Management Software User's Guide
Contents
1. This preface contains the following sections o Where to Find Web based Guides on page 12 o Contacting Allied Telesis on page 13 Preface Where to Find Web based Guides The installation and user guides for all Allied Telesis products are available in portable document format PDF on our web site at www alliedtelesis com You can view the documents online or download them onto a local workstation or server AT S86 Management Software User s Guide Contacting Allied Telesis Online Support Email and Telephone Support Warranty Returning Products Sales or Corporate Information Management Software Updates This section provides Allied Telesis contact information for technical support as well as sales and corporate information You can request technical support online by accessing the Allied Telesis Knowledge Base from the following website www alliedtelesis com support You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions For Technical Support via email or telephone refer to the Allied Telesis web site www alliedtelesis com Select your country from the list displayed on the website Then select the appropriate menu tab For hardware warranty information refer to the Allied Telesis web site www alliedtelesis com support warranty Products for return or repair must first be assigned a return materials authorizat2. Dynamic Addresses v Port Port M VLAN ID 1 4000 Query MAC Address Port O 7 VLANID 1 MAC 00 00 cd 14 64 48 Port O 7 VLAN ID 1 MAC 00 04 5a Se 6c ac Port O 7 VLAN ID 1 MAC 00 04 5a 5e 6f d3 Port O 7 VLAN ID 1 MAC 00 06 5b a3 67 d6 Port O 7 VLAN ID 1 MAC 00 06 5b c7 1b 4e Port O 7 VLAN ID 1 MAC 00 06 5b c7 1c 0c Port O 7 VLAN ID 1 MAC 00 06 5b cb dd 3f Port O 7 VLAN ID 1 MAC 00 08 74 cb 5f 20 Port O 7 VLAN ID 1 MAC 00 08 74 cb 5f 2d Port O 7 VLAN ID 1 MAC 00 08 74 cb ce bf M Aging Time 300 0 or 15 3825 seconds multiple of 15 OK Reload Figure 45 Dynamic MAC Addresses Associated with a Port 3 To view the dynamic MAC addresses learned on the tagged and untagged ports of a specific VLAN in the Query by section click VLAN ID enter the VLAN ID and click Query The page is redisplayed to contain a list similar to the one in Figure 46 Dynamic Addresses Port Porti v v VLAN ID 1 1 4000 Query MAC Address Port O 7 VLAN ID 1 MAC 00 00 cd 14 64 48 Port O 7 VLAN ID 1 MAC 00 04 5a 5e 6c ac Port O 7 VLAN ID 1 MAC 00 04 5a 5e 6f d3 Port O 7 VLAN ID 1 MAC 00 06 5b a3 67 d6 Port O 7 VLAN ID 1 MAC 00 06 5b b2 65 89 Port O 7 VLAN ID 1 MAC 00 06 5b cb dd 3f Port O 7 VLAN ID 1 MAC 00 08 74 1a c8 db Port O 7 VLAN ID 1 MAC 00 08 74 cb 5f 20 Port O 7 VLAN ID 1 MAC 00 08 74 cb 5f 2d Port O 7 VLAN ID 1 MAC 00 08
3. To display statistics for additional ports select the port and color click Add and click Draw To remove a port select the port click Remove and click Draw AT S86 Management Software User s Guide An example of a historical status chart is shown in Figure 43 Historical Status Chart Statistics Auto Refresh Port Color Port Port 4 Inbound Unicast Packets v Add Port5 w Remove Light Gray M gt Light Gr gt Light Yellow Statistics 1220 Hiro E Foti Time 0 days 00 00 00 Figure 43 Sample Historical Status Chart 133 Chapter 12 Statistics 134 Chapter 13 MAC Addresses This chapter contains the following sections o MAC Address Overview on page 136 ao Working with Dynamic MAC Addresses on page 138 ao Working with Static MAC Addresses on page 142 135 Chapter 13 MAC Addresses MAC Address Overview 136 Each hardware device that you connect to your Ethernet network has a unique MAC address assigned to it by the device s manufacturer For example every network interface card NIC that you use to connect your computers to your network has a MAC address assigned to it by the adapter s manufacturer The AT FS750 48 Fast Ethernet switch contains a MAC address table with a storage capacity of 8K The switch uses the table to store the MAC addresses of the network nodes connected to its ports along with the port number on
4. v Ingress Port NER SURE BETTY 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 48 anaaaa 2280888 288888 aan a SECT UUEWUNUUNS FEET FEET F rie pe Ce vem Dues E 14 16 18 20 22 24 20 28 30 32 34 36 38 40 42 44 4 48 60 51 62 Egress Port E e 25 IQ DM 13 15 17 19 21 23 25 27 20 31 33 35 37 390 41 43 45 7 48 ananaan 2880888 288888 aaa a SECT SECT FEET FEET U 2 rel ee 10 As 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 51 52 c cv Figure 17 Mirroring Page 2 Select the ports whose ingress traffic you want to monitor by clicking the port icon in the graphic image of the switch front at the top of the page 59 Chapter 6 Port Mirroring A check mark is placed for each port you select as for example Figure 18 Mirror Mode Disable v Monitor Port Ingress Port sc aC Te eG We ra te FS 25 27 29 31 33 35 37 39 41 ug Ntc Aeon N BeOS HL 43 45 47 49 azanan aazZaRA KARMA ABRARARAA A 8 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 51 52 Egress Port A ETC RD Page Aum DIS i 13 MGS Ae 051907521 723 25 27 29 31 33 35 37 39 41 43 46 47 48 8 10 1412 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 51 52 mm c Figure 18 Ingress Ports Selected 3 Select the ports whose egress traffic you want to monitor by clicking the port icon in the graphic image of the switch front at the top of the page A check mark is placed for each port you sel
