure 66 Modify Policy Page 5 Modify the parameters as needed For parameter definitions refer to Configuring a Policy on page 178 6 When you are finished configuring the parameters click Apply The changes are immediately implemented in the policy 7 To permanently save your changes select the Save Config option in the Configuration menu To delete a policy perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Services option 3 Select the Policies tab The Policies tab is shown in Figure 64 on page 178 4 Selecta policy from the list and click Delete You can only delete one policy at a time The policy is deleted from the switch Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide 5 To permanently save your changes select the Save Config option in the Configuration menu Deleting all Flow To delete all flow groups traffic classes and policies from the switch Groups Traffic perform the following procedure Classes and 4 From the home page select Configuration Policies l 2 From the Configuration menu select the Services option oo Select t
92. Operations 2 AT S63 Management Software Web Browser User s Guide Note The list does not include the master switch where you started the management session nor any switches with an enhanced stacking status of Unavailable You can sort the switches in the list by switch name or MAC address by clicking on the column headers By default the list is sorted by MAC address To refresh the list click Refresh To start a management session on another switch in the enhanced stack click the button to the left of the switch in the list You can select only one switch Note The web server mode i e HTTP or HTTPS must be the same on both the master switch and slave switch For example a master switch operating in the default HTTP mode can be used to manage switches configured for HTTP but not HTTPS For information on HTTPS refer to the AT S63 Management Software Features Guide Click Connect Enter a user name and password for the switch when prompted The home page of the selected switch is displayed You can now manage the selected switch 59 Chapter 3 Enhanced Stacking Returning to the Master Switch 60 When you are finished managing the switch and want to manage another switch in the stack select Disconnect from the main menu This returns you to the Enhanced Stacking page Figure 12 on page 58 of the master switch where you started the management session At this point you can do one of the fo
93. P The IP address of the host node connected to the port Version The version of IGMP used by the host Exp Time The number of seconds remaining before the host is timed out if no further IGMP reports are received from it Section Il Advanced Operations AT S 63 Management Software Web Browser User s Guide Displaying a List of Multicast Routers To view multicast routers perform the following procedure 1 From the Home page select Monitoring 2 From the Monitoring menu select the Multicast option Section Il Advanced Operations The Multicast page is displayed with the IGMP tab as shown in Figure 73 on page 195 To view the multicast routers click View Multicast Router List and then click View The View Multicast Routers List is shown in Figure 74 T View muticast Routers tst Total Multicast Routers 1 Page 1of1 Port VLAN ID Router IP 1 1 172 16 10 1 Figure 74 View Multicast Routers List Page The View Multicast Routers List page displays a table that contains the following columns of information Port The port on the switch where the multicast router is connected VLAN ID The VID of the VLAN in which the port is an untagged member Router IP The IP address of the port on the router 197 Chapter 16 IGMP Snooping 198 Section Il Advanced Operations Section III SNMPv3 Section Ill SNMP v3 This section has the following chapter O Chapter 17 SNMPv3
94. P Database on page 337 Displaying the GVRP State Machine on page 338 Displaying the GVRP Counters on page 341 Displaying the GIP Connected Ports Ring on page 344 DU UD DUU UU 331 Chapter 21 GARP VLAN Registration Protocol Configuring GVRP To configure GVRP perform the following procedure 1 From the Home page select Configuration 2 From the Configuration menu select the Layer 2 option 3 Select the GVRP tab The GVRP tab is shown in Figure 132 GVRP Parameters Layer 2 Enable GVRP Enable GIP Leave Time Leave All Time en CentiSeconds H 000 centiSeconds Join Time 20 CentiSeconds GVRP Port Configuration Figure 132 GVRP Tab Configuration 4 Inthe GVRP Parameters section configure the following parameters as necessary Note The settings for the three timers must be the same on all GVRP active network devices Enable GVRP Click to enable or disable GVRP 332 Section V Virtual LANs Section V Virtual LANs AT S63 Management Software Web Browser User s Guide Leave Time Use this parameter to specify the leave time The range is 30 to 80 centiseconds and the default is 60 centiseconds Join Time Use this parameter to specify the join time The range is 10 to 60 centiseconds and the default is 20 centiseconds This parameter must be in relation to the GVRP Leave Timer according to the following equation Join Timer lt 2 x GVRP L
95. RP application has no ports No ports have been assigned is displayed Section V Virtual LANs Section VI Port Security This section has the following chapters O Chapter 22 MAC Address based Port Security on page 347 O Chapter 23 802 1x Port based Network Access Control on page 353 Section VI Port Security 345 346 Section VI Port Security Chapter 22 MAC Address based Port Security This chapter explains how to configure and display the MAC address based security levels on the ports on the switch It contains the following sections O Configuring Port Security on page 348 o Displaying Port Security Levels on page 351 Section VI Port Security 347 Chapter 22 MAC Address based Port Security Configuring Port Security To configure security for the ports perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Network Security option The Network Security page opens with the Port Security tab selected by default as shown in Figure 140 Network Security Figure 140 Port Security Tab Configuration In the image of the switch click the port to be configured and click Modify A selected port turns white You can configure more than one port at a time The Security for Ports page is shown in Figure 143 Security Mode MAC Limit Automatic No Limit Security Mode Auto
96. S63 Management Software Web Browser User s Guide there are no more servers the switch defaults to the standard Manager and Operator accounts The default is 30 seconds The range is 1 to 30 seconds IP Address Port and Encryption Key Specify the IP address UDP port number and encryption key of each RADIUS server You can specify up to three servers You can leave the encryption field blank for a server if you entered the server s key in the Global Encryption Key field The maximum length of the encryption key is 39 characters 5 Click Apply 6 To permanently save your changes select the Save Config option in the Configuration menu Section VII Management Security 395 Chapter 26 TACACS and RADIUS Protocols Displaying the RADIUS Client Settings To display the RADIUS client settings on the switch perform the following procedure 1 From the Home page select Monitoring 2 Select the Mgmt Protocols option The Mgmt Protocols tab is displayed with the Server based Authentication tab selected by default as shown in Figure 160 on page 392 The upper part of the page shows whether server based authentication is enabled or disabled and the authentication method The lower part of the page is used to view the settings of an authentication client 3 In the lower portion of the page click RADIUS Settings 4 Click View The RADIUS Client Configuration page is shown in Figure 161 Global Encryption Key G
97. S63 software modules whose events will be displayed The modules are listed in Table 1 You can select more than one module by using the Ctrl key as you make your selections The default is All Table 1 AT S63 Software Modules Name Description ALL All modules ACL Port access control lists CFG Switch configuration file CLASSIFIER Classifiers used by ACL and QoS CLI Command line interface commands DOS Denial of Service defense ENCO Encryption keys ESTACK Enhanced stacking EVTLOG Event log FILE File system GARP GARP VLAN Registration Protocol HTTP Web server IGMPSNOOP_ IGMP snooping 121 Chapter 10 Event Logs and Syslog Client 122 Table 1 AT S63 Software Modules Continued Name Description IP IP configuration LACP Link Aggregation Control Protocol MAC MAC address table MGMTACL Management access control list MLDSNOOP MLD snooping PACCESS 802 1X Port based Access Control PCFG Port configuration PKI Public Key Infrastructure PMIRR Port mirroring PSEC MAC address based port security PTRUNK Static port trunking QOS Quality of Service RADIUS RADIUS authentication protocol RPS Redundant power supply RRP RRP Snooping RTC Real time clock SNMP Simple Network Management Protocol SSH Secure Shell protocol SSL Secure Sockets Layer protocol STP Spanning Tree Rapid Spanning Tree and Mu
98. Sete acs eee Lesh ate seca Eege DEE 19 starting a Management SeSSiOn EE 19 ele Di gelen le TEE 20 Contacting Allied Telesis a ae E 21 OMNES EIERE A tak eta EE elle Ee 21 Email and Telephone Support ien tee thea voce head ieeeis EENS AAA ege geen ara a aaa eaaa arauan EATA 21 Retorn Meel 21 Sales or Corporate Information aristi aana aeaaeae aera e Sa a aa aa aana iaai dike ain 21 Management Software Updates 21 Section I Basic Operations sssescesssoooescessscoeecesssoccecssoooccesessooeecsssscoeeesssosccecesssssese 2D Chapter 1 Basic Switch Parameters cricoidea aa anaa a aaa aaa aaa ania 25 Configuring the Switch s Name Location and Contact 26 Changing the Manager and Operator PasswordS eee eeeeeaeeseaaeeeeeaaesecaeeeesaaeeseeeeeseaaeeseneees 28 Setting the System Date and Time 30 el leelie E EE 33 Pinging a Remote EE 34 Returning the AT S63 Management Software to the Factory Default Values ccceccecceccsteeeeeeestteeeeesenaaes 35 Displaying the IP Address of the Local Interface 37 Displaying System Information cccccccecccececceeeeeeeeeeeeeeeeaaeeceaeeeeeaaeeseeeeeesaaaeseeeeeecaaeeseeaeeeseaaessaeeseceeesnaaeeseaees 38 Chapter 2 Port Parameters 0 ccccccccccecceeseeceeeeeeeeeeeeceaeeeeeaeesecaeeesaaaeeeeeeeeesaaeeeseaeeescaeesseaaeeseeaeeesaaeeeeeees 41 Configuring Gei E ENEE 42 Displaying Port Parameters sarsana r E EE I A R 49 Displaying ee 51 Resetting a Port to the Default Settin
99. The Event log tab is shown in Figure 33 on page 119 4 Configure the parameters in the Display Filter Settings section of the tab to define which events in the log are to be saved to the file For instructions refer to steps 3 to 7 in Displaying Events on page 120 5 In the Save Filename field enter a name for the file The name can be up to 16 alphanumeric characters and must include the log file name extension 6 Click Save The specified events in the log file are saved to the switch s file system as an ASCII file 7 To view the contents of the file refer to Listing the Files in Flash Memory or on a Compact Flash Card on page 104 To upload the file to a TFTP server refer to Uploading a File on page 114 To upload the file using Xmodem you must use a local management session 126 Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide Working with Syslog Output Definitions You can configure the switch to send its events to a syslog server which can store the events of many network devices simultaneously This can make managing your network easier since you need only go to one site the syslog server to see all the events of your network devices Here are the guidelines to observe when using this feature o You can define up to 19 syslog servers o The event log feature must be enabled on the switch in order for the device to send events to a syslog ser
100. The switch uses this file to configure its operating parameters when reset or power cycled The switch also updates the active boot file when you select the Save Config option The columns in the List Files table are described below This information is for viewing purposes only If your unit has a compact flash card slot the switch by default displays the files in flash memory To view the files on a card go to step 4 File Name Name of the system file Device The device type either flash for flash memory or cflash for compact flash card Size Size of the file in bytes Modified The time the file was created or last modified in the following date and time format month day year hours minutes seconds Attributes The file type one of the following o Normal Read Only Hidden System Volume Directory Archive WS WS WS WS US n Invalid To view the files on a compact flash card insert the card into the slot on the switch select Compact Flash under Current Drivers and click Apply 105 Chapter 8 File System 5 To view the contents of a file such as a configuration file click the file in the Current Files section of the tab and click View You can view one file at a time The contents of the configuration file are displayed in the Viewing File page An example is shown in Figure 31 wett File Information Name boot cfg Device flash Last Modified 01 20 2005 a
101. Tree Protocols Chapter 18 Spanning Tree and Rapid Spanning Tree Protocols on page 271 Chapter 19 Multiple Spanning Tree Protocol on page 291 O Section V Virtual LANs Chapter 20 Port based and Tagged VLANs on page 315 Chapter 21 GARP VLAN Registration Protocol on page 331 AT S63 Management Software Web Browser User s Guide O Section VI Port Security Chapter 22 MAC Address based Port Security on page 347 Chapter 23 802 1x Port based Network Access Control on page 353 0 Section VII Management Security Chapter 24 Encryption Keys PKI and SSL on page 373 Chapter 25 Secure Shell SSH on page 381 Chapter 26 TACACS and RADIUS Protocols on page 387 Chapter 27 Management Access Control List on page 399 17 Preface Product Documentation For overview information on the features of the AT 9400 Switches and the AT S63 Management Software refer to Oo AT S63 Management Software Features Guide PN 613 001022 For instructions on how to start a local or remote management session on stand alone AT 9400 Switches or AT 9400Ts Stacks refer to O Starting an AT S63 Management Session Guide PN 613 001023 For instructions on how to install or manage stand alone AT 9400 Switches refer to o AT 9400 Gigabit Ethernet Switch Installation Guide PN 613 000987 o AT S63 Management Software Menus User s Guide PN 613 001025 o AT S63 Management Software Comm
102. VLAN page is shown in Figure 131 Tei OOOO VLAN Details VID Name 2 Marketing Type Protocol Protected None Untagged Ports Tagged Ports 15 19 22 16 18 Uplink Ports Protected VLAN Groups Group Number P 22 15 21 Port List 328 Figure 131 View Protected VLAN Page The VLAN Details section displays the following information VID The VLAN ID Type The VLAN type which is always Protected Secton V Virtual LANs Secton V Virtual LANs AT S 63 Management Software Web Browser User s Guide Untagged Ports The untagged ports members of the VLAN Uplink Ports The uplink port s for this group of ports Name The VLAN name Protocol Not used Tagged Ports The tagged ports members of the VLAN The Protected VLAN Groups section displays the following information Group Number The number assigned to the group Port List The ports of the group 329 Chapter 20 Port based and Tagged VLANs 330 Secton V Virtual LANs Chapter 21 GARP VLAN Registration Protocol Section V Virtual LANs This chapter contains instructions on how to configure GARP VLAN Registration Protocol GVRP This chapter contains the following procedures Configuring GVRP on page 332 Enabling or Disabling GVRP on a Port on page 334 Displaying the GVRP Configuration on page 335 Displaying the GVRP Port Configuration on page 336 Displaying the GVR
103. Warning Sends only warning event messages These messages indicate that an issue may require manager attention Information Sends only informational event messages Informational messages display useful information that you can ignore during normal operation Debug Sends debug event messages These events provide detailed high volume information that is intended only for technical support personnel Type Specifies the type of the output definition The only option is Syslog Syslog Server IP Address Specifies the IP address of the syslog server Facility Level Specifies the numerical code to be added to the entries when sent to the syslog server The facility levels are listed in Table 3 Table 3 Default Syslog Facilities Facility Mapped Event Log Modules and Events Default This setting uses the functional groupings as defined in the RFC 3164 standard local 1 through These settings assign a specific identifier to the local 7 events Note For further information about the syslog facility levels refer to Chapter 12 Event Logs and Syslog Servers in the AT S63 Management Software Menus Interface User s Guide Module Selections Specifies the AT S63 Management Software module s whose events are to be sent to the syslog server To select more than one use the Ctrl key when making your selections The default is All For a list of modules refer to Table 1 on page 121 Click Apply The swi
104. Write access mode permits both viewing and changing the SNMP MIB objects 66 Section Basic Operations Section Basic Operations AT S63 Management Software Web Browser User s Guide Manager Stations The IP addresses of management workstations permitted to use a string with a closed access status Trap Receivers The IP addresses of trap receivers to receive traps from the switch Open Status The access status of a community string Yes means the string has an open status and that any management workstation can use it No means the string has a closed status and that only those workstations whose IP addresses are assigned to the string are permitted to use it Status The operating status of a community string Enabled means the string is available for use and Disabled means it is unavailable To create a new community string click Add The Add New SNMPv1 amp SNMPv2c Community page is shown in Figure 16 on page 67 LASS Community Name Status Enable Disable Access Mode Read Only O Read Write Managers Trap Receivers Callow Any Station Manager IP Address 1 Trap Receiver IP Address 1 Manager IP Address 2 Trap Receiver IP Address 2 Manager IP Address 3 Trap Receiver IP Address 3 Manager IP Address 4 Trap Receiver IP Address 4 Manager IP Address 5 Trap Receiver IP Address 5 Manager IP Address 6 Trap Receiver IP Address 6 Manager IP Address 7 Trap Receiver IP Address 7 Manager IP Ad
105. a anana a a eaka ieee adaa kakai 42 Port Configuration Page 43 Port Settings EC gie le Ile ET 49 POlt Status E EE 50 POM Statistics Page A E eee aaa an nadie enn aiden ants nen aay 51 Enhanced Stacking Tab Configuration ccccceeceeeeeeeeeeeeeeeeeeaeeseeeeeeeeaaeseceeeeesaeeeeeeeeesiaeeseeees 57 votacking Switches Pages EE 58 Enhanced Stacking Tab Monitoring 61 SNMP Tab Configuration esada ae eae eee a alate en ah attention 64 SNMPv1 A SNMPv2c Communities Tab 66 Add New SNMPv1 amp SNMPv2c Community Page 67 SNMP F b Ml pttorggk eiis cafszea ofa ce vedecena ded aa aaa ege ESO EES 71 SNMPv1 A SNMPv2c Communities Tab Monitoring ccccceeeeeeeeeeeeeeeeeeeeeeeeseaeeeseeeeeseaeeeseneees 72 MAC Address Tab Configuration cease eeeeeeeceaaeeeceeeeesaaeeeseneeesnaaeeeseeeeeseaeeeeeneeess 74 View MAC Addresses TEE 76 Add MAG Address Page EE 77 Port Trunking Tab CGonfiouratton nt 85 Add New Trunk Page is fat eoria e a AEN ATE A AA TA E A Seege 86 Modify Trunk GE EE 89 Port Trunking Tab MOnitoring cresine aa an r E EE EOAR RA 91 Port Mirroring Tab Configuraton nt 94 Modify Miror Pagg yiii E ege ee ee A A EE A EATA 95 Example of a Modify Mirror Page socere ora e A AEAEE a ETE AA RA 96 Port Mirroring Talo Monitormg ee eairent aaa A a 100 File System Tab Confiouration cece eeeeaaeeceaeeeeeaaeeseeeeseaaaeseeeeeesaeeeeeneeess 104 Viewin File Fage EE 106 System Utilities Tab Configuration
106. aa A T Aat aa N cant BAR 74 Adding Static Unicast and Multicast MAC Addresses ccccccceeeeeeceneeeeeeeeeceeeeeeaaeeseneeeesaaeeeeeneeeseaaeeseeesenness 77 Contents Deleting Unicast and Multicast MAC Adresses 79 Deleting All Dynamic MAC Addresses sseesseeeieeeeeeeetessr tett tutn tttttttttn ttt tnttktntttn tsk Ennnnnnnn unnn nn nunen nntu nenn nnt 80 Changing the Aging BR LEE 81 Chapter 6 Static Port Trunks seriean aeaa r Loge gh haved ts aren a aa aa lat etal eee EES geben 83 Greatinig a Static Port TUNK setts cvsandegees can eade casted eh oes eea iana ea Eae Aaa a leeds nadie Ea each AT aAA 84 Modifying a Statie Port TUNK inti sats treed edness A bhatt E adh tein ated hated 88 Deleting a Port Hell 90 Displaying Bull 91 Chapter 7 Port Mirroring 3 22 icc e Eed EENS ed TL eed en tu eae 93 Greating a Port MirtOfit c 0 7 2 ee i Gen ee ea ni ine ee 94 Moditymg a Ke nde TEE 97 Disabling a Port Minor sci otis eee elise elec iin ee i ened Deceiver eee 98 Deleting a Port Mirror Szeen gee gege T TEE OE NEE TEE E AEE TEE EOT 99 Displaying the Port Merde dee ein a eel aa el NA 100 Section II Advanced Operations seccsessssecocccssoscccecssooocsesessooeesssssoseesssssseseeessssese LOL Chapter 8 File Syst m n ro ionet aaea aa aaaea a aiea aia EES degen 103 Listing the Files in Flash Memory or on a Compact Flash Card 104 Selecting an Active Boot Configuration File 107 Chapter 9 File Downloads and Uploa
107. able see Chapter 21 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide Note Use the SNMPv3 Community Table only if you are configuring the SNMPvV3 protocol with an SNMPv1 or an SNMPv2c implementation Allied Telesis does not recommend this configuration To create an entry in the SNMPv3 Community Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 2 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 3 In the SNMPv8 section click the button next to Configure Community Table and then click Configure at the bottom of the tab Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide The SNMPv3 Community Table tab is shown in Figure 97 AT 9424T SP SNMPv3 Community Table Total Entries 4 Page lof 1 Community Index Community Name Security Transport Name Tag Storage Type California Mgmt Protocols O alabama O carolina SantaClara456 birmingham 23 raleigh998 bismarck778 wilson jenny chitra swengtad Nonvolatile testengtag swengtag NonYolatile testengtag NonvVolatile hwengtag Nonyolatile swengtag Figure 97 SNMPv3 Community Table Tab Configuration 4 Click Add The Add New SNMPv3 Community page is shown
108. ace The Active value indicates the SNMPv3 Notify Table entry takes effect immediately Click Apply to update the SNMPv3 Notify Table To permanently save your changes select the Save Config option in the Configuration menu To delete an entry in the SNMPv3 Notify Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 In the SNMPv38 section click the button next to Configure Notify Table and then click Configure at the bottom of the tab The SNMPv3 Notify Table tab is shown in Figure 88 on page 234 235 Chapter 17 SNMPv3 236 Modifying a Notify Table Entry Click the button next to the Notify Table entry to be deleted and then click Remove A warning message is displayed Click OK To permanently save your changes select the Save Config option in the Configuration menu To modify an entry in the SNMPv3 Notify Table perform the following procedure 1 5 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 In the SNMPv3 section click the button next to Configure Notify Table and then click Configure at
109. also view the multicast routers A multicast router is a router that is receiving multicast packets from a multicast application and transmitting the packets to host nodes To view host nodes perform the following procedure 1 2 From the Home page select Monitoring From the Monitoring menu select the Multicast option The Multicast page is displayed with the IGMP tab as shown in Figure 73 Multicast AT 9424T SP IGMP Snooping Status Host Roger Timeout Interval Disable 260 seconds Snoop Topology Maximum Multicast Groups Single Host Port Edge Multicast Router Ports Mode Auto Select View Multicast Hosts List O View Multicast Routers List Section Il Advanced Operations Figure 73 IGMP Tab Monitoring For definitions of the parameters in the tab refer to Configuring IGMP Snooping on page 192 To view the multicast addresses and the host nodes click View Multicast Hosts List and then click View The View Multicast Hosts List page is displayed The page contains the following columns of information Multicast Group The multicast address of the group 195 Chapter 16 IGMP Snooping 196 VLAN ID The VID of the VLAN where the port is an untagged member Member Port Trunk ID The port on the switch where the host node is connected If the host node is connected to the switch through a trunk the trunk ID number not the port number is displayed Host I
110. ameter select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Target Parameters Table After making changes to an Target Parameters Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonvVolatile Select this storage type if you want the ability to save an entry in the Target Parameters Table After making changes to an Target Parameters Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesis recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Target Parameters Table entry will take effect immediately Click Apply to update the SNMPv3 Target Parameters Table To permanently save your changes select the Save Config option in the Configuration menu 251 Chapter 17 SNMPv3 Configuring the SNMPv3 Community Table Creating an SNMPv3 Community Table Entry 252 You can create delete and modify an SNMPv3 Community Table entry See the following procedures oO Creating an SNMPv3 Community Table Entry on page 252 Oo Deleting an SNMPv3 Community Table Entry on page 255 ao Modifying an SNMPv3 Community Table Entry on page 255 For reference information about the SNMPv3 Community T
111. and Line User s Guide PN 613 001024 o AT S63 Management Software Web Browser User s Guide PN 613 001026 For instructions on how to install or manage AT 9400Ts Stacks refer to o AT 9400Ts Stack Installation Guide PN 613 001191 o AT S63 Management Software Command Line User s Guide PN 613 001024 o AT S63 Management Software Web Browser User s Guide for AT 9400Ts Stacks PN 613 001028 The installation and user guides for all the Allied Telesis products are available in portable document format PDF on our web site at www alliedtelesis com You can view the documents online or download them onto a local workstation or server AT S63 Management Software Web Browser User s Guide Where to Go First Allied Telesis recommends that you read Chapter 1 Overview in the AT S63 Management Software Features Guide before you begin to manage the switch for the first time There you will find a variety of basic information about the unit and the management software like the two levels of manager access levels and the different types of management sessions The AT S63 Management Software Features Guide is also your resource for background information on the features of the switch You can refer there for the relevant concepts and guidelines when configuring a feature for the first time Starting a Management Session For instructions on how to start a local or remote management session on the AT 9400 Switch
112. ase assoseeeeseeesseessneeesnesressenssttnsstnnstnnnttnnetnnnatnntsttastttnsstnnstnnstn nennst nnnennnnn nennt 337 Displaying the GVRP State Machine 338 Displaying the GVRP CGoumters nuttu tat intaran sstessstnssttnnnn nenne nn netera nennt 341 Displaying the GIP Connected Ports Ping 344 Section VI Fortune Chapter 22 MAC Address based Port Security 347 Config ring Port SecUrity EE 348 Displaying Port Security Levels cececceeeeeeeeeeeeeeeeeaeeeeeeeeeeaaeeeeeeeecaaaeseeeeeeeeaaeeeeeeeeesaaaeseceeeeesaeeeseaeeeseaeenseees 351 Chapter 23 802 1x Port based Network Access Control 00 0 0 eee eee eeeeeeeeeeeaeeesaeeeaetnaeeeeeees 353 Setting ele OTT 354 Enabling or Disabling 802 1x Port based Network Access Control 356 Configuring Authenticator Port Parameters nnn nnnnnnnt 357 Configuring Supplicant Port Parameters sesseeesseesneeitessrn isst nettrtttttetuntttinstistatnssttnasttnntn unun nnnn nntu nnn nnen nn nt 363 Displaying the Port based Network Access Control Parameters sessssesssisssrsrrrrisrrisrrerinsrnetiesrnsrrerresrrnrns 365 Displaying the Port Status sits dite nii taae aaa e leet tages ny didn aaaea a a 365 Displaying the Port SettinS cccccceccccecesseeeeeeeeeeeaeeeceeeeseeaeeegneeeeeeaaesgeaeeesceaeesgeaeeeseaeseseneeeneeeeseaaeeneaees 367 RADIUS Accounting iii ws scien ea ln ee aa ee ee 369 Configuring RADIUS ACCOUNTING ccccceeceeceeeeeceeeeeeeeeeceaeeeeeaeeeceaeeeseaaee
113. ation Page ccccscceceeeeeeeeeeeeeeeeeeeaeeseseeeeceaeeeseeeeeeaeeeeeaaeesesaeessaaeenenes 394 RADIUS Client Configuration Page ccccsceeceeeeeeeeeeeeeeeeeeaeeeeeeeeesaaeeeseneeeeaeeeseaaeesecaeesiaaeeeenes 396 Mgmt ACL Tab CGonfiouratont eese eeertssnttennsttrtstintstnsstnnssrnssrnnntrnntnnntnnsenn nnn nnnt 400 Add New MACE age 000 eege edel EEN 402 Modify MAC Roger d iedete erg ETE le geesde E edd 404 Mgmt ACL Tab Monitoring cccececceeeeeeeeeeeeeceaeeeeeaeeeeeeaeeeeeaeeseeaeeesaaaeseneeeesaaeseeeeeeseaeeeseeeeees 406 Tables Table 12AT S63 Software Moulen ees Zeie eege eles eelste Eege Ee le geen E E Es 121 Table 2 Event Severity Levels srcem iiare ana aeo aa aan ain yi ed Albee 123 Fable 3 Detault Syslog Facilities s neger gengen o nia nade oA bene teenies ees 129 Table 4 Default Mappings of IEEE 802 1p Priority Levels to Egress Priority Queues ccceccceeeeeceeseeeeeeseeeesteeeesnneees 157 Table 5 Bridge Priority Value INCKEMENIS as iniuste otiraa Eege ENEE edea aa dE resets 276 Table 6 Port Priority Value Increments cceseceeeseeeeeeeeceeseeeeeeseeeseseeeeenaneeenseeeesueceseneeensaeeseesenenenceeeseseaeseeaeesesceeessenenes 278 Table 7 MSTP Auto Update Port Internal Path Costs AAA 303 Table 8 MSTP Auto Update Port Trunk Internal Path Costs cceeccecsceeeseceeeeeeeeeeeeeseeeeeaeeeeeeseaeesseeseaeesaeesaeeseeeeeeseneeeates 303 Table 9 MSTP Auto External Path C
114. ation Type 144 144 142 0 255 255 255 0 Figure 167 Mgmt ACL Tab Monitoring The top section of the tab displays the status of the Management ACL as enabled or disabled The bottom section lists the existing ACEs For definitions of the columns refer to Creating an ACE on page 402 406 Section VII Management Security Index Numerics 802 1x Port based Network Access Control access role configuring 354 authenticator port configuring 357 configuring 354 disabling 356 enabling 356 port parameters displaying 367 port role configuring 354 port status displaying 365 supplicant port configuring 363 A active boot configuration file setting 107 administrator name configuring 27 aging time changing 81 app applicant state machine 339 AT S63 software resetting to factory defaults 35 auth period 363 authentication protocols enabling or disabling 388 automatic port security level 349 autonegotiation configuring 44 B back pressure configuring 46 boot configuration file 107 bridge forwarding delay Multiple Spanning Tree Protocol MSTP 296 Rapid Spanning Tree Protocol RSTP 284 Spanning Tree Protocol STP 276 bridge hello time Multiple Spanning Tree Protocol MSTP 296 Rapid Spanning Tree Protocol RSTP 284 Spanning Tree Protocol STP 276 bridge identifier Rapid Spanning Tree Protocol RSTP 284 Spanning Tree Protocol STP 277 bridge max age Multiple Spanning Tree Protocol MSTP
115. b The SSL tab is shown in Figure 152 Maximum Number of Sessions is 50 Session Cache Timeout is 300 seconds Mgmt Protocols Figure 155 SSL Tab Monitoring The SSL tab provides the following information Maximum Number of Sessions The maximum number of SSL sessions allowed at one time Session Cache Timeout The length of time before the session cache times out in seconds Section VII Management Security 379 Chapter 24 Encryption Keys PKI and SSL 380 Section VII Management Security Chapter 25 Secure Shell SSH Section VII Management Security This chapter explains how to configure the Secure Shell SSH protocol and contains the following sections Oo Configuring SSH on page 382 o Displaying the SSH Settings on page 384 381 Chapter 25 Secure Shell SSH Configuring SSH 382 To configure SSH perform the following procedure 1 2 From the Home page select Configuration From the Configuration menu select the Mgmt Protocols option Select the Secure Shell tab The Secure Shell tab is shown in Figure 156 Mgmt Protocols 4 Secure Shell Secure Shell Configuration Status Disabled O Enabled Host Key ID Not Defined Hast Key Size must differ Srvr Key Size by 128 Bits Server Key ID NotDefined Key Size gt 512 Bits Server Expiry Time Login Timeout D hours 0 5 180 seconds 60 600
116. ber Ap Anxious Passive Member Qp Quiet Passive Member Va Very Anxious Active Member Aa Anxious Active Member Qa Quiet Active Member La Leaving Active Member App Continued Non Participant Management state Von Very Anxious Observer Aon Anxious Observer Qon Quiet Observer Lon Leaving Observer Vpn Very Anxious Passive Member Apn Anxious Passive Member Qpn Quiet Passive Member Van Very Anxious Active Member Aan Anxious Active Member Qan Quiet Active Member Lan Leaving Active Member The initialized state for the Applicant is Vo 339 Chapter 21 GARP VLAN Registration Protocol 340 Table 11 GVRP State Machine Parameters Continued Parameter Meaning Reg Registrar state machine for the GID index on that particular port One of Mt Empty Lv3 Leaving substate 3 final Leaving substate Lv2 Leaving substate 2 Lui Leaving substate 1 Lv Leaving substate initial Leaving substate In In Fix Registration Fixed For Registration Forbidden The initialized state for the Registrar is Mt Section V Virtual LANs AT S63 Management Software Web Browser User s Guide Displaying the GVRP Counters Section V Virtual LANs To display the GVRP co
117. ber You can enter a UDP port in the range of 0 to 65 535 The default UDP port is 162 In the Timeout field enter a timeout value in milliseconds When an Inform message is generated it requires a response from the switch The timeout value determines how long the switch considers the Inform message an active message This parameter applies to Inform messages only The range is from 0 to 2 147 483 647 milliseconds The default value is 1500 milliseconds In the Retries field enter the number of times the switch retries or resends an Inform message When an Inform message is generated it requires a response from the switch This parameter determines how many times the switch resends an Inform message The Retries parameter applies to Inform messages only The range is 0 to 255 retries The default is 3 retries In the Tag List field enter a list of tags that you configured in a SNMPv3 Notify Table with the Notify Tag parameter See Creating a Notify Table Entry on page 233 Enter a Tag List of up to 256 alphanumeric characters Use a space to separate entries for example hwengtag swengtag testengtag In the Target Parameters field enter a Target Parameters name This name can consist of up to 32 alphanumeric characters The value configured here must match the value configured with the Target Parameters Name parameter in the SNMPv3 Target Parameters Table In the Storage Type field enter one of the following storag
118. ble entry to be deleted and click Remove A warning message is displayed Click OK From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save To modify an entry SNMPv3 User Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 In the SNMPv3 section click the button next to Configure User Table and then click Configure The SNMPv3 User Table tab is shown in Figure 76 on page 207 Click the button next to the SNMPv3 user to be changed and then click Modify Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide The Modify SNMPv3 User page is shown in Figure 78 mate OOOO Engine ID 80 00 00 cf 03 00 30 84 74 57 da User Name debashis Authentication Protocol MD5 se Authentication Password Confirm Authentication Password Privacy Protocol DES si Privacy Password Confirm Privacy Password Storage Type NonYolatile v Row Status Active Figure 78 Modify SNMPv3 User Page 5 In the Authentication Protocol field enter an authentication protocol This is an optional parameter Select one of the following MD5 This value rep
119. by TCP flag To set this parameter IP Protocol must be set to TCP Options are URG Urgent ACK Acknowledgement RST Reset PSH Push SYN Synchronization o EIN Finish OQ 000 UDP Source Port Defines a traffic flow by source UDP port To set this parameter IP Protocol must be set to UDP UDP Destination Port Defines a traffic flow by a destination UDP port To set this parameter IP Protocol must be set to UDP Click Apply The new classifier is created on the switch To permanently save your changes select the Save Config option in the Configuration menu 139 Chapter 11 Classifiers Modifying a Classifier This procedure explains how to modify a classifier Note If the classifier to be modified is currently assigned to an ACL or QoS policy that has been assigned to a switch port you must remove the port assignments from the ACL or policy before you can modify the classifier After you have finished modifying the classifier you can reassign the ports again to the ACL or QoS policy To modify a classifier perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Network Security or Services option The Classifier tab is accessible from both menu selections 3 Select the Classifier tab The Classifier tab is shown in Figure 40 on page 134 4 Click the dialog circle next to the classifier to be modified and click Modif
120. cation block of flash memory will cause a switch reset Some network traffic may be lost If you are downloading a boot configuration file note these additional guidelines o A configuration file should only be downloaded onto the same model of switch from where it originated for example AT 9408LC SP to AT 9408LC SP Undesirable switch behavior may result if you download a configuration file onto a switch of a different model for example AT 9408LC SP to AT 9424T SP A configuration file is downloaded onto the switch without any modifications If the file contains commands for creating routing interfaces with static IP addresses downloading the same configuration file onto more than one switch may result in an IP address conflict in your network where routing interfaces on different switches have the same IP addresses You can download the file as the active boot file for the switch in which case it automatically becomes the switch s active boot file or just into the file system If you choose the latter you can manually designate the file as the switch s active boot file at a later time AN Caution Downloading a configuration file as the switch s new active boot configuration file will cause a switch reset Some network traffic may be lost 111 Chapter 9 File Downloads and Uploads 112 To download a file perform the following procedure 1 From the home page select Configuration 2 From the Con
121. cause a broadcast storm and poor network performance Note the following before performing this procedure o If you are adding a port and the port will be the lowest numbered port in the trunk its parameter settings will overwrite the settings of the existing ports in the trunk Consequently you should check to see if its settings are appropriate prior to adding it If you are adding a port and the port will not be the lowest numbered port in the trunk its settings are automatically changed to match the settings of the existing ports in the trunk If you are adding a port to a trunk check to be sure that the new port is an untagged member of the same VLAN as the other trunk ports A trunk cannot contain ports that are untagged members of different VLANs You cannot change the load distribution method of a static port trunk from the web browser manager interface but you can from the menus and command line interfaces To modify a port trunk perform the following procedure 1 2 From the home page select Configuration From the Configuration menu select the Layer 1 option Select the Port Trunking tab The Port Trunking tab is shown in Figure 22 on page 85 Click the button next to the port trunk to be modified and click Modify Section Basic Operations AT S63 Management Software Web Browser User s Guide The Modify Trunk page is shown in Figure 24 Trunk ID 1 TrunkName Marketing Trunk Method S