5. To change the VLAN mode of a port on the switch perform the following procedure 1 From the main menu select Bridge gt VLAN gt VLAN Mode The VLAN Mode page is shown in Figure 25 VLAN Mode Port 1 w VLAN Mode 802 1Q Tagged VLAN v Modify Port 01 gt VLAN Mode 802 19 Tagged VLAN Port 02 gt VLAN Mode 802 1Q Tagged VLAN gt VLAN Mode 802 10 Tagged VLAN ort 04 gt VLAN Mode 802 1Q Tagged VLAN ort 05 gt VLAN Mode 802 1Q Tagged VLAN gt VLAN Mode 1Q Tagged VLAN VLAN Mod agged VLAN VLAN Mod VLAN vL ort 09 gt V a VLAN Port 10 VLAN Mod AQ Tagged VLAN M o Reload Figure 25 VLAN Mode Page 2 Inthe Port List select the port you want to configure or scroll through the list below The port is highlighted in the port list 3 From the VLAN Mode list select either 802 1Q Tagged VLAN or Port Based VLAN The default is 802 1Q tagged VLAN mode Note The default VLAN mode is 802 1Q Tagged VLAN 4 To view the ports that are set to a particular mode in the VLAN Mode list select the type of VLAN you want to view either 5 Click Modify 6 Doone of the following 0 Click OK to save the changes 0 Click Reload to reload the previous configurations AT S86 Management Software User s Guide To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 o
6. Class of Service CoS Configuring CoS To configure CoS perform the following procedure 1 From the main menu select Bridge Default Port VLAN amp COS The Default Port VLAN amp CoS page is shown in Figure 26 Default Port VLAN amp CoS CoS Value 0 Modify M XJ 0 Figure 26 Default Port VLAN amp CoS Page 2 Inthe Port List select the port you want to configure or scroll through the list below The port is highlighted in the port list 3 Select the PVID of the VLAN that the port is associated with For more information about the PVID refer to Port VLAN Identifier on page 68 4 n the CoS Value list select a CoS value from 0 through 7 5 Click Modify The port settings in the table are changed Continue to select and modify additional ports 6 Do one of the following 0 Click OK to save the changes D Click Reload to retrieve the previous settings 7T To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 84 AT S86 Management Software User s Guide 8 Click Save 85 Chapter 8 Class of Service CoS Mapping CoS Priorities to Egress Queues 86 This procedure explains how to change the default mappings of CoS priorities to egress priority queues shown in Table 3 on page 83 This is set at the switch level You cannot set this at
7. 168 1 1 The main page for the AT S86 management software is shown in Figure 1 AV Allied Telesis LAUZES 150 48 UMS ATI support IE 5 5 or above 3 i Home A Welcome to AT FS750 48 System Physical Interface Bridge SNMP Security Statistics Chart Save Configuration Mv gt System LED Green The switch is powered up and operating normally Green blinking Self test initialization or downloading Off No power gt gt 100BaseT port LEDs two LED for each port to show port status Bortistat s LEDo erue ee ee Green Link is present port is enabled Green blinking Frames are ready to be transmitted received on this port Off Link is not present ETE aA m T T Green 100Mbps Off 10Mbps Link is not present gt gt 1000BaseT port LEDs two LEDs for each port Port status LED Green RJ 45 or SFP is present p Green blinking Frames are ready to be transmitted received on this port Off Link is not present Speed MEDS eter ar EN THE Pere Ree ees Green 1Gbps Amber 100Mbps Off 10Mbps Link is not present gt gt SFP slot LEDs one LED per slot Part etatus ED anne ee Rene U CIR WERE Green Link is present port is enabled Green blinking Frames are ready to be transmitted received on this port Off Link is not present Figure 1 Main Page Note Because the switch initially has no login or password protection Allied Telesis strongly
8. 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 51 2 a c Figure 20 Port Based VLAN Page 2 In the Name field type a name for the new VLAN 3 In the Group ID field type a number for the Group ID you want to associate with this VLAN The range is 1 to 52 4 Select the ports you want to include in the VLAN by clicking the port icon in the graphic image of the switch front 69 Chapter 7 VLANs Modifying a Port 70 Based VLAN A check mark is placed for each port you select as for example Figure 21 Port Based VLAN Show Port Based VLAN Add a new VLAN M Name Marketing Src 52 Detach All Attach All 1 OS TS 11 exe Ign pP PUPA 27 29 31 33 35 37 39 41 43 45 4 4g ANNAA AAAAAA AAAAAA ANANA A VZ NWNEN FEVNNN FUUNUNNM FETEEE V pu scie gente ra 14 16 18 20 22 24 26 28 30 32 34 36 38 40 44 46 4 50 51 52 a c Figure 21 Port based VLAN Ports Selected 5 Or click Attach All to select all of the ports to include in the VLAN 6 Do one of the following D Click OK to save the VLAN D Click Reload to clear the VLAN and start over 7 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 8 Click Save To modify a port based VLAN perform the following procedure 1 From the main menu select Bridge gt VLAN gt Port Based VLAN The Port Based VLAN page is shown in Figu