122. cccccesceeeeeeeeeeeceeceeeeeeaaeeseeeessaeesecaeeesnaaeessaees 307 MSTP Settings Port S Page AEN 308 MSTP Port Status Port S Page c cccccceceeseneeceeeeeeeeeaeeeeeaeeeeaaeeecaeeeseaaeeseeeeseseeaeeseeaeeseaeeeeeas 309 VLAN Tab Gontiguration s 0 nsgelai ents en ia et ee a ee 316 Add New YLAN Paga onenian iira aa th ene Abe ak esp en ade eed eee 318 VLAN Tab Montong jesis eeen eee ea ae i AN a AEE AE E aria 326 View Protected VEAN Page ericacecccczccacsccnetiteccdects cacteenie ARDERE EA Eia FRAS EARE RREA ARRAES EA RACAR A iR 328 GVRP Tab Gonfiguration vi oiaren a a iai a id eel i deen ender de 332 GVRP Port Configuration Page 334 GVRP Tab lee e ET 335 GVRP Port Configuration Page 336 GVRP Database Page reii niini a o a ele ieee eed 337 GVRP State Machine for VLAN Page sssseesssseseessisssirssirrssirnssinnstnnsttntstnnstnnnstnnstnnsssrnssrnnsrnnt 338 GVRP Gouinters Page ez siek nail adds aii ent a eee 341 GIP Connected Ports Ring Page 344 Port Security Tab Copfiouratton nenn 348 Security for Ports Page Confgourattont 348 Port Security Tab Monitoring ceccceeeeeceeeeeeeeeeeeeeeeaeeeeaeeeeeaaeeceeeeeeeeaaesncaeeseenaeseneaeeeeaeeeneaees 351 Security for POrt S Page desraigar lates uses SEENEN Eege EE EEN a EEOAE E ARA dea an 351 802 1x Port Access Tab Configuration cceccceeeeececeeeeeeeeeeeeeeeeeeeaaeeseeeeeesaeeeeeeeeessaaeeseaeeeeeas 354 Port Role Configuration Page 355 Authenticat
123. ce Connecting the cables prior to configuring the trunk can create a loop in your network topology This can cause a broadcast storm and poor network performance Note Prior to creating a static port trunk examine the speed duplex mode and flow control settings of the lowest numbered port that will be a part of the trunk Check to be sure that the settings are correct for the end node to which the trunk will be connected When you create the trunk the AT S63 Management Software copies the settings of the lowest numbered port in the trunk to the other ports so that all the settings are the same You should also check to be sure that the ports are untagged members of the same VLAN You cannot create a trunk of ports that are untagged members of different VLANs To create a port trunk perform the following procedure From the home page select Configuration 2 From the Configuration menu select the Layer 1 option 3 Select the Port Trunking tab Section Basic Operations AT S63 Management Software Web Browser User s Guide The Port Trunking tab is shown in Figure 22 Layer 1 AT 9424T SP System Name Marketing MAC Addr 00 30 84 4B EF CD Total Trunks 1 Page lof 1 EE e hie pe o o Section Basic Operations Figure 22 Port Trunking Tab Configuration The tab displays the current static trunks in a table with the following columns of information ID The ID numb
124. cedures Oo Creating a Target Address Table Entry on page 238 O Deleting a Target Address Table Entry on page 241 Oo Modifying Target Address Table Entry on page 242 For reference information about the SNMPv3 Target Parameters Table see Chapter 21 SNMPv32 in the AT S63 Management Software Menus Interface User s Guide To create an entry in the SNMPv3 Target Parameters Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 2 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 3 In the SNMPv3 section click the button next to Configure Target Parameters Table and then click Configure at the bottom of the tab The SNMPv3 Target Parameters Table tab is shown in Figure 94 AT 9424T SP SNMPv3 Target Parameters Table Total Entries 3 Page lof 1 Security Security Security Storage Row Model Name Level Type Status Message Params Name Processing Model snmpv3manager120 v3 v3 hoa AuthNoPriv NonVolatile Active Mgmt Protocols O snmpv3manager220 v3 v3 luke AuthPriy NonVolatile Active O snmpv3manager330 v3 v3 chitra AuthPriv NonVolatile Active Figure 94 SNMPv3 Target Parameters Table Tab Configuration 245 Chapter 17 SNMPv3 246 4 Click Add The Add New SNMPv3 Target Parameter page i
125. changes to white An unselected port is black A static port trunk can contain up to eight ports 86 Section Basic Operations AT S 63 Management Software Web Browser User s Guide Note Allied Telesis does not recommend using paired twisted pair ports with GBIC or SFP slots in a port trunk The operation of a port trunk may be unpredictable if a paired port were to transition to the redundant uplink status mode 8 Click Apply The new port trunk is now active on the switch 9 To permanently save your changes select the Save Config option in the Configuration menu 10 Configure the ports on the remote device for port trunking 11 Connect the cables to the ports of the trunk on the switch and on the remote device The port trunk is ready for network operations Section Basic Operations 87 Chapter 6 Static Port Trunks Modifying a Static Port Trunk 88 This section contains the procedure for modifying a static port trunk on the switch You can change the name and ports of a trunk from the web browser interface but not the load distribute method Be sure to review the guidelines in the AT S63 Management Software Features Guide before performing the procedure AN Caution Disconnect all data cables from the ports of the trunk on the switch before performing this procedure if you plan to add or remove ports from the trunk Leaving the cables connected can form a loop in your network topology This can
126. ckbox A check in the box indicates the switch sends the trap Click Apply A change to SNMP access is immediately activated on the switch To permanently save your changes select the Save Config option in the Configuration menu 65 Chapter 4 SNMPv1 and SNMPv2c Creating a New SNMPv1 and SNMPv2c Community To create anew SNMPv1 and SNMPv2c community perform the following procedure 1 From the Home page select Configuration 2 From the Configuration menu select the Mgmt Protocols option 3 Select the SNMP tab The SNMP tab is shown in Figure 14 on page 64 4 Inthe SNMPv1 amp SNMPv2c section click Configure The SNMPv1 amp SNMPv2c Communities tab is shown in Figure 15 SNMPv1 A SNMPv2c Communities Total Entries 3 Page lof 1 Open Status Access Community Name eng Manager Stations Trap Receivers lemondrop19 Read Only Yes Enabled O rootbeer1 4 Read Only 198 1 1 9 198 1 1 9 No Enabled Mgmt Protocols 198 1 1 1 198 1 1 1 O sassafras12 Read Write 198 20 2 2 198 20 2 2 Enabled 198 30 3 3 198 30 3 3 Figure 15 SNMPv1 amp SNMPv2c Communities Tab The table in the tab displays the existing community strings The columns of the table are defined here Community Name The name of a community string Access Mode The access mode of a community string A string with a Read Only access mode permits the viewing of the MIB objects on the switch A string with a Read
127. ct the System option 3 Select the Event Log tab The Event log tab is shown in Figure 33 on page 119 130 Section Il Advanced Operations Deleting a Syslog Output Definition Section Il Advanced Operations 4 AT S63 Management Software Web Browser User s Guide In the Configure Log Outputs section of the tab select the log output file to be modified and click Modify The Modify Event Log Output page is shown in Figure 39 Output ID Type 3 Syslog Output Status Syslog Server IP Address Disabled x 149 mp 3 Message Format Normal x Facility Level __ LOCAL_1 ei Sever ity Selections Module Selections D Debug E Error Warming Hnformation v Figure 39 Modify Event Log Output Page Modify the following parameters as necessary For definitions of the parameters refer to Configuring a Syslog Output Definition on page 127 Click Apply to apply the changes or Close to close the page without making changes To permanently save your changes select the Save Config option in the Configuration menu To delete a syslog output definition perform the following procedure 1 2 From the home page select Configuration From the Configuration menu select the System option Select the Event Log tab The Event log tab is shown in Figure 33 on page 119 In the Configure Log Outputs section select the syslog output definition to be deleted and click Delete The sy
128. ction IV Spanning Tree Protocols AT S63 Management Software Web Browser User s Guide The Monitor RSTP Parameters tab is shown in Figure 117 Layer 2 Monitor RSTP Parameters Force Version RSTP Bridge Priority 8 4096 32768 Bridge Hello Time 2 Bridge Forwarding 15 Bridge Max Age 20 Bridge Identifier 00 30 84 FE D2 00 Spanning Tree Root Bridge 00 30 84 FE D2 00 Root Priority 32768 Root Hello Time 2 Root Fowarding H Root Max Age 20 Root Path Cost Section IV Spanning Tree Protocols Figure 117 Monitor RSTP Parameters Tab Monitoring 5 To view port settings click a port in the switch image and click Status or Settings You can select more than one port An example of the RSTP Status page is shown in Figure 119 ema OOOO Total Ports Selected 1 Page lof 1 ate Role P2P Version Port Cost Figure 118 RSTP Port Status Page The RSTP Port Status page displays a table that contains the following columns of information Port The port number State The RSTP state of the port The possible states for a port connected to another device running RSTP are Discarding and Forwarding 287 Chapter 18 Spanning Tree and Rapid Spanning Tree Protocols 288 The possible states for a port connected to a device running STP are Listening Learning Forwarding and Blocking The possible states for a port not being used or where spanning tree
129. d Discards the invalid frame sends an SNMP trap and disables the port Threshold Specifies the maximum number of dynamic MAC addresses you want the port to be able to learn The range is 1 to 256 The default is 100 Port Participating Applies only when the intrusion action is set to trap or disable This option does not apply when intrusion action is set to discard If this option is set to No when intrusion action is set to trap or disable the port discards invalid packets but it does not send the SNMP trap or disable the port If you want the switch to send a trap and or disable the port you must sent this option to Yes Click Apply TO permanently save your changes select the Save Config option in the Configuration menu Section VI Port Security AT S63 Management Software Web Browser User s Guide Displaying Port Security Levels To display the MAC address based security level of a port perform the following procedure 1 From the Home page select Monitoring 2 From the Monitoring menu select Network Security The Network Security page is displayed with the Port Security tab selected by default as shown in Figure 142 Network Security Figure 142 Port Security Tab Monitoring 3 Click the port whose port security level is to be displayed A selected port turns white You can select more than one port at a time 4 Click View The Security for Port s page is shown in Figure 143 T
130. d The certificate has been manually verified that it is from a trusted or untrusted authority Type The certificate type one of the following EE The certificate was issued by a CA CA The certificate belongs to a CA Self A self signed certificate Source The certificate was created on the switch To view the details about a certificate click the certificate and click View The X509 Certificate Details page is shown in Figure 154 X509 Certificate Details Name first State Trusted Manually Trusted True Type EE Source Command Version V3 0X2 Serial Number 0 0X0 Signature Algorithm mdd5WithRSAEncryption Public Key Algorithm rsaEncryption Not Valid Before May 12 07 39 41 2004 GMT Not Valid After May 12 07 39 41 2006 GMT Subject CN marketing Issuer CN marketing MD5 Fingerprint 6B 50 A8 81 AA 1 7 AE DB E7 2B 3C 1 1 2F 90 92 D3 SHA1 Fingerprint A5 0D 6B 89 E7 75 25 36 BE 72 34 8C 24 87 33 8D 15 80 75 94 Figure 154 X509 Certificate Details Page The X509 Certificate Details page provides the following information about the certificate Name The name of the certificate State Whether the certificate is Trusted or Untrusted 377 Chapter 24 Encryption Keys PKI and SSL 5 378 Manually Trusted Whether the certificate was manually trusted Type The type of the certificate The options are EE SELF and CA Source The source of the certificate The source for a self si
131. d Weight 0 Queue 3 Weight Weighted Weight 0 Queue 4 Weight Weighted Weight 0 Queue 5 Weight Weighted Weight 0 Queue 6 Weight Weighted Weight 0 Queue 7 Weight Weighted Weight 0 Figure 55 QoS Scheduling Tab Monitoring The upper section displays the CoS priority to egress queue assignments The lower section displays the egress weight settings Section Il Advanced Operations 161 Chapter 13 Class of Service 162 Section Il Advanced Operations Chapter 14 Quality of Service Section Il Advanced Operations This chapter contains instructions on how to configure Quality of Service QoS This chapter contains the following procedures O Managing Flow Groups on page 164 o Managing Traffic Classes on page 170 o Managing Policies on page 178 163 Chapter 14 Quality of Service Managing Flow Groups This section contains the following procedures Configuring a Flow Group next Modifying a Flow Group on page 167 Deleting a Flow Group on page 168 UU DUU Displaying the Flow Groups on page 168 Configuring a To configure a flow group perform the following procedure Flow Group 1 From the home page select Configuration 2 From the Configuration menu select the Services option 3 Select the Flow Group tab The Flow Group tab is shown in Figure 56 AT 9424T SP Varketing 0 30 84 4B EF CD Parent Traf
132. d is always set to Exact In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Access Table After making changes to an Access Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonVolatile Select this storage type if you want the ability to save an entry in the Access Table After making changes to an Access Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesis recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the Access Table entry takes effect immediately Click Apply to update the SNMPv3 Access Table To permanently save your changes select the Save Config option in the Configuration menu Section Ill SNMP v3 AT S 63 Management Software Web Browser User s Guide Configuring the SNMPv3 SecurityToGroup Table Creating a SecurityToGroup Table Entry Section Ill SNMP v3 You can create delete and modify an SNMPv3 SecurityToGroup Table entry See the following procedures o Creating a SecurityToGroup Table Entry on page 227 O Deleting a SecurityToGroup Table Entry on page 230 ao Modifying a SecurityToGroup Table Entry on page 230 For reference
133. d by default as shown in Figure 1 on page 26 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 In the SNMPv3 section click the button next to Configure Community Table and then click Configure at the bottom of the tab The SNMPv3 Community Table tab is shown in Figure 97 on page 253 Click the button next to the SNMPv3 Community Table entry to be deleted and then click Remove A warning message is displayed Click OK To permanently save your changes select the Save Config option in the Configuration menu To modify an entry in the SNMPv3 Community Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 255 Chapter 17 SNMPv3 256 3 5 In the SNMPv3 section click the button next to Configure Community Table and then click Configure at the bottom of the tab The SNMPv3 Community Table tab is shown in Figure 97 on page 253 Click the button next to the SNMPv3 Community Table entry to be changed and then click Modify The Modify SNMPv3 Community page is shown in Figure 99 Wegman Community Index alabama Community Name birmingham123 Security Name jenny Transport Tag swengtag Storage Type NonVolatile Row Status
134. d information events Options are o D Debug Debug messages provide detailed high volume information only intended for technical support personnel o E Error Only error messages are displayed Error messages indicate that the switch operation is severely impaired o W Warning Only warning messages are displayed These messages indicate that an issue may require manager attention o l Information Only informational messages are displayed Informational messages display useful information that you can ignore during normal operation D ALL Messages of all severity levels are displayed Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide Display Order Controls the chronological order of the events in the display Options are o Chronological Lists the events starting with the oldest events This is the default o Reverse Chronological Lists the events starting with the most recent events Mode Controls the format of the events in the display Options are O Normal Displays an event s time of occurrence module originator severity and description for each event This is the default An example of Normal mode is shown in Figure 34 on page 123 O Full Displays the same information as Normal plus the file name line number and event ID An example of Full mode is shown in Figure 35 on page 124 Module Selections Specifies the AT
135. date Controls whether the switch is to send interim accounting updates to the RADIUS server A check in the box indicates that updating is enabled No check in the box means that updating is disabled 369 Chapter 23 802 1x Port based Network Access Control 370 Displaying the RADIUS Accounting Settings Update Interval Specifies the intervals at which the switch sends interim accounting updates to the RADIUS server The range is 30 to 300 seconds The default is 60 seconds Click Apply Changes to the accounting settings are immediately implemented on the switch To permanently save your changes select the Save Config option in the Configuration menu To display the RADIUS accounting settings perform the following procedure From the home page select Monitoring 2 From the Monitoring menu select the Network Security option 3 Select the 802 1x Port Access tab The 802 1x Port Access tab is shown in Figure 148 on page 365 The RADIUS Accounting section provides the following information Accounting The status of RADIUS accounting either Enabled or Disabled Trigger Type The action that causes the switch to send accounting information to the RADIUS server The possible settings are Start_Stop The switch sends accounting information whenever a client logs on or logs off the network This is the default Stop The switch sends accounting information only when a client logs off Port Number Th
136. destination port a Not part of a port mirror Click Apply The changes to the port mirror are now active on the switch To permanently save your changes select the Save Config option in the Configuration menu 97 Chapter 7 P ort Mirroring Disabling a Port Mirror 98 This procedure disables a port mirror When disabled a port mirror stops copying traffic from the source ports to the destination port However the destination port is still reserved for port mirroring To delete the port mirror so that the destination port can be used for normal network operations refer to Deleting a Port Mirror on page 99 To disable a port mirror perform the following procedure 1 2 From the home page select Configuration From the Configuration menu select the Layer 1 option Select the Port Mirroring tab The Port Mirroring tab is shown in Figure 26 on page 94 Click Modify The Modify Mirror page is shown in Figure 27 on page 95 Click the Enable Mirror checkbox to remove the check and disable the mirror Click Apply The port mirror is now disabled The switch stops copying the traffic on the source ports to the destination port To permanently save your changes select the Save Config option in the Configuration menu Section Basic Features AT S63 Management Software Web Browser User s Guide Deleting a Port Mirror Section Basic Features To delete a port mirror so that you can use
137. dress 8 Trap Receiver IP Address 8 Figure 16 Add New SNMPv1 amp SNMPv2c Community Page 67 Chapter 4 SNMPv1 and SNMPv2c 68 6 Configure the following parameters Community Name Enter the new community string The name can be up to 32 alphanumeric characters No spaces or special characters such as or amp are allowed Status Enable or disable the community string A disabled community string cannot be used to access the switch The default is enabled Access Mode Specify the access mode for the SNMP community string A string with a Read Only access mode can only be used to view the MIB objects on the switch A string with a Read Write access mode can be used to both view and change the SNMP MIB objects Allow Any Station Set the community string as opened or closed If there is no check in the box next to the option the community string is closed only those workstations whose IP addresses are assigned to the community string can use it If there is a check in the box the string is open meaning any SNMP management workstation can use it to access the switch Manager IP Address 1 through Manager IP Address 8 Specify the IP addresses of management workstations If you gave the community string a closed status use these fields to specify the IP addresses of up to eight management workstations permitted to use the community string to access the switch Entering manager IP addresses for a communi
138. ds 00 0 cece cece eee tere eee eeee eset eceae sees seaeesaeeeeeeeseeeseneeneeeseaeee 109 DownlOadinigier GUTE 110 Uploading EC 114 Chapter 10 Event Logs and Syslog Client 0 00 ccccccccceeceeeee cece eeeeeae scenes eeseaeeeeeeeeecaaaeeseaeeeseaeeeeaeeeeaes 117 Working with the Event LOGS ccceceeeeeeceeeeeeeenneeeeeeeeaeeeeeeeeaaeeeeeeeeaaeeeeeeeeaaeeeeseeeaaeeeeeeeeaeeeeeseneeeeesenaeeeessenates 118 Enabling or Disabling the Event Loge 118 Displaymg HEET 120 Clearing ansEVent Logimine iunea ana va eae al NENG 124 Modifying the Event Log Full Action eee cceeeeeeeceeeeeeeeeeeeeeeeeeeaaeeeeeeeaaaeeeeeecaaaeeeeeeeaaaeeeeeeeeaaeeeeesenaeeeeenenaaes 125 Saving arni Event Log toa File insni iin dita eed en etd eee ed eee 126 Working with Syslog Output Definitions ccceeceeeeeeeeeeeeeeeeeeeeeaeeceeeeeecaaeeeeeeeeeseaeeeseaeeecaaesseaaeseeeeeeesaaeeneaes 127 Configuring a Syslog Output Detintton cece ccececeeeeeeceeee cece eeeeeeeeeeaeeeseaeeeseaaeeeseeeeesaaesseaeeeseaeeeenaaeeee 127 Viewing a Syslog Output Definition ccc ceccceeeeecececeeeeeeeee eee ae eeeeaeeseeaeeeseaeeeseaaeeesaaeeesaeeeseaeeeseeeeeeaeeee 130 Modifying a Syslog Output Definition cc eeccceeeeeceececeeee cece aaeeeeeeeeeeaaaeseeeeeesaaaeescneeeesaeeeseeeeeseaeeeseeeeee 130 Deleting a Syslog Output Definition cc ceccceeceeeeeeeeeeeeeeeeeeeeaeeeceeeeeeaaeeseceeeesaaeeeeeaeescaeeeseaaeeseueeesiaaeenaes 131 Chapte
139. e Note The AT S63 Management Software default values are listed in Appendix A AT S63 Default Settings in the AT S63 Management Software Features Guide To return the AT S63 Management Software to the default settings perform the following procedure 1 Section Basic Operations From the home page select Configuration 35 Chapter 1 Basic Switch Parameters 2 From the Configuration menu select the Utilities option The Utilities page is displayed with the System Utilities tab selected by default as shown in Figure 4 System Name Marketing MAC Addr 00 30 84 4B EF CD System Utilities Reset to Factory Defaults C Reboot Switch After Resetting to Defaults TFTP File Uploads and Downloads TFTP Server IP Address TFTP Operation D DH H S Download Upload Utilities TFTP Remote Filename TFTP Local Filename TFTP FileType Image Config set default amp reboot O File Figure 4 System Utilities Tab Configuration 3 Click the Reboot Switch After Resetting to Defaults checkbox 4 Click Apply The web browser displays the following prompt This page may no longer be available while the switch reboots Do you want to continue 5 Click OK to continue or Cancel to cancel the procedure If you select OK the switch resets and returns all values to the default settings After the reset is complete you must establish a new management session if y
140. e Section Il Advanced Operations 143 Chapter 11 Classifiers No of Active Associations The number of active ACLs and QoS policies to which the classifier is currently assigned An active ACL or QoS policy is assigned to at least one switch 4 To display detailed information about a classifier select the classifier and click View For descriptions of the variables refer to Configuring a Classifier on page 134 5 Click Close to close the page 144 Section Il Advanced Operations Chapter 12 Access Control Lists Section Il Advanced Operations An access control list ACL is a tool for managing network traffic This chapter contains the following sections Configuring an Access Control List on page 146 Modifying an Access Control List on page 149 Deleting an Access Control List on page 150 Displaying the Access Control Lists on page 151 UU UU 145 Chapter 12 Access Control Lists Configuring an Access Control List 146 This procedure explains how to create an ACL Before starting this procedure jot down on paper the ID number s of the classifier s to be assigned to the ACL This information will make it easier for you to perform the procedure To view the classifier ID numbers and specifications refer to Displaying the Classifiers on page 143 To configure an access control list perform the following procedure 1 From the home page select Configurati
141. e This procedure describes the System Name Administrator and Comments parameters in the Administration section of the tab The parameters in the IP Configuration section are described in Displaying the IP Address of the Local Interface on page 37 The Passwords section is described in Changing the Manager and Operator Passwords on page 28 The Reset button at the bottom of the tab resets the switch and is explained in Rebooting a Switch on page 33 2 Configure the following parameters as necessary System Name This parameter specifies a name for the switch for example Sales Ethernet switch The name is displayed at the top of the AT S63 management pages and tabs The name can be from 1 to 39 characters The name can include spaces and special characters such as exclamation points and asterisks The default is no name This parameter is optional Administrator This parameter specifies the name of the network administrator responsible for managing the switch The name can be from 1 to 20 characters It can include spaces and special characters such as dashes and asterisks The default is no name This parameter is optional Comments This parameter specifies the location of the switch for example 4th Floor rm 402B The location can be from 1 to 20 characters The location can include spaces and special characters such as dashes and asterisks The default is no location This parameter is optional 3 C
142. e 100 on page 259 3 Inthe SNMPv3 section click the button next to View Access Table and then click View at the bottom of the tab Section Ill SNMP v3 261 Chapter 17 SNMPv3 The SNMPv3 Access Table tab is shown in Figure 103 System Name Marketing MAC Addr 00 30 84 AB EF CD SNMPv3 Access Table Group Name Security Model techpubs v3 Security Level Context Prefix AuthPriv Mgmt Protocols Read View Context Match internett Exact Write View Storage Type internett NonvVolatile Notify View Row Status internett Active Figure 103 SNMPv3 Access Table Tab Monitoring Displaying To display entries in the SNMPv3 SecurityToGroup Table perform the SecurityToGroup following procedure Table Entries 4 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the SNMP tab The SNMP tab is shown in Figure 100 on page 259 3 In the SNMPv3 section click the button next to the View SecurityToGroup Table and then click View at the bottom of the tab 262 Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide The SNMPv3 SecurityToGroup Table tab is shown in Figure 104 System Name Marketing MAC Addr 00 30 84 4B EF CD SNMPv3 SecurityToGroup Table Total Entries 5 Page 1of 2 Security Ke Group Name Storage Type Security Model hoa sweng
143. e Entry on page 206 In the Security Level field select one of the following Security Levels Note The value you configure for the Security Level must match the value configured for the User Name in the SNMPv3 User Table Menu See Creating a User Table Entry on page 206 No Authentication Privacy This option represents neither an authentication nor privacy protocol Section Ill SNMP v3 Section Ill SNMP v3 10 11 AT S63 Management Software Web Browser User s Guide Select this security level if you do not want to authenticate SNMP entities and you do not want to encrypt messages using a privacy protocol This security level provides the least security Note If you have selected SNMPv1 or SNMPv2c as the Security Model you must select No Authentication Privacy as the Security Level Authentication This option represents authentication but no privacy protocol Select this security level if you want to authenticate SNMP users but you do not want to encrypt messages using a privacy protocol You can select this value if you configured the Security Model parameter with the SNMPvV3 protocol Privacy This option represents authentication and the privacy protocol Select this security level to allow authentication and encryption This level provides the greatest level of security You can select this value if you configured the Security Model parameter with the SNMPv3 protocol In the Storage Type par
144. e UDP port for RADIUS accounting Type The type of RADIUS accounting The default is Network Accounting Update Whether or not the switch sends interim accounting updates to the RADIUS server The options are Enabled or Disabled Update Interval The intervals in seconds at which the switch sends interim accounting updates to the RADIUS server Section VI Port Security Section VII Management Security Section VII Management Security This section has the following chapters Chapter 24 Encryption Keys PKI and SSL on page 373 Chapter 25 Secure Shell SSH on page 381 Chapter 26 TACACS and RADIUS Protocols on page 387 Chapter 27 Management Access Control List on page 399 UU UU 371 372 Section VII Management Security Chapter 24 Encryption Keys PKI and SSL This chapter explains how to view the encryption keys PKI based certificates and SSL settings and includes the following sections o Displaying the Encryption Keys on page 374 o Displaying the PKI Settings and Certificates on page 376 Oo Displaying the SSL Settings on page 379 Note You must use the menus or command line interface to configure encryption keys PKI and SSL Section VII Management Security 373 Chapter 24 Encryption Keys PKI and SSL Displaying the Encryption Keys 374 To configure the encryption keys you must use the AT S63 menus or command line int
145. e as its source address when sending packets to the server For background information on routing interfaces refer to the AT S63 Management Software Features Guide Note The default system time on the switch is midnight January 1 1980 To set the system time manually or to configure SNTP client do the following 1 From the Home Page select Configuration 2 Select the System Time tab Section Basic Operations AT S63 Management Software Web Browser User s Guide The System Time tab is shown in Figure 2 arketing 30 84 AB EF CD C Home e SE es layer System Time 13 126 112 on 20 41 aa Time Format HH MM SS on DAY MON YEAR Network Security Additional Time Parameters a eg a Multicast Daylight Savings Time DST Disabled Enabled Save Config Simple Network Time Protocol SNTP Settings a Status Disabled Enabled Server IP Address 0 0 0 0 Poll Interval 600 seconds Figure 2 System Time Tab 3 To set the system time manually do the following 4 Section Basic Operations a Inthe System Time section of the tab enter the time and date in the following format hh mm ss dd mm yyyy b Click Apply To configure the switch to obtain its date and time from an SNTP or NTP server on your network or the Internet configure the following options UTC Offset Specifies the difference between the UTC and local time The default is 0 hours The range is 12
146. e lowest IP address b In the DoS Subnet Mask field enter the LAN s mask enter the mask A binary 1 indicates the switch should filter on the corresponding bit of the IP address while a 0 indicates that it should not As an example assume that the devices connected to a switch are using the IP address range 149 11 11 1 to Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide 149 11 11 50 The mask would be 0 0 0 63 c If you are activating the Land defense in the DoS Uplink Port field enter the number of the port connected to the device e g DSL router that leads outside your network You can specify only one uplink port 5 Click the ports in the switch image where a defense mechanism is to be enabled or disabled 6 Using the DoS Type list select the type of denial of service attack to be enabled or disabled on the ports The possible selections are Syn Flood attack Smurf attack Land attack Tear drop attack Ping of death attack IP Options WS WS WS WS 0 7 Click Modify To configure all the ports click Modify All The DoS Configuration for Ports page opens The page shown in Figure 69 is for IP Options Status Mirror Port Disabled Disabled Enabled O Enabled Figure 69 DoS Configuration for Ports Page Section Il Advanced Operations 187 Chapter 15 Denial of Service Defenses 188 8 10 Configure the following paramet
147. e new traffic class is created on the switch To permanently save your changes select the Save Config menu selection This procedure explains how to modify an existing traffic class If the traffic class to be modified is already part of a QoS policy assigned to one or more switch ports you must first modify the policy by removing the port assignments before you can modify the traffic class You can reassign the ports back to the policy after you have finished modifying the traffic class Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide To modify a traffic class perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Services option 3 Select the Traffic Class tab The Traffic Class tab is shown in Figure 60 on page 170 4 Select the traffic class to be modified and click Modify The Modify Traffic Class page is shown in Figure 62 ModiytrafficGess ID Description 12 Gen Exceed Action Exceed Remark value Sg DROP M H 0 63 DSCP Value Max Bandwidth e2 pe mg Burst Size Priority 4 512 0 7 Remark Priority YES b ToS Move ToS To Priority 0 7 NO y Move Priority To ToS Flow Group List No DS o Wi EE Es Ki Figure 62 Modify Traffic Class Page 5 Configure the parameters as necessary For parameter definitions refer to Configuring a Traffic
148. e types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Target Address Table After making changes to a Target Address Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu Section Ill SNMP v3 Deleting a Target Address Table Section Ill SNMP v3 Entry AT S63 Management Software Web Browser User s Guide NonVolatile Select this storage type if you want the ability to save an entry in the Target Address Table After making changes to a Target Address Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesis recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Target Address Table entry takes effect immediately 13 Click Apply to update the SNMPv3 Target Address Table 14 To permanently save your changes select the Save Config option in the Configuration menu To delete an entry in the SNMPv3 Target Address Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 2 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 3 In the SNMPv38 section click the button next to Con
149. e upgrade process automatically creates a routing interface on the switch to preserve the device s IP configuration If the switch has a static address the interface is assigned the same address If the unit obtained its IP configuration from a DHCP or BOOTP server the interface is created Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide with its DHCP or BOOTP client activated The interface is given the interface number 0 and assigned to the preexisting management VLAN Furthermore the interface is designated as the local interface on the switch This procedure gives you the option of downloading the image file into the switch s application block or the file system The application block is the portion of flash memory reserved for the active AT S63 image file and is separate from the file system In most cases you will probably want to download a new image file directly into the switch s application block so that the unit immediately begins to use it as its new operating software However there may be occasions when you may want to download the image file to the file system with plans to copy it to the application block at a later date It should be noted however that the only way to copy an image file in the file system to the application block is with the LOAD command in the command line interface Caution Installing a new AT S63 image file into the appli
150. eave Timer Enable GIP Click to enable GIP which is required to propagate VLAN information among the ports of the switch Leave All Time The range is 500 to 300 centiseconds and the default is 1000 centiseconds Click Apply Configuration changes are immediately activated on the switch To permanently save your changes select the Save Config option in the Configuration menu 333 Chapter 21 GARP VLAN Registration Protocol Enabling or Disabling GVRP on a Port To enable or disable GVRP on a port perform the following procedure 1 2 334 From the home page select Configuration From the Configuration menu select the Layer 2 option Select the GVRP tab The GVRP tab is shown in Figure 132 on page 332 In the GVRP Port Configuration section click the ports to be to configured Click Modify The GVRP Port Configuration page is shown in Figure 133 Port Mode Normal None Figure 133 GVRP Port Configuration Page Click Normal to have the port propagate GVRP information or None to prevent processing GVRP information and transmitting PDUs Click Apply to activate the change or Cancel to cancel To permanently save your changes select the Save Config option in the Configuration menu Section V Virtual LANs AT S63 Management Software Web Browser User s Guide Displaying the GVRP Configuration Section V Virtual LANs To display the GVRP configurati
151. ecaeeeesaaeeseaeeeesaeesenaees 394 Displaying the RADIUS Client Settings A 396 Chapter 27 Management Access Control List 2 0 0 0 cece eee eter ener eeeae seas eeaeesaeesaeeseeeeneeeeeaeee 399 Enabling or Disabling the Management ACTA 400 Greatingsan AGE wth hac ta hele ais Gt Bon ah aa ives ead sha peat tessa aa aa toes tte Aai 402 level plate RT EE 404 D letingan e EE 405 Displaying the Management Access Control Let 406 IN OX aii eine va ete ate nee va ee ed a in 407 Contents Figures Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Figure 11 Figure 12 Figure 13 Figure 14 Figure 15 Figure 16 Figure 17 Figure 18 Figure 19 Figure 20 Figure 21 Figure 22 Figure 23 Figure 24 Figure 25 Figure 26 Figure 27 Figure 28 Figure 29 Figure 30 Figure 31 Figure 32 Figure 33 Figure 34 Figure 35 Figure 36 Figure 37 Figure 38 Figure 39 Figure 40 Figure 41 Figure 42 Figure 43 Figure 44 Figure 45 Figure 46 General Tab CGontftguratton ntun nnn nenene 26 system Time Tab o due erties ite he la ae ege Ee aie ays 31 Ping Client Tab Monitoring 34 System Utilities Tab Copfiouratton ieina eiaa aara anean apaa a aaia iad 36 General Tab Monitoring cccecceceesceececeeeeeaeeeeeaeeeeeaae ee eeeeeeaaaesgeeeeecaaaesegaeeeesaeeseeaeeeseeeeseaeesseneees 38 Port Settings Tab CGonfiouraiton ni eriaasaiir aa an aai aan apai
152. ecifies a replacement value to write into the DSCP TOS field of the packets The range is 0 to 63 Anew DSCP value can be set at all three levels flow group traffic class and policy A DSCP value 165 Chapter 14 Quality of Service 166 specified in a flow group overrides a DSCP value specified at the traffic class or policy level Priority 802 1p Specifies a new user priority value for the packets The range is 0 to 7 You can specify a new priority value at both the flow group and traffic class levels If you specify a new user priority value at both levels the value in the flow group here overrides the value in Traffic Class If you want the packets to retain the new value when they exit the switch change Remark Priority to Yes Remark Priority If set to Yes replaces the user priority value in the packets with the new value specified in the Priority parameter when the packet leaves the switch ToS Specifies a replacement value to write into the Type of Service ToS field of IPv4 packets The range is 0 to 7 A new ToS value can be set at all three levels flow group traffic class and policy A ToS value specified in a flow group overrides a ToS value specified at the traffic class or policy level Move ToS to Priority Replaces the value in the 802 1p priority field with the value in the ToS priority field on IPv4 packets Options are yes Replaces the value in the 802 1p priority field with the value in the ToS