9. 38 40 42 44 46 48 50 51 52 a c Figure 15 Trunking Page 2 In the Show Trunk list select Add a New Trunk 3 In the Name field type a name for the trunk 4 In the Trunk ID field choose a number for the trunk ID from 1 to 10 5 Select the ports you want to include in the trunk by clicking the port icon in the graphic image of the switch front A check mark is placed for each port you select as for example Figure 16 Trunking Show Trunk Add a new Trunk M Name Trunk ID 1 10 1 ep xo n 13 15 17 19 21 27 29 31 33 37 39 41 43 45 4 48 Z 5 amp RAA GAARAA ARARAR ARAARA A uuu UWENUUN VENEN EUUUENM u D GE de EB TUE 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 51 2 e C Figure 16 Trunk Ports Selected You can select up to a maximum of 8 ports for each trunk which must all be within the same VLAN 52 AT S86 Management Software User s Guide Do one of the following D Click OK to save the trunk 3 Click Reload to clear the trunk name and port selections and start over To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 Click Save 53 Chapter 5 Port Trunking Modifying a Trunk To modify a port trunk perform the following procedure 1 From the main menu select Bridge gt Trunking The Trunking page is shown in Figure 15 on page 52 2 In th
10. 57 Chapter 6 Port Mirroring Port Mirroring Overview 58 The port mirroring feature allows you to unobtrusively monitor the traffic being received and transmitted on one or more ports on a switch by having the traffic copied to another switch port You can connect a network analyzer to the port where the traffic is being copied and monitor the traffic on the other ports without impacting network performance or speed The port s whose traffic you want to mirror is called the source port s The port where the traffic will be copied to is called the monitor port Observe the following guidelines when you create a port mirror D You can select more than one source port at a time However the more ports you mirror the less likely the monitor port will be able to handle all the traffic For example if you mirror the traffic of six heavily active ports the destination port is likely to drop packets meaning that it will not provide an accurate mirror of the traffic of the six source ports o The source and monitor ports must be located on the same switch o You can mirror either the ingress or egress traffic of the source ports or both AT S86 Management Software User s Guide Configuring Port Mirroring To configure port mirroring perform the following procedure 1 From the main menu select Bridge Mirroring The Mirroring page is shown in Figure 17 T m ssa Mirror Mode Disable v Monitor Port
11. 6 From the Discard on list select one of the following Modifying a Static MAC Address Removing a Static MAC Address 10 AT S86 Management Software User s Guide None No packet filtering takes place for this MAC address Destination Packets are filtered when this MAC address appears in the packets as the destination address Click Add Do one of the following 0 Click OK to save the changes 0 Click Reload to clear the changes and start over To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 Click Save To modify a static MAC address perform the following procedure From the main menu select Bridge Static Addresses The Static Addresses page is shown in Figure 44 on page 138 Click First Previous Next or Last to move through the list of MAC addresses to highlight the one you want to modify Modify the settings for the selected MAC address Click Modify Do one of the following 0 Click OK to save the changes O Click Reload to clear the changes and start over To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 Click Save To remove a static MAC address perform the following procedure From the main menu select Bridge Static Addresses
12. 74 cb f8 51 M Aging Time 300 0 or 15 3825 seconds multiple of 15 OK Reload Figure 46 Dynamic MAC Addresses Associated with a VLAN ID 139 Chapter 13 MAC Addresses 140 To view the port number on which a MAC address was assigned or learned click MAC Address enter the MAC address and click Query The page is redisplayed to contain a list similar to the one in Figure 47 Dynamic Addresses C Port Porti M C VLAN ID 1 4000 si MAC Address 00 00 cd 14 64 48 Port O 7 VLANID 1 MAC 00 00 cd 14 64 48 Aging Time 300 0 or 15 3825 seconds multiple of 15 Figure 47 Dynamic MAC Addresses Associated with a MAC Address Changing the The switch uses the aging time to delete inactive dynamic MAC addresses Aging Time from the MAC address table When the switch detects that no packets have been sent to or received from a particular MAC address in the table after the period specified by the aging time the switch deletes the address This prevents the table from becoming full of addresses of nodes that are no longer active The default setting for the aging time is 300 seconds 5 minutes To adjust the aging time perform the following procedure 1 From the main menu select Bridge gt Dynamic Addresses The Dynamic Addresses page is shown in Figure 44 In the Age Setting section for the Aging Time enter a new value in seconds The range is 15 to 3825 seconds in multiples of 15
13. Chapter 3 Port Configuration Enabling or Disabling a Port To enable or disable a port perform the following procedure 1 From the main menu select Physical Interface The Physical Interface page is shown in Figure 9 Physical Interface Port i M Admin Disable Mode Auto v Flow Control Disable v Modify Link Down State BLOCKING Admin Enabled Mode Auto FlowControl Disabled gt Link Down State BLOCKING Admin Enabled Mode Auto FlowControl Disabled gt Link Down State BLOCKING Admin Enabled Mode Auto FlowControl Disable gt Link Down State BLOCKING Admin Enabled Mode Auto FlowControl gt Link Down State BLOCKING Admin Enabled Mode uto Link Down State BLOCKING Admin Enabled Mode uto Link Down State BLOCKING Admin Enabled Mode Auto Link Down State BLOCKING Admin Enabled Mode Auto Link 100M Full State FORWARDING Admin Enabled Mode Auto gt Link Down State BLOCKING Admin Enabled Mode Auto u OK Reload Figure 9 Physical Interface Page 2 Inthe Port List select the port you want to configure or scroll through the list below The port is highlighted in the port list 3 In the Admin list select Enabled or Disabled 4 Click Modify The Admin status shown in the table for that port is changed Continue to select and modify other ports as necessary 5 Doone of
14. De inen ane toe ape 73 Tagged VLAN Ports Selected sse enne nennen nennen ernennen nnsnnnnnnennnnnnnn nn 74 VEAN Mode Page ioi er re ei etel BR ernennen 76 Default Port VLAN amp CoS Page nen een rin re dee Ie go dete se 84 GO SNLCOP M ced 86 Le ndis T atero oae Bri e m 92 Point to Point Ports 2 iode SRH ette le e eee e I hei 99 Edge Port o Rp epe i nal 100 Point to Point and Edge Port ne eee t n eot eee iege Cea E REO ETHER RR ede 100 VEAN Fragmentation 5 as Harn an Eb ea Erie SE ERU NEAR dae edite de tiles eure zt ieee 101 SPANNING TreeiPage eere dp Ie Uem em hod peu i m ace 102 Port Access Control Page eis Re rente t gen e gU S EIE ured Rome E e I Adamo ede EN dg med TH IRR 111 Port Access Control Status Page sssssssssseeessee eene nenne enne arkara honainoko edenneen 114 DEIN dur ler Ne Een 116 RADIUS Pag2 a eet ied e stt 121 Traffic Comparison Chart Page sssssssssssseeeneeeeeen eene enin nenne tnne ia eri aeiaai Saa a 125 Sample Traffic Comparison Chart enn a a nen nennen neret nennen nnns 128 Error Group Chart Pages 5 1 1 eie ite ee tte esf opdtite 129 Sample Error Chartes ninanasa e RE er Irina 130 Historical Status Ch ft 4 4422 de 131 Sample Historical Status Chart 1 onec een en eben inne 133 Dynamic Addresses Page een Rinne Diehl 138 Dynamic MA
15. InDiscards InUnkProtc ors n bbers InErrors Out s h EthColls Error Type Figure 40 Error Group Chart Page 2 Inthe Port list select a port whose statistics you want to view 3 In the Auto Refresh list choose the number of seconds the switch waits before polling for statistics 5 10 15 or 30 seconds 4 n the Color list select a color for that port 5 Click Draw 129 Chapter 12 Statistics A chart such as the one in is shown Figure 41 is displayed Error Group Chart Port Porti v Auto Refresh 5 Seconds M Color Light Red v Draw Port 8 0 days 00 00 10 InDiscards InErrors Error Type Figure 41 Sample Error Chart 130 AT S86 Management Software User s Guide Viewing the Historical Status To view the statistics from one or more ports over a period of time perform the following procedure 1 From the main menu select Statistics Chart Historical Status The Historical Status Chart page is shown in Figure 42 Historical Status Chart Statistics Inbound Octets v Auto Refresh 5 Seconds M Add Port Porti M Remove Color Light Red v Statistics Time 0 days 00 00 00 Figure 42 Historical Status Chart 2 In the Statistics list select the type of statistics you want to view one of the following Inbound Octets The sum of lengths of all good Ethernet frames received that are neither bad Ethernet frames nor MAC Control packet
16. Overview Static Port Trunk 50 Overview A port trunk is an economical way for you to increase the bandwidth between the Ethernet switch and another networking device such as a network server router workstation or another Ethernet switch A port trunk is a group of ports that have been grouped together to function as one logical path A port trunk increases the bandwidth between the switch and the other network device and is useful in situations where a single physical link between the devices is insufficient to handle the traffic load A static port trunk consists of two to eight ports on the switch that function as a single virtual link between the switch and another device A static port trunk improves performance by distributing the traffic across multiple ports between the devices and enhances reliability by reducing the reliance on a single physical link A static trunk is easy to configure You simply designate the ports on the switch that are to be in the trunk and the management software on the switch automatically groups them together The example in Figure 14 illustrates a static port trunk of four links between two AT FS750 48 Fast Ethernet Smart switches Figure 14 Static Port Trunk Example Network equipment vendors tend to employ different techniques to implement static trunks Consequently a static trunk on