153. ection Basic Features AT S63 Management Software Web Browser User s Guide 4 Click Modify The Modify Mirror page is shown in Figure 27 men O Enable Mirror Sesesscseses n n Mirror Ingress Port Mirror Egress Port IT Mirror Ingress Egress Port Mirror To Port Figure 27 Modify Mirror Page 5 Click the ports to be in the port mirror Clicking a port toggles it through the following possible settings e The destination mirror port There can be only one destination port A source port The port s ingress traffic is mirrored to the I destination port E A source port The port s egress traffic is mirrored to the destination port TE A source port The port s ingress and egress traffic is IE mirrored to the destination port ii Not part of a port mirror You can mirror one port a few ports or all of the ports on the switch with the exception of course of the destination port Note To create a mirror port for the Denial of Service defenses specify only the destination port The management software automatically determines the source ports 95 Chapter 7 P ort Mirroring Figure 28 shows an example of the Modify Mirror page configured for a port mirror The ingress and egress traffic on ports 1 2 and 7 to 10 is being mirrored to the destination port 11 Enable Mirror Mirror Ingress Port E Mirror Egress Port IT Mirror Ingress Egress Port O Mir
154. ectivity to the switch wait for the console timer to expire on your interrupted remote management session and then use a local management session to continue managing the unit The default for the console timer is 10 minutes 325 Chapter 20 Port based and Tagged VLANs Displaying VLANs 326 To display the current VLANs on a switch perform the following procedure 1 2 3 AT Layer 2 9424T SP From the Home page select Monitoring From the Monitoring menu select the Layer 2 option Select the VLAN tab The VLAN tab is shown in Figure 130 VLAN VLAN Configuration VLAN Mite Uplink Port User Configured Not Applicable Total VLANs 3 Page lof 1 VLAN List VLAN ID Client Name Uplink Port Protocol Member Ports Untagged 1 Default_VLAN NA Port Based None Configured 7 8 11 19 24 Actual 7 8 11 19 24 Untagged O 12 Port Based None Configured 1 6 Actual 1 6 Tagged 23 Untagged O 27 Production Port Based None Configured 9 10 12 18 Actual 9 10 12 18 Tagged 23 Figure 130 VLAN Tab Monitoring The upper part of the tab displays the following information VLAN Mode The VLAN mode of the switch Possible settings are User Configured This mode supports port based and tagged VLANs Multiple 802 1Q The IEEE 802 1Q compliant multiple VLAN mode Multiple The non IEEE 802 1Q compliant multiple VLAN mode Secton V Virtual LANs Secton
155. ent PKI settings and certificates on the switch To configure the PKI settings and certificates you must use the AT S63 menus or command line interface For more information about PKI refer to the AT S63 Management Software Menus Interface User s Guide To display the PKI settings and certificates perform the following procedure 1 From the Home page select Monitoring 2 From the Monitoring menu select the Mgmt Security option 3 Select the PKI tab The PKI tab is shown in Figure 153 System Name Marketing MAC Addr 00 30 84 4B EF CD Maximum Number of Certificates is 256 Mgmt Security Total Certificates 2 Page lof 1 Name State MTrust Type Source Local Trusted True EE Command Secondary Trusted True EE Command Figure 153 PKI Tab Monitoring The upper section of the tab states the maximum number of certificates the certificate database can store The default value is 256 certificates The lower section displays a table that lists the current certificates in the database and contains the following columns of information Name The certificate name State The state of the certificate one of the following Section VII Management Security Section VI Management Security 4 AT S63 Management Software Web Browser User s Guide Trusted The certificate is from a trusted CA Untrusted The certificate is from an untrusted CA MTrust Manually Truste
156. epartment of Commerce and conditionally may be exported in accordance with the pertinent terms of License Exception ENC described in 15 C F R Part 740 17 In no case may it be exported to Cuba Iran Iraq Libya North Korea Sudan or Syria If you wish to transfer this software outside the United States or Canada please contact your local Allied Telesis sales representative for current information on this product s export status 15 Preface How This Guide is Organized This guide has the following sections and chapters O Section l Basic Operations Chapter 1 Basic Switch Parameters on page 25 Chapter 2 Port Parameters on page 41 Chapter 3 Enhanced Stacking on page 55 Chapter 4 SNMPv1 and SNMPv2c on page 63 Chapter 5 MAC Address Table on page 73 Chapter 6 Static Port Trunks on page 83 Chapter 7 Port Mirroring on page 93 O Section Il Advanced Operations Chapter 8 File System on page 103 Chapter 9 File Downloads and Uploads on page 109 Chapter 10 Event Logs and Syslog Client on page 117 Chapter 11 Classifiers on page 133 Chapter 12 Access Control Lists on page 145 Chapter 13 Class of Service on page 153 Chapter 14 Quality of Service on page 163 Chapter 15 Denial of Service Defenses on page 185 Chapter 16 IGMP Snooping on page 191 O Section Ill SNMPv3 Chapter 17 SNMPv3 on page 201 O Section IV Spanning
157. er of the trunk Name The name of the trunk Type The load distribution method The possible settings are SA Source MAC address Layer 2 DA Destination MAC address Layer 2 SA DA Source MAC address destination MAC address Layer 2 SI Source IP address Layer 3 DI Destination IP address Layer 3 SI DI Source IP address destination IP address Layer 3 Ports The ports of the trunk 85 Chapter 6 Static Port Trunks 4 To create a new static trunk click Add The Add New Trunk page is shown in Figure 23 iert O Trunk ID Trunk Name Trunk Method SADA Source amp DestL2 Address EN Seseesscseses n n Trunk Port Regular Port Figure 23 Add New Trunk Page 5 Click the Trunk Name field and enter a name for the static trunk The name can be up to 16 alphanumeric characters No spaces or special characters such as asterisks and exclamation points are allowed Each trunk must have a unique name 6 From the Trunk Method pull down menu select a load distribution method for the trunk The possible settings are SA Source MAC address Layer 2 DA Destination MAC address Layer 2 SA DA Source MAC address destination MAC address Layer 2 SI Source IP address Layer 3 DI Destination IP address Layer 3 SI DI Source IP address destination IP address Layer 3 7 Inthe switch image click the ports to be in the port trunk A selected port
158. er switch You cannot change the setting on a switch accessed through enhanced stacking As an alternative you can use a local management session or if the switch has a local interface you can use a Telnet or web browser management session To configure a switch s enhanced stacking status perform the following procedure 1 From the Home page select Configuration 2 From the Configuration menu select the Mgmt Protocols option 3 Select the Enhanced Stacking tab 56 Section Basic Operations Section Basic Operations AT S63 Management Software Web Browser User s Guide The Enhanced Stacking tab is shown in Figure 11 stem Name Marketing dr 00 30 84 4B EF CD Enhanced Stacking Switch State Master OSlave O Unavailable Mgmt Protocols Figure 11 Enhanced Stacking Tab Configuration 4 Click the desired enhanced stacking status for the switch The default is Slave 5 Click Apply The new setting for the enhanced stacking status is activated on the switch 6 To permanently save your changes select the Save Config option in the Configuration menu 57 Chapter 3 Enhanced Stacking Selecting a Switch in an Enhanced Stack This procedure explains how to select a switch to manage in an enhanced stack You can manage only one switch at a time When you start a web browser management session on an enhanced stack you are initially managing the master switch where y
159. ere If the servers have different keys you must specify each key when you specify a server s IP address The maximum key length is 39 characters Global Server Timeout Specify the maximum amount of time the switch should wait for a response from a TACACS server If the timeout expires without a response the switch queries the next TACACS server in the list If Section VII Management Security Section VI Management Security AT S63 Management Software Web Browser User s Guide there are no more servers the switch defaults to the standard Manager and Operator accounts The default is 30 seconds The range is 1 to 30 seconds IP Address and Encryption Key Specify the IP addresses and encryption secrets of up to three TACACS servers You can leave an encryption field blank if you entered the server s secret in the Global Secret field The maximum length is 39 characters Click Apply To permanently save your changes select the Save Config option in the Configuration menu 391 Chapter 26 TACACS and RADIUS Protocols Displaying the TACACS Client Settings To display the TACACS client settings on the switch perform the following procedure 1 From the Home page select Monitoring 2 Select the Mgmt Protocols option The Mgmt Protocols tab is displayed with the Server based Authentication tab selected by default as shown in Figure 160 Server based Authentication Disabled TACACS TA
160. erface For more information about encryption keys refer to the AT S63 Management Software Menus Interface User s Guide To display the encryption keys perform the following procedure 1 From the Home page select Monitoring 2 From the Monitoring menu select the Mgmt Security option 3 Select the Keys tab The Keys tab is shown in Figure 152 System Name Marketing MAC Addr 00 30 84 4B EF CD Total Keys 1 Page lof 1 Key ID Algorithm Length Digest Description 243 RSA Private 512 E8DD94FB Local key Mgmt Security Figure 152 Keys Tab Monitoring The Keys tab displays a table that contains the following columns of information ID The identification number of the key Algorithm The algorithm used in creating the encryption This is always RSA Private Length The length of the key in bits Digest The CRC32 value of the MD5 digest of the public key Section VII Management Security Section VI Management Security AT S63 Management Software Web Browser User s Guide Description The key s description You use these keys when you configure Secure Sockets Layer SSL or Secure Shell SSH To configure SSL you must use the AT S63 menus or CLI interface To configure SSH refer to Chapter 25 Secure Shell SSH on page 381 375 Chapter 24 Encryption Keys PKI and SSL Displaying the PKI Settings and Certificates 376 You can view the curr
161. ers as necessary Status Click Enable or Disable to enable or disable DoS on the selected ports Mirror Port This option applies to the Land Tear Drop Ping of Death and IP Options Enabling this option mirrors the traffic examined by a defense mechanism to another port on the switch To use this feature you must activate port mirroring on the switch and specify a destination mirror port as explained in Creating a Port Mirror on page 94 Click Apply The defense is immediately activated on the ports To permanently save your changes select the Save Config option in the Configuration menu Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide Displaying the DoS Settings To display the DoS settings perform the following procedure 1 From the Home page select Monitoring 2 From the Monitoring menu select Network Security 3 Select the DoS tab The DoS tab is shown in Figure 70 DoS LAN Subnet IP DoS LAN Subnet Mask 0 0 0 0 0 0 0 0 DoS Uplink Port 24 Network Security Syn Flood Figure 70 DoS Tab Monitoring Click the port whose DoS settings are to be displayed You can select more than one port at a time Si Using the DoS Type list select the type of Denial of Service defense whose settings are to be displayed D Click View Section Il Advanced Operations 189 Chapter 15 Denial of Service Defenses 190 The DoS Monitor
162. es 0 Fragments TX Collisions Figure 10 Port Statistics Page The Port Statistics page displays a table with the following columns of information Bytes Received Number of bytes received on the port Bytes Sent Number of bytes transmitted from the port Frames Received Number of frames received on the port 51 Chapter 2 Port Parameters 52 Frames Sent Number of frames transmitted from the port Broadcast Frames Received Number of broadcast frames received on the port Broadcast Frames Sent Number of broadcast frames transmitted from the port Multicast Frames Received Number of multicast frames received on the port Multicast Frames Sent Number of multicast frames transmitted from the port Frames 64 Bytes Frames 65 127 Bytes Frames 128 255 Bytes Frames 256 511 Bytes Frames 512 1023 Bytes Frames 1024 1518 Bytes Frames 1519 1522 Number of frames transmitted from the port grouped by size CRC Error Number of frames with a cyclic redundancy check CRC error but with the proper length 64 1518 bytes received on the port Jabber Number of occurrences of corrupted data or useless signals appearing on the port No of Rx Errors Total number of frames received on the port containing errors Undersize Frames Number of frames that were less than the minimum length specified by IEEE 802 3 64 bytes including the CRC received on the port Oversize Frames Number
163. es the cost parameter to decide which port provides the lowest cost path to the root bridge for that LAN The range is 0 to 65 535 The default setting is Auto detect which sets port cost depending on the speed of the port If you select Auto Detect the management software assigns a value of 100 if the port is operating at 10 Mbps 10 for 100 Mbps and 4 for one gigabit 4 After you have configured the parameters click Apply 5 To permanently save your changes select the Save Config option in the Configuration menu Displaying the To display the STP settings perform the following procedure STP Settings 1 From the Home page select Monitoring 2 From the Monitoring menu select the Layer 2 option 3 Select the Spanning Tree tab 278 Section IV Spanning Tree Protocols AT S 63 Management Software Web Browser User s Guide The Spanning Tree tabs is shown in Figure 112 AT 9424T SP arketing Home Spanning Tree system L ayeri e Spanning Tree is Disabled SE Protocol Version ___Momt Security __Mamt Protocols z Network Security View Spanning Tree Parameters Services L Multicast L Utilities LC wee L Leet Figure 112 Spanning Tree Tab Monitoring 4 Click View The Monitor STP Parameters tab is shown in Figure 113 Layer 2 Monitor STP Parameters Bridge Priority 8 4096 32768 Bridge Hello Time 2 Bridge Forwarding 15 Bridge Ma
164. escription Active Parent Policy ID Flow Group List GI DSCP traffic 17 No 1 o 8 DSCP 4 Yes 12 Figure 63 Traffic Class Tab Monitoring Section Il Advanced Operations Section Il Advanced Operations 4 5 AT S63 Management Software Web Browser User s Guide The Traffic Class tab displays the currently configured flow groups in a table that contains the following columns of information ID The ID of the traffic class Description A description of the traffic class Active Whether the traffic class is active on the switch An active traffic class is part of a policy assigned to one or more switch ports An inactive traffic class is not assigned to any policies or to policies that are not assigned to switch ports Parent Policy ID The QoS policies where the traffic class is assigned Flow Group List The flow groups assigned to this traffic class To display detailed information about a traffic class select the traffic class and click View The details of the traffic class are displayed in the View Traffic Class page For parameter definitions refer to Configuring a Traffic Class on page 170 Click Close 177 Chapter 14 Quality of Service Managing Policies This section contains the following procedures Configuring a Policy next Modifying a Policy on page 181 Deleting a Policy on page 182 Deleting all Flow Groups Traffic Classes and Polic
165. etails of the flow group are displayed in the View Flow Group page For parameter definitions refer to Configuring a Flow Group on page 164 5 Click Close Section Il Advanced Operations 169 Chapter 14 Quality of Service Managing Traffic Classes This section contains the following procedures Configuring a Traffic Class next Modifying a Traffic Class on page 174 Deleting a Traffic Class on page 176 UU DUU Displaying the Traffic Classes on page 176 Configuring a To configure a traffic class perform the following procedure Traffic Class 1 From the home page select Configuration 2 From the Configuration menu select the Services option 3 Select the Traffic Class tab The Traffic Class tab is shown in Figure 60 AT 9424T SP System Name Marketing MAC Addr 00 30 84 4B EF CD Current Traffic Classes ID Description Active Parent Policy ID Flow Group List Gin DSCP traffic 17 No 1 o 8 DSCP 4 Yes 12 Services Figure 60 Traffic Class Tab The columns in the tab are defined here ID The ID of the traffic class Description A description of the traffic class Active Whether this traffic class is active on the switch An active traffic class is part of a policy assigned to one or more switch ports An inactive traffic class is not assigned to any policies or to policies that are not assigned to switch ports 170 Section Il Ad
166. ew value specified in Exceed Remark Value The default is drop Exceed Remark Value Specifies the DSCP replacement value for traffic that exceeds the maximum bandwidth This value takes precedence over the DSCP value The default is 0 DSCP Value Specifies a replacement value to write into the DSCP TOS field of the packets The range is 0 to 63 A new DSCP value can be set at all three levels flow group traffic class and policy A DSCP value specified in a flow group overrides a DSCP value specified at the traffic class or policy level A DSCP value specified at the traffic class level is used only if no value has been specified at the flow group level It will override any value set at the policy level Max Bandwidth Specifies the maximum bandwidth available to the traffic class The range is 0 to 1016 Mbps This parameter determines the maximum rate at which the ingress port accepts packets belonging to this traffic class before either dropping or remarking occurs depending on the Exceed Action parameter If the sum of the maximum bandwidth for all traffic classes on a policy exceeds the ingress bandwidth of the port to which the policy is assigned the bandwidth for the port takes precedence and the port discards packets before they can be classified The value for this parameter is rounded up to the nearest Mbps value when this traffic class is assigned to a policy on a 10 100 port and up to the nearest 8 Mbps value when as
167. explains how to view and change the parameter settings of the ports on the switch Examples of the parameters include port speed duplex mode and packet filtering This chapter contains the following procedures Configuring Port Parameters on page 42 Displaying Port Parameters on page 49 Displaying Port Statistics on page 51 Resetting a Port to the Default Settings on page 54 Oo UD 41 Chapter 2 Port Parameters Configuring Port Parameters To configure the parameter settings of a port on the switch perform the following procedure 1 2 From the Home page select Configuration From the Configuration menu select the Layer 1 option The Layer 1 page is displayed with the Port Settings tab selected by default as shown in Figure 6 Home system L tayer2 Mgmt Security neo Protocols __Network Security Services L Multicast Utilities Help L togt Figure 6 Port Settings Tab Configuration The Port Settings tab displays an image of the front of the switch Ports with a valid link to an end node are green 3 Inthe switch image click a port to configure The selected port turns white You can configure more than one port at a time though they must all be the same type i e all twisted pair ports or all fiber optic ports To deselect a port click it again 4 Click Modify To configure all the ports click Modify Al
168. f transfer is supported from the menus and command line interfaces To upload a file perform the following procedure 1 2 From the home page select Configuration From the Configuration menu select the Utilities option The Utilities page is displayed with the System Utilities tab displayed by default Note The top portion of the tab is used to return the switch to its factory default settings For instructions refer to Returning the AT S63 Management Software to the Factory Default Values on page 35 In the TFTP Server IP Address field enter the IP address of the network node with the TFTP server software For the TFTP Operation parameter click Upload Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide 5 Inthe TFTP Remote Filename field enter a name for the file when it is stored on the TFTP server 6 Inthe TFTP Local Filename field enter the name of the file in the switch s file system to be uploaded to the TFTP server 7 In TFTP File Type select File Note If you select Image as the TFTP File Type the switch uploads its active AT S63 image file to the FTP server and stores it under the name specified in step 5 Allied Telesis does not recommend uploading a switch s image file If you need an AT S63 image file to download onto another switch go to the Allied Telesis web site for the latest version 8 Clic
169. fic Class Classifier List Description Active DSCP 17 traffic Yes 1 DSCP 4 traffic Yes 8 Priority 7 No Services Figure 56 Flow Group Tab Configuration The columns in the tab are defined here ID The ID number of the flow group Description The flow group description Active The active status of the flow group A flow group is deemed active if it is part of a policy assigned to a switch port A flow group is considered 164 Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide inactive if it is not a part of any policies or if the policies are not assigned to any ports Parent Traffic Class ID The traffic class where the flow group is assigned Classifier List The classifiers of the flow group Click Create The Create Flow Group page opens as shown in Figure 57 __ CreaterowGroup 1 ID Description 0 1023 DSCP Priorit 802 1p pe n Remark Priority NO e ToS Move ToS To Priority 0 7 NO e Move Priority To ToS Classifier List NO e Figure 57 Create Flow Group Page 5 Configure the following parameters as necessary ID Specifies the ID number for this flow group A flow group must be assigned a unique ID number The range is 0 to 1023 Description Specifies the flow group description A description can be up to 15 alphanumeric characters including spaces DSCP Sp
170. figuration menu select the Utilities option The Utilities page is displayed with the System Utilities tab selected by default as shown in Figure 32 System Utilities Reset to Factory Defaults C Reboot Switch After Resetting to Defaults TFTP File Uploads and Downloads TFTP Server IP Address TFTP Operation D BI BI i Download Upload Utilities TFTP Remote Filename TFTP Local Filename TFTP FileType Image Config set default amp reboot O File Figure 32 System Utilities Tab Configuration Note The top portion of the System Utilities tab returns the switch to its factory default settings For instructions refer to Returning the AT S63 Management Software to the Factory Default Values on page 35 3 Inthe TFTP Server IP Address field enter the IP address of the network node containing the TFTP server software 4 For the TFTP Operation parameter click Download 5 Inthe TFTP Remote Filename field enter the filename of the file on the TFTP server to be downloaded to the switch Be sure to include the filename extension such as img for an AT S63 image file or cfg for a configuration file Section Il Advanced Operations Section Il Advanced Operations 6 AT S 63 Management Software Web Browser User s Guide In the TFTP Local Filename field enter a name for the file This is the name the switch uses to store the file in its file system T
171. figure Target Address Table and then click Configure at the bottom of the tab The SNMPv3 Target Address Table tab is shown in Figure 91 on page 239 4 Click Next or Previous to display the SNMPv3 Target Address Table entry to be deleted 5 Click Remove A warning message is displayed 6 Click OK 7 To permanently save your changes select the Save Config option in the Configuration menu 241 Chapter 17 SNMPv3 Modifying Target To modify an entry in the SNMPv3 Target Address Table perform the Address Table following procedure Entry 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 2 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 3 In the SNMPv38 section click the button next to Configure Target Address Table and then click Configure at the bottom of the tab The SNMPv3 Target Address Table tab is shown in Figure 91 on page 239 4 Click Next or Previous to display the Target Address Table entry to be changed 5 Click Modify The Modify SNMPv3 Target Address page is shown Figure 93 __ModifysNwPvsTargetaddress Target Address Name snmpy3host50 IP Address 1921 11 UDP Port Number 162 Timeout gt 1500 Retries Sr det Tag List swengtag hwengtag Target Parameters snmpv3manager50 Storage Type Volatile x Row S
172. g Time 300 0 1048575 second s C mias View Add Unicast MAC Addresses Utilities l View All View MAC Addresses on Port s Save Config O View Static O View MAC Addresses for VLAN Help _ View Dynamic O View MAC Address EEL EL LEI C view Add View Add Multicast MAC Addresses O View All View MAC Addresses on Ports O View Static O View MAC Addresses for VLAN View Dynamic View MAC Address Delete All Dynamic MAC Addresses Click Delete to Remove All Dynamic MAC Addresses Figure 19 MAC Address Tab Configuration 74 Section Basic Operations AT S63 Management Software Web Browser User s Guide The View Unicast MAC Addresses section and the View Multicast MAC Addresses section display unicast and multicast addresses respectively The options function the same in both sections You can select only one option at a time View All Displays all dynamic and static unicast or multicast addresses in the MAC address table View Static Displays just the static unicast or multicast addresses assigned to the ports View Dynamic Displays just the dynamic addresses learned on the ports View MAC Addresses on Port Displays the dynamic and static MAC addresses of a particular port You can specify more than one port at a time View MAC Addresses for VLAN Displays the static and dynamic addresses learned on the tagged and untagged ports of a VLAN Yo
173. g about the operation of Auto Negotiation on a switch port O In order for a switch port to successfully autonegotiate its duplex mode with an end node the end node should also be using Auto Negotiation Otherwise a duplex mode mismatch can occur A switch port using Auto Negotiation defaults to half duplex if it detects that the end node is not using Auto Negotiation This results in a mismatch if the end node is operating at a fixed duplex mode of full duplex To avoid this problem when connecting an end node with a fixed duplex mode of full duplex to a switch port you should disable Auto Negotiation on the port and set its speed and duplex mode manually O If you disable Auto Negotiation on a twisted pair port the auto MDI MDI X feature on a port is also disabled and the port defaults to the MDI X configuration If you disable Auto Negotiation and set a port s speed and duplex mode manually you might also need to set the port s MDI MDI X setting as well Section Basic Operations Section Basic Operations AT S63 Management Software Web Browser User s Guide Possible settings are Auto Negotiate The port autonegotiates both speed and duplex mode This is the default 10Mbps Half Duplex 10Mbps Full Duplex 100Mbps Half Duplex 100Mbps Full Duplex 1Gb Full Duplex Applies only to 1000Base SFP and GBIC modules This selection should not be used An SFP or GBIC module should use Auto Negotiation to set it
174. g an ACE on page 404 Deleting an ACE on page 405 Oo a0 0 Displaying the Management Access Control List on page 406 399 Chapter 27 Management Access Control List Enabling or Disabling the Management ACL 400 This procedure enables and disables the management ACL When the management ACL is enabled remote Telnet and web browser management of the switch is restricted to just those management stations specified by the access control entries in the ACL When the feature is disabled any remote management workstation can access the switch Note Do not activate the management ACL until you have specified the access control entries ACEs Otherwise it will be impossible to remotely manage the unit from a Telnet or web browser management session because the switch will discard all remote management packets For instructions on how to add ACEs refer to Creating an ACE on page 402 To enable or disable the management ACL perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Mgmt Security option 3 Select the Mgmt ACL tab The tab is shown in Figure 164 Mgmt Security Mgmt ACL Configure Mgmt ACL Disable Mgmt ACL O Enable Mgmt ACL Total Mgmt ACLS 2 Page lof 1 Management ACL List IP Aaddress IP Mask Application Type 149 44 44 24 255 255 255 255 WEB 144 44 44 7 255 255 255 255
175. g option in the Configuration menu Modifying an To modify an MSTI perform the following procedure MSTI i 2 Section IV Spanning Tree P rotocols From the home page select Configuration From the Configuration menu select the Layer 2 option Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 109 on page 272 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 121 on page 295 In the CIST MSTI Table section of the tab click the button next to the MSTI ID to be modified You can only modify one MSTI ID at a time You cannot modify CIST Click Modify 299 Chapter 19 Multiple Spanning Tree Protocol Deleting an MSTI 300 The Modify MSTI page is shown in Figure 123 10 11 To 1 2 MSTI ID 2 Priority 2 4096 28672 VLAN List 3 Figure 123 Modify MSTI Page To change the MSTI s priority value enter a value in the Priority field This parameter is used in selecting a regional root for the MSTI The range is 0 zero to 61 440 in increments of 4 096 with 0 being the highest priority For a list of the increments refer toTable 5 Bridge Priority Value Increments on page 276 The default is 0 To add or remove VLANs from the MSTI edit the VIDs in the VLAN List field Separate multiple VIDs with a comma Click Apply Repeat steps 5 to 9 to modify additional MSTIs To permanently save your changes select the Save Config
176. gged VLAN MAC Based The VLAN is a MAC address based VLAN Protected The VLAN is a protected ports VLAN GARP The VLAN was automatically created by GARP Protocol The protocol associated with a VLAN The possible settings are None The VLAN is a port based tagged MAC address based or protected ports VLAN GARP The VLAN was created by GARP Member Ports The untagged and tagged ports of a VLAN These fields will be blank fora MAC address based VLAN The untagged ports of a VLAN are listed as follows o Configured The untagged ports assigned to the VLAN when the VLAN was created or modified o Actual The current untagged ports of the VLAN If you are not using 802 1x Port based Network Access Control both the Configured and Actual untagged ports of a VLAN will always be the same If you are using 802 1x and assigned a Guest VLAN to an authenticator port or associated an 802 1x supplicant to a VLAN on the authentication server a port can be in different VLAN than the virtual LAN where it was originally assigned as an untagged port In these situations the Configured and Actual port lists can differ with the Actual list detailing the ports that are currently functioning as 317 Chapter 20 Port based and Tagged VLANs 4 untagged ports of the VLAN For example if a particular port is listed as a Configured member of a VLAN but not as an Actual member that would mean either the port is currently a par
177. gned certificate created by the switch is COMMAND Version The version of X 509 that the certificate complies with Serial Number The certificate s serial number Signature Algorithm The algorithm used to sign the certificate Public Key Algorithm The algorithm of the public key certified by the certificate Not Valid Before The date the certificate became active Not Valid After The date the certificate expires Self signed certificates are valid for two years Subject The distinguished name of the subject of the certificate Issuer The distinguished name of the issuer of the certificate MD5 Fingerprint The MD5 algorithm This value provides a unique sequence for each certificate consisting of 16 bytes SHA1 Fingerprint The Secure Hash Algorithm This value provides a unique sequence for each certificate consisting of 20 bytes Click Close to close the page Section VII Management Security AT S63 Management Software Web Browser User s Guide Displaying the SSL Settings To configure the SSL settings you must use the AT S63 menus or command line interface For instructions refer to the AT S63 Management Software Menus Interface User s Guide and the AT S63 Management Software Command Line Interface User s Guide To display the SSL settings perform the following procedure 1 From the Home page select Monitoring 2 From the Monitoring menu select the Mgmt Protocols option 3 Select the SSL ta
178. gs cccceececceceeeeeeeeeeeceeeeeeeeaeeseeeeeeseaaeseeeeeecaaeeeseeeeeseaaeseeneeseceessnaaeessaees 54 Chapter 3 Enhanced Stacking eeeeeseeseeeeeneeeiresirnstnnsttt uttu utttn ttnn natnn nat E ESSES A AEEA SE EESNEES SEEE nEn nnnn nennen nnne 55 Setting a Switch s Enhanced Stacking Status c ccccccecceeeeeeeceeeeceeeecaaeeseeeeeeeeaeeeceeeeeseaeeeseaeeeseeesntaeesseneeess 56 Selecting a Switch in an Enhanced Stack ccccceecceceeeeeeeeneeeeeeeeeeeaaeeceeeeeeesaaeeseeaeeeseaaeeseeeeeseaeeseeeeeeeiaeesseneees 58 Returning to the Master Switch AAA 60 Displaying the Enhanced Stacking Gtaius nestr tstntrtnntttinttninssinnstnnnstnnnnennstnnsnnnntnnnnnnn nt 61 Chapter 4 SNMPv1 and SNMPV2C ccccccccceceeeeeeeeeee cence eeeeaeeeecaeeecaaaeseceeeseaaeeeseaeeesaeesseaaeeseeeeeeaaeseenees 63 Enabling or Disabling SNMP Management 64 Creating a New SNMPv1 and SNMPv2c Community sssessssseeseesiiessrsesrrnssnrstnrtnnstttisstrnssinnssinnstnnsnnnnenn nenun nnn 66 Modifying an SNMPv1 and SNMPv2c Community 69 Deleting an SNMPv1 and SNMPv2c Community 70 Displaying the SNMPv1 and SNMPv2c Communities ccecccceeeeteeeeeeeeeeeaeeeeeeeeeesaaaeseeeeeeseaaeesecaeesssaaeesiness 71 Chapter 5 MAC Address Table ccccceecceceeeeeeeneeeceeeeeeeeaaeceaeeecaaaeseceeeesaaeesseaeeecaeesseeaeesecaeeesaeeesenes 73 Displayirig the MAGC Address Tablet iiniu erea aana a ges ees ei araa aa Had Lgegee
179. gs go to Configuring Authenticator Port Parameters on page 357 To configure supplicant port settings go to Configuring Supplicant Port Parameters on page 363 Section VI Port Security 355 Chapter 23 802 1x Rot based Network Access Control Enabling or Disabling 802 1x Port based Network Access Control 356 To enable or disable 802 1x Port based Network Access Control perform the following procedure 1 2 From the home page select Configuration From the Configuration menu select the Network Security option Select the 802 1x Port Access tab The 802 1x Port Access tab is shown in Figure 144 on page 354 Click the Enable Port Access check box A check in the box means the feature is activated on the switch No check means the feature is disabled For instructions on configuring the accounting feature refer to RADIUS Accounting on page 369 Click Apply A change to the status of 802 1x Port based Network Access Control is immediately implemented on the switch To permanently save your changes select the Save Config option in the Configuration menu Section VI Port Security AT S63 Management Software Web Browser User s Guide Configuring Authenticator Port Parameters Section VI Port Security To configure authenticator port parameters perform the following procedure Note The role of a port must be set to authenticator before the parameters can be configured For instr
180. h is described in Configuring MSTP Port Parameters on page 302 295 Chapter 19 Multiple Spanning Tree Protocol 296 Configure the following parameters as necessary Force Version This selection determines whether the bridge operates with MSTP or in an STP compatible mode If you select MSTP the bridge operates all ports in MSTP except those ports that receive STP or RSTP BPDU packets If you select Force STP Compatible the bridge uses its MSTP parameter settings but sends only STP BPDU packets from the ports The default is MSTP Note Selecting the STP compatible mode deletes all spanning tree instances on the switch Bridge Hello Time The time interval between generating and sending configuration messages by the bridge This parameter can be from 1 to 10 seconds The default is 2 seconds This value is active only if the bridge is selected as the root bridge of the network Bridge Forwarding The waiting period before a bridge changes to a new state for example becomes the new root bridge after the topology changes If the bridge transitions too soon not all of the links may have adapted to the change possibly resulting in a network loop The range is from 4 to 30 seconds The default is 15 seconds This setting applies only to ports running in the STP compatible mode Configuration Name The name of the MSTP region The range is 0 zero to 32 alphanumeric characters in length The name which is case
181. h of time after which stored bridge protocol data units BPDUs are deleted by the bridge All bridges in a bridged LAN use this aging time to test the age of stored configuration messages called bridge protocol data units BPDUs For example if you use the default value 20 all bridges delete current configuration messages after 20 seconds This parameter can be from 6 to 40 seconds In selecting a value for maximum age the following rules must be observed MaxAge must be greater than 2 x HelloTime 1 MaxAge must be less than 2 x ForwardingDelay 1 Note The aging time for BPDUs is different from the aging time used by the MAC address table Section IV Spanning Tree Protocols Configuring STP Port Settings Section IV Spanning Tree Protocols AT S63 Management Software Web Browser User s Guide Bridge Identifier The MAC address of the bridge The bridge identifier is used as a tie breaker in the selection of the root bridge when two or more bridges have the same bridge priority value This value cannot be changed Root Bridge The MAC address of the root bridge of the spanning tree domain This value cannot be changed and is only displayed when STP is activated on the switch Root Priority The priority value on the root bridge of the spanning tree domain This parameter is only displayed when STP is enabled on the switch To change the priority value on the root bridge you must start a management session o
182. hange the community name of a string Click Apply The modifications are activated on the community string To permanently save the changes select the Save Config menu option 69 Chapter 4 SNMPv1 and SNMPv2c Deleting an SNMPv1 and SNMPv2c Community 70 To delete an SNMPv1 and SNMPv2c community perform the following procedure 1 2 From the Home page select Configuration From the Configuration menu select the Mgmt Protocols option Select the SNMP tab The SNMP tab is shown in Figure 14 on page 64 In the SNMPv1 A SNMPv2c section click Configure The SNMPv1 amp SNMPv2c Communities tab is shown in Figure 15 on page 66 Click the button next to the community name to delete and click Remove You can delete only one community string at a time A warning message is displayed Click OK The community string is deleted from the switch To permanently save the change select the Save Config menu option Section Basic Operations AT S63 Management Software Web Browser User s Guide Displaying the SNMPv1 and SNMPv2c Communities To display the SNMPv1 and SNMPv2c communities perform the following procedure 1 From the Home page select Monitoring 2 From the Monitoring menu select the Mgmt Protocols option 3 Select the SNMP tab The SNMP tab is shown in Figure 17 AT 9424T SP SNMP Access Enabled Authentication Failure Trap Disabled SNMPv1 amp SNMPv2c Mgmt Protoc