17. The Static Addresses page is shown in Figure 44 on page 138 143 Chapter 13 MAC Addresses 144 Click First Previous Next or Last to move through the list of MAC addresses to highlight the one you want to remove Click Remove Do one of the following 0 Click OK to save the changes O Click Reload to clear the changes and start over To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 Click Save Chapter 14 Downloading New Management Software The procedure in this chapter is O Downloading New Management Software on page 146 145 Chapter 14 Downloading New Management Software Downloading New Management Software To download a new version of the AT S86 management software perform the following procedure 1 From the main menu select System Firmware Upgrade The Firmware Upgrade page is shown in Figure 49 Firmware Upgrade Hardware Version AT FS750 48 1 03 Boot ROM Version Rev 1 3 build 3 Firmware Version 2 4 a Firmware Browse Upload Figure 49 Firmware Upgrade Page The page shows the hardware switch version and the boot ROM and firmware versions currently running on the switch 2 In the Firmware field enter the name of firmware file you want to upload to the switch or click Browse to locate the file Note After the firmware up
18. The default is 300 seconds 5 minutes 3 Do one of the following 0 Click OK to save the changes AT S86 Management Software User s Guide O Click Reload to clear the changes and start over To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 Click Save 141 Chapter 13 MAC Addresses Working with Static MAC Addresses Adding a Static MAC Address 142 This section contains the following procedures D Adding a Static MAC Address on page 142 0 Modifying a Static MAC Address on page 143 D Removing a Static MAC Address on page 143 To add a static MAC address perform the following procedure 1 From the main menu select Bridge Static Addresses The Static Addresses page is shown in Figure 48 Static Addresses Quen MAC Address VLAN ID uery Add Modify Port Selection 1 v Discard on None v en emove OK Reload Total Pages 1 First Previous Next Last Page 1 Go Figure 48 Static Addresses Page Any existing static MAC addresses are shown in the table in the middle of the page 2 Click Add 3 In the MAC Address field enter the static MAC address 4 Inthe VLAN ID field enter the ID of the VLAN where the MAC address is connected 5 From the Port Selection list select the port that you want to associate with that MAC address
19. The port is highlighted in the port list The current settings for the port are shown in the list and also in the fields above the list In the Priority box type a number for the port s priority This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge The range is O to 240 in increments of 16 The default value is 8 priority value 128 For a list of the increments refer to Table 8 Port Priority Value Increments on page 97 In the Path Cost box type a number for the cost or type Auto for automatic The spanning tree algorithm uses the cost parameter to decide which port provides the lowest cost path to the root bridge for that LAN The range is 0 to 65 535 The default setting is Auto which sets port cost depending on the speed of the port The Auto default values are shown in Table 5 on page 96 In the Edge Port list select one of the following True Makes the port an edge port False The port does not function as an edge port Note A port can be both a point to point and an edge port at the same time In the Point to point list select one of the following 107 Chapter 10 STP and RSTP 108 Auto The switch automatically detects if the port is functioning as a point to point port Yes Sets the port to always function as a point to point port No Sets the port to never function as a point to point port Click Modify Do one of the
20. duplex mode of full duplex To avoid this problem when connecting an end node with a fixed duplex mode of full duplex to a switch port disable Auto Negotiation on the port and set the port s speed and duplex mode manually Click Modify The mode setting shown in the table for that port is changed Continue to select and modify other ports as necessary 5 Doone of the following 0 Click OK to save the changes 0 Click Reload to clear the setting and start over 35 Chapter 3 Port Configuration 36 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 Click Save AT S86 Management Software User s Guide Enabling or Disabling Flow Control A switch port uses flow control to control the flow of ingress packets from its end node Flow control applies only to ports operating in full duplex mode A port using flow control issues a special frame referred to as a PAUSE frame as specified in the IEEE 802 3x standard to stop the transmission of data from an end node When a port needs to stop an end node from transmitting data it issues this frame The frame instructs the end node to cease transmission The port continues to issue PAUSE frames until it is again ready to receive data from the end node The default setting for flow control on a switch port is disabled 1 From the main menu select P
21. for all ports to be untagged members of the default VLAN VLAN ID 1 Creating a Tocreate a tagged VLAN perform the following procedure Tagged VLAN 1 From the main menu select Bridge gt VLAN gt Tagged VLAN The Tagged VLAN page is shown in Figure 22 This page shows the default tagged VLAN with all ports identified as untagged ports Tagged VLAN Show VLAN default Y Name default VLAN ID AE Detach All Attach All s 3758 4900151216749 721 25 27 29 31 33 35 37 39 41 43 46 47 48 r eS oe ne ae 14 16 18 20 22 24 28 30 32 34 36 40 44 46 4 50 51 2 ec c Figure 22 Tagged VLAN Page 2 In the Show VLAN list select Add a new VLAN 72 AT S86 Management Software User s Guide The page is refreshed to show the ports without any designations and other parameters you need to define to create the tagged VLAN as shown in Figure 23 Tagged VLAN Show VLAN Add a new VLAN v Hame VLAN ID 1 4000 Detach All Attach All ie QR ON UT d3 5180 1710 21 27 29 31 33 35 37 S39 41 43 46 47 48 RTA Ch oy mr a 14 16 18 22 26 28 30 32 34 36 S8 40 42 44 46 48 50 51 2 a c Figure 23 Add Tagged VLAN Page 3 In the Name field type a name for the new VLAN 4 In the VLAN ID field type a number for the ID you want to associate with this VLAN The range is 1 to 4000 5 In the Name field type a name for this VLAN 6 Select the ports you want to include in the VLAN by clicking the port icon in the g
22. gt IP Access List The IP Access List page is shown in Figure 6 on page 28 2 Inthe IP address list select the IP address you want to remove 3 Click Remove 4 Click OK 5 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 6 Click Save 29 Chapter 2 Basic Switch Parameters Enabling or To enable or disable IP access for the users perform the following Disabling IP Procedure Access 4 From the main menu select System IP Access List The IP Access List page is shown in Figure 6 on page 28 2 From the IP Restriction is list choose one of the following Disabled Disables IP restriction This is the default Note Before you enable IP access remember to add your own IP address to the list Otherwise you will not be able to access the switch Enabled Enables IP restriction 3 Click OK 4 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 5 Click Save 30 AT S86 Management Software User s Guide Rebooting the Switch Note The reboot process stops network traffic and you lose your connection to the switch This process also discards any configuration changes that you have not permanently saved To permanently save any configuration changes from
23. one device might not be compatible with the same feature on a device from a different manufacturer For this reason static trunks are typically employed only between devices from the same vendor That is not to say that an Allied Telesis layer 2 managed switch cannot form a static trunk with a device from another manufacturer but there is the possibility that the implementations of static trunking on the two devices might not be compatible AT S86 Management Software User s Guide Also note that a static trunk does not provide for redundancy or link backup If a port in a static trunk loses its link the trunk s total bandwidth is diminished Though the traffic carried by the lost link is shifted to one of the remaining ports in the trunk the bandwidth remains reduced until the lost link is reestablished or you reconfigure the trunk by adding another port to it Static Port Trunk Guidelines Following are the guidelines for creating a static trunk O Allied Telesis recommends using static port trunks between Allied Telesis networking devices to ensure compatibility While an Allied Telesis device might be able to form a static trunk with a device from another equipment vendor there is the possibility that the implementation of this feature on the two devices might not be compatible resulting in undesired switch behavior o A static trunk can contain up to eight ports o The ports of a static trunk must be of the same medium type They
24. password for the user and re type the name in the Confirm Password field 4 In the Dynamic VLAN field enter the name of the VLAN which you will allow the user to access 5 Click Add 6 Doone of the following 0 Click OK to save the changes O Click Reload to clear the changes and start over 7 To permanently save these settings in the configuration file from the main menu select Save Configuration 116 Modifying a Dial in User Deleting a Dial in User AT S86 Management Software User s Guide The Save Configuration page is shown in Figure 3 on page 21 Click Save To modify the settings for a dial in user perform the following procedure 1 From the main menu select Security Dial in User The Dial in User page is shown in Figure 36 on page 116 In the list of dial in users highlight the user you want to modify The user s information is displayed in fields above In the User Name or Password fields enter the revised user information In the Dynamic VLAN field revise the name of the VLAN which you will allow the user to access Click Modify Do one of the following 0 Click OK to save the changes 0 Click Reload to clear the changes and start over To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 Click Save To delete a dial in user perform the following