183. he MSTP configuration perform the following procedure 1 From the Home page select Monitoring 2 From the Monitoring menu select the Layer 2 option 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 109 on page 272 This tab displays information on whether spanning tree is enable or disabled and which protocol version STP RSTP or MSTP is active 4 Click View 306 Section IV Spanning Tree Protocols AT S63 Management Software Web Browser User s Guide The MSTP Parameters tab is shown in Figure 125 Layer 2 AT 9424Ti SP System Name MAC Addr 00 21 46 47 B4 43 Monitor MSTP Parameters Force Version MSTP Bridge Hello Time 2 Bridge Forwarding 15 Configuration Name Bridge Max Age 20 Bridge Max Hops 20 Bridge Identifier 00 21 46 A7 B4 43 Monitor CIST Parameters CIST Priority 8 4096 32768 Root ID 00 21 46 A7 B4 43 Root Path Cost 0 CIST MSTI Table CIST MSTIID Priority VLAN Associations 0 32768 1 1 32768 2 Spanning Revision Level 0 Root Hello Time 2 Root Forwarding 5 Root Max Age 20 Root Path Cost 0 Root Identifier 00 21 46 47 84 43 Regional Root ID 00 21 46 A7 B4 43 Regional Root Path Cost 0 Total CIST MSTIs 2 Page 1of 1 Section IV Spanning Tree Protocols Figure 125 Monitor MSTP Parameters Tab Monitoring The Monitor MSTP Parameters section displays the current MSTP parameter setting
184. he Policies tab The Policies tab is shown in Figure 64 on page 178 4 Click Purge to delete all flow groups traffic classes and policies from the switch The switch deletes all flow groups traffic classes and policies o To permanently save your changes select the Save Config option in the Configuration menu Displaying To display the policies perform the following procedure Policies 1 From the Home page select Monitoring 2 From the Monitoring menu select Services 3 Select the Policies tab The Policies tab is shown in Figure 67 System Name Marketing C Addr 00 30 84 4B EF CD Policies Page lof 1 Current Policies Description Active Traffic Class List Ingress Port List GI DSCP 17 traffic No O 12 DSCP 4 traffic Yes 2 3 Services Figure 67 Policies Tab Monitoring The Policies tab displays the existing policies in a table with the following columns of information Section Il Advanced Operations 183 Chapter 14 Quality of Service 184 4 5 ID The ID of the policy Description A description of the policy Active Whether this policy is active on the switch An active policy is assigned to one or more switch ports An inactive policy is not assigned to any switch ports Traffic Class List The traffic classes of the policy Ingress Port List The ingress ports of the policy To view the details of a specific policy select the
185. he System Date and Time 30 This procedure explains how to set the switch s date and time Setting the date and time is important if you plan to view the events in the switch s event log or send the events to a syslog server The correct date and time are also important if the management software will be sending traps to a management workstation or if you plan to create a self signed SSL certificate Events traps and self signed certificates should contain the date and time of when they occurred or in the case of certificates when they were created There are two ways to set the switch s date and time One method is to set it manually The AT 9400 Switch has an onboard battery that maintains the date and time even when the unit is powered off or reset The second method uses the Simple Network Time Protocol SNTP The AT S63 Management Software comes with the client version of this protocol You can configure the AT S63 software to obtain the current date and time from an SNTP or Network Time Protocol NTP server located on your network or the Internet SNTP is a reduced version of the NTP However the SNTP client software in the AT S63 Management Software is interoperable with NTP servers Note In order for the management software on the switch to communicate with an SNTP or NTP server there must be an interface on the local subnet from where the switch is reaching the server The switch uses the IP address of the interfac
186. he port is functioning as a point to point port The possible settings are Yes No and Auto Detect Cost Port cost of the port The default is Auto Update Priority The number used as a tie breaker when two or more ports have equal costs to the root bridge 6 Click OK to close the page Resetting RSTP To reset RSTP to the default settings perform the following procedure to the Default From the Home page select Configuration Settings 2 From the Configuration menu select Layer 2 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 109 on page 272 4 Verify that there is no check in the Enable Spanning Tree check box If there is a check click the option to remove it Spanning tree must be disabled in order for you to return it to its default settings 5 Click Configure The Configure RSTP Bridge Parameters tab is shown in Figure 115 on page 283 6 Click Defaults The RSTP settings are returned to their default values 7 To permanently save your changes select the Save Config option in the Configuration menu Section IV Spanning Tree Protocols 289 Chapter 18 Spanning Tree and Rapid Spanning Tree Protocols 290 Section IV Spanning Tree Protocols Chapter 19 Multiple Spanning Tree Protocol Section IV Spanning Tree Protocols This chapter explains how to configure multiple spanning tree protocol MSTP parameters on the AT 9400 Switch using a web browser management sessio
187. he root switch Backup The port on a designated switch that provides a backup for the path provided by the designated port Designated The port on the designated switch for a LAN that has the least cost path to the root switch This port connects the LAN to the root switch Master Similar to the root port When the port is a boundary port the MSTI port roles follow the CIST port roles The MSTI port role is called master when the CIST role is root 309 Chapter 19 Multiple Spanning Tree Protocol P2P Whether or not the port is functioning as a point to point port The possible settings are Yes No and Auto Detect Version Whether the port is operating in MSTP mode or STP compatible mode Internal Port Cost The port cost when the port is connected to a bridge in the same MSTP region 8 Click OK to close the page 310 Section IV Spanning Tree Protocols AT S63 Management Software Web Browser User s Guide Resetting MSTP to the Default Settings Section IV Spanning Tree Protocols To reset MSTP to the factory default settings perform the following procedure 1 2 From the home page select Configuration From the Configuration menu select the Layer 2 option Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 120 on page 292 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 121 on page 295 Click Defaults The MSTP settings are returned
188. her refine the value of the Subtree OID parameter The Subtree OID parameter defines a MIB View and the Subtree Mask parameter further restricts a user s view to a specific the column and row of the MIB View The value of the Subnet Mask parameter is dependent on the subtree you select For example if you configure the View Subtree parameter as MIB ifEntry 0 3 it has the following value EE PE Lee A E To restrict the user s view to the third row all columns of the MIB ifEntry 0 3 enter the following value for the Subtree Mask parameter ff bf In the View Type field enter one of the following view types Included Enter this value to permit the user to see the subtree specified above Excluded Enter this value to not permit the user to see the subtree specified above In the Storage Type field enter a storage type for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the View Table After making changes to a View Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu Section Ill SNMP v3 Deleting a View Table Entry Modifying a View Table Entry Section Ill SNMP v3 AT S 63 Management Software Web Browser User s Guide NonVolatile Select this storage type if you want the ability to save an entry in the View Table After making changes to a View Table entry with a NonVolatile storage type the Save Config
189. here the host nodes are connected Assigning the address only to the port where the TI Chapter 5 MAC Address Table multicast application is located results in the failure of the multicast packets to be properly forwarded to the host nodes You can specify the ports individually e g 1 4 5 as a range e g 11 14 or both e g 15 17 22 24 VLAN ID Specifies the VLAN ID where the port is a member 5 Click Apply 6 Repeat this procedure to add other static addresses to the switch 7 To permanently save your changes select the Save Config option in the Configuration menu 78 Section Basic Operations AT S 63 Management Software Web Browser User s Guide Deleting Unicast and Multicast MAC Addresses Section Basic Operations To delete a static or dynamic unicast or multicast MAC address from the switch perform the following procedure 1 From the Home page select Configuration 2 From the Configuration menu select the Layer 2 option The Layer 2 page opens with the MAC Address tab selected by default as shown in Figure 19 on page 74 3 Display the MAC addresses on the switch by selecting one of the options For instructions refer to Displaying the MAC Address Table on page 74 4 Click the button next to the MAC address to be deleted from the switch You can only delete one address at a time Note You cannot delete a switch s MAC address an STP BPDU MAC address or a broadcast add
190. ick Delete The flow group is deleted from the switch 5 To permanently save your changes select the Save Config menu selection Displaying the To display the flow groups perform the following procedure Flow Groups 1 From the Home page select Monitoring 2 From the Monitoring menu select the Services option 3 Select the Flow Group tab 168 Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide The Flow Group tab is shown in Figure 59 AT 9424T SP System Name Marketing MAC Addr 00 30 84 4B EF CD Page lof 1 Current FG s ID Description Active Parent Traffic Class Classifier List test No Yes No Services Figure 59 Flow Group Tab Monitoring The Flow Group tab displays the currently configured flow groups in a table that contains the following columns of information ID The ID number of the flow group Description The flow group description Active The active status of the flow group A flow group is deemed active if it is part of a policy assigned to a switch port A flow group is considered inactive if it is not assigned to any policies or if the policies have not been assigned to any ports Parent Traffic Class ID The traffic class where the flow group is assigned Classifier List The classifiers of the flow group 4 To display detailed information about a flow group select the flow group and click View The d
191. ient after one client has been authenticated If set to Disabled the switch port forwards only those packets from the client who was authenticated and discards packets from all other users VLAN Assignment Controls whether an authenticator port uses the VLAN assignments returned by a RADIUS server Options are O Enabled Specifies that the authenticator port is to use the VLAN assignment returned by the RADIUS server when a supplicant logs on This is the default setting The port automatically moves to the designated VLAN after the supplicant successfully logs on O Disabled Specifies that the authenticator port ignore any VLAN assignment information returned by the RADIUS server when a supplicant logs on The authenticator port remains in its predefined VLAN assignment even if the RADIUS server returns a VLAN assignment when a supplicant logs on This is the default setting Secure VLAN Controls the action of an authenticator port to subsequent authentications after the initial authentication where VLAN assignments have been added to the user accounts on the RADIUS server This parameter only applies when the port is operating in the Multiple operating mode Possible settings are O On Specifies that only those supplicants with the same VLAN assignment as the initial supplicant are authenticated Supplicants with a different or no VLAN assignment are denied entry to the port This is the default setting O Off Specifies that all s
192. ies on page 183 QOagaqadg D Displaying Policies on page 183 Configuring a To configure a policy perform the following procedure Policy 1 From the home page select Configuration 2 From the Configuration menu select the Services option 3 Select the Policies tab The Policies tab is shown in Figure 64 Policies Current Policies Description Active Traffic Class List Ingress Port List Gel DSCP 17 traffic No 1 O 12 DSCP 4 traffic Yes 8 2 3 Services Figure 64 Policies Tab Configuration The Policies tab displays the existing policies in a table that contains the following columns of information ID The ID of the policy Description A description of the policy 178 Section Il Advanced Operations Section Il Advanced Operations AT S 63 Management Software Web Browser User s Guide Active Whether this policy is active on the switch An active policy is assigned to one or more switch ports An inactive policy is not assigned to any switch ports Traffic Class List The traffic classes assigned to the policy Ingress Port List The ingress ports to which the policy is assigned Click Create The Create Policy page opens as shown in Figure 65 ID Description 0 255 Remark DSCP DSCP Value NONE 0 63 Move ToS To Priority NO ei Send To Mirror Port NO ei Ingress Port List la a m 3 4 Redirect Port
193. iew Name parameter in the SNMPv3 View Table This parameter allows the users assigned to this Group Name to send traps permitted in the specified View This value does not need to be unique In the Security Model field enter an SNMP protocol Select one of the following SNMP protocols as the Security Model for this Group Name v1 Select this value to associate the Group Name with the SNMPv1 protocol v2c Select this value to associate the Group Name with the SNMPv2c protocol v3 Select this value to associate the Group Name with the SNMPv3 protocol In the Security Level field enter a security level Select one of the following security levels No Authentication Privacy This option represents neither an authentication nor privacy protocol Select this security level if you do not want to authenticate SNMP entities and you do not want to encrypt messages using a privacy protocol This option provides the least security Note If you have selected SNMPv1 or SNMPv2c N NoAuthNoPriv is the only security level you can select Authentication This option permits an authentication protocol but not a privacy Section Ill SNMP v3 Deleting an Access Table Section Ill SNMP v3 Entry 11 12 13 AT S63 Management Software Web Browser User s Guide protocol Select this security level if you want to authenticate SNMP users but you do not want to encrypt messages using a privacy protocol You can select
194. igning 56 defined 56 returning to 60 max age Rapid Spanning Tree Protocol RSTP 284 Spanning Tree Protocol STP 276 max hops Multiple Spanning Tree Protocol MSTP 297 max requests 359 max start 364 maximum multicast groups configuring 193 MCHECK 285 304 MDI MDIX mode 45 MSTI ID creating 298 deleting 300 modifying 299 MSTP See Multiple Spanning Tree Protocol MSTP multicast groups maximum configuring 193 multicast host topology configuring 192 multicast MAC address adding 77 deleting 79 displaying 74 multicast router ports configuring 193 multicast routers displaying 197 Multiple Spanning Tree Protocol MSTP bridge forwarding delay 296 bridge hello time 296 bridge max age 296 bridge settings configuring 294 configuration name 296 configuring 294 disabling 292 edge port 305 enabling 292 force version 296 max hops 297 parameters configuring 294 point to point port 304 port external path cost 304 port internal path cost 303 port parameters configuring 302 displaying 306 port priority 303 port status displaying 306 resetting to defaults 311 O operator access 28 operator password configuring 28 P password changing 28 piggyback mode 361 pinging 34 PKI certificates displaying 376 PKI certificates displaying 376 PKI See Public Key Infrastructure PKI point to point port Multiple Spanning Tree Protocol MSTP 304 Rapid Spanning Tree Protocol RSTP 286 policy configuring 178 deleting 182 18
195. ile Active Mgmt Protocols summer MD5 DES NonvVolatile Active Figure 101 SNMPv3 User Table Tab Monitoring Displaying View To display entries in the SNMPv3 View Table perform the following Table Entries Procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the SNMP tab The SNMP tab is shown in Figure 100 on page 259 3 Inthe SNMPv3 section click the button next to View View Table and then click View at the bottom of the tab 260 Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide The SNMPv3 View Table tab is shown in Figure 102 SNMPvs3 View Table Total Entries 6 Page 1 of 2 View Type Storage Type Row Status SubTree SubTree OID Mask 1 3 6 1 2 Excluded NonvVolatile View Name Mgmt Protocols 1 3 6 1 4 8 Included volatile O internet 1 3 6 1 Included NonvVolatile O directory 1 3 6 1 1 Included NonvVolatile O experimental CH Ii e Excluded NonVolatile Figure 102 SNMPv3 View Table Tab Monitoring Displaying Access To display entries in the SNMPv3 Access Table perform the following Table Entries Procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the SNMP tab The SNMP tab is shown in Figur
196. ime The classifier is deleted from the switch To permanently save your changes select the Save Config option in the Configuration menu Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide Displaying the Classifiers To display the classifiers perform the following procedure 1 From the Home page select Monitoring 2 From the Configuration menu select the Network Security or Services option The Classifier tab is accessible from both menu selections 3 Select the Classifiers tab The Classifiers tab is shown in Figure 44 Classifier No of Description No of Active References Se Associations Product Svr MAC add d 3 Priority 6 traffic d 4 IP traffic 2 2 Services 244 22 subnet 1 1 ARP traffic 0 0 Dst 244 25 traffic 1 1 VID 12 traffic 1 4 Figure 44 Classifier Tab Monitoring The Classifier tab displays a table of the currently configured classifiers that contains the following columns of information ID The ID number of the classifier Description A description of the classifier No of References The number of active and inactive ACLs and QoS policies to which the classifier is currently assigned An active ACL or QoS is assigned to at least one switch port while an inactive ACL or QoS policy is currently not assigned to any port If this column is 0O zero the classifier is not assigned to any ACLs or policies active or inactiv
197. ince no tokens are available for handling the increase If the traffic is below the maximum bandwidth unused tokens will accumulate in the bucket since the actual bandwidth falls below the specified maximum The unused tokens will be available for handling excess traffic should the traffic exceed the maximum bandwidth Should an increase in traffic continue to the point where all the unused tokens are used up packets will be discarded Unused tokens accumulate in the bucket until the bucket reaches maximum capacity set by this parameter Once the maximum capacity of the bucket is reached no extra tokens are added Note To use this parameter you must specify a maximum bandwidth using the Max Bandwidth parameter Specifying a token bucket size without also specifying a maximum bandwidth serves no function Priority Specifies the priority value in the IEEE 802 1p tag control field that traffic belonging to this traffic class is assigned Priority values range from 0 to 7 with O being the lowest priority and 7 being the highest priority Incoming frames are mapped into one of four Class of Service CoS queues based on the priority value If you want the packets to retain the new value when they exit the switch change the Remark Priority parameter to Yes If you specify a new user priority value here and in Flow Group the value in Flow Group overwrites the value here 173 Chapter 14 Quality of Service 174 Modifying a
198. ineering NonVolatile Mgmt Protocols luke testengineering NonVolatile jenny swengineering NonVolatile chitra testengineering NonVolatile debashis swengineering NonVolatile Figure 104 SNMPv3 SecurityToGroup Table Tab Monitoring Displaying Notify To display entries in the SNMPv3 Notify Table perform the following Table Entries Procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the SNMP tab The SNMP tab is shown in Figure 100 on page 259 3 Inthe SNMPv3 section click the button next to View Notify Table and then click View at the bottom of the tab Section Ill SNMP v3 263 Chapter 17 SNMPv3 The SNMPv3 Notify Table tab is shown in Figure 105 AT 9424T SP System Name Marketing MAC Addr 00 30 84 4B EF CD SNMPv3 Notify Table Total Entries 1 Page lof 1 Notify Name Notify Tag Notify Type Storage Type Row Status techpubsnotify tptag Inform Nonvolatile Active Mgmt Protocols Figure 105 SNMPv3 Notify Table Tab Monitoring Displaying Target To display entries in the SNMPv3 Target Address Table perform the Address Table following procedure Entries 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Se
199. instructions on selecting the active spanning tree refer to Enabling MSTP on page 292 Note When MSTP is enabled the GVRP tab is not shown on the Configuration or Monitoring Layer 2 page Configuring To configure MSTP parameters perform the following procedure MSTP 1 From the home page select Configuration Parameters 2 From the Configuration menu select the Layer 2 option 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 109 on page 272 4 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 121 294 Section IV Spanning Tree Protocols AT S63 Management Software Web Browser User s Guide Layer 2 Configure MSTP Parameters Force Version O Force STP Compatible MSTP Bridge Hello Time 1 10 2 Bridge Forwarding 4 30 A Configuration Name Configure CIST Parameters Bridge Max Age 6 40 20 Bridge Max Hops 1 40 20 Revision Level 0 255 CIST Priority 0 15 a 4096 32768 CIST MSTI Table MSTIs 1 Page lof 1 Ea CIST MSTIID VLAN Associations KA Section IV Spanning Tree Protocols Figure 121 Configure MSTP Parameters Tab Configuration Note This procedure explains the Configure MSTP Parameters section of the page The CIST MSTI Table is explained in Creating an MSTI on page 298 Modifying an MSTI on page 299 and Deleting an MSTI on page 300 The graphic image of the switc
200. ion file When the download is complete the switch resets ending your web browser management session Some network traffic may be lost during the reset process After the reset the switch operates with the parameter settings in the downloaded configuration file To continue managing the switch you must reestablish the management session 113 Chapter 9 File Downloads and Uploads Uploading a File 114 This procedure explains how to upload a file from the switch s file system to a TFTP server on your network using the web browser interface You can upload any of the following files UU UU Boot configuration file Public encryption key CA enrollment request Event log file Note the following before performing this procedure m You must use TFTP to upload a file from a web browser management session There must be a node on your network with the TFTP server software You should start the TFTP server before beginning the upload procedure The switch must have a routing interface on the local subnet from where it will reach the TFTP server The switch uses the IP address of the interface as its source address when sending packets to the TFTP server H the switch does not have an interface you can upload the file from a local management session on the switch using Xmodem The web browser interface does not support uploading a file from a compact flash memory card in the switch to a TFTP server That type o
201. is the default Broadcast Rate Use this parameter to set the broadcast rate limit in packets per second The range is 0 to 262148 The default is 262143 Unknown Unicast Rate Limiting Use this parameter to enable or disable unknown ingress unicast packet limits Possible settings are Enabled Unknown unicast packet ingress rate limiting is enabled To set the rate limit use the Unknown Unicast Rate parameter Disabled Unknown unicast packet ingress rate limiting is disabled This is the default Unknown Unicast Rate Use this parameter to set the unknown unicast rate limit in packets per second The range is 0 to 262148 The default is 262143 Multicast Rate Limiting Use this parameter to enable or disable ingress multicast packet limits Possible settings are Enabled Multicast packet ingress rate limiting is enabled To set the rate limit use the Multicast Rate parameter Disabled Multicast packet ingress rate limiting is disabled This is the default 47 Chapter 2 Port Parameters Multicast Rate Use this parameter to set the multicast rate limit in packets per second The range is 0 to 262143 The default is 262143 6 After entering the desired changes click Apply The switch activates the parameter changes on the port 7 To permanently save your changes select the Save Config option in the Configuration menu 48 Section Basic Operations AT S63 Management Software Web Browser User s Guide Displa
202. isabled Number of GARP PDUs discarded because the GARP application was disabled This counter is incremented when ports are added to or deleted from the GARP application arising from port movements in the underlying VLAN or STP Receive Discarded Port Not Listening Number of GARP PDUs discarded because the port that received the PDUs was not listening that is MODE NONE was set on the port Transmit Discarded Port Not Sending Number of GARP PDUs discarded because the port that the PDUs were to be transmitted on was not sending that is MODE NONE was set on the port Receive Discarded Invalid Port Number of GARP PDUs discarded because the port that received the PDU does not belong to the GARP application Receive Discarded Invalid Protocol Number of GARP PDUs discarded because the GARP PDU contained an invalid protocol Receive Discarded Invalid Format Number of GARP PDUs discarded because the format of the GARP PDU was not recognized Receive Discarded Database Full Number of GARP PDUs discarded because the database for the GARP application was full that is the maximum number of attributes for the GARP application is in use Receive GARP Messages LeaveAll Number of GARP LeaveAll messages received by the GARP application Transmit GARP Messages LeaveAll Number of GARP LeaveAll messages transmitted by the GARP application Receive GARP Messages JoinEmpty
203. isplayed on the Configuration menu NonvVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 Community Table After making changes to an SNMPv3 Community Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesis recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Community Table entry takes effect immediately 9 Click Apply to update the SNMPv3 Community Table 10 To permanently save your changes select the Save Config option in the Configuration menu Section Ill SNMP v3 257 Chapter 17 SNMPv3 Displaying SNMPv3 Tables 258 Displaying User Table Entries This section contains procedures to display the SNMPv3 Tables The following procedures are provided WS WS WS WS US WS WS Displaying User Table Entries next Displaying View Table Entries on page 260 Displaying Access Table Entries on page 261 Displaying SecurityToGroup Table Entries on page 262 Displaying Notify Table Entries on page 263 Displaying Target Address Table Entries on page 264 Displaying Target Parameters Table Entries on page 265 Displaying SNMPv3 Community Table Entries on page 266 To display entries in the SNMPv3 User Table perform the following procedure 1 3 From the Home page
204. itches support a flash card slot Note You cannot copy rename or delete files from a web browser management session Those tasks can be performed from the menus and command line interfaces To display a list of the system files stored in the switch s flash memory or on a compact flash card perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Utilities option 3 Select the File System tab The Flle System tab is shown in Figure 30 AT 9408LC SP a Flash O CompactFlash Network Security Default Configuration File boot Oo Exists Utilities Page 1of1 File Name Modified Attributes Disconnect 970172005 boot cfg Archive 10 32 40 05 07 1980 21 28 12 05 07 1980 21 33 20 Archive O flash boot cfg O eflash boot cfg Archive Figure 30 File System Tab Configuration 104 Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide The information in the tab is defined below Current Drives Specifies the location of the files displayed in the Current Files section of the tab The Flash option represents the switch s flash memory This is the default selection The Flash Card option only appears for those AT 9400 Switches that feature a flash card slot Default Configuration File Specifies the filename of the active configuration file
205. ityToGroup Page 5 Inthe Security Model field select the SNMP protocol that was configured for this User Name Choose from the following v1 Select this value to associate the Group Name with the SNMPv1 protocol 228 Section Ill SNMP v3 Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide v2c Select this value to associate the Group Name with the SNMPv2c protocol v3 Select this value to associate the Group Name with the SNMPv3 protocol In the Security Name field enter the User Name to be associated with a group Enter a User Name that you configured in Creating a User Table Entry on page 206 In the Group Name field enter a Group Name that you configured in the Access Table See Creating an Access Table on page 220 There are four default values for this field that are reserved for SNMPv1 and SNMPv2c implementations o defaultV1GroupReadOnly Oo defaultV1GroupReadWrite o defaultV2cGroupReadOnly Oo defaultV2cGroupReadWrite In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the SecurityToGroup Table After making changes to a SecurityToGroup Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonvVolatile Select this storage type if you want the ability to save an entry in the Securi
206. k Apply The management software notifies you when the upload is complete 115 Chapter 9 File Downloads and Uploads 116 Section Il Advanced Operations Chapter 10 Event Logs and Syslog Client Section Il Advanced Operations This chapter describes how to view switch activity by displaying and saving the contents of the event logs It also explains how to send events to syslog servers on your network by creating syslog output definitions Sections in the chapter include o Working with the Event Logs on page 118 o Working with Syslog Output Definitions on page 127 Note The event logs even when disabled log all AT S63 initialization events that occur when the switch is reset or power cycled Any switch events that occur after AT S63 initialization are entered into the logs only if the event log feature is enabled which is the default setting for this feature 117 Chapter 10 Event Logs and Syslog Client Working with the Event Logs 118 Enabling or Disabling the Event Logs The event logs contain event messages generated by a switch These events can provide vital information about the operation of the device and can help you identify and resolve network problems The information includes the time and date when an event occurred the event s severity the AT S63 module that generated the event and an event description The AT 9400 Switch has two event logs Both logs store the
207. l 42 Section Basic Operations Section Basic Operations AT S63 Management Software Web Browser User s Guide The Port Configuration page is shown Figure 7 rarer i Description ifName Status W Fon D Enabled se Speed and Duplex S MDIMDIX Crossover Auto Negotiate iv Auto M Ingress Broadcast Filter Egress Broadcast Filter Disabled v Disabled Ingress Unknown Unicast Filter Egress Unknown Unicast Filter Disabled Disabled v Ingress Unknown Multicast Filter Egress Unknown Multicast Filter Disabled Disabled v Flow Control Back Pressure Disabled Disabled Flow Control Back Pressure Limit HOL Blocking 7935 1 7935 Cells 682 0 8191 Cells Broadcast Rate Limiting Broadcast Rate Disabled v 262143 0 262143 Pkts Sec Unknown Unicast Rate Limiting Unknown Unicast Rate Disabled v 262143 0 262143 Pkts Sec Multicast Rate Limiting Multicast Rate Disabled v 262143 0 262143 Pkts Sec Figure 7 Port Configuration Page Note The Port Configuration page in the figure above is from a 10 100 1000 Mbps twisted pair port The page for a fiber optic port will contain a subset of the parameters If you are configuring multiple ports and the ports have different settings the Port Configuration page displays the settings of the lowest numbered port After you have configured the settings of the port all of its settings including those tha
208. lect Configuration 2 From the Configuration menu select the Layer 2 option The Layer 2 page opens with the MAC Address tab selected by default as shown in Figure 19 on page 74 3 Inthe MAC Address Aging Time field enter a new value in seconds The range is 0 to 1048575 seconds The default is 300 seconds 5 minutes The value 0 disables the aging timer If the aging timer is disabled inactive dynamic addresses are not deleted from the table and the switch stops learning new addresses after the table reaches maximum capacity 4 Click Apply The new MAC address aging time is activated on the switch 5 To permanently save your changes select the Save Config option in the Configuration menu 81 Chapter 5 MAC Address Table 82 Section Basic Operations Chapter 6 Static Port Trunks This chapter contains the procedure for managing static port trunks The sections in this chapter are Creating a Static Port Trunk on page 84 Modifying a Static Port Trunk on page 88 Deleting a Port Trunk on page 90 Displaying the Port Trunks on page 91 UU UU Note LACH trunks are not supported from the web browser interface Section I Basic Operations 83 Chapter 6 Static Port Trunks Creating a Static Port Trunk 84 b Caution Do not connect the cables of a port trunk to the ports on the switch until after you have configured the ports on both the switch and the remote devi
209. lect the SNMP Tab The SNMP tab is shown in Figure 100 on page 259 3 In the SNMPv3 section lick the button next to View Target Address Table and then click View at the bottom of the tab 264 Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide The SNMPv3 Target Address Table tab is shown in Figure 106 n Name Marketing r 00 30 84 AB EF CD SNMPv3 Target Address Table Total Entries 2 Page 1 of 2 Target Address Timeout snmpv3hostt 1500 Parameters Retries Mgmt Protocols snmpv3manager1 IP Address UDP Port Number 162 187 1 1 1 Storage Type Row Status NonVolatile Active Tag List testengtag swengtag Figure 106 SNMPv3 Target Address Table Tab Monitoring Displaying Target To display entries in the SNMPv3 Target Parameters Table perform the Parameters Table following procedure Entries 4 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the SNMP tab The SNMP tab is shown in Figure 100 on page 259 3 Inthe SNMPv3 section click the button next to the View Target Parameters Table and then click View at the bottom of the tab Section Ill SNMP v3 265 Chapter 17 SNMPv3 The SNMPv3 Target Parameters Table tab is shown in Figure 107 n Name Marketing r 00 30 84 AB EF CD SNMPv3 Target Parameters Table Total Entries 6 Page 1
210. lick Apply to activate your changes on the switch 4 To permanently save your changes select the Save Config option in the Configuration menu Section Basic Operations 27 Chapter 1 Basic Switch Parameters Changing the Manager and Operator Passwords 28 There are two levels of management access on the AT 9400 Switch manager and operator When you log in as a manager you can view and configure all of a switch s operating parameters When you log in as an operator you can only view the operating parameters you cannot change any values You log in as a manager or an operator by entering the appropriate username and password when you start an AT S63 management session The default password for manager access is friend The default password for operator access is operator Passwords are case sensitive To change the manager or operator password perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 2 Inthe Passwords section enter the new values The parameters are described below Manager Password Confirm Manager Password You use these parameters to change the manager s login password for the switch The password can be from 0 to 16 characters in length The same password is used for both local and remote management sessions To create a new password enter the new password
211. llowing o Manage the master switch O Select another switch in the list to manage O Select Logout to end your management session Section Basic Operations AT S63 Management Software Web Browser User s Guide Displaying the Enhanced Stacking Status To display the enhanced stacking status of the switch perform the following procedure 1 From the Home page select Monitoring 2 From the Monitoring menu select the Mgmt Protocols option 3 Select the Enhanced Stacking tab The Enhanced Stacking tab is shown Figure 13 AT 9424T SP Enhanced Stacking The current switch mode is Master Mgmt Protocols Figure 13 Enhanced Stacking Tab Monitoring The information in the tab states the current enhanced stacking status of the switch as master slave or unavailable Section Basic Operations 61 Chapter 3 Enhanced Stacking 62 Section Basic Operations Chapter 4 SNMPv1 and SNMPv2c Section Basic Operations This chapter explains how to activate SNMP management on the switch and how to create modify and delete SNMPv1 and SNMPv2c community strings This chapter contains the following procedures Enabling or Disabling SNMP Management on page 64 Creating a New SNMPv1 and SNMPv2c Community on page 66 Modifying an SNMPv1 and SNMPv2c Community on page 69 Deleting an SNMPv1 and SNMPv2c Community on page 70 Displaying the SNMPv1 and SNMPv2c Commu
212. lobal Server Timeout 1 60 ATI 30 second s Port e Ka IP Address 1 65535 Encryption Key 149 11 11 11 1812 s24aa 149 22 22 22 1812 s45nnn 0 0 0 0 1812 Not Defined Figure 163 RADIUS Client Configuration Page The upper portion of the page displays the following information Global Encryption Key The global encryption secret 396 Section VII Management Security Section VI Management Security AT S63 Management Software Web Browser User s Guide Global Server Timeout Specifies the maximum amount of time the switch waits for a response from a RADIUS server The lower portion of the page displays a table that contains the following columns of information Server Specifies the server number one of three IP Address Specifies the IP address of the RADIUS server Port Specifies the port of the RADIUS server Encryption Key Specifies the encryption key for that server This parameter is blank if the key is specified in the Global Encryption Key field 397 Chapter 26 TACACS and RADIUS Protocols 398 Section VII Management Security Chapter 27 Management Access Control List Section VII Management Security The management access control list ACL enhances security of the switch by restricting Telnet and web browser management access The sections in this chapter include Enabling or Disabling the Management ACL on page 400 Creating an ACE on page 402 Modifyin
213. lticast Rate 262143 Figure 9 Port Status Page For descriptions of the parameters refer to Configuring Port Parameters on page 42 Section Basic Operations AT S63 Management Software Web Browser User s Guide Displaying Port Statistics Section Basic Operations To display the statistics of a port perform the following procedure 1 From the Home page select Monitoring 2 From the Monitoring menu select the Layer 1 option The Layer 1 page is displayed with the Port Settings tab selected by default as shown in Figure 8 on page 49 The Port Setting tab displays a image of the front of the switch Ports with a valid link to an end node are green In the switch image click a port You can select only one port when displaying statistics A selected port turns white To deselect a port click it again Click Statistics The Port Statistics page is shown in Figure 10 __ Se EE Current Port 1 Total Ports Selected 1 Page lof 1 Bytes Received 62591 Bytes Sent 244962 Frames Received 571 Frames Sent 292 Broadcast Frames Received 358 Broadcast Frames Sent 4 Multicast Frames Received 45 Multicast Frames Sent 72 Frames 64 Bytes 211 Frames 65 127 Byte 348 Frames 128 255 Bytes 105 Frames 256 511 Bytes 33 Frames 512 1023 Bytes 19 Frames 1024 1518 Bytes 147 Frames 1519 1522 Bytes 0 Dropped Frames 0 CRC Error Jabber 6 No of Rx Errors 6 No of Tx Errors UnderSize Frames 0 OverSize Fram