25. suggests that you immediately do two things Change the IP address as described in Configuring the IP Address AT S86 Management Software User s Guide Subnet Mask and Gateway Address on page 20 Add an administrative user and password who can access the switch as described in Adding an Administrative User on page 23 Chapter 1 Getting Started Quitting a Management Session To quit a management session close the web browser Chapter 2 Basic Switch Parameters This chapter contains the following sections 0 Configuring the IP Address Subnet Mask and Gateway Address on page 20 Enabling or Disabling DHCP on page 22 Configuring System Administration Information on page 23 Configuring the System Management Information on page 26 Setting Up IP Address Access on page 28 Rebooting the Switch on page 31 Returning the AT S86 Management Software to the Default Values on page 32 un no oo 2 0 DO Chapter 2 Basic Switch Parameters Configuring the IP Address Subnet Mask and Gateway Address Warning Be sure to record the switch s IP address in a safe place When you change the switch s IP address you lose your connection Because the AT FS750 48 Fast Ethernet switch does not have a console port your only means of managing the switch is through a web browser which requires that you have the switch s IP address To configure the IP settings perform the following procedure 1 From
26. that it is tagged or untagged You can have a combination of tagged and untagged ports in the same VLAN Packet transmission from a tagged port differs from packet transmission from an untagged port When a packet is transmitted from a tagged port the tagged information within the packet is maintained when it is transmitted to the next network device If the packet is transmitted from an untagged port the VLAN tag information is removed from the packet before it is transmitted to the next network device The IEEE 802 1Q standard describes how the tagging information within a packet is used to forward the traffic throughout the switch The handling of packets tagged with a VLAN ID coming into a port is straightforward If the incoming packet s VLAN tag matches one of the Group IDs of which the port is a member the packet is accepted and forwarded to the appropriate port s within that VLAN If the incoming packet s VLAN tag does not 67 Chapter 7 VLANs Port VLAN Identifier General Rules for 68 Creating a Tagged VLAN match one of the Group IDs assigned to the port the packet is discarded When an untagged packet is received on a port in a tagged VLAN it is assigned to one of the VLANs of which that port is a member The deciding factor in this process is the Port VLAN Identifier PVID Both tagged and untagged ports in a tagged VLAN must have a PVID assigned to them The default value of the PVID for each port is 1 The swit
27. the authentication server This involves the following Specifying the username and password combinations The maximum length for a username is 38 alphanumeric characters and spaces and the maximum length for a password is 16 alphanumeric characters and spaces Assigning each combination an authorization level How this is achieved differs depending on the server software you are using For RADIUS management level is controlled by the Service Type attribute This attribute has 11 different values only two apply to the AT S86 management software A value of Administrative for this attribute gives the username and password combination Manager access A value of NAS Prompt assigns the combination Operator status Note This manual does not explain how to configure RADIUS server software For that you need to refer to the documentation that came with the software C You must activate the RADIUS client software on the switch using the AT S86 management software and configure the settings The procedure for this step is found in this chapter For more information on RADIUS refer to the RFC 2865 standard To configure RADIUS perform the following procedure 1 From the main menu select Security gt RADIUS AT S86 Management Software User s Guide The RADIUS page is shown in Figure 37 RADIUS G3 TM EM Authentication Server IP 0 0 0 0 Authentication Server Port 18