214. ltiple Spanning Tree protocols SYSTEM Hardware status Manager and Operator log in and log off events TACACS TACACS authentication protocol TELNET TELNET TFTP Trivial File Transfer Protocol TIME System Time and SNTP VLAN Port based and tagged VLANs and multiple VLAN modes Section Il Advanced Operations AT S 63 Management Software Web Browser User s Guide Figure 34 shows an example of an event log in Normal mode Events view eebe O O Oo Date and Time 04 20 04 06 56 54 04 20 04 06 56 54 04 20 04 06 56 54 04 20 04 06 56 55 04 20 04 06 56 55 04 20 04 06 56 55 04 20 04 06 56 55 04 20 04 06 56 56 04 20 04 06 56 56 04 20 04 06 56 56 file File System initialized http Server reset to defaults ssh SSH server disabled cfg Configuration initialized tacacs TACACS initialized radius RADIUS initialized garp GARP initialized qos Number of Egress Queues setto 8 qos Priority 0 mapped to Egress Queue 0 qos Priority 1 mapped to Egress Queue 1 Section Il Advanced Operations Figure 34 Event Log Example Displayed in Normal Mode Severity The event s severity The severity codes and their corresponding The columns in the table are defined here severity level and description are listed in Table 2 Table 2 Event Severity Levels Severity Kai Code Severity Level Description Error Switch operation is severely impaired Warning An issue that may require net
215. matic v Figure 141 Security for Ports Page Configuration 348 Section VI Port Security Section VI Port Security AT S63 Management Software Web Browser User s Guide 4 From the Security Mode pull down menu select the desired port security level for the port Options are Automatic Disables MAC address based port security on a port This is the default setting Limited Allows you to specify a maximum number of dynamic source MAC addresses a port can learn After learning its maximum number of addresses a port discards all ingress frames with source MAC addresses not already learned When the Limited security mode is initially activated on a port all dynamic MAC addresses learned by the port are deleted from the MAC address table The port then begins to learn new addresses up to the maximum allowed After the port has learned its maximum number of addresses it does not learn any new addresses even when end nodes are inactive A dynamic MAC address learned on a port operating in the Limited security mode never times out from the MAC address table even when the corresponding end node is inactive Static MAC addresses are retained by the port and are not included in the count of maximum dynamic addresses You can continue to add static MAC addresses to a port operating with this security level even after the port has already learned its maximum number of dynamic MAC addresses A switch port can have up
216. mmunity Table Tab CGonftouraton 253 Figure 98 Add New SNMPv3 Community Page 253 Figure 99 Modify SNMPv3 Community Page 256 Figure 100 SNMP Tab Monitoring 0 cccccccceecceeeceeeeeeeeeceeeeeeeaaaeeeeeeeeseaaeseceeeeceaeeeseaeeseaeeeseaaeeseeeeessaeeeseneees 259 Figure 101 SNMPv3 User Table Tab Monitoring 260 Figure 102 Figure 103 Figure 104 Figure 105 Figure 106 Figure 107 Figure 108 Figure 109 Figure 110 Figure 111 Figure 112 Figure 113 Figure 114 Figure 115 Figure 116 Figure 117 Figure 118 Figure 119 Figure 120 Figure 121 Figure 122 Figure 123 Figure 124 Figure 125 Figure 126 Figure 127 Figure 128 Figure 129 Figure 130 Figure 131 Figure 132 Figure 133 Figure 134 Figure 135 Figure 136 Figure 137 Figure 138 Figure 139 Figure 140 Figure 141 Figure 142 Figure 143 Figure 144 Figure 145 Figure 146 Figure 147 Figure 148 Figure 149 Figure 150 Figure 151 Figure 152 Figure 153 Figure 154 Figure 155 Figure 156 AT S 63 Management Software Web Browser User s Guide SNMPv3 View Table Tab Monitoring 0 c ccccceceeeeeceeeeeeeeeeeaeeseeeeeeaaeeeeneeeeseaeeeeeeeeesiaaeeneneeeeaas 261 SNMPv3 Access Table Tab Monitoring ccccceceseeeeeeeeeeeeeeeeeeeeeeeaaeeseneeeesaaeeeeeeeeessaaeeeeaeeeeaes 262 SNMPv3 SecurityToGroup Table Tab Monttoring 263 SNMPv3 Notify Table Tab Monttorimg 264 SNMPv3 Target Address Table Tab Monitoring
217. more than one supplicant port at a time The selected port turns white Click Settings The Supplicant Parameters page is shown in Figure 146 T suppicant Parameters 20 Auth Period OU Max Start 3 User Name Held Period oo Start Period 30 User Password Figure 147 Supplicant Parameters Page 6 Configure the following parameters as needed Auth Period Specifies the period of time in seconds that the supplicant waits for a reply from the authenticator after sending an EAP Response frame The range is 1 to 300 seconds The default is 30 seconds 363 Chapter 23 802 1x Port based Network Access Control Held Period Specifies the amount of time in seconds the supplicant is to refrain from retrying to re contact the authenticator in the event the end user provides an invalid username and or password After the time period has expired the supplicant can attempt to log on again The range is 0 to 65 535 seconds The default value is 60 seconds Max Start Specifies the maximum number of times the supplicant sends EAPOL Start frames before assuming that there is no authenticator present The range is 1 to 10 The default is 3 Start Period Specifies the time period in seconds between successive attempts by the supplicant to establish contact with an authenticator when there is no reply The range is 1 to 60 The default is 30 User Name Specifies the username for the switch
218. mt Protocols 10650 Sunnyvale45 nelvid NonVolatile 10675 Fremont loan NonvVolatile 10725 Campbell98 frankk NonVolatile testenginform Figure 108 SNMPv3 Community Table Tab Monitoring Section Ill SNMP v3 267 Chapter 17 SNMPv3 268 Section Ill SNMP v3 Section IV Spanning Tree Protocols This section has the following chapters O Chapter 18 Spanning Tree and Rapid Spanning Tree Protocols on page 271 O Chapter 19 Multiple Spanning Tree Protocol on page 291 Section IV Spanning Tree Protocols 269 270 Section IV Spanning Tree Protocols Chapter 18 Spanning Tree and Rapid Spanning Tree Protocols This chapter explains how to configure the STP and RSTP parameters on an AT 9400 Series switch The sections in the chapter include o Enabling or Disabling a Spanning Tree Protocol on page 272 o Configuring STP on page 274 o Configuring RSTP on page 282 Section IV Spanning Tree Protocols 271 Chapter 18 Spanning Tree and Rapid Spanning Tree Protocols Enabling or Disabling a Spanning Tree Protocol To enable or disable spanning tree on the switch or to select the active spanning tree protocol perform the following procedure 1 From the Home page select Configuration 2 From the Configuration menu select the Layer 2 option 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 109 System Name Marketing
219. n It contains the following procedures Enabling MSTP on page 292 Configuring MSTP on page 294 Managing MSTIs on page 298 Configuring MSTP Port Parameters on page 302 Displaying the MSTP Configuration on page 306 WS ES ES US n Resetting MSTP to the Default Settings on page 311 291 Chapter 19 Multiple Spanning Tree Protocol Enabling MSTP The AT 9400 Switch can support the three spanning tree protocols STP RSTP and MSTP However only one spanning tree protocol can be active on the switch at a time So before you can enable a spanning tree protocol you must first select it as the active spanning tree protocol After you select it you can then enable or disable it To select MSTP as the active spanning tree protocol and to enable or disable it perform the following procedure Note Changing the active spanning tree protocol resets the switch 1 From the Home page select Configuration 2 From the Configuration menu select the Layer 2 option 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 120 292 AT 9424T SP Home Spanning system e L aert C Enable Spanning Tree gute ebe L Mgmt Security L Mgmt Protocols CE __Network Security Services EE Multicast Configure Spanning Tree Parameters Utilities Help E C toot Figure 120 Spanning Tree Tab Configuration Note If you do not want
220. n Settings page 282 to display the Spanning Tree tab 2 Toconfigure RSTP port settings click on the port in the switch image and click Modify You can select more than one port at a time The RSTP Settings Port s page is shown in Figure 116 Port Priority 0 15 Point To Point 8 16 128 Auto Detect Port Cost 0 200000000 Edge Port 0 0 Auto Update Yes M _ Enable Migration Check Figure 116 RSTP Settings Port s Page 3 Configure the following parameters as necessary Port Priority This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge The range is 0 to 240 in increments of 16 The default value is 8 priority value 128 For a list of the increments refer to Table 6 on page 278 Port Cost The spanning tree algorithm uses the cost parameter to decide which port provides the lowest cost path to the root bridge for that LAN The range is 0 to 20 000 000 The default setting is Automatic detect which sets port cost depending on the speed of the port Default values are 2 000 000 for 10 Mbps ports 200 000 for a 100 Mbps ports and 20 000 for one gigabit ports Enable Migration Check This parameter is displayed only when RSTP is enabled This parameter resets an RSTP port allowing it to send RSTP BPDUs When an RSTP bridge receives STP BPDUs on an RSTP port the port transmits STP BPDUs The RSTP port continues to transmit STP BP
221. n MS ME 298 diese ET HOER 299 Deleting an MST set een eagna eege eet tage a a aaa aa heh tease eateepeet Geet Seen 300 Configuring MSTP Port Parameters c cccccceeceeceeeeeeeeeeeeeeeceaaeeeeneeeceaeeeesaaeeseeaeeeeeaaeseeaeeesaaeeseaeeeseeeeeesaaeeniees 302 Displaying the MSTP Configuration cccccccceeeeceeeeeeeeececeeeeeeeeeeceaaeeeeaeeeecaaeeeeeeeeeseaaeeseaeeeesaeeeeeeeeseceeeeeeetee 306 Resetting MSTP to the Default Settings 0 ecccceceeceeceeeeeeenee eects eeeeae sees eeeeaaeeseaeeesaaaeeseeeeseaaeseeneeesnaeeseeeeeees 311 Section V Virtual LANS EEN E Chapter 20 Port based and Tagged VLANS 315 Creating a New Port Based or Tagged VLAN ssesssssseessseesesssiessiississsirsstrnsttrntttnntntntnuntnnnstnnnstnnnstnnnsnnnnnnn nnn 316 Moditying a VLAN sss 3 eerie nee al eek ye Ae e Abas ee Ae ee eased Waa Geant yee ae 321 Deleting a VLAN EE 323 Selecting a VLAN MOC EE 324 Displayirigi VEANS cts dna Ati aed metab eaten tare atin ities atid alee ata ae et 326 AT S 63 Management Software Web Browser User s Guide Chapter 21 GARP VLAN Registration Protocol A 331 eine ist Ee EE 332 Enabling or Disabling GVRP On a Port 334 Displaying the GVRP Configuration ccceeeceeseeeeeceeeeceeeecaaeeeeeeeeeceaaeeeeeeeeseaaeeseeeeeesaaaeseeeeeessaeeseneeesiaeeesenes 335 Displaying the GVRP Port Configuration 0 0 eee eect eee eens cere enaeeeaaeeeaeeeeesseeeseaaesnaeesaeeseeseeesseeeseeeeeaee 336 Displaying the GVRP Datab
222. n page 161 OQ 000 153 Chapter 13 Class of Service Configuring CoS This procedure sets the Class of Service priority level for ingress untagged packets on a port The priority level dictates which priority queue the packets are stored in on the egress port In the default settings ingress untagged packets on a port are assigned a priority level of 0 and are stored in egress queue Q1 on the egress port This procedure also overrides the priority level in tagged ingress packets To adjust the mappings of priority levels to egress queues refer to Mapping CoS Priorities to Egress Queues on page 156 To change the CoS priority level on a port perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Services option The Services page is displayed with the CoS tab selected by default as shown in Figure 50 Services Figure 50 CoS Tab Configuration 3 Select the ports whose CoS settings are to be configured and click Modify 154 Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide The CoS Setting for Port page is shown in Figure 51 Override Priority No No Override Priority Figure 51 CoS Setting for Port Page Use the Priority list to select a new Class of Service priority level for the port The default is level 0
223. n select this value if you configured the Security Model parameter with the SNMPv3 protocol 247 Chapter 17 SNMPv3 Deleting a Target Parameters Table 248 Entry 10 11 12 In the Storage Type parameter select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Target Parameters Table After making changes to a Target Parameters Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonVolatile Select this storage type if you want the ability to save an entry in the Target Parameters Table After making changes to a Target Parameters Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesis recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Target Parameters Table entry takes effect immediately Click Apply to update the SNMPv3 Target Parameters Table To permanently save your changes select the Save Config option in the Configuration menu To delete an entry in the SNMPv3 Target Parameters Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26
224. n the switch functioning as the root bridge and change its bridge priority value After you have made the desired changes click Apply To permanently save your changes select the Save Config option in the Configuration menu To configure STP port parameters perform the following procedure 1 Perform steps 1 to 4 in Configuring STP Bridge Settings on page 274 to display the Spanning Tree tab To configure a port s STP settings click on the port in the switch image and click Modify You can select more than one port at a time The STP Settings Port s page is shown in Figure 111 ams roi O OOOO Port Priority 0 15 Port Cost 0 65535 8 16 128 0 0 Auto Update Figure 111 STP Settings Port s Page Configure the following parameters as necessary Port Priority This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge The range is 0 to 240 in increments of 16 The default value is 8 priority value 128 For a list of the increments refer to Table 6 on page 278 277 Chapter 18 Spanning Tree and Rapid Spanning Tree Protocols Table 6 Port Priority Value Increments Increment Bdge Increment Bridge Priority Priority 0 0 8 128 1 16 9 144 2 32 10 160 3 48 11 176 4 64 12 192 5 80 13 208 6 96 14 224 7 112 15 240 Port Cost The spanning tree algorithm us
225. ned to the ACL Port List The port assignments of the ACL To create a new ACL click Create The Create ACLs page is displayed as shown in Figure 46 ID Description 0 255 Classifier List Port List 1 11 a S 2 3 d v Action DENY sl Figure 46 Create ACLs Page Configure the following parameters ID Use this field to enter an ID number for the ACL Every ACL on the switch must have a unique ID number The range is 0 to 255 Classifier List Use the list to select the classifier to be assigned to the ACL You can assign more than one classifier to an ACL To select multiple classifiers hold down the Ctrl key while making your selections To view the classifiers on a switch refer to Displaying the Classifiers on page 143 An ACL must have at least one classifier 147 Chapter 12 Access Control Lists 148 Action Use this menu to specify the action of the ACL An action of Permit means the port accepts the packets that meet the criteria of the classifiers assigned to the ACL An action of Deny means the port discards the packets unless the packets also match the criteria of a Permit ACL in which case the packets are accepted by the port because a Permit ACL overrides a Deny ACL Description Use this field to enter a description for the ACL A description can be up to 15 alphanumeric characters including spaces A description is optional Port List Use this list to specify the por
226. ng storage options for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the User Table After making changes to an User Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonVolatile Select this storage type if you want the ability to save an entry in the User Table After making changes to an User Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesis recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 User Table entry takes effect immediately Click Apply to update the SNMPv3 User Table To permanently save your changes select the Save Config option in the Configuration menu To delete an entry in the SNMPv3 User Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 209 Chapter 17 SNMPv3 Modifying a User 210 Table Entry In the SNMPv3 section click the button next to Configure User Table and then click Configure The SNMPv3 User Table tab is shown in Figure 76 on page 207 Click the button next to the User Ta
227. nities on page 71 Odo 0 63 Chapter 4 SNMPv1 and SNMPv2c Enabling or Disabling SNMP Management To enable or disable SNMP management on the switch perform the following procedure 1 From the Home page select Configuration 2 From the Configuration menu select the Mgmt Protocols option 3 Select the SNMP tab The SNMP tab is shown in Figure 14 AT 9424T SP Enable SNMP Access Mgmt Protocols Enable Authentication Failure Trap SNMPv1 amp SNMPv2ce SNMPv3 Configure User Table Configure View Table O Configure Access Table O Configure Notify Table Configure Community Table Configure SNMPv1 amp SNMPv2c Communities SNMP Engine ID 80 00 00 CF 03 00 30 84 AB EF CD Configure SecurityToGroup Table Configure Target Address Table O Configure Target Parameters Table Figure 14 SNMP Tab Configuration 4 Click the Enable SNMP Access checkbox to enable or disable SNMP management A check in the box indicates the feature is enabled meaning the switch can be managed from an SNMP management station No check indicates the feature is disabled The default is disabled 64 Section Basic Operations Section Basic Operations 5 AT S63 Management Software Web Browser User s Guide If you want the switch to send authentication failure traps click the Enable Authentication Failure Traps che
228. o download a new AT S63 image file into the switch s application block enter APPBLOCK as the filename For the TFTP File Type parameter select one of the following Image Select this option to download a new AT S63 image file directly into the application block portion of flash memory of the switch so that the device immediately uses it as its active image file Config Select this option to download a configuration file that the switch is to immediately employ as its new active boot configuration file File Select this option to download a file to the file system such as a CA certificate or a boot configuration file that is not to be designated as the active boot configuration file Click Apply The management software notifies you after the download is complete A Caution When you download a new AT S63 image file to the switch s application block the file is written to flash memory This can require one to two minutes to complete Do not reset or power off the unit After the file has been written to flash the switch automatically resets ending your web browser management session Some network traffic may be lost during the reset process To continue managing the switch you must reestablish the management session after the reset process is completed Note When you download a configuration file using the Config selection the file is automatically designated as the switch s new active configurat
229. of 2 Security Security Security Row Model Name Level Storage Type Status Message Params Name Processing Model manager50 v3 jenny AuthPriv NonVolatile Active snmpmanager65 v3 murthy AuthPriv Nonvolatile Active Mgmt Protocols snmpmanager 5 v3 teresa AuthPriv Nonvolatile Active snmpv3manager1 20 v3 hoa AuthNoPriv NonVolatile Active snmpv3manager220 v3 luke AuthNoPriv NonVolatile Active Figure 107 SNMPv3 Target Parameters Table Tab Monitoring Displaying To display entries in the SNMPv3 Community Table perform the following SNMPy3 __ Procedure Community 4 From the Home page select Monitoring Table Entries The Monitoring System page is displayed with the General tab selected by default as shown in Figure 5 on page 38 2 Select the SNMP tab The SNMP tab is shown in Figure 100 on page 259 3 In the SNMPv3 section click the button next to View Community Table and then click View at the bottom of the tab 266 Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide The SNMPv3 Community Table tab is shown in Figure 108 AT 9424T SP SNMPv3 Community Table Total Entries 5 Page 1 of 2 Community Security Transport Name Name Tag testengtag testenginform 10555 SanJose78 ross testenginform NonVolatile swengtag swenginform hwengtag hwenginform testengtag Community Index Storage Type 10456 SantaClara5 tomas Nonvolatile Mg
230. of frames exceeding the maximum specified by IEEE 802 3 1518 bytes including the CRC received on the port Fragments Number of undersized frames frames with alignment errors and frames with frame check sequence FCS errors CRC errors received on the port TXCollisions Number of transmit collisions Section Basic Operations AT S 63 Management Software Web Browser User s Guide 5 To clear all the counters for the port click Clear To clear the counters for all ports on the switch click Clear All The Clear and Clear All buttons are only available when you log on as a manager They are not available when you log on as an operator Section Basic Operations 53 Chapter 2 Port Parameters Resetting a Port to the Default Settings 54 To reset a port to the default settings perform the following procedure 1 2 From the Home page select Configuration From the Configuration menu select the Layer 1 option The Layer 1 page is displayed with the Port Settings tab selected by default as shown in Figure 6 on page 42 In the switch image click a port to be returned to the default settings The selected port turns white You can reset more than one port at a time To deselect a port click it again Click Modify To configure all of the ports click Modify All The Port Configuration page is displayed as shown Figure 7 on page 43 Click Defaults The port s are returned to the default setting
231. ols View SNMPv1 amp SNMPv2c Communities SNMPv3 SNMP Engine ID 80 00 00 CF 03 00 30 84 AB EF CD View User Table O View View Table O view Access Table Oview SecurityToGroup Table O View Notify Table O View Target Address Table Oview Target Parameters Table O View Community Table Figure 17 SNMP Tab Monitoring Section Basic Operations 71 Chapter 4 SNMPv1 and SNMPv2c 4 Inthe SNMPv1 amp SNMPv2c section click View The SNMPv1 amp SNMPv2c Communities tab is shown in Figure 18 SNMP v1 v2c Communities Total Entries 7 Page 1 of 2 Community Access Name Mode Manager Stations 196 1 1 1 atis4sunnyvale Read WWrite 198 12 19 1 198 12 20 1 198 12 19 1 198 12 20 1 bothell99 Read Only 196 1 1 1 Mgmt Protocols miami 7 Read Only milan Read Only 198 10 10 10 198 10 10 11 Figure 18 SNMPv1 A SNMPv2c Communities Tab Monitoring The columns in the table are defined here Community Name The name of a community string Access Mode The access mode of a community string A string with a Read Only access mode permits the viewing of the MIB objects on the switch A string with a Read Write access mode permits both viewing and changing the SNMP MIB objects Manager Stations The IP addresses of management workstations permitted to use a string with a closed access status Trap Receivers The IP addresses of trap receivers to receive trap
232. on 2 From the Configuration menu select the Network Security option 3 Select the ACL tab The ACL tab is shown in Figure 45 AT 9424T SP 5 em Name Marketing C Addr 00 30 84 4B EF CD C Lei Description Action Classifier List Port List Product Svr Permit 20 21 L Mgmt Security 244 22 no Protocols am vg W permit Network Security IP traffic Deny 44 15 20 21 deny i IP trafic Permit utilities Sales Figure 45 ACL Tab Configuration The Current ACL s section of the tab displays a table of the existing ACLs The table has the following columns of information ID The ID number of the ACL Description A description of the ACL Action The ACL action of Permit or Deny An action of Permit means the port Section Il Advanced Operations Section Il Advanced Operations 4 AT S63 Management Software Web Browser User s Guide accepts the packets that meet the criteria of the classifiers assigned to the ACL An action of Deny means the port discards the packets unless the packets also match the criteria of a Permit ACL in which case the packets are accepted by the port because a Permit ACL overrides a Deny ACL Active Whether or not the ACL is active A status of Yes means that the ACL is assigned to at least one port on the switch A status of No means the ACL is not assigned to any ports and therefore is inactive Classifier List The classifiers assig
233. on perform the following procedure 1 2 From the Home page select Monitoring From the Monitoring menu select the Layer 2 option Select the GVRP tab The GVRP tab is shown in Figure 134 meer over Parameters GVRP is Disabled GIP is Enabled ___Momt Security Leave Time Leave All Time 60 CentiSeconds 1000 CentiSeconds __Mgmt Protocols DEES Multicast View GVRP Parameters Utilities View Port Configuration O View GVRP Counters Help View GVRP Database View GIP Connected Ports Ring C toot O View GVRP State Machine for VLAN Figure 134 GVRP Tab Monitoring The GVRP Parameters section provides the following information GVRP The GVRP status Enabled or Disabled Leave Time The range is 30 to 80 centiseconds and the default is 60 centiseconds Join Time The range is 10 to 60 centiseconds and the default is 20 centiseconds GIP The GIP status Enabled or Disabled Leave All Time The range is 500 to 300 centiseconds and the default is 1000 centiseconds 335 Chapter 21 GARP VLAN Registration Protocol Displaying the GVRP Port Configuration To display the GVRP port configuration perform the following procedure 1 2 336 From the Home page select Monitoring From the Monitoring menu select the Layer 2 option Select the GVRP tab The GVRP tab is shown in Figure 134 on page 335 In the View GVRP Parameters section click View Port Config
234. on key ID of the server key Server Key Expiry Time Length of time in hours until the server key is regenerated The default is 0 hours which means the server key is not regenerated Login Timeout Time in seconds until a SSH server is released from an incomplete connection with a SSH client Authentication Available Authentication method available Currently password authentication is the only supported method Ciphers Available SSH ciphers that are available on the switch MAC s Available Message Authorization Code MAC that is used to validate incoming SSH messages to the server Two algorithms are supported Data Compression Whether or not data compression is available on the switch Data compression is useful for networks that have a slow throughput speed 385 Chapter 25 Secure Shell SSH 386 Section VII Management Security Chapter 26 TACACS and RADIUS Protocols Section VII Management Security This chapter contains instructions on how to configure the authentication protocols This chapter contains the following procedures m 02 a 0 Enabling or Disabling TACACS or RADIUS on page 388 Configuring the TACACS Client Settings on page 390 Displaying the TACACS Client Settings on page 392 Configuring the RADIUS Client Settings on page 394 Displaying the RADIUS Client Settings on page 396 387 Chapter 26 TACACS and RADIUS Protocols Enabling or Disabling
235. option in the Configuration menu delete an MSTI perform the following procedure From the home page select Configuration From the Configuration menu select the Layer 2 option Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 109 on page 272 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 121 on page 295 In the CIST MSTI Table section of the tab click the button next to the MSTI to be deleted You can only delete one MSTI at a time Click Remove Section IV Spanning Tree Protocols Section IV Spanning Tree Protocols AT S63 Management Software Web Browser User s Guide 7 A confirmation prompt is displayed 8 Click OK to delete the MSTI or Cancel to cancel the procedure If you select OK the MSTI is deleted and VLANs associated with it are returned to CIST which has an ID of 0 9 Repeat steps 5 to 8 to delete additional MSTIs 10 To permanently save your changes select the Save Config option in the Configuration menu 301 Chapter 19 Multiple Spanning Tree Protocol Configuring MSTP Port Parameters To configure MSTP port parameters perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Layer 2 option 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 120 on page 292 4 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 121 on page 295
236. or Parameters Page ssesesssssessesrrnesssrrnessnnnnnestnnnnsettnnnnnttnnnennnnannnnnnnnnnntennneatnnnnennnne 358 Supplicant Parameters Page 363 802 1x Port Access Tab Momtoring ervorreaiini iania a a ae 365 Port Access Port Status Page gaia aada ae aae aeania aaaea nie iE 366 Authenticator Port Parameters Page 367 Supplicant Port Parameters Page ccccccccceecceeeeeeceneeeeeeeeeceaaeeeeeeeeesaeeeseaeeesaaeeseaaeeeecaeeeeeaeeeeeas 368 Keys Tab MOnmtOring reniei ei aa ia ar a i e i a iaa 374 PRI Tab MOntOrNO reia a a Ea a a a a 376 X509 Certificate Details Page cececceceseeeeeeeeeeeeeeeeeeeeeeeaaeeeceeeesaaeeeeaaeeseeaeeeeaaeeeseeessaeeeeeneeess 377 SSE Tab Monitoring A arenero daia iadaaa aa aaa dada nador aaa stadi dee deed BEE 379 Secure Shell Tab Configuration sseessessseesssesssessessstrssrnsstrnstnnnesnnetnnnetnnntnnnsnnenstensnnnsnnnnnents 382 11 Figures Figure 157 Figure 158 Figure 159 Figure 160 Figure 161 Figure 162 Figure 163 Figure 164 Figure 165 Figure 166 Figure 167 Secure Shell Tab Monitoring 384 Server based Authentication Tab Confiouratton 388 TACACS Client Configuration Page ccccccceeeeeeeseececeeeeeeaeeeeeeeeseaaeeeeeeeeeeaeeseeeeeesaaeeseneeeeaees 390 Server Based Authentication Tab Monitoring 392 TACACS Client Configuration Page ccccccecceceeseseeceeneeeeeeeeeeeeeeesaaeeseeeessaaeeseeeeessaaeeseneeeeaees 393 RADIUS Client Configur
237. or the bridge This number is used in determining the root bridge for RSTP The bridge with the lowest priority number is selected as the root bridge If two or more bridges have the same priority value the bridge with the numerically lowest MAC address becomes the root bridge When a root bridge goes off line the bridge with the next priority number automatically takes over as the root bridge This parameter can be from 0 zero to 61 440 in increments of 4096 with 0 being the highest priority For a list of the increments refer to Table 5 on page 276 283 Chapter 18 Spanning Tree and Rapid Spanning Tree Protocols 284 Bridge Hello Time The time interval between generating and sending configuration messages by the bridge This parameter can be from 1 to 10 seconds The default is 2 seconds Bridge Forwarding The waiting period before a bridge changes to a new state for example becomes the new root bridge after the topology changes If the bridge transitions too soon not all links may have yet adapted to the change possibly resulting in a network loop The range is 4 to 30 seconds The default is 15 seconds This setting applies only to ports running in the STP compatible mode Bridge Max Age The length of time after which stored bridge protocol data units BPDUs are deleted by the bridge All bridges in a bridged LAN use this aging time to test the age of stored configuration messages called bridge protocol data units BPDUs
238. oring From the Monitoring menu select Network Security Select the 802 1x Port Access tab The 802 1x Port Access tab is shown in Figure 148 Network Security Section VI Port Security AT 9424T SP Port Access Parameters Port Access is Disabled Authentication Method RADIUS EAP RADIUS Accountin Accounting Disabled Port Number 1813 Accounting Update Disabled Trigger Type Star_Stop Type Network Update Interval 60 Figure 148 802 1x Port Access Tab Monitoring The image of the switch displays the roles of the ports An A indicates an authenticator port and an S a supplicant port A black port has not been assigned a port role and is not participating in port based access control This is the default setting for a port 365 Chapter 23 802 1x Port based Network Access Control 366 4 To see the status of the port click the port and click Status You can display the status of more than one port at a time The Port Access Port Status page is shown in Figure 149 Total Ports 1 Page lof 1 Port Role Status Additional Info Authenticator Figure 149 Port Access Port Status Page The Port Access Port Status page displays a table that contains the following columns of information Port Port number Port Role Port access role configured for the port The possible settings are None Authenticator or Supplicant Stat
239. ort External Path Cost The port cost of the port if the port is connected to a bridge which is a member of another MSTP region or is running STP or RSTP The range is 0 to 200 000 000 Table 9 on page 304 lists the MSTP port costs with the Auto setting when the port is not a member of a trunk Table 9 MSTP Auto External Path Costs Port Speed Port Cost 10 Mbps 2 000 000 100 Mbps 200 000 1000 Mbps 20 000 Section IV Spanning Tree Protocols Section IV Spanning Tree Protocols AT S63 Management Software Web Browser User s Guide Table 10 lists the MSTP port costs with the Auto setting when the port is part of a port trunk Table 10 MSTP Auto External Path Trunk Costs Port Speed Port Cost 10 Mbps 20 000 100 Mbps 20 000 1000 Mbps 2 000 Edge Port This parameter defines whether the port is functioning as an edge port The possible settings are Yes and No For an explanation of this parameter refer to Point to Point and Edge Ports in Chapter 22 Spanning Tree and Rapid Spanning Tree Protocols in the Al GG Management Software Features Guide After configuring the parameters click Apply To permanently save your changes select the Save Config option in the Configuration menu 10 Repeat this procedure to configure the MSTP parameters for other switch ports 305 Chapter 19 Multiple Spanning Tree Protocol Displaying the MSTP Configuration To display t
240. osts cccsccccssseccsseceeneeeesenececeeeeesaeeeseasecscaeesscaaeeeseaeesceneeeseaeseaeeeseaeesseueesesneeeseneeees 304 Table 10 MSTP Auto External Path Trunk Costs ecceeceeseeseeeeneeeeeeeeaeeeaeeeseeeeaeeeeeeseaeesaeesaaeesaeeseeeenaeseaeeseeeneeseieesineenaees 305 Table 11 GVRP State Machine Parameters AAA 338 sPable2 GVBRP Oberehe e cooks het Ee ee ee ee 341 13 Tables 14 Preface This guide contains instructions on how to manage the AT 9400 Layer 2 and Basic Layer 3 Gigabit Ethernet Switches from the web browser windows in the AT S63 Management Software This preface contains the following sections WS WS WS WS 0 How This Guide is Organized on page 16 Product Documentation on page 18 Where to Go First on page 19 Starting a Management Session on page 19 Document Conventions on page 20 Contacting Allied Telesis on page 21 Note The web browser windows do not support all of the management functions of the AT 9400 Switch Those management tasks not supported by this interface can be performed from the menus or the command line Caution The software described in this documentation contains certain cryptographic functionality and its export is restricted by U S law As of this writing it has been submitted for review as a retail encryption item in accordance with the Export Administration Regulations 15 C F R Part 730 772 promulgated by the U S D
241. otal Ports Selected 3 Page 1of 1 Security Mode Intruder Action Participating MAC Limit 2 Limited Send Trap Only Yes 3 Limited Send Trap Only Yes 4 Limited Send Trap Only Yes Figure 143 Security for Port s Page Section VI Port Security 351 Chapter 22 MAC Address based Port Security The Security for Ports page displays a table that contains the following columns of information Port The number of the port Security Mode The active security mode on the port The possible settings are Automatic Limited Secured and Locked Intruder Action The column specifies the action taken by the switch if a port receives an invalid packet The possible settings are Discard The port discards invalid packets This is the default Trap The port discards invalid packets and sends a trap This action applies only to the Limited security mode Trap Disable The port discards invalid packets sends a trap and disables the port This action applies only to the Limited security mode Note The Participating and MAC Limit parameters only apply the Limited security level Participating This column only applies when the intrusion action for a port is set to trap or disable This option does not apply when intrusion action is set to No Action discard If this option is set to No when intrusion action is set to trap or disable the port discards invalid packets but it does not send a trap or disable the port
242. ottom of the tab Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide The SNMPv3 Target Address Table tab is shown in Figure 91 SNMPv3 Target Address Table Total Entries 20 Page 20 of 20 Target Address Timeout snmpv3hosti 00 2500 Parameters Retries 7 Mgmt Protocols snmpv3manager1 D I IP Address UDP Port Number 194 1 1 1 162 Storage Type Row Status NonVolatile Active Tag List hwengtag swenttag testengtag Figure 91 SNMPv3 Target Address Table Tab Configuration 4 Click Add The Add New SNMPv3 Target Address page is shown in Figure 92 T had New SNMPV3 Target Address Target Address Name gt snmpv3host50 IP Address gt 192 1 1 1 UDP Port Number 162 Timeout 11500 Retries HK Tag List gt swengtag hwengtag Target Parameters gt snmpv3manager50 Storage Type Volatile k Row Status Active Figure 92 Add New SNMPv3 Target Address Page 5 Inthe Target Address Name field enter the name of the SNMP manager or host that manages the SNMP activity on your switch Section Ill SNMP v3 239 Chapter 17 SNMPv3 240 10 11 12 You can enter a name of up to 32 alphanumeric characters In the IP Address field enter the IP address of the host Use the following format for an IP address XXX XXX XXX XXX In the UDP Port Number field enter a UDP port num
243. ou started the session To select a switch in an enhanced stack to manage perform the following procedure 1 From the home page of the master switch select Enhanced Stacking Note If the Home page does not have an Enhanced Stacking menu option the switch s enhanced stacking status is either slave or unavailable For instructions on how to change a switch s stacking status refer to the previous procedure To discover the switches in the stack the master switch sends a broadcast packet out the ports of its local interface and monitors the interface for the responses from the switches It displays the results in the Stacking Switches page An example is shown in Figure 12 AT 9424T SP Stacking Switches Total Switches 12 Page 1 of 2 Mac Addr Name Software Switch Version Model 00 00 00 A4 BB CD 00 30 80 00 4D 34 00 30 84 52 02 60 SV Users 8 00 30 84 54 4B 00 00 30 84 54 F 5 80 00 30 84 F3 B4 00 S V_USERS_4 00 30 84 F3 B4 20 S _USERS_2 00 30 84 F3 B5 00 SV_USERS_5 00 30 84 F3 B6 20 S V_USERS_3 00 30 84 F3 C9 40 S V_USERS_ 563 v2 0 0 AT 9448T SP 63 v2 0 0 AT 9448T SP 563 v2 0 0 AT 9448T SP 63 v2 0 0 AT 9424T SP 63 v2 0 0 AT 9424T SP 39 v3 2 0 AT 8026T 39 v3 2 0 AT 8026T 63 v1 2 0 AT 9424T SP 63 v1 2 0 AT 9424T SP 63 v1 2 0 AT 9424T SP OOOOOOOOOe Figure 12 Stacking Switches Page 58 Section Basic Operations Section Basic
244. ou want to continue managing the unit probably from a local management session As mentioned at the start of this procedure returning a switch to is default settings does not alter the contents of the active boot configuration file To return the file to the default settings you must save the current switch settings after you establish a new management session with the switch Otherwise the switch returns to its previous parameter settings the next time you reset or power cycled the unit 36 Section Basic Operations AT S 63 Management Software Web Browser User s Guide Displaying the IP Address of the Local Interface Section Basic Operations This procedure displays the IP address and subnet mask of the local interface on the switch The local interface is used for enhanced stacking and remote management of the switch with a Telnet or SSH client or a web browser You cannot configure the local interface from the web browser interface For that you must use the menus interface or the command line interface To view the IP address and subnet mask of the local interface perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 This procedure discusses the parameters in the IP Configuration section of the web page Obtain IP Address from The options in this section indicate the source of the IP
245. page 204 In the SNMPv3 section click the button next to Configure View Table and then click Configure at the bottom of the tab The SNMPv3 View Table tab is shown in Figure 79 on page 215 Click the button next to the SNMPv3 View Table entry to be changed and then click Modify The Modify SNMPv3 View page is shown in Figure 81 eegener View Name mgmt Subtree OID 1 3 6 1 2 Subtree Mask View Type Included Storage Type NonVolatile v Row Status Active 5 6 Figure 81 Modify SNMPv3 View Page In the Subtree Mask field enter a subtree mask in hexadecimal format This is an optional parameter that is used to further refine the value of the Subtree OID parameter The Subtree OID parameter defines a MIB View and the Subtree Mask parameter further restricts a user s view to a specific the column and row of the MIB View The value of the Subnet Mask parameter is dependent on the subtree you select For example if you configure the View Subtree parameter as MIB ifEntry 0 3 it has the following value 1 31621 2 1 2 2 15003 To restrict the user s view to the third row all columns of the MIB ifEntry 0 3 enter the following value for the Subtree Mask parameter ff bf In the View Type field enter one of the following view types Section Ill SNMP v3 Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide Included Enter this value to permit
246. page 277 Displaying the STP Settings on page 278 UU UU Resetting STP to the Default Settings on page 280 uN Caution The bridge provides default STP parameters that are adequate for most networks Changing them without prior experience and an understanding of how STP works might have a negative effect on your network You should consult the IEEE 802 1d standard before changing any of the STP parameters Configuring STP To configure STP bridge settings perform the following procedure Bridge Settings 1 From the Home page select Configuration 2 From the Configuration menu select the Layer 2 option 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 109 on page 272 4 Click Configure 274 Section IV Spanning Tree Protocols AT S63 Management Software Web Browser User s Guide The Configure STP Parameters tab is shown in Figure 110 Layer 2 Configure STP Parameters Bridge Priority 0 15 Bridge Max Age 6 40 8 2 4096 32768 20 Bridge Hello Time 1 10 Bridge Identifier 00 21 46 47 84 43 15 Root Bridge Bridge Forwarding 4 30 00 21 46 A7 B4 43 Root Priority 32768 Section IV Spanning Tree Protocols Figure 110 Configure STP Parameters Tab Configuration Note The Defaults button returns all STP settings to the default settings Configure the following parameters as necessary Bridge Priority
247. peatedly on a port toggles the port through the following possible settings Untagged port Wa Tagged port ai gged p EI Port is not a member of the VLAN 7 Click Apply 321 Chapter 20 Port based and Tagged VLANs Note Untagged ports added to a VLAN are automatically removed from their current untagged VLAN assignment Untagged ports removed from a VLAN are returned to the Default_VLAN Removing an untagged port from the Default_VLAN without assigning it to another VLAN leaves the port as an untagged member of no VLAN The modified VLAN is now ready for network operations 8 To permanently save your changes select the Save Config option in the Configuration menu 322 Secton V Virtual LANs Deleting a VLAN AT S63 Management Software Web Browser User s Guide Secton V Virtual LANs This procedure deletes port based and tagged VLANs from the switch Note the following before performing this procedure o You cannot delete the Default_VLAN o You cannot delete a VLAN if it has a routing interface You must delete the routing interface first Deleting an interface is not supported from the web browser interface That management function must be performed from the menus or command line interface o All untagged ports in a deleted VLAN are returned to the Default_VLAN as untagged ports o Static addresses assigned to the ports of a deleted VLAN become obsolete and should be deleted from the MAC addres
248. pecifies the application the management station can use to manage the switch You can select more than one by holding down the Shift key when making the selections The options are Telnet Allows Telnet management Web Allows web browser management Ping Allows the management workstation to ping the switch All Allows all of the above Click Apply The new ACE is added to the table in the middle section of the tab If desired repeat Steps 4 and 6 to add more ACEs to the Management ACL To permanently save your changes select the Save Config option in the Configuration menu 403 Chapter 27 Management Access Control List Modifying an ACE 404 To modify an ACE perform the following procedure 1 2 From the home page select Configuration From the Configuration menu select the Mgmt Security option Select the Mgmt ACL tab The tab is shown in Figure 164 on page 400 Select the ACE to be modified from the Management ACL List section in the tab and click Modify The Modify MACL page is shown in Figure 166 one MACL ID Mgmt ACL Entry IP Address 1 haa La La 3 Application Type Mgmt ACL Entry IP Mask TELNET 255 bb 255 255 PING ALL Ka Figure 166 Modify MACL Page Change the parameters in the Add New MACL page as necessary For parameter definitions refer to Creating an ACE on page 402 The ID number of an entry cannot be changed Click Apply
249. policy and click View The settings of the policy are displayed in the View Policy page For parameter definitions refer to Configuring a Policy on page 178 Click Close Section Il Advanced Operations Chapter 15 Denial of Service Defenses Section Il Advanced Operations This chapter contains instructions on how to configure the Denial of Service defense feature on the switch The sections include o Configuring Denial of Service Defense on page 186 o Displaying the DoS Settings on page 189 185 Chapter 15 Denial of Service Defenses Configuring Denial of Service Defense 186 To configure the ports on the switch for a Denial of Service attack defense perform the following procedure 1 2 Network Security From the home page select Configuration From the Configuration menu select the Network Security option Select the DoS tab The DoS tab is shown in Figure 68 System Name Marketing MAC Addr 00 30 84 4B EF CD DoS LAN Subnet IP DoS LAN Subnet Mask fo num a lo j fo LU Dos Uplink Port 24 SynFlood A Figure 68 DoS Tab Configuration If you are implementing the SMURF or Land defense you must provide an IP address and mask for your LAN To do this complete the following procedure Otherwise skip ahead to Step 5 a In the DoS LAN Subnet IP field enter the IP address of one of the devices connected to the switch preferably th
250. priority field on IPv4 packets no Does not replace the preexisting 802 1p priority level This is the default Move Priority to ToS Replaces the value in the ToS priority field with the 802 1p priority field on IPv4 packets Options are yes Replaces the value in the ToS priority field with the 802 1p priority field on IPv4 packets no Does not replace the ToS priority field This is the default Classifier List Lists the classifiers on the switch You use the list to specify the classifier for the flow group The classifier must already exist on the switch A flow group can be assigned more than one classifier To select more than one classifier hold down the Ctrl key when making your selections Click Apply The management software creates the new flow group Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide 7 To permanently save your changes select the Save Config option in the Configuration menu Modifying a Flow This procedure explains how to modify a flow group If the flow group is Group already part of a QoS policy assigned to one or more switch ports you must modify the policy by removing the port assignments before you can modify the flow group You can reassign the ports back to the policy after modifying the flow group To modify a flow group perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Services op
251. protocol v3 Select this value to associate the Security Name or User Name with the SNMPv3 protocol In the Security Name field enter a User Name that you previously configured with the SNMPv3 User Table See Creating a User Table Entry on page 206 In the Security Level field select one of the following Security Levels Note The value you configure for the Security Level must match the value configured for the User Name in the User Table Menu See Creating a User Table Entry on page 206 No Authentication Privacy This option represents neither an authentication nor privacy protocol Select this security level if you do not want to authenticate SNMP entities and you do not want to encrypt messages using a privacy protocol This security level provides the least security Note If you have selected SNMPv1 or SNMPv2c as the Security Model you must select No Authentication Privacy as the Security Level Authentication This option represents authentication but no privacy protocol Select this security level if you want to authenticate SNMP users but you do not want to encrypt messages using a privacy protocol You can select this value if you configured the Security Model parameter with the SNMPv3 protocol Privacy This option represents authentication and the privacy protocol Select this security level to allow authentication and encryption This level provides the greatest level of security You ca
252. pter 21 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide To create an entry in the SNMPv3 Notify Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 2 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 3 Inthe SNMPv3 section click the button next to Configure Notify Table and then click Configure at the bottom of the tab 233 Chapter 17 SNMPv3 The SNMPv3 Notify Table tab is shown in Figure 88 System Name Marketing MAC Addr 00 30 84 4B EF CD SNMPv3 Notify Table Total Entries 16 Page 4of 4 Notify Name Notify Tag Notify Type Storage Type Row Status swenginform swenginformtag Inform Nonvolatile Active swengtra Nonvolatile Active Mgmt Protocols O EK O testenginform NonvVolatile Active O testengtrap NonVolatile Active Figure 88 SNMPv3 Notify Table Tab Configuration 4 Click Add The Add New SNMPv3 Notify page is shown in Figure 89 T AddNewsnwpvanotfy Notify Name swengtrap Notify Tag swengtag Notify Type Trap M Storage Type NonVolatile Row Status Active Figure 89 Add New SNMPv3 Notify Page 5 Inthe Notify Name field enter the name associated with this trap message Enter a descrip
253. r 11 ChaSsSitiers ee hres a cs eege ege ee ege eg 133 elei ue E Me 134 Modifyinga Classifier smerna naaa E E aea cannes deter e aa A a E a aa aE 140 Deleting a Rer EE 142 Displaying the Classifiers E A E AT 143 Chapter 12 Access Control Lists 2 00 eee cee eeee rene eeaaeceaeeeaaesaaeesaaeeseeeseeesseeeseaeeseessaeessaeeeaeenaes 145 Configuring an Access Control Uert 146 Modifying an Access Control List ec ec eeee cere e ere eee eter tease eae tase saeeeseeeseeeeeaeeseaeenaeesaeeseeeseeseeeeaeeneeeee 149 Deleting an Access Control Let 150 Displaying the Access Control Llsts restr ttetntttttttinttttassktssttnstttnsntn ntun nnnnnnnn nenna nnn nenna 151 Chapter 13 Class of Service sotoni dai aide nian daa he Realtek 153 s ll le COs a eect EE 154 Mapping CoS Priorities to Egress Queues 0 ee eeceecneeeeneeeneceeeeceaeecneeseaneceaeeenecseesaeessaeseanecaaeeeanesenseneeeees 156 Configuring Egress Gchecdulmg nenn nenn nent 158 Displaying the CoS Settings E 159 Displaying the QOS Schedule a e e aE a a Ea a a a Ea AE A aE a aE Ea EAE 161 AT S63 Management Software Web Browser User s Guide Chapter 14 Quality of Service oo cere eee renee tees seas cease cage eaeesaaeeseeeseeeseeeseaeseaeessaeesaeeeeeseeeeaas 163 Managing Flow Groups 4 40504 cedecnstsvncdacenvane caatuadetendepalthede boa ddia d ranae aE dent deh pedvant tatevnade bbe tecghindveeat 164 Configuring a Flow Group EEN 164 Modifying a Flow Group eet ataldc ended EE Ae
254. r MAC address based VLAN GARP The VLAN is a dynamic GVRP VLAN or the port is a dynamic GVRP port of a static VLAN Member Ports The untagged and tagged ports of a VLAN These fields will be blank fora MAC address based VLAN The untagged ports of a VLAN are listed as follows O Configured The untagged ports assigned to the VLAN when the VLAN was created or modified 327 Chapter 20 Port based and Tagged VLANs O Actual The current untagged ports of the VLAN If you are not using 802 1x Port based Network Access Control both the Configured and Actual untagged ports of a VLAN will always be the same If you are using 802 1x and you assigned a Guest VLAN to an authenticator port or you associated an 802 1x supplicant to a VLAN on the authentication server a port can be in different VLAN than the virtual LAN where it was originally assigned as an untagged port In these situations the Configured and Actual port lists can differ with the Actual list detailing the ports that are currently functioning as untagged ports of the VLAN For example if a port is listed as a Configured member of a VLAN but not as an Actual member that would mean either the port is currently a part of a Guest VLAN or the supplicant who logged on the port was associated with a VLAN assignment on the authentication server 4 To display the groups of a protected ports VLAN click the circle next to the VLAN and click View The View Protected
255. r SHA values In the Privacy Protocol field enter one of the following options DES Select this value to make the DES privacy or encryption protocol the privacy protocol for this User Table entry With this selection messages transmitted between the host and the switch are encrypted with the DES protocol None Select this value if you do not want a privacy protocol for this User Table entry With this selection messages transmitted between the host and the switch are not encrypted In the Privacy Password field enter a privacy password of up to 32 alphanumeric characters In the Confirm Privacy Password field re enter the privacy password In the Storage Type field enter one of the following storage options for this User Table entry Volatile Select this storage type if you do not want the ability to save an entry in the SNMPv3 User Table After making changes to an SNMPv3 User Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 User Table After making changes to an SNMPv3 User Table Section Ill SNMP v3 Section Ill SNMP v3 AT S 63 Management Software Web Browser User s Guide entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesis recommends this storage type Note The Row Status parameter is a
256. r Table 0 cccccceeceeeeeeeeeeeeeeaeeeeeaeeeecaeeeceaaeeeeeeeeeeaaeeseneeeesaaeeeseaeeeseeeesiaeeseeaees 206 Creating a User Table Ent 206 Deleting a Wser Table Ent Setanin nre E a E E A ERAN AE EE EES 209 Moving a User Table ENY oetra Eggs eege AER RRZ EA ch Seaaqbeuieiaeedcedea de 210 Configuring the SNMPv3 View Table cccccccceceseeeeeeeeceeeeeeeeaeeeeceeeeeeaaeeeeeeeeeaaeesceeeeesaeseseaeeeseeeesiaeeseeaees 214 Creating a View Table Ent 214 Deleting a View Table Entry nissin iaee iainih iei e a e eN ia 217 Modifying a View Table Ent 217 Configuring the SNMPv3 Access Table 0 c ccccceeeceseneececeeeeeaeeeeceeeeeeaaeeseaeeeesaaeeeeneeeesaeeeseaeeessaeessnaeeseeaees 220 Creating an Access Table sorniera ianaeaieo ape aaa a i ra e Par aaia aaae an daea RALEA Saakin 220 Deleting an Access Table Entry cerraran aiana a ai a a e ia 223 Modifying an Access Table Ent 224 Configuring the SNMPv3 SecurityTOGroup Table 227 Creating a SecurityTOGroup Table Ent 227 Deleting a Security ToGroup Table Entry cccccccceeeeeeeeececeeeeeeeeeceaeeeseaeeesaeeeesaaeeseeaeeeseaeeseeeeesiaaeeeeeees 230 Modifying a SecurityToGroup Table Ent 230 Configuring the SNMPv3 Notify Table 233 Creating a Notify Table Ent 233 Deleting a Notify Table Entry sirsenis ia i ii da a iii i 235 Modifying a Notify Table Emir 236 Configuring the SNMPv3 Target Address Table 238 Creating a Target Address Table Emtm nann 238 Dele
257. r disable the event logs perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the System option 3 Select the Event Log tab Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide The Event log tab is shown in Figure 33 AT 9424T SP C Home Ggs as Clear Log O Disabled O Permanent L Mgmt Protocols Enabled Utilities Page 1of 1 Cepesrz Log Outputs ID 4 Type Status Details IT Logg 0 Permanent Enabled Wrap on Full el Temporary Enabled Wrap on Full O 3 Syslog Enabled 149 35 8 45 CO Syslog Disabled 149 35 5 42 Display Filter Settings Log Location Mode Temporary RAM Normal O Permanent Nvs OFull Severity Selections Module Selections SYSTEM EI i Mac Display Order Chronological O Reverse Chronological Save Filename Figure 33 Event Log Tab Configuration 4 Inthe Log Settings section click Enabled for the Status to enable the event logs or Disabled to disable the event logs and to stop the switch from sending events to syslog servers The default setting is enabled 5 Click Apply to activate the settings on the switch If you enabled the logs the switch immediately begins to add events to the logs and send events to defined syslog servers 6 To permanently save your changes select the Save Config option in the Configuration menu
258. re Event ID A unique random number assigned to each event Filename Line The originator of the event displayed as the name of the AT S63 software source file and the line number To clear a log of all events do the following 1 2 From the home page select Configuration From the Configuration menu select the System option Select the Event Log tab The Event log tab is shown in Figure 33 on page 119 In the Log Settings section click the button next to the event log to be cleared either Permanent or Temporary Click the Clear Log checkbox Click Apply The events in the log are deleted If the event log feature is enabled the switch starts to add new events to the log Section Il Advanced Operations Modifying the Event Log Full Action Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide This procedure controls the action of an event log after reaching its maximum capacity of events There are two possible actions In the first action a log deletes the oldest entries as it adds new entries In the second action the log stops adding entries to preserve the log contents Note The switch continues to send events to syslog servers even when the logs are full To configure the event log full action do the following procedure 1 2 From the home page select Configuration From the Configuration menu select the System option Select the Event Log tab The E
259. resents the MD5 authentication protocol With this selection users SNMP entities are authenticated with the MD5 authentication protocol after a message is received This algorithm generates the message digest The user is authenticated when the authentication protocol checks the message digest With the MD5 selection you can configure a Privacy Protocol SHA This value represents the SHA authentication protocol With this selection users are authenticated with the SHA authentication protocol after a message is received This algorithm generates the message digest The user is authenticated when the authentication protocol checks the message digest With the SHA selection you can configure a Privacy Protocol None This value represents no authentication protocol When messages are received users are not authenticated With the None selection you cannot configure a Privacy Protocol Section Ill SNMP v3 211 Chapter 17 SNMPv3 212 10 11 Note You may want to assign NONE to a super user In the Authentication Password field enter an authentication password of up to 32 alphanumeric characters In the Confirm Authentication Password field re enter the authentication password Note If you have the nonencrypted version of the AT S60 software then the Privacy Protocol field is read only Note You can only configure the Privacy Protocol if you have configured the Authentication Protocol with the MD5 o
260. ress 5 Click Remove The MAC address is deleted from the table 6 To permanently save your changes select the Save Config option in the Configuration menu 79 Chapter 5 MAC Address Table Deleting All Dynamic MAC Addresses To delete all dynamic unicast and multicast MAC addresses from the MAC address table perform the following procedure 1 From the Home page select Configuration 2 From the Configuration menu select the Layer 2 option The Layer 2 page opens with the MAC Address tab selected by default as shown in Figure 19 on page 74 3 Inthe Delete All Dynamic MAC Addresses section click Delete All dynamic unicast and multicast MAC address are deleted from the switch The switch immediately begins to learn new dynamic addresses 80 Section Basic Operations AT S63 Management Software Web Browser User s Guide Changing the Aging Time Section Basic Operations This procedure changes the aging time of the MAC address table The switch uses the aging time to delete inactive dynamic MAC addresses from the MAC address table The switch deletes an address from the table ifno packets are sent to or received from the address for the period of time specified in the timer This prevents the table from becoming full of addresses of inactive nodes The default setting for the aging time is 300 seconds 5 minutes To configure the aging time perform the following procedure 1 From the Home page se
261. rocedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 223 Chapter 17 SNMPv3 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 In the SNMPv3 section click the button next to Configure Access Table and then click Configure at the bottom of the tab The SNMPv3 Access Table tab is shown in Figure 82 on page 220 Click Next or Previous to display the Access Table entry to be deleted Click Remove A warning message is displayed Click OK to remove the Access Table entry To permanently save your changes select the Save Config option in the Configuration menu Modifying an To modify an entry in the SNMPv3 Access Table perform the following Access Table Procedure Entry 4 224 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 In the SNMPv3 section click the button next to Configure Access Table and then click Configure at the bottom of the tab The SNMPv3 Access Table tab is shown in Figure 82 on page 220 Click Next or Previous to display the Access Table entry to be changed Click Modify The Modify SNMPv3 Access page is shown in Figure 84 Section Ill SNMP v3 Section Ill SNMP v
262. rocessing Model LI vi Security Model gt v3 Security Name chitra Security Level Privacy Storage Type NonVolatile Row Status Active Figure 96 Modify SNMPv3 Target Parameter Page Section Ill SNMP v3 249 Chapter 17 SNMPv3 250 Note Enter a value for the Message Processing Model field only if you select SNMPv1 or SNMPv2c as the Security Model If you select the SNMPv3 protocol as the Security Model then the switch automatically assigns the Message Processing Model to SNMPv3 In the Message Processing Model field enter a Security Model that is used to process messages Select one of the following SNMP protocols v1 Select this value to process messages with the SNMPv1 protocol v2c Select this value to process messages with the SNMPv2c protocol v3 Select this value to process messages with the SNMPv3 protocol In the Security Model field select one of the following SNMP protocols as the Security Model for this Security Name or User Name v1 Select this value to associate the Security Name or User Name with the SNMPv1 protocol v2c Select this value to associate the Security Name or User Name with the SNMPv2c protocol v3 Select this value to associate the Security Name or User Name with the SNMPv3 protocol In the Security Name field enter a User Name that you previously configured with the SNMPv3 User Table See Creating a User Tabl
263. rom a web browser management session There must be a node on your network with the TFTP server software The file must be stored on the TFTP server node You should start the TFTP server before you begin the download procedure The switch must have a routing interface on the local subnet from where it will reach the TFTP server The switch uses the IP address of the interface as its source address when sending packets to the TFTP server This rule applies to both master and slave switches in an enhanced stack For a switch without a routing interface you can download the file from a local management session on the switch using Xmodem or alternatively switch to switch You cannot download a private encryption key onto a switch but you can a public key However since the switch can use only those encryption keys it has generated itself Allied Telesis recommends against downloading any keys onto the switch The web browser interface does not support downloading a file to a compact flash memory card in a switch If you are downloading the AT S63 image file note these additional guidelines m m m The AT S63 image file contains the bootloader for the switch You cannot load the image file and bootloader separately Installing a new AT S63 software image does not change the current configuration of a switch If you are upgrading the AT 9400 Switch from AT S63 version 1 3 0 or earlier and the switch has an IP address th
264. ror To Port Figure 28 Example of a Modify Mirror Page 6 After selecting the destination and source ports click the Enable Mirror check box 7 Click Apply The port mirror is now active on the switch You can connect a data analyzer to the destination port to monitor the traffic on the source ports 8 To permanently save your changes select the Save Config option in the Configuration menu 96 Section Basic Features AT S63 Management Software Web Browser User s Guide Modifying a Port Mirror To modify a port mirror perform the following procedure 1 2 Section Basic Features From the home page select Configuration From the Configuration menu select the Layer 1 option Select the Port Mirroring tab The Port Mirroring tab is shown in Figure 26 on page 94 Click Modify The Modify Mirror page is shown in Figure 27 on page 95 Change the ports of the port mirror as needed Clicking a port toggles it through the possible settings which are as follows pg The destination mirror port There can be only one L destination port To change the destination port you must first change the current destination port to one of the other settings T A source port The port s ingress traffic is mirrored to the LEJ destination port A source port The ports egress traffic is mirrored to the destination port mg A source port The port s ingress and egress traffic is 3 mirrored to the
265. rt Eege oe iets don lien need ee EE 167 Deleting a Flow Groupi mrenata eaaa ee ceed Aid edel een es 168 Displaying the ale Elte LI 168 EE Unie BR NEIE EE 170 Configuring a Traffic Class 170 Modifying a Traffic Classi eege cli eddies Lash adie pated lees lacie ie 174 D letingia Traffic CEET 176 Displaying the Traffic Classes 176 Managing Me 178 Gonfiguiringia Policy EE 178 Modi yingiersPOlC yi AE sec facet deene eege Eeer ERA EAEE EE eei E pue een ai 181 Ris CH le 182 Deleting all Flow Groups Traffic Classes and Policies cccccccsseececcessnneeeeeecenaeeeeeeeeaeeeesesnneeeeessaaes 183 Displaying Me le 183 Chapter 15 Denial of Service Defenses 000 0 0 eee ene eee eters ceneeeeaee ea eeeeaeeseeeseeeeseaeseaeeesaeesnaeenaeeeeeeeas 185 Configuring Denial of Service Defense 186 Displaying the DOS Settings EE 189 Chapter 16 IGMP Shooping ccceccccceeeeeeeeeee rasada e d donadan aid aiae dia ed aae iaaa anaia aned iA odia ARa an 191 Configuring Elle ue EE 192 Displaying a List of le E EE 195 Displaying a List of Multicast ROUTCIS 2 0 00 ee eenee eee ee ener eee eee ea nee eeeeeeaaeeeeeeeeaaaeeeeeeeaaaeeeseeeaaeeeeeeenaaeeeeesenaaees 197 Section II SNMP WS EEN LOD Chapter 17 SNMPV3 oireann itara EEN E carheeaest daa Eaa ARAA 201 Configuring the SNMPV3 Froo 22 uegtfgerdhtEE egen eeraa aaa aaraa aaa aa a a aaa aa aaa aada Bika 202 Enabling or Disabling SNMP Management 203 Configuring the SNMPv3 Use
266. s Section Basic Operations Chapter 3 Enhanced Stacking Section Basic Operations This chapter contains the following procedures for setting up enhanced stacking Setting a Switch s Enhanced Stacking Status on page 56 Selecting a Switch in an Enhanced Stack on page 58 Returning to the Master Switch on page 60 Displaying the Enhanced Stacking Status on page 61 UU UU 55 Chapter 3 Enhanced Stacking Setting a Switch s Enhanced Stacking Status The enhanced stacking status of the switch can be master slave or unavailable Each status is described below O Master Starting a local or remote management session on a master switch of a stack allows you to easily transition to the other switches in the stack from the same management session Oo Slave A slave switch can be remotely managed through a master switch or independently such as through a local management session O Unavailable A switch with an unavailable stacking status cannot be remotely managed through a master switch A switch with this designation can be managed locally It can also be managed remotely if it has a routing interface and the interface is designated as the local interface Note The default setting for a switch is slave Note The only switch whose stacking status can be changed through a web browser management session is the switch where you started the management session typically a mast
267. s AT S63 Management Software Web Browser User s Guide Modifying a VLAN Secton V Virtual LANs This procedure explains how to add or remove ports from a tagged or untagged VLAN When modifying a VLAN note the following o You cannot change the VID of a VLAN o You cannot change the name of a VLAN using the web browser interface but you can from the menus or command line interface O You cannot modify VLANs when the switch is operating in one of the multiple VLAN modes O You cannot modify a protected posts VLAN or a MAC address based VLAN from the web browser interface o If the switch is using 802 1x Port based Network Access Control and you want to move an untagged port to a different VLAN the port s 802 1x role must be set to none You cannot move an untagged port to a different VLAN while the port is functioning as an 802 1x authenticator or supplicant port For instructions on how to change a port s 802 1x role refer to Setting Port Roles on page 354 To modify a VLAN perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Layer 2 option 3 Select the VLAN tab The VLAN tab is shown in Figure 128 on page 316 4 Click the button next to the name of the VLAN to be modified 5 Click Modify The Modify VLAN page for the VLAN is displayed 6 To add or remove ports from the VLAN click on the appropriate ports in the switch image Clicking re
268. s 3 Page 1of1 Utilities VLAN List C Help Client Name Uplink Port Type Protocol Member Ports Untagged L ege Default VLAN NA Port Based None Configured 7 8 11 19 24 Actual 7 8 11 19 24 Untagged Sales Port Based None Configured 1 6 Actual 1 6 Tagged 23 Untagged Production Port Based None Configured 9 10 12 18 Actual 9 10 12 18 Tagged 23 Figure 128 VLAN Tab Configuration Note The Modify and Remove buttons are not shown in the tab if the only VLAN on the switch is the Default_VLAN The VLAN Mode and Uplink Port options are explained in Selecting a VLAN Mode on page 324 316 Secton V Virtual LANs Secton V Virtual LANs AT S63 Management Software Web Browser User s Guide The VLAN List section displays the current VLANs on the switch and contains the following columns of information VID ID The VLAN ID Client Name The name of the VLAN Uplink Port This column contains NA meaning Not Applicable for tagged port based and MAC address based VLANs For a protected ports VLAN this column contains the uplink port s for a port group Tagged uplink ports are designated with T and untagged uplink ports with U If the switch is operating in one of the two multiple VLAN modes this column displays the uplink port for the ports on the switch Type The VLAN type The possible settings are Port Based The VLAN is a port based or ta
269. s Control 360 TX Period Sets the number of seconds that the switch waits for a response to an EAP request identity frame from the client before retransmitting the request The default value is 30 seconds The range is 1 to 65 535 seconds Quiet Period Sets the number of seconds that the port remains in the quiet state following a failed authentication exchange with the client The default value is 60 seconds The range is 0 to 65 535 seconds Reauth Enabled Controls whether the client must periodically reauthenticate The default setting of enabled requires the client to periodically reauthenticate The time period between reauthentications is set with the Reauth Period option If this parameter is set to disabled the client is not required to reauthenticate after the initial authentication unless there is a change to the status of the link between the supplicant and the switch or the switch is reset or power cycled The options are Enabled or Disabled The default is Enabled Reauth Period Specifies the time period in seconds between reauthentications of the client when the Reauth Enabled option is set to Enabled The default value is 3600 seconds The range is 1 to 65 535 seconds Supplicant Timeout Sets the switch to client retransmission time for the EAP request frame The default value for this parameter is 30 seconds The range is 1 to 600 seconds Server Timeout Sets the timer used by the switch to determine authentica
270. s Port s The source ports whose egress traffic is mirrored to the destination port Status The status of the mirroring feature The possible settings are Enabled Traffic is being copied to the destination port Disabled No traffic is being mirrored Section Basic Features Section II Advanced Operations Section Il Advanced Operations This section has the following chapters Chapter 8 File System on page 103 Chapter 9 File Downloads and Uploads on page 109 Chapter 10 Event Logs and Syslog Client on page 117 Chapter 11 Classifiers on page 133 Chapter 12 Access Control Lists on page 145 Chapter 13 Class of Service on page 153 Chapter 14 Quality of Service on page 163 Chapter 15 Denial of Service Defenses on page 185 UU D DUU UU Chapter 16 IGMP Snooping on page 191 101 102 Section Il Advanced Operations Chapter 8 File System This chapter contains the procedures for working with the switch s file system The sections include Oo Listing the Files in Flash Memory or on a Compact Flash Card on page 104 O Selecting an Active Boot Configuration File on page 107 Section Il Advanced Operations 103 Chapter 8 File System Listing the Files in Flash Memory or on a Compact Flash Card This procedure displays the files stored in the switch s flash memory or on a compact flash card Not all AT 9400 Sw
271. s and the settings for the same parameters from the root bridge of the spanning tree domain For definitions of the parameters refer to Configuring MSTP Parameters on page 294 5 To view MSTP port settings or status click a port You can select more than one port 307 Chapter 19 Multiple Spanning Tree Protocol 308 6 In the CIST MSTI field specify the MSTI where the port is a member through its VLAN assignment You can specify only one value The default is 0 for CIST Click Settings or Status The MSTP Settings Port s page is shown in Figure 126 T st setings bei Total Ports Selected 1 Page 1 of 1 Edge Port Point to Point External Cost Internal Cost Priority Port 15 Yes Auto Detect 200000 Auto Update 128 Figure 126 MSTP Settings Port s Page The MSTP Settings page displays a table that contains the following columns of information Port The port number Edge Port Whether the port is functioning as an edge port The possible settings are Yes and No Point to Point Whether the port is functioning as a point to point port The possible settings are Yes No and Auto Detect External Cost The port cost of the port if the port is connected to a bridge which is a member of another MSTP region or is running STP or RSTP Internal Cost The port cost of the port if the port is connected to a bridge which is part of the same MSTP region If the se
272. s from the switch Open Status The access status of a community string Yes means the string has an open status and any management workstation can use it No means the string has a closed status and that those workstations whose IP addresses are assigned to the string are permitted to use it Status The operating status of a community string Enabled means the string is available for use and Disabled means it is unavailable 12 Section Basic Operations Chapter 5 MAC Address Table Section Basic Operations This chapter contains instructions on how to view the MAC addresses in the MAC address table It also explained how to add static addresses to the table This chapter contains the following procedures Displaying the MAC Address Table on page 74 Adding Static Unicast and Multicast MAC Addresses on page 77 Deleting Unicast and Multicast MAC Addresses on page 79 Deleting All Dynamic MAC Addresses on page 80 Changing the Aging Time on page 81 UU UU UU 23 Chapter 5 MAC Address Table Displaying the MAC Address Table To view the MAC address table perform the following procedure 1 From the Home page select Monitoring or Configuration 2 From the Monitoring or Configuration menu select the Layer 2 option The Layer 2 page is displayed with the MAC Address tab selected by default as shown in Figure 19 WE 1 accross SEs wa Address aging Time z3 Z MAC Address Agin
273. s shown in Figure 95 Target Parameters Name snmpv3manager50 Message Processing Model H vi w Security Model Ju v Security Name debashi Security Level Privacy Storage Type H Volatile Row Status Active 5 Figure 95 Add New SNMPv3 Target Parameters Page In the Target Parameters Name field enter a name of the SNMP manager or host Enter a value of up to 32 alphanumeric characters Note Enter a value for the Message Processing Model parameter only if you select SNMPv1 or SNMPv2c as the Security Model If you select the SNMPv3 protocol as the Security Model then the Message Processing Model is automatically assigned to SNMPv3 In the Message Processing Model field enter a Security Model that is used to process messages Select one of the following SNMP protocols v1 Select this value to process messages with the SNMPv1 protocol v2c Select this value to process messages with the SNMPv2c protocol v3 Select this value to process messages with the SNMPv3 protocol In the Security Model field select one of the following SNMP protocols as the Security Model for this Security Name or User Name Section Ill SNMP v3 Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide v1 Select this value to associate the Security Name or User Name with the SNMPv1 protocol v2c Select this value to associate the Security Name or User Name with the SNMPv2c
274. s soeed and duplex mode Note A 10 100 1000Base T twisted pair port must be set to Auto Negotiation to operate at 1000 Mbps You cannot manually configure a 10 100 1000Base T twisted pair port to 1000 Mbps MDI MDIX Crossover The wiring configuration of a twisted pair port This parameter does not apply to fiber optic ports Possible settings are D Auto Sets the port to automatically configure itself as MDI or MDIX depending upon the end node This is the default This setting is only available when a port is set to Auto Negotiation oO MDI Sets a port to MDI This setting is only available when a port s speed and duplex mode are set manually oO MDIX Sets a port to MDIX This setting is only available when a port s speed and duplex mode are set manually Ingress Broadcast Filter Use this parameter to configure a port to forward or discard ingress broadcast packets Possible settings are Enabled The port discards ingress broadcast packets Disabled The port forwards ingress broadcast packets This is the default setting Egress Broadcast Filter Use this parameter to configure a port to forward or discard egress broadcast packets Possible settings are Enabled The port discards egress broadcast packets Disabled The port forwards egress broadcast packets This is the default setting 45 Chapter 2 Port Parameters 46 Ingress Unknown Unicast Filter Use this parameter to configure a port to
275. s table For instructions refer to Deleting Unicast and Multicast MAC Addresses on page 79 O If the switch is part of an enhanced stack deleting the common VLAN that interconnects the switch with the stack removes the switch from the stack To delete a port based or tagged VLAN from the switch perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Layer 2 option 3 Select the VLAN tab The VLAN tab is shown in Figure 128 on page 316 4 Click the button next to the name of the VLAN to be deleted You cannot delete the Default_VLAN 5 Click Remove A confirmation prompt is displayed 6 Click OK to delete the VLAN or Cancel to cancel the procedure If you click OK the VLAN is deleted from the switch The untagged ports in the VLAN are returned to the Default_VLAN as untagged ports 7 To permanently save your changes select the Save Config option in the Configuration menu 323 Chapter 20 Port based and Tagged VLANs Selecting a VLAN Mode 324 The AT S63 Management Software features three VLAN modes ao User Configured Port based and tagged VLAN Mode default mode Oo IEEE 802 1Q compliant Multiple VLAN Mode o Non lEEE 802 1Q compliant Multiple VLAN Mode For background information refer to the AT S63 Management Software Features Guide Note If you want to change the switch s VLAN mode to one of the multiple VLAN modes yo
276. s to be sent and received through the port The authentication process begins when the link state of the port changes or the port receives an EAPOL Start packet from a supplicant The switch requests the identity of the client and begins relaying authentication messages between the client and the authentication server This is the default setting Force authorized Disables IEEE 802 1X port based authentication and causes the port to transition to the authorized state without any authentication exchange required The port transmits and receives normal traffic without 802 1x based authentication of the client Note A supplicant connected to an authenticator port set to force authorized must have 802 1x client software if the port s authenticator mode is 802 1x Though the force authorized setting prevents an authentication exchange the supplicant must still have the client software to forward traffic through the port Force unauthorized Causes the port to remain in the unauthorized state ignoring all attempts by the client to authenticate The switch cannot provide authentication services to the client through the interface Max Requests Specifies the maximum number of times that the switch retransmits an EAP Request packet to the client before it times out the authentication session The default value for this parameter is 2 retransmissions The range is 1 to 10 retransmissions 359 Chapter 23 802 1x Port based Network Acces
277. same event messages There is a temporary log with a storage capacity of 4 000 events Events in this log are not retained when the switch is reset or power cycled The other log is in permanent memory with a capacity of 2 000 entries Events in this log are retained even when the switch is reset or power cycled You can view either log to display the events of the switch since the unit was last reset But to view the events that preceded a system reset you must view the permanent event log The following procedures explain how to view the events in the event logs as well as how to enable and disable the logs The procedures include Enabling or Disabling the Event Logs on page 118 Displaying Events on page 120 Clearing an Event Log on page 124 Modifying the Event Log Full Action on page 125 WS WS WS ST Saving an Event Log to a File on page 126 This procedure explains how to enable and disable the event logs on the switch If you disable the logs the AT S63 Management Software will not store events in its logs or send events to a syslog server The default setting for the event logs is enabled Note Allied Telesis recommends setting the switch s date and time if you intend to use the event logs Otherwise the entries will not have the correct information when entered in the logs or sent to a syslog server For instructions refer to Setting the System Date and Time on page 30 To enable o
278. seaeeeeeaaeeseeeeeesaeeeseeeeesiaeeenaeeeeaas 369 Displaying the RADIUS Accounting Settings cccccceccceeceeeneeeeeceeeeeeaeeeceaeeeeseaeeseeaeeeesaaeeeseaeessnaaeesinees 370 Section VII Management Security cssccsssccssssscssscccsssssscssccsssssssssscscssesssssscees 37 L Chapter 24 Encryption Keys PKI and SSL wooo cece eccccecceneeeeeeee cece eeeeaeeeseaeeeeeeeeeseaeeeseaaeseeeeessaeesennees 373 Displaying the Encryption EE 374 Displaying the PKI Settings and Certificates 0 ccccecceceececeeceeeeeeceaeeeeeeeeeseaaeeseeeeeeseaeeseeeeeesaaeseeneeessaeeesenes 376 Displaying the SSE EE 379 Chapter 25 Secure Shell SSH cccccccccceecceeceeeeeeeeeeeeeeeeeeeeeceeeeeeeseaeeeeeeseeseesesssneeeeessesesaeeessseseaeess 381 GONTIQUIING SS EE 382 Displaying rue Red ue CT 384 Chapter 26 TACACS and RADIUS Protocols 0 00 2 ccccccccceceecececeeeeeeeeeeceaeeeesaaeesecaeeesaaaeseeeeeeesaeessenees 387 Enabling or Disabling TACACS or RADIUS 0 000 eee cette ere eres tease eeeeteeeeeeaeeeaeeeaeesaeeseeeseneeneeeeeatee 388 Configuring the TACACS Client Settings ccecccccceceeeeeeeeeeeaeeeeeeeee seas eeeeeeeeseeaeeeeaaeeseaeeesaaaeseceeesaeeeeeeeeess 390 Displaying the TACACS Client Settings 0 ceccccesceceeeeeeseeeeeeceeeeeeaeeeceaaeeeeeaeeecaaeeeeeaeeeseaaeeseaaeeesieeeesaeeesaas 392 Configuring the RADIUS Client Settings cccccecceeecceeeeeeeeececee essence ceeaeeeeeaaeesaaeeeeeaees
279. seaeeseceeeeeeeeee 154 Figure 51 CoS Setting for Port Page cccccecesceceeeeeeseeeeeeeeeeeaaeeeeeeeeeeaaesecaeeeeceaeesenaeesseaeeeseaaeeesseeessaeesseneees 155 Figure 52 Queuing amp Scheduling Tab Configuration 0 cccccccceeeeeseeeeeeeeeeeeeeeeeeeaeeeeeeeeesaaeseeeeeeesaaeeseeees 156 Figur 53 Co0S Tab Monitoring e Eder a en ae ei 159 Figure 54 CoS Setting for Port Page ccccceceececeeeeeeeeeeeeeeeeeeeeaaeeeeeeeeeeaaeeseneeeeseaeeeseaaesecaeeessaaeeseeeessaeesseneees 159 Figure 55 QoS Scheduling Tab Monitoring cceccccececeeeeeeeeeeeeaaeeeeeeeeeseaeeeeeeeecaaeseeeeeeesaaaeeseeeeeessaeesseneees 161 Figure 56 Flow Group Tab Configuration ccccccceceeeeceeeeeeeeceeeeeneeeeeeaeeeceneeeceaeeeseneeseaeeeseaaeesseeeessaeeeseneees 164 Figure 57 Create Flow Group Page rehritsiioi ii ieaie a a ai e ii aiin 165 Figure 58 Modify Flow Group Page ccececceeeceeeeeeeeeeeaeeeeeeeeeceaaeeeeeeeeecaaeeegeeeeecaaeseeaaeeesaaeeeseaeeseeeeeeeeeeee 167 Figure 59 Flow Group Tab Monitoring 169 Fig re 60 Traffic Class T DEE 170 Figure 61 Create Traffic Class Page 171 Figure 62 Modify Traffic Class Page 175 Figure 63 Traffic Class Tab Monitoring 176 Figure 64 Policies Tab Configuration cccccceeeceeeceeeeeneee cere eeeeeeeeeaeeeeeaeesecaeeeseaaeseeeeeeseaaeeeeneeseceeeeeaeeee 178 Figure 65 Create Policy Pagesat dee te haa lata sa cee ie diesel aera i i 179 Figure 66
280. section of the tab The default is Strict Priority Skip the next step if you select Strict Priority Queue weights do not apply to Strict Priority scheduling If you selected Weighted Priority use the Queue Weight fields to specify the maximum number of packets a port can transmit from an egress queue before going to the next queue The range for QO to Q6 is 1 to 15 packets The range for Q7 is 0 to 15 packets A setting of 0 of Q7 means that its packets always take priority over the packets in the other queues and that packets are transmitted from the other queues only when Q7 is empty The default setting for all queues is 1 At the default setting all queues have the same weight Click Apply To permanently save your changes select the Save Config option in the Configuration menu Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide Displaying the CoS Settings To display the CoS settings perform the following procedure 1 From the Home page select Monitoring 2 From the Monitoring menu select Services The Services page is displayed with the CoS tab selected by default as shown in Figure 53 AT 9424T SP Figure 53 CoS Tab Monitoring Click the port whose settings are to be displayed You can select more than one port A selected port turns white To deselect a port click it again Click View The CoS Setting for Port page is shown in Figure 54
281. sensitive must be the same on all bridges in a region Examples of a configuration name include Sales Region and Production Region Bridge Max Age The length of time after which stored bridge protocol data units BPDUs are deleted by the bridge This parameter applies only if the bridged network contains an STP or RSTP single instance spanning tree Otherwise the bridges use the Max Hop counter to delete BPDUs All bridges in a single instance bridged LAN use this aging time to test the age of stored configuration messages called bridge protocol data units BPDUs For example if you use the default of 20 all bridges delete current configuration messages after 20 seconds The range of this parameter is from 6 to 40 seconds The default is 20 seconds In selecting a value for maximum age the following must be observed MaxAge must be greater than 2 x HelloTime 1 MaxAge must be less than 2 x ForwardingDelay 1 Section IV Spanning Tree Protocols Configuring the CIST Priority Section IV Spanning Tree Protocols AT S63 Management Software Web Browser User s Guide Bridge Max Hops MSTP regions use this parameter to discard BPDUs The Max Hop counter in a BPDU is decremented every time the BPDU crosses an MSTP region boundary After the counter reaches zero the BPDU is deleted Revision Level The revision level of an MSTP region This is an arbitrary number that you assign to a region The revision level must be
282. signed to a policy on a gigabit port for example on a gigabit port 1 Mbps is rounded to 8 Mbps and 9 is rounded to 16 Note If this option is set to 0 zero all traffic that matches the traffic class is dropped However an access control list can be created to match the traffic that is marked for dropping or a subset of it and given an action of permit to override this This functionality can be used to discard all but a certain type of traffic Section Il Advanced Operations Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide Burst Size Specifies the size of a token bucket for the traffic class The range is 4 to 512 Kbps The default is 512 Kbps The token bucket is used in situations where you set a maximum bandwidth for a class but where traffic activity may periodically exceed the maximum A token bucket can provide a buffer for those periods where the maximum bandwidth is exceeded Tokens are added to the bucket at the same rate as the traffic class maximum bandwidth set with option 6 Max Bandwidth For example a maximum bandwidth of 50 Mbps adds tokens to the bucket at the same rate If the amount of traffic flow matches the maximum bandwidth no traffic is dropped because the number of tokens added to the bucket matches the number being used by the traffic However no unused tokens will accumulate in the bucket If the traffic increases the excess traffic is discarded s
283. slog output definition is deleted from the list and the switch stops sending log events to the syslog server To permanently save your changes select the Save Config option in the Configuration menu 131 Chapter 10 Event Logs and Syslog Client 132 Section Il Advanced Operations Chapter 11 Classifiers Section Il Advanced Operations A classifier defines a traffic flow Classifiers are used with access control lists ACLs to filter ingress traffic on a port and with Quality of Service policies to regulate the traffic flows passing through a switch This chapter contains the following sections Configuring a Classifier on page 134 Modifying a Classifier on page 140 Deleting a Classifier on page 142 Oo UD Displaying the Classifiers on page 143 133 Chapter 11 Classifiers Configuring a Classifier To configure a classifier perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Network Security or Services option The Classifier tab is accessible from both menu selections 3 Select the Classifier tab The Classifier tab is shown in Figure 40 Classifier Page lof 1 Current Classifiers No of Active Associations No of Description References Product Svr MAC add 1 Priority 6 traffic 1 IP traffic 2 244 22 subnet 1 ARP traffic 0 1 1 VID 12 traffic utilities Dst
284. stem on page 34 WS WS WS WS 0 Returning the AT S63 Management Software to the Factory Default Values on page 35 Q Displaying the IP Address of the Local Interface on page 37 Q Displaying System Information on page 38 25 Chapter 1 Basic Switch Parameters Configuring the Switch s Name Location and Contact This procedure assigns a name to the switch The name appears at the top of the web browser windows Names can help you identify your switches when you manage them and avoid performing a configuration procedure on the wrong switch This procedure also assigns the name of the administrator responsible for maintaining the unit and the location of the switch To assign a name location and contact to a switch perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 1 ii a System Name IP Configuration __Momt Security Marketing Obtain IP Address From Administrator Static DHCP BOOTP C post Protocols a EE C Network Security EE Error Services Building 212 rm 502 Subnet Mask C es Defaut Gateway passwords Manager Password Operator Password Confirm Manager Password Confirm Operator Password Figure 1 General Tab Configuration 26 Section Basic Operations AT S63 Management Software Web Browser User s Guide Not
285. stop transmitting for a specified period of time Possible settings are Disabled No flow control on the port This is the default Enabled Flow control is activated Back Pressure Use this parameter to set backpressure on a port This option only appears for ports operating in half duplex mode A port uses backpressure to control the flow of ingress packets Possible settings are Enabled Backpressure is enabled Section Basic Operations Section Basic Operations AT S 63 Management Software Web Browser User s Guide Disabled Backpressure is disabled This is the default Flow Control Back Pressure Limit Use this parameter to specify the threshold for flow control or backpressure The threshold is specified in cells A cell equals 128 bytes The range is 1 to 7935 The default is 7935 cells HOL Blocking HOL blocking sets a threshold on the utilization of a port s egress queue When the threshold for a port is exceeded the switch signals other ports to discard packets to the oversubscribed port The threshold is specified in number of cells A cell is 128 bytes The range is 1 to 8191 The default is 682 Broadcast Rate Limiting Use this parameter to enable or disable ingress broadcast packet limits Possible settings are Enabled Broadcast packet ingress rate limiting is enabled To set the rate limit use the Broadcast Rate parameter Disabled Broadcast packet ingress rate limiting is disabled This
286. switch to ping a node on your network This can be useful in determining whether an active path exists between the switch and another network device Note the following before performing this procedure Note The switch must have a routing interface on the local subnet from where it is pinging the end node The switch uses the IP address of the interface as its source address when pinging the device For background information on routing interfaces refer to the AT S63 Management Software Features Guide To instruct the switch to ping a network device perform the following procedure 1 From the home page select Monitoring 2 From the Monitoring menu select the Utilities option 3 Select the Ping Client tab The Ping Client tab is shown in Figure 3 Ping Client IP Address Utilities Figure 3 Ping Client Tab Monitoring 4 Enter the IP address of the end node to be pinged by the switch 5 Click OK The results of the ping are displayed in a popup window 6 To stop the ping click OK 34 Section Basic Operations AT S63 Management Software Web Browser User s Guide Returning the AT S63 Management Software to the Factory Default Values The procedure in this section returns all AT S63 Management Software parameters to their default values Note the following before performing this procedure m m Returning the switch to its default parameter settings deletes all rou
287. t 13 44 42 Attributes Archive File Data System Configuration set system name Marketing set system contact Ralph 1 2 3 4 5 6 7 8 9 1P Configuration gt Figure 31 Viewing File Page 106 Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide Selecting an Active Boot Configuration File Section Il Advanced Operations This procedure changes the active boot configuration file on the switch The switch uses the active boot configuration file to configure its operating parameters whenever it is reset or power cycled The switch also updates the active boot file whenever you select the Save Config option Note the following before performing this procedure O You cannot create a new configuration file from a web browser management session That task must be performed from the menus or command line interface O The configuration file must already exist in the switch s file system or on a flash memory card To view the switch s configuration files see Listing the Files in Flash Memory or on a Compact Flash Card on page 104 Configuration files have a cfg extension O Specifying a new active boot configuration file does not change the current operating configuration of the switch To reconfigure the switch using the configuration of a different active boot configuration file reset or power cycle the switch at the end of the procedure
288. t of a Guest VLAN or the supplicant who logged on the port was associated with a VLAN assignment on the authentication server To add a new VLAN click Add The Add New VLAN page is shown in Figure 129 Name Type PortBased Protocol None 5 318 Figure 129 Add New VLAN Page Configure the following parameters as necessary VID Enter a VID value for the new VLAN The range of the VID value is 2 to 4096 The default is the next available VID number on the switch If this VLAN is unique in your network then its VID should also be unique If this VLAN is part of a larger VLAN that spans multiple switches then the VID value for the VLAN should be the same on each switch For example if you are creating a VLAN called Sales that spans three switches you should assign the Sales VLAN on each switch the same VID value Note A VLAN must have a VID The switch is only aware of the VIDs of the VLANs on the device and not those already being used in the network For example if you add a new AT 9400 Series switch to a network where the existing VLANs Secton V Virtual LANs Secton V Virtual LANs AT S63 Management Software Web Browser User s Guide use VIDs 2 through 24 the default VID value for the first VLAN created on the switch is still VID 2 even though that number is already being used To prevent inadvertently using the same VID for two different VLANs you should keep a list of all your ne
289. t were not changed are copied to the other selected ports The Defaults button at the bottom of the page returns the port settings to the default values which can be found in Appendix A in the AT S63 Management Software Features Guide 5 Configure the following parameters as necessary 43 Chapter 2 Port Parameters 44 Description Name Use this selection to assign a name to a port from 1 to 15 alphanumeric characters Spaces are allowed but do not use special characters such as asterisks or exclamation points You cannot assign a name when you are configuring more than one port Status Use this selection to enable or disable a port When disabled a port does not accept or forward frames You might disable a port if a problem occurs with the end node or cable After the problem has been fixed you can enable the port again to resume normal operation You might also disable an unused port to secure it from unauthorized connections The possible settings are Enabled The port forwards ingress and egress packets This is the default setting Disabled The port does not forward any ingress or egress packets Speed and Duplex You use this selection to configure a port for Auto Negotiation or to manually set a port s speed and duplex mode If you select Auto Negotiate for Auto Negotiation which is the default setting the switch sets both speed and duplex mode for the port automatically Note the followin
290. t where the ACL is to be assigned You can assign an ACL to more than one port To select multiple ports hold down the Ctrl key while making your selections You do not have to assign an ACL to a port when you initially create it However an ACL remains inactive until it is assigned to a port Click Apply The new ACL is immediately activated on the specified ports If you did not specify any ports for the ACL the ACL is created but remains inactive until you assign it to a port TO permanently save your changes select the Save Config option in the Configuration menu Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide Modifying an Access Control List To modify an access control list perform the following procedure 1 2 Section Il Advanced Operations From the home page select Configuration From the Configuration menu select the Network Security option Select the ACL tab The ACL tab is shown in Figure 45 on page 146 Select the ACL to be modified and click Modify The Modify ACLs page is displayed as shown in Figure 47 ID Description 237 Local Classifier List Port List 1 1 la 2 Action DENY Figure 47 Modify ACLs Page Configure the parameters as needed For definitions of the parameters refer to Configuring an Access Control List on page 146 Click Apply Changes to the ACL are immediately implemented on the swi
291. tatus Active Figure 93 Modify SNMPv3 Target Address Page 6 Inthe IP Address field enter the IP address of the host Use the following format for an IP address XXX XXX XXX XXXK 242 Section Ill SNMP v3 Section Ill SNMP v3 7 10 11 12 AT S63 Management Software Web Browser User s Guide In the UDP Port Number field enter a UDP port number You can enter a UDP port in the range of 0 to 65 535 The default UDP port is 162 In the Timeout field enter a timeout value in milliseconds When an Inform message is generated it requires a response from the switch The timeout value determines how long the switch considers the Inform message an active message This parameter applies to Inform messages only The range is from 0 to 2 147 483 647 milliseconds The default value is 1500 milliseconds In the Retries field enter the number of times the switch retries or resends an Inform message When an Inform message is generated it requires a response from the switch This parameter determines how many times the switch resends an Inform message The Retries parameter applies to Inform messages only The range is 0 to 255 retries The default is 3 retries In the Tag List field enter a list of tags that you configured with the Notify Tag parameter in a Notify Table entry See Creating a Notify Table Entry on page 233 Enter a Tag List of up to 256 alphanumeric characters Use a space to separate
292. tch To permanently save your changes select the Save Config option in the Configuration menu 149 Chapter 12 Access Control Lists Deleting an Access Control List To delete an access control list perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Network Security option 3 Select the ACL tab The ACL tab is shown in Figure 45 on page 146 4 Select the ACL to be deleted and click Delete You can delete one access control list at a time The ACL is immediately deleted from the switch 5 To permanently save your changes select the Save Config option in the Configuration menu 150 Section Il Advanced Operations AT S63 Management Software Web Browser User s Guide Displaying the Access Control Lists To display the current ACLs perform the following procedure 1 From the Home page select Monitoring 2 From the Monitoring menu select Network Security 3 Select the ACL tab The ACL tab is shown in Figure 48 AT 9424T SP Page lof1 Current ACL s U D Description Action Active Classifier List Port List 237 Local Deny Yes 1 Network Security View Figure 48 ACL Tab Monitoring The ACL tab displays a table of the currently configured ACLs with the following columns of information ID The ID number for the ACL Description A description of the ACL Action The ACL action of Permit or Deny
293. tch creates the new log output server definition and immediately begins sending events to the server provided that the Output Status option for the definition is enabled and the log feature on the switch is also enabled 129 Chapter 10 Event Logs and Syslog Client 7 To permanently save your changes select the Save Config option in the Configuration menu Viewing a Syslog To view an existing syslog output definition perform the following Output Definition Procedure 1 From the home page select either Monitoring or Configuration 2 From the Configuration menu select the System option 3 Select the Event Log tab The Event Log tab is shown in Figure 33 on page 119 4 In the Configured Log Outputs section select a syslog output from the list and click View The View Log Output page is shown in Figure 38 Output ID Type 3 Syslog Output Status Syslog Server IP Address Enabled 149 35 8 45 Message Format Facility Level Extended LOCAL_1 Severity Selections Module Selections D Debug E Error VWeWarning l Information zs Figure 38 View Event Log Output Page For definitions of the parameters refer to Configuring a Syslog Output Definition on page 127 5 When you are done click Close Modifying a To modify a syslog output definition perform the following procedure Syslog Output hs 1 From the home page select Configuration Definition 2 From the Configuration menu sele
294. tch displays the roles of the ports An A indicates an authenticator port and an S a supplicant port A black port has not been assigned a port role and is not participating in port based access control This is the default setting for a port 4 To set a port s role click the port A selected port turns white You can configure more than one port at a time Section VI Port Security AT S 63 Management Software Web Browser User s Guide 5 Click Port Role The Port Role Configuration page is shown in Figure 145 Port Role None Authenticator Supplicant Figure 145 Port Role Configuration Page 6 Select the desired role for the port A port can have only one port role at a time The possible settings are None The port does not participate in 802 1x port based access control This is the default setting Authenticator The port functions as an authenticator This is the appropriate setting if the port is connected to a supplicant Supplicant The port functions as an supplicant This is the appropriate setting if the port is connected to an authenticator 7 Click Apply The new role is immediately implemented on the port 8 To permanently save your changes select the Save Config option in the Configuration menu To enable or disable port based access control go to Enabling or Disabling 802 1x Port based Network Access Control on page 356 To configure authenticator port settin
295. ter 7 Port Mirroring Section Basic Features This chapter contains the procedures for managing the port mirroring feature The sections in the chapter include Creating a Port Mirror on page 94 Modifying a Port Mirror on page 97 Disabling a Port Mirror on page 98 Deleting a Port Mirror on page 99 OQ 000 Displaying the Port Mirror on page 100 93 Chapter 7 P ort Mirroring Creating a Port Mirror To create a port mirror perform the following procedure 1 2 From the home page select Configuration From the Configuration menu select the Layer 1 option Select the Port Mirroring tab The Port Mirroring tab is shown in Figure 26 94 Port Mirroring Total Mirrors 1 Page 1of 1 Mirror to Ingress Port s Egress Port s Status Port zi 14 7 8 Enabled Figure 26 Port Mirroring Tab Configuration The tab displays a table with the following columns Mirror to Port Specifies the destination port of the mirrored traffic There can be only one destination port If this column contains a 0 zero there is no port mirror Ingress Ports Specifies the ports whose ingress traffic is to be mirrored to the destination port Egress Ports Specifies the ports whose egress traffic is to be mirrored to the destination port Status Specifies the status of the port mirror as either enabled or disabled Section Basic Features S
296. the Authenticator role The accounting information sent by the switch to a RADIUS server includes the date and time when clients log on and log off as well as the number of packets sent and received by a switch port during a client session For background information refer to the AT S63 Management Software Features Guide This feature is disabled by default on the switch To configure RADIUS accounting perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Network Security option 3 Select the 802 1x Port Access tab The 802 1x Port Access tab is shown in Figure 144 on page 354 4 Inthe Configure RADIUS Accounting section configure the following parameters as necessary Enable Accounting Activates or deactivates RADIUS accounting on the switch Select Enabled to activate the feature or Disabled to deactivate it The default is Disabled Trigger Type Specifies the action that causes the switch to send accounting information to the RADIUS server The possible settings are Start_Stop The switch sends accounting information whenever a client logs on or logs off the network This is the default Stop The switch sends accounting information only when a client logs off Port Number Specifies the UDP port for RADIUS accounting The default is port 1813 Type Specifies the type of RADIUS accounting The default is Network You cannot change this value Enable Up
297. the destination port for normal network operations perform the following procedure 1 2 From the home page select Configuration From the Configuration menu select the Layer 1 option Select the Port Mirroring tab The Port Mirroring tab is shown in Figure 26 on page 94 Click Modify The Modify Mirror page is shown in Figure 27 on page 95 Click the Enable Mirror checkbox to remove the check and disable the mirror Click the destination port white port until it is black Click Apply The destination port can now be used for normal network operations To permanently save your changes select the Save Config option in the Configuration menu 99 Chapter 7 P ort Mirroring Displaying the Port Mirror 100 To display the port mirror perform the following procedure 1 2 From the Home page select Monitoring From the Monitoring menu select the Layer 1 option Select the Port Mirroring tab The Port Mirroring tab is shown in Figure 29 AT 9424T SP rome Por Mirroring system Total Mirrors 1 Page 1 of 1 a MTOTO Ingress Port s Egress Port s Status a O Se Figure 29 Port Mirroring Tab Monitoring The tab displays a table with the following columns Mirror to Port The destination port where the traffic is copied and where the network analyzer is located Ingress Port s The source ports whose ingress traffic is mirrored to the destination port Egres
298. this value if you configured the Security Model parameter with the SNMPv3 protocol Privacy This option represents authentication and the privacy protocol Select this security level to allow authentication and encryption This level provides the greatest level of security You can select this value if you configured the Security Model parameter with the SNMPv3 protocol Note The Context Match field is a read only field The Context Match field is always set to Exact In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Access Table After making changes to an Access Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonvVolatile Select this storage type if you want the ability to save an entry in the Access Table After making changes to an Access Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesis recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 Access Table entry will take effect immediately Click Apply To permanently save your changes select the Save Config option in the Configuration menu To delete an entry in the SNMPv3 Access Table perform the following p
299. tication method requires 802 1x client software on the supplicant nodes MAC Based Specifies MAC address based authentication The authenticator port extracts the source MAC address from the initial frames received from a supplicant and automatically sends the address as both the username and password of the supplicant to the authentication server Supplicant nodes do not need 802 1x client software for this authentication method Section VI Port Security Section VI Port Security AT S63 Management Software Web Browser User s Guide Supplicant Mode Sets the supplicant mode of an authenticator port The possible settings are O Single Configures the authenticator port to accept only one authentication This mode should be used together with the piggy back mode When an authenticator port is set to the Single mode and the piggy back mode is disabled only the one client who is authenticated can use the port Packets from or to other clients on the port are discarded If piggy back mode is enabled other clients can piggy back onto another client s authentication and so be able to use the port O Multiple Configures the port to accept up to 20 authentications Every client using an authenticator port in this mode must have a username and password combination Port Control The possible settings are Auto Activates 802 1x port based authentication and causes the port to begin in the unauthorized state allowing only EAPOL frame
300. timeout 397 RADIUS accounting configuring 369 settings displaying 370 RADIUS server encryption secret 395 encryption secret configuring 391 IP address configuring 395 409 Index Rapid Spanning Tree Protocol RSTP bridge forwarding delay 284 bridge hello time 284 bridge identifier 284 bridge max age 284 bridge priority 283 bridge settings configuring 282 disabling 272 292 edge port configuring 286 enabling 272 292 force version 283 MCHECK 285 304 point to point port configuring 286 port cost 285 port priority 285 port settings displaying 286 resetting to defaults 289 reauth period configuring 360 reg registrar state machine parameter 340 RSTP See Rapid Spanning Tree Protocol RSTP S Secure Shell SSH protocol configuring 382 displaying settings 384 Secure Sockets Layer SSL displaying settings 379 secured port security level 349 server authentication UDP port configuring 395 server key ID parameter 383 server timeout configuring 360 session cache timeout configuring 379 Simple Network Time Protocol SNTP configuring 30 servers 30 slave switch assigning 56 defined 56 SNMP management disabling 64 enabling 64 SNMPv1 and SNMPv2c community creating 66 deleting 70 displaying 71 modifying 69 SNMPv3 Access Table entry creating 220 deleting 223 displaying 261 modifying 224 SNMPv3 community name modifying 256 SNMPv3 Community Table entry creating 252 deleting 255 displaying 266 modifying 255
301. ting interfaces and port based and tagged VLANs on the switch Returning the switch to its default parameter settings does not delete files from the switch s file system or encryption keys from the key database For instructions on how to delete files refer to the AT S63 Management Software Menus Interface User s Guide or the AT S63 Management Software Command Line Interface User s Guide The speed of the Terminal Port on the switch is not changed Returning a switch to its default values does not alter the contents of the active boot configuration file To reset the file to the default settings you must establish a local or remote management session with the switch after it reboots and select Save Config from the menu Otherwise the switch reverts back to the previous configuration the next time you reset or power cycle the unit If the switch is an isolated switch i e a switch that is not a part of an enhanced stack or the master switch of an enhanced stack it is unlikely you will be able to reestablish your web browser management session at the completion of this procedure because all routing interfaces are deleted You must use a local management session to continue managing the switch A Caution This procedure involves a switch reset Some network traffic may be lost while the unit initializes its management software and loads the default configuration settings a process that takes approximately 20 seconds to complet
302. ting a Target Address Table Entry 0 eccceccceeeeceeceeeeeenneeeeeeeaeeeeeeeaaaeeeeeeeaaaeeeeeeeeaaeeeeeeeaeeeeeneeieeeeenees 241 Modifying Target Address Table Ent 242 Contents Configuring the SNMPv3 Target Parameters Table 245 Creating a Target Parameters Table Ent 245 Deleting a Target Parameters Table Ent 248 Modifying a Target Parameters Table Entry ccc cccececeeseeeeeeeeeeeeeeeeeaaeeeeeeeaaaeeeeeeeaaaeeeeeeeaaaeeeeseeaaeeeeeeeaas 249 Configuring the SNMPv3 Community Table ccccccccceeeeeeeeeeeeeeeeeeeneeeeceaeeeeceeeecaaeeeseaeeeceaeeeseaaeesecaeessaaeenaes 252 Creating an SNMPv3 Community Table Ent 252 Deleting an SNMPv3 Community Table Emtm 255 Modifying an SNMPv3 Community Table Entry ccccceceeceeeeeeeeeeeeee cease eeeeeeesaaaeeeeneeeeeaeeeeeeeeeseaeeeee 255 Displaying SNMPv3 Tables iniiai aaa a lead aaa a ne a a a ia iiaa ened ates 258 Displaying User Table Entries eea ren a aae rre AEEA Aa PARA eda p EAER E pA KARANAA A Aa AREKEA 258 Displaying KOSCH 260 Displaying Access Table Entries m icrecrjoeertnsri eusir eee eeeaeee eee eeaeeeeeeeeaeeeeeeeeeaaeeeeeeseeaeeeeeeseeaaeeeseeeeaeeees 261 Displaying SecurityToGroup Table Entree 262 Displaying Notify Table TEE 263 Displaying Target Address Table Entries 00 cc ceeeceeeeeeeeeeeee eee eeeeeee sees aaeeeeeeeaeeeeeeseaeeeeeeseeneaeeeeseneaeeees 264 Displaying Target Parameters Table Entree 265 Displaying SNMPv3 Community Table Entries
303. ting a User Table Entry You can create delete and modify an SNMPv3 User Table entry See the following procedures O Creating a User Table Entry on page 206 o Deleting a User Table Entry on page 209 o Modifying a User Table Entry on page 210 For reference information about the SNMPv3 User Table see Chapter 21 SNMPv3 in the AT S63 Management Software Menus Interface User s Guide To create an entry in the SNMPv3 User Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 75 on page 204 2 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 3 Inthe SNMPv3 section click the button next to Configure User Table and then click Configure at the bottom of the tab Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide The SNMPv3 User Table tab is shown in Figure 76 AT 9424T SP SNMPvs3 User Table Total Entries 4 Page lof 1 Storage Type Row Status User Name Protocol Protocol MD5 None NonvVolatile Active Authentication Privacy MD5 NonvVolatile Active SHA NonvVolatile Active O debashis MD5 NonvVolatile Active Figure 76 SNMPv3 User Table Tab Configuration 4 Click Add The Add New SNMPv3 User page is shown in Figure 77 Engine ID 80 00 00 cf 03 00 30 84 fd 57 da User Name gt
304. ting an MSTI on page 300 Creating an To create an MSTI perform the following procedure MSTI 1 2 From the home page select Configuration From the Configuration menu select the Layer 2 option Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 109 on page 272 Click Configure The expanded MSTP Spanning Tree tab is shown in Figure 121 on page 295 In the CIST MSTI Table section of the tab click Add The Add New MSTI page is shown in Figure 122 MSTI ID Priority 8 4096 32768 VLAN List SE 6 298 Figure 122 Add New MSTI Page In the MSTI ID field enter an ID number for the MSTI The range is 1 to 15 Section IV Spanning Tree Protocols 10 11 AT S63 Management Software Web Browser User s Guide In the Priority field enter an MSTI Priority value This parameter is used in selecting a regional root for the MSTI The range is 0 zero to 61 440 in increments of 4 096 with 0 being the highest priority This parameter is used in selecting a regional root for the MSTI For a list of the increments refer to Table 5 Bridge Priority Value Increments on page 276 The default is 0 To add VLANs to the MSTI enter the VIDs in the VLAN List field Separate multiple VIDs with a comma Click Apply The management software creates the MSTI Repeat steps 5 to 9 to create additional MSTIs To permanently save your changes select the Save Confi
305. tion 3 Select the Flow Group tab The Flow Group tab is shown in Figure 56 on page 164 4 Click the dialog circle next to the flow group to be modified and click Modify You can modify only one flow group at a time The Modify Flow Group page is displayed as shown in Figure 58 Description Servi2 Priority 802 1p 0 63 0 7 Remark Priority NO ze ToS 0 71 Move Priority To ToS Classifier List NO ei 1A 4 Figure 58 Modify Flow Group Page 5 Modify the parameters as necessary For definitions refer to Configuring a Flow Group on page 164 6 Click Apply Section Il Advanced Operations 167 Chapter 14 Quality of Service The changes are applied to the flow group 7 To permanently save your changes select the Save Config menu selection Deleting a Flow This procedure explains how to delete a flow group If the flow group to be Group deleted is already part of a QoS policy assigned to one or more switch ports you must modify the policy by removing the port assignments before you can delete the flow group You can assign the ports back to the policy after you have deleted the flow group To delete a flow group perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the Services option 3 Select the Flow Group tab The Flow Group tab is shown in Figure 56 on page 164 4 Select the flow group to be deleted and cl
306. tion server timeout conditions The default value for this parameter is 30 seconds The range is 1 to 600 seconds Control Direction Specifies how the port handles ingress and egress broadcast and multicast packets when in the unauthorized state When a port is set to the Authenticator role it remains in the unauthorized state until the client logs on by providing a username and password combination In the unauthorized state the port only accepts EAP packets from the client All other ingress packets that the port might receive from the client including multicast and broadcast traffic are discarded until the supplicant has logged in The options are Ingress A port when in the unauthorized state discards all ingress broadcast and multicast packets from the client but forwards all egress broadcast and multicast traffic to the same client Both A port when in the unauthorized state does not forward ingress or egress broadcast and multicast packets from or to the client until the Section VI Port Security Section VI Port Security AT S63 Management Software Web Browser User s Guide client logs in This is the default Piggyback Mode Controls who can use the switch port in cases where there are multiple clients e g the port is connected to an Ethernet hub If set to enabled the port allows all clients on the port to piggy back onto the initial chent e authentication The port forwards all packets regardless of the cl
307. tive name of up to 32 alphanumeric characters For example you might want to define a trap message for hardware engineering and enter a value of hardwareengineeringtrap for the Notify Name 6 Inthe Notify Tag field enter a description name of the Notify Tag 234 Section Ill SNMP v3 Deleting a Notify Table Entry Section Ill SNMP v3 10 AT S63 Management Software Web Browser User s Guide Enter a name of up to 32 alphanumeric characters In the Notify Type field enter one of the following message types Trap Indicates this notify table is used to send traps With this message type the switch does not expects a response from the host Inform Indicates this notify table is used to send inform messages With this message type the switch expects a response from the host In the Storage Type field select one of the following storage types for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the Notify Table After making changes to a Notify Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonVolatile Select this storage type if you want the ability to save an entry in the Notify Table After making changes to a Notify Table entry with a NonVolatile storage type the Save Config option is not displayed on the Configuration menu The Row Status parameter is a read only field in the web browser interf
308. to change the active spanning tree protocol and just want to enable or disable it go to Step 5 Section IV Spanning Tree P rotocols Section IV Spanning Tree Protocols AT S63 Management Software Web Browser User s Guide To change the active spanning tree protocol on the switch click STP RSTP or MSTP in the Active Protocol Version section of the tab The default is RSTP Note Only one spanning tree protocol can be active on the switch ata time To enable or disable the active spanning tree protocol on the switch click the Enable Spanning Tree check box A check indicates that the spanning tree is enabled while no check indicates that spanning tree is disabled The default is disabled Click Apply To permanently save your changes select the Save Config option in the Configuration menu If you activated STP go to Configuring STP on page 274 If you activated RSTP go to Configuring RSTP on page 282 If you activated MSTP go to Configuring MSTP on page 294 293 Chapter 19 Multiple Spanning Tree Protocol Configuring MSTP This section contains the following procedures Configuring MSTP Parameters next Configuring the CIST Priority on page 297 Managing MSTIs on page 298 QOQOQ0Q0Q 0 Configuring MSTP Port Parameters on page 302 Note MSTP must be selected as the active spanning tree protocol on the switch before you can configure it For
309. to their default values To permanently save your changes select the Save Config option in the Configuration menu 311 Chapter 19 Multiple Spanning Tree Protocol 312 Section IV Spanning Tree Protocols Section V Virtual LANs This section has the following chapters O Chapter 20 Port based and Tagged VLANs on page 315 O Chapter 21 GARP VLAN Registration Protocol on page 331 Section V VLANs 313 314 Section V VLANS Chapter 20 Port based and Tagged VLANs This chapter explains how to create modify and delete port based and tagged VLANs This chapter also explains how to select a multiple VLAN mode This chapter contains the following sections Creating a New Port Based or Tagged VLAN on page 316 Modifying a VLAN on page 321 Deleting a VLAN on page 323 Selecting a VLAN Mode on page 324 Displaying VLANs on page 326 OQ 00 0 Secton V Virtual LANs 315 Chapter 20 Port based and Tagged VLANs Creating a New Port Based or Tagged VLAN To create a new port based or tagged VLAN perform the following procedure 1 From the Home page select Configuration 2 From the Configuration menu select the Layer 2 option 3 Select the VLAN tab The VLAN tab is shown in Figure 128 System Name Marketing C Addr 00 30 84 4B EF CD L aert LAN Conflauration SA Uplink Port L Mgmt Security User Configured Total VLAN
310. tting is Auto Update the port cost is set automatically depending on the speed of the port Default values are 2 000 000 for 10 Mbps ports 200 000 for a 100 Mbps ports and 20 000 for one gigabit ports Priority This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the regional root bridge Section IV Spanning Tree Protocols Section IV Spanning Tree Protocols AT S63 Management Software Web Browser User s Guide The MSTP Port Status Port s page is shown in Figure 127 STP Port Status Pons 17 Total Ports Selected 1 Page 1of1 Port State CISTMSTI ID Role P2P Version Port Cost 17 Disabled 0 Figure 127 MSTP Port Status Port s Page The MSTP Port Status page displays a table with the following columns of information Port The port number State The MSTP state of the port The possible states are Discarding The port is discarding received packets and is not submitting forwarded packets for transmission Learning The port is enabled for receiving but not forwarding packets Forwarding Normal operation Disabled The port has not established a link with its end node Role The MSTP role of the port The possible roles are Root The port that is connected to the root switch directly or through other switches with the least path cost Alternate The port offers an alternate path in the direction of t
311. twork VLANs and their VID values Name Specify a name for the new VLAN The name can be from one to fifteen alphanumeric characters in length The name should reflect the function of the nodes that are part of the VLAN for example Sales or Accounting The name cannot contain spaces or special characters such as asterisks or exclamation points If the VLAN is unique in your network then the name should be unique as well If the VLAN is part of a larger VLAN that spans multiple switches then the name for the VLAN should be the same on each switch where nodes of the VLAN are connected Note A VLAN must be assigned a name Type Select Port Based as the Type to create a port based or tagged VLAN This is the only option Note You must use the menus or command line interface to create a MAC address based VLAN or protected ports VLAN To select the VLAN ports click on the ports in the switch image Clicking repeatedly on a port toggles it through the following settings Untagged port Se Tagged port ie Not a member of the VLAN a Click Apply The new user configured VLAN is now ready for network operations Note Untagged ports assigned to the new VLAN are automatically removed from their current untagged VLAN assignment 319 Chapter 20 Port based and Tagged VLANs 8 To permanently save your changes select the Save Config option in the Configuration menu 320 Secton V Virtual LAN
312. ty string with an open status has no affect on the string Trap Receiver IP Address 1 through Trap Receiver IP Address 8 Specify the IP addresses of up to eight trap receivers These are nodes on your network such as your management workstation to act as trap receivers for the switch Click Apply The new community string is now available on the switch Repeat this procedure starting with step 4 to add more community strings To permanently save your changes select the Save Config menu option Section Basic Operations AT S63 Management Software Web Browser User s Guide Modifying an SNMPv1 and SNMPv2c Community Section Basic Operations To modify an SNMPv1 and SNMPv2c community perform the following procedure 1 2 From the Home page select Configuration From the Configuration menu select the Mgmt Protocols option Select the SNMP tab The SNMP tab is shown in Figure 14 on page 64 In the SNMPv1 amp SNMPv2c section click Configure The SNMPv1 amp SNMPv2c Communities tab is shown in Figure 15 on page 66 Click the button next to the community name to be modified and click Modify You can modify only one community string at a time The settings of the selected SNMP community string are displayed in the Modify SNMPv1 amp SNMPv2c Community page Modify the parameters as needed For parameter definitions refer to Creating a New SNMPv1 and SNMPv2c Community on page 66 You cannot c
313. tyToGroup Table After making changes to a SecurityToGroup Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesis recommends this storage type Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 SecurityToGroup Table entry takes effect immediately 9 Click Apply 229 Chapter 17 SNMPv3 Deleting a SecurityToGroup Table Entry Modifying a SecurityToGroup 230 Table Entry 10 To permanently save your changes select the Save Config option in the Configuration menu To delete an entry SNMPv3 SecurityToGroup Table perform the following procedure 1 From the home page select Configuration The Configuration System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 Select the SNMP tab The SNMP tab is shown in Figure 75 on page 204 In the SNMPv3 section click the button next to Configure SecurityToGroup Table and then click Configure at the bottom of the tab The SNMPv3 SecurityToGroup Table tab is shown in Figure 85 on page 228 Click the button next to the SecurityToGroup Table entry to be deleted and then click Remove A warning message is displayed Click OK From the Configuration menu select the Save Config option to permanently save your changes This option is not displayed if there are no changes to save
314. u enabled the SNTP client the switch immediately polls the SNTP or NTP server for the current date and time The switch automatically polls the server whenever a change is made to any of the parameters in this menu so long as SNTP is enabled 6 To permanently save your changes click Save Config 32 Section Basic Operations AT S 63 Management Software Web Browser User s Guide Rebooting a Switch Note All unsaved parameters changes are discarded when a system is reset To save your parameter changes click the Save Config option in the main menu To reboot a switch perform the following procedure 1 From the home page select Configuration The System page is displayed with the General tab selected by default as shown in Figure 1 on page 26 2 Click Reset at the bottom of the tab A confirmation prompt is displayed 3 Click OK to reset the switch or Cancel to cancel the procedure Note The switch does not forward packets while it initializes the AT S63 Management Software and loads its active configuration file This process takes between 20 seconds to 2 minutes to complete depending on the number and types of commands in the configuration file Resetting the switch ends your web browser management session You must restart the session to continue managing the switch Section Basic Operations 33 Chapter 1 Basic Switch Parameters Pinging a Remote System This procedure instructs the
315. u need to provide an uplink port as explained in the procedure If your remote workstation is communicating with the switch through any port other than the uplink port your management session will end and you will have to use a local management session to continue managing the unit Note The switch does not retain port based and tagged VLAN configurations when it is changed to a multiple VLAN mode and later reset The VLAN configurations must be reentered if you return the switch to the user configured VLAN mode To select a VLAN mode for the switch perform the procedure below 1 From the home page select Configuration 2 From the Configuration menu select the Layer 2 option 3 Select the VLAN tab The VLAN tab is shown in Figure 128 on page 316 4 Inthe VLAN Mode section select a VLAN mode Only one mode can be active on the switch at a time The modes are User Configured Port based and tagged VLAN Mode Multiple Non IEEE 802 1Q compliant Multiple VLAN Mode Multiple 802 1Q IEEE 802 1Q compliant Multiple VLAN Mode 5 If you are selecting one of the multiple VLAN modes specify an uplink port in the Uplink Port field This port functions as the uplink port for the VLANs The default is port 1 Secton V Virtual LANs Secton V Virtual LANs AT S63 Management Software Web Browser User s Guide 6 Click Apply The new mode is automatically activated on the switch Note If your management session loses conn
316. u specify the VLAN by entering the VLAN ID number You can specify only one VLAN at a time View MAC Address Displays the port number where a MAC address was assigned or learned In some situations you might want to know which port learned a particular MAC address You could display the MAC address table and scroll through the list looking for the MAC address but if the switch is part of a large network finding the address could prove difficult This option allows you to specify the MAC address and let the AT S63 Management Software automatically locate the port where the address was learned 3 After selecting an option click View Section Basic Operations 75 Chapter 5 MAC Address Table 76 Figure 20 shows an example of viewing all unicast MAC addresses T Viewvacadaresses O O O OOOO Total MAC Addresses 117 Page 1 of 12 VLANID MAC ADDRESS ae EC 00 00 CD 01 6B 5D 00 00 CD 0D 40 c 00 00 F 4 44 12 44 00 00 F 4 DD 29 31 00 02 2D 7 BAA EA 00 02 2D 7 C AF F9 00 02 55 81 1E 98 00 02 DD 32 3D 1C 00 04 23 56 70 6B 00 04 23 80 B3 0E n Om Om om Om Om Om Om Om Figure 20 View MAC Addresses Page The View MAC Addresses page displays a table that contains the following columns of information VLAN ID The ID number of the VLAN where the port is a member MAC Address The static or dynamic MAC address Port s The port where the address was learned or assigned The MAC address with port
317. ubTree Mask View Type Storage Type Row Status 1 3 6 1 2 1 3 6 1 4 1 3 6 1 1 3 6 1 1 1 3 6 1 3 Excluded Included Included Included Excluded Nonvolatile Volatile Nonvolatile NonvVolatile NonvVolatile Figure 79 SNMPv3 View Table Tab Configuration 4 Click Add The Add New SNMPv3 View page is shown in Figure 80 View Name Subtree OID Subtree Mask View Type Storage Type Row Status wiiren private private gt H Included Volatile Active Figure 80 Add New SNMPv3 View Page 5 Inthe View Name field enter a descriptive name for this view Assign a name that reflects the subtree OID for example internet Enter a unique name of up to 32 alphanumeric characters Section Ill SNMP v3 215 Chapter 17 SNMPv3 216 Note The defaultViewAll value is the default entry for the SNMPv1 and SNMPvec configuration You cannot use the default value for an SNMPv3 View Table entry In the Subtree OID field enter a subtree that this view will or will not be permitted to display You can enter either a numeric value in hex format or the equivalent text name For example the OID hex format for TCP IP is 1 3e bee de Le 6 The text format is for TCP IP is tcp In the Subtree Mask field enter a subtree mask in hexadecimal format This is an optional parameter that is used to furt
318. uctions refer to Setting Port Roles on page 354 1 From the home page select Configuration 2 From the Configuration menu select the Network Security option 3 Select the 802 1x Port Access tab The 802 1x Port Access tab is shown in Figure 144 on page 354 4 Inthe switch image click the authenticator port to be configured You can configure more than one authenticator port at a time The selected port turns white 5 Click Settings 357 Chapter 23 802 1x Port based Network Access Control 358 The Authenticator Parameters page is shown in Figure 146 __AuthenticatorParameters t Z Authentication Mode Supplicant Mode Bis W Single 8 Port Control Max Requests Auto S 30 30 Both Tx Period Quiet Period Reauth Enabled Reauth Period Enabled vi 3600 Supplicant Timeout Server Timeout Control Direction Piggyback Mode VLAN Assignment Secure VLAN Enabled ze ON e Guest VLAN 60 30 i Disabled Si Figure 146 Authenticator Parameters Page 6 Configure the following parameters as needed Authenticator Mode Sets the authenticator mode of an authenticator port This parameter can take the following values o 802 1x Specifies 802 1x username and password authentication With this authentication method the supplicant must provide either manually or automatically a username and password to the authenticator port This authen
319. unters perform the following procedure 1 2 From the Home page select Monitoring From the Monitoring menu select the Layer 2 option Select the GVRP tab The GVRP tab is shown in Figure 134 on page 335 In the View GVRP Parameters section click View GVRP Counters Click View The GVRP Counters page is shown in Figure 138 Receive Transmit Total GARP Packets Total GARP Packets Invalid GARP Packets Discarded GARP Disabled GARP Disabled Port Not Listening Port Not Sending Invalid Port Invalid Protocol Invalid Format Database Full GARP Messages Leaveall LeaveAll JoinEmpty JoinEmpty Joinin Joinin LeaveEmpty LeaveEmpty Leaveln Leaveln Empty Empty Bad Message Bad Attribute Figure 138 GVRP Counters Page The GVRP Counters page provides the information shown in Table 12 Table 12 GVRP Counters Parameter Meaning Receive Total GARP Total number of GARP PDUs received by this Packets GARP application 341 Chapter 21 GARP VLAN Registration Protocol 342 Table 12 GVRP Counters Continued Parameter Meaning Transmit Total GARP Packets Total number of GARP PDUs transmitted by this GARP application Receive Invalid GARP Packets Receive Discarded GARP Disabled Number of invalid GARP PDUs received by this GARP application Number of received GARP PDUs discarded because the GARP application was disabled Transmit Discarded GARP D
320. upplicants regardless of their assigned VLANs are authenticated However the port remains in the VLAN specified in the initial authentication regardless of the VLAN assignments of subsequent authentications Guest VLAN Specifies the VID of a Guest VLAN The authenticator port is a member of a Guest VLAN when no supplicant is logged on Clients do not log on to access a Guest VLAN You can specify a Guest VLAN by either its name or VID To remove a Guest VLAN without assigning a new one delete the name or VID of the assigned VLAN 7 Click Apply 361 Chapter 23 802 1x Port based Network Access Control Changes to the authenticator settings are immediately implemented on a port 8 To permanently save your changes select the Save Config option in the Configuration menu 362 Section VI Port Security AT S63 Management Software Web Browser User s Guide Configuring Supplicant Port Parameters Section VI Port Security To configure supplicant port parameters perform the following procedure Note The role of a port must be set to supplicant before the parameters can be configured For instructions refer to Setting Port Roles on page 354 From the home page select Configuration From the Configuration menu select the Network Security option Select the 802 1x Port Access tab The 802 1x Port Access tab is shown in Figure 144 on page 354 Click the supplicant port to be configured You can configure
321. uration Click View The GVRP Port Configuration page is shown in Figure 135 mert Page 1 of 3 Port Number 1 2 3 4 5 6 H 8 g Figure 135 GVRP Port Configuration Page The GVRP Port Configuration page provides the following information Port Number The port number Mode The port mode either Normal or None Section V Virtual LANs AT S63 Management Software Web Browser User s Guide Displaying the GVRP Database To display the GVRP database perform the following procedure 1 2 Section V Virtual LANs From the Home page select Monitoring From the Monitoring menu select the Layer 2 option Select the GVRP tab The GVRP tab is shown in Figure 134 on page 335 In the View GVRP Parameters section click View GVRP Database Click View The GVRP Database page is shown in Figure 136 Page lof 0 GID Index VLAN ID Used 0 E ves Figure 136 GVRP Database Page The GVRP Database page provides the following information GID Index The value of the GID index corresponding to the attribute VLAN ID The value of the attribute Used Whether the GID index is currently being used by any port in the GARP application 337 Chapter 21 GARP VLAN Registration Protocol Displaying the GVRP State Machine To display the GVRP state machine perform the following procedure 1 2 From the Home page select Monitoring
322. uring To configure RSTP bridge parameters perform the following procedure RSTP Bridge i From the Home page select Configuration Settings 2 From the Configuration menu select the Layer 2 option 3 Select the Spanning Tree tab The Spanning Tree tab is shown in Figure 109 on page 272 4 Click Configure 282 Section IV Spanning Tree P rotocols AT S63 Management Software Web Browser User s Guide The Configure RSTP Bridge Parameters tab is shown in Figure 115 Layer 2 System Name Marketing MAC Addr 00 30 84 A4B EF CD Configure RSTP Parameters Force Version Bridge Max Age 6 40 O Force STP Compatible RSTP 20 Bridge Priority 0 15 Bridge Identifier 8 2 4096 32768 00 21 46 A7 B4 43 Bridge Hello Time 1 10 Root Bridge 00 21 46 A7 B4 43 Root Priority Bridge Forwarding 4 30 32768 15 Section IV Spanning Tree Protocols Figure 115 Configure RSTP Parameters Tab Configuration 5 Configure the following parameters as necessary Force Version This selection determines whether the bridge operates with RSTP or in an STP compatible mode If you select RSTP the bridge operates all ports in RSTP except for those ports that receive STP BPDU packets If you select Force STP Compatible the bridge operates in RSTP using the RSTP parameter settings but it sends only STP BPDU packets out the ports Bridge Priority The priority number f
323. us Status of the port The status field is dependent on whether a port is configured as an authenticator or a supplicant The Status field can have the following values for an authenticator port Aborting Authenticated Authenticating Connecting Disconnected Force_Auth Force_Unauth Held Initialize The Status field can have the following values for a supplicant port Acquired Authenticated Authenticating Connecting Disconnected Held Logoff Section VI Port Security Displaying the Port Settings Section VI Port Security AT S 63 Management Software Web Browser User s Guide Additional Info This field displays the MAC address of an authenticated node for authenticator ports with a status of Authenticated To display the port settings for port based network access control perform the following procedure 1 2 From the Home page select Monitoring From the Monitoring menu select Network Security Select the 802 1x Port Access tab The 802 1x Port Access tab is shown in Figure 148 on page 365 In the switch image click a port and click Settings You can display the settings of more than one port at a time Note To view the settings of multiple ports the selected ports must have the same port role authenticator or supplicant The Authenticator Port Parameters page is displayed for authenticator ports as shown in Figure 150 genge Port Parameters 11 Current Port 11 Total Ports
324. value is 0 0 0 0 37 Chapter 1 Basic Switch Parameters Displaying System Information To view basic information about the switch perform the following procedure 1 From the Home page select Monitoring The Monitoring System page is displayed with the General tab selected by default as shown in Figure 5 System System Information MAC Address IP Address 00 30 84 FE D2 00 149 35 62 14 Model Name Subnet Mask AT 9448TSIXP 255 255 255 0 Serial Number Default Gateway A00502L040200004 0 0 0 0 System Up Time 0 Days 0 Hours 19 Minutes 44 Seconds System Name Marketing Administrator J Smith Comments Building 212 rm 502 BOOTP DHCP Static Software Information Application Software ATS63 v2 0 0 Build Date Mar 31 2006 15 46 33 Bootloader ATS63_LOADER v1 7 0 Build Date Mar 22 2006 14 06 25 Hardware Information Power Information Main Power Supply On Redundant Power Supply Not Connected System 1 25 Power 1 254 System 1 8V Power 1 83V System 2 54 Power 251V System 3 0V Power System 3 3V Power System 5 0 Power System 12 0 Power Temperature Information System Temperature Celsius Fan Information System Fan 1 Speed 7417 RPM System Fan 2 Speed 7336 RPM System Fan 3 Speed 6026 RPM System Fan 4 Speed 7258 RPM Figure 5 General Tab Monitoring 38 Section Basic Operations Section Basic Operations AT S63 Management Software Web
325. vanced Operations Section Il Advanced Operations 4 AT S63 Management Software Web Browser User s Guide Parent Policy ID The QoS policies to which the traffic class is assigned Flow Group List The flow groups assigned to this traffic class To create a new traffic class click Create The Create Traffic Class page is shown in Figure 61 Seege OO OOOO O Description ID 0 511 Exceed Action Exceed Remark value DROP D 0 63 DSCP Value Max Bandwidth 0 63 0 1 016 Burst Size Priority 4 512 0 7 Remark Priority NO M ToS Move ToS To Priority jon No sl Move Priority To ToS Flow Group List NO e oA 1 B 2 3 Figure 61 Create Traffic Class Page 5 Configure the following parameters ID Specifies an ID number for the traffic class Each traffic class on the switch must be assigned a unique number The range is 0 to 511 The default is 0 This parameter is required Description Specifies the traffic class description A description can be up to 15 alphanumeric characters including spaces 171 Chapter 14 Quality of Service 172 Exceed Action Specifies the action to be taken if the traffic of the traffic class exceeds the maximum bandwidth There are two possible exceed actions drop and remark If drop is selected traffic exceeding the bandwidth is discarded If remark is selected the packets are forwarded after replacing the DSCP value with the n
326. vent log tab is shown in Figure 33 on page 119 Under Current Log Outputs select Output 0 Permanent to configure the log in permanent memory or Output 1 Temporary to configure the log in temporary memory Click Modify The Modify Event Log Output window is displayed The window for the temporary memory log is shown in Figure 36 ModifyeventtogOuputt Output ID Type 1 Temporary Status Action Enabled Wrap v Figure 36 Modifying Event Log Output 1 Window 6 Using the Action pull down menu select one of the following Wrap The log deletes the oldest entries as it adds new entries after reaching its maximum storage capacity Halt The log stops adding new entries to preserve the contents of the log 125 Chapter 10 Event Logs and Syslog Client 7 Click Apply 8 To permanently save the change select the Save Config menu selection Saving an Event You can save the current contents of an event log as an ASCII file in the Log to a File switch s file system You might save an event log to retain a history of the operation of the switch or to assist in resolving a network problem The file can be viewed from the file system or uploaded to your management workstation using Xmodem or TFTP To save an event log to a file perform the following procedure 1 From the home page select Configuration 2 From the Configuration menu select the System option 3 Select the Event Log tab
327. ver For instructions refer to Enabling or Disabling the Event Logs on page 118 O The switch must have a routing interface on the local subnet from where it will reach the syslog server The switch uses the IP address of the interface as its source address when sending packets to the server Configuring the switch to send its events to a syslog server involves creating a syslog output definition This involves specifying the IP address of the syslog server along with other information such as the types of event messages the switch is to send to the server This section contains the following topics Configuring a Syslog Output Definition next Viewing a Syslog Output Definition on page 130 Modifying a Syslog Output Definition on page 130 UU UU Deleting a Syslog Output Definition on page 131 Configuring a To configure a syslog output file perform the following procedure Syslog Output Se 1 From the home page select Configuration Definition 2 From the Configuration menu select the System option 3 Select the Event Log tab The Event log tab is shown in Figure 33 on page 119 4 Inthe Configure Log Outputs section click Create Section Il Advanced Operations 127 Chapter 10 Event Logs and Syslog Client The Create Log Output page is shown in Figure 37 Output ID Type 0 2 20 0 1 Reserved SysLog Output Status Syslog Server IP Address Enabled x Message Format Facilit
328. work manager attention Information Useful information that can be ignored during normal operation Debug Messages intended for technical support and software development Date and Time The date and time the event occurred Event This item contains two parts The first is the name of the AT S63 module that generated the event The second is a description of the event 123 Chapter 10 Event Logs and Syslog Client 124 An example of the Full mode is shown in Figure 35 Date and Time Filename Line 04 20 04 06 56 54 04 20 04 06 56 54 04 20 04 06 56 54 04 20 04 06 56 55 04 20 04 06 56 55 04 20 04 06 56 55 04 20 04 06 56 55 04 20 04 06 56 56 04 20 04 06 56 56 04 20 04 06 56 56 d CO gt Oo O e e e e e E e oo n 232 3 2 Q0 A 2 gt Event fileapp c 131 webserv c 79 atissh c 535 cfgmain c 159 tacacs c 830 radiusclient c 1 280 garpmain c 259 qosapp c 711 qosapp c 787 qosapp c 787 file File System initialized http Server reset to defaults ssh SSH server disabled cfg Configuration initialized tacacs TACACS initialized radius RADIUS initialized garp GARP initialized qos Number of Egress Queues setto 8 qos Priority D mapped to Egress Queue 0 qos Priority 1 mapped to Egress Queue 1 Clearing an Event Log Figure 35 Event Log Example Displayed in Full Mode The additional information displayed in Full mode is defined he
329. work packet for routing but cannot find a route for it in the routing table This field will contain 0 0 0 0 if no default route is defined on the switch For AT 9400 Switches that do not support IPv4 packet routing such as the AT 9424T GB and AT 9424T SP switches this field displays the default gateway address This is the IP address of a router interface on your network The switch s management software uses this address as the next hop to reaching a remote network device when the switch s local interface and the remote device are on different subnets The default value is 0 0 0 0 39 Chapter 1 Basic Switch Parameters System Up Time The length of time since the switch was last reset or power cycled The Software Information section displays the following information Application Software The version number and build date of the AT S63 Management Software Bootloader The version number and build date of the AT S63 bootloader The Hardware Information section displays the following information Power Information The status of the main power supply the redundant power supply if present and internal power consumption Temperature Deg C The ambient temperature as measured where the air enters the cooling vents on the side of the unit Fan Information The speed or operating status of the system fan s 40 Section Basic Operations Chapter 2 Port Parameters Section Basic Operations This chapter
330. x Age 20 Bridge Identifier 00 30 84 FE D2 00 tem Name ddr 00 30 84 arketing AB EF CD Spanning Tree Root Bridge 00 30 84 FE D2 00 Root Priority 32768 Root Hello Time 2 Root Forwarding 15 Root Max Age 20 Root Path Cost 0 Figure 113 Monitor STP Parameters Tab Monitoring Section IV Spanning Tree Protocols 279 Chapter 18 Spanning Tree and Rapid Spanning Tree Protocols Resetting STP to the Default Settings 280 gt 6 To view port settings click a port in the switch and click Status or Settings The STP Settings page is shown in Figure 114 T S senos poneis OOOO Total Ports Selected 1 Page 1of1 Cost Priority Port State 15 Disabled 128 Figure 114 STP Settings Page The STP Settings page displays a table that contains the following columns of information Port The port number State Current state of a port The possible states are Listening Learning Forwarding or Blocking when spanning tree is enabled on the switch When spanning tree is not enabled on the switch or if a port is not being used its state will be disabled Cost Port cost of the port Priority The port s priority value The number is used as a tie breaker when two or more ports have equal costs to the root bridge Click OK to close the page To reset STP to the factory default settings perform the following procedure
331. y You can modify only one classifier at a time An example of the Modify Classifier page is shown in Figure 43 Met ID Description 1 test Destination MAC Source MAC Ethernet Format Any m Priority VLAN ID 0 7 1 4094 Protocol B User Specified Protocol User Specified x Apply Cose Figure 43 Modify Classifier Page 5 Modify the parameters as necessary For parameter descriptions refer to Configuring a Classifier on page 134 140 Section Il Advanced Operations Section Il Advanced Operations AT S 63 Management Software Web Browser User s Guide When you are finished modifying the parameters click Apply The modifications are immediately implemented in the classifier To permanently save your changes select the Save Config option in the Configuration menu 141 Chapter 11 Classifiers Deleting a Classifier To delete a classifier perform the following procedure 142 Note A classifier must be removed from all access control lists and QoS policies before it can be deleted From the home page select Configuration From the Configuration menu select the Network Security or Services option The Classifier tab is accessible from both menu selections Select the Classifier tab The Classifier tab is shown in Figure 40 on page 134 Click the button next to the classifier to be deleted and click Delete Only one classifier can be deleted at a t
332. y Level Extended v DEFAULT el Severity Selections Module Selections D Debug o E Error WeWarning Hnformation Figure 37 Create Event Log Output Page 5 Configure the following parameters as necessary Output ID Specifies an identification number for the syslog output definition Each definition must be given a unique number The range is 2 to 20 The default is the next available number Output Status Controls the status of the syslog output definition The options are Enabled Enables the output definition The switch uses the output definition to send events to the syslog server Disabled Disables the log output The switch does not use the output definition Message Format Controls the format of the sent event messages The options are Extended Sends the time module severity description file name line number and event ID This is the default Normal Sends the time module severity and description for each event Severity Selections Specifies the severity of events to be sent to the syslog server The options are ALL Sends all event messages of the following types Use Ctrl key to select more than one severity This is the default 128 Section Il Advanced Operations Section Il Advanced Operations AT S 63 Management Software Web Browser User s Guide Error Sends only error event messages Error messages indicate that the switch operation is severely impaired
333. ying Port Parameters To display the parameter settings of a port perform the following procedure 1 From the Home page select Monitoring 2 From the Monitoring menu select the Layer 1 option The Layer 1 page is displayed with the Port Settings tab selected by default as shown in Figure 8 Layer 1 Figure 8 Port Settings Tab Monitoring The Port Settings tab displays an image of the front of the switch Ports with a valid link to an end node are green 3 In the switch image click a port You can select more than one port A selected port turns white To deselect a port click it again 4 Click Status Section Basic Operations 49 Chapter 2 Port Parameters 50 The Port Status page is shown in Figure 9 Description ifName Port_03 Vian Id 1 Speed and Duplex Auto Ingress Broadcast Filter Disabled Ingress Unknown Unicast Filter Disabled Ingress Unknown Multicast Filter Disabled Flow Control Disabled Flow Control Back Pressure Limit 7935 Broadcast Rate Limiting Disabled Unknown Unicast Rate Limiting Disabled Multicast Rate Limiting Disabled sesa Status Enabled Link Status Down MDIMDIX Crossover MDIX Egress Broadcast Filter Disabled Egress Unknown Unicast Filter Disabled Egress Unknown Multicast Filter Disabled Back Pressure Disabled HOL Blocking 682 Broadcast Rate 262143 Unknown Unicast Rate 262143 Mu
334. ypes for this table entry Volatile Select this storage type if you do not want the ability to save an entry in the SecurityToGroup Table After making changes to a SecurityToGroup Table entry with a Volatile storage type the Save Config option is not displayed on the Configuration menu NonvVolatile Select this storage type if you want the ability to save an entry in the SecurityToGroup Table After making changes to a SecurityToGroup Table entry with a NonVolatile storage type the Save Config option is displayed on the Configuration menu Allied Telesis recommends this storage type 231 Chapter 17 SNMPv3 Note The Row Status parameter is a read only field in the web browser interface The Active value indicates the SNMPv3 SecurityToGroup Table entry takes effect immediately 7 Click Apply to update the SNMPv3 SecurityToGroup Table 8 To permanently save your changes select the Save Config option in the Configuration menu 232 Section Ill SNMP v3 AT S63 Management Software Web Browser User s Guide Configuring the SNMPv3 Notify Table Creating a Notify Table Entry Section Ill SNMP v3 You can create delete and modify an SNMPv3 Notify Table entry See the following procedures Oo Creating a Notify Table Entry on page 233 o Deleting a Notify Table Entry on page 235 ao Modifying a Notify Table Entry on page 236 For reference information about the SNMPv3 Notify Table see Cha
Download Pdf Manuals
Related Search