28. the per port level To change the CoS priority mappings perform the following procedure 1 From the main menu select Bridge gt CoS The CoS page is shown in Figure 27 Scheduling Algorithm strict v Priority CoS Queue 0 Queue 2 Queue 1 Queue 1 Queue 2 Queue 3 I RI RI CSRS Queue 3 Queue 4 w So a2 WN Queue 4 Figure 27 CoS Page 2 For each priority whose queue you want to change select a queue in the CoS Queue list 3 Do one of the following o Click OK to save the changes O Click Reload to clear the changes and start over 4 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 5 Click Save AT S86 Management Software User s Guide Specifying the Scheduling Algorithm To change the scheduling algorithm perform the following procedure 1 From the main menu select Bridge gt COS The CoS page is shown in Figure 27 on page 86 In the Scheduling Algorithm list select the algorithm one of the following Strict The port transmits all packets out of higher priority queues before transmitting any from the lower priority queues WRR Weighted Round Robin The port transmits a set number of packets from each queue in a round robin fashion so that each has a chance to transmit traffic See Table 3 on page 83 for the factory default values Do on
29. the switches o An AT FS750 48 Fast Ethernet switch can support up to 256 port based VLANs AT S86 Management Software User s Guide Tagged VLAN Overview Tagged and Untagged Ports The second type of VLAN supported by the AT S86 management software is the tagged VLAN VLAN membership in a tagged VLAN is determined by information within the frames that are received on a port and the VLAN configuration of each port The VLAN information within an Ethernet frame is referred to as a fag or tagged header A tag which follows the source and destination addresses in a frame contains the Group ID of the VLAN to which the frame belongs IEEE 802 3ac standard This number uniquely identifies each VLAN in a network When a switch receives a frame with a VLAN tag referred to as a tagged frame the switch forwards the frame only to those ports whose Group ID equals the VLAN tag A port to receive or transmit tagged frames is referred to as a tagged port Any network device connected to a tagged port must be IEEE 802 1Q compliant This is the standard that outlines the requirements and standards for tagging The device must be able to process the tagged information on received frames and add tagged information to transmitted frames The parts of a tagged VLAN are VLAN Name Group ID Tagged and Untagged Ports Port VLAN identifier PVID un uuu When you specify that a port is a member of a tagged VLAN you need to specify
30. to monitor the flow of queries from a router and reports and leave messages from host nodes to build its own multicast membership lists It uses the lists to forward multicast packets only to switch ports where there are host nodes that are members of multicast groups This improves switch performance and network security by restricting the flow of multicast packets only to those AT S86 Management Software User s Guide switch ports connected to host nodes Without IGMP snooping a switch would have to flood multicast packets out all of its ports except the port on which it received the packet Such flooding of packets can negatively impact switch and network performance By default IGMP snooping is disabled on the switch 91 Chapter 9 IGMP Enabling or Disabling IGMP Snooping To enable or disable IGMP Snooping perform the following procedure 1 From the main menu select Bridge IGMP Snooping The IGMP Snooping page is shown in Figure 28 IGMP Snooping IGMP is Disabled v cs Cc Figure 28 IGMP Snooping Page 2 In the IGMP is list select Enabled or Disabled The default is Disabled 3 To permanently save this change in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 4 Click OK 92 Chapter 10 STP and RSTP This chapter provides background information on the Spanning Tree Protocol STP and Rapid Spanning T
31. to the wiring at the switches But with VLANS you can change the LAN segment assignment of an end node connected to the switch through the switch s AT S86 AT S86 Management Software User s Guide management software You can change the VLAN memberships through the management software without moving the workstations physically or changing group memberships by moving cables from one switch port to another In addition a virtual LAN can span more than one switch This means that the end nodes of a VLAN do not need to be connected to the same switch and so are not restricted to being in the same physical location The AT FS750 48 Fast Ethernet switch supports the following types of VLANS you can create yourself I Port based VLANs D Tagged VLANs These VLANs are described in the following sections 65 Chapter 7 VLANs Port based VLAN Overview VLAN Name Group ID General Rules for 66 Creating a Port based VLAN As explained in VLAN Overview on page 64 a VLAN consists of a group of ports on an Ethernet switch that form an independent traffic domain Traffic generated by the end nodes of a VLAN remains within the VLAN and does not cross over to the end nodes of other VLANs unless there is an interconnection device such as a router or Layer 3 switch A port based VLAN is a group of ports on a Gigabit Ethernet Switch that form a logical Ethernet segment A port based VLAN can have as many or as few por
32. 0 STP and RSTP 106 In the Bridge Priority field enter a number for the priority number for the bridge This number is used to determine the root bridge for RSTP The bridge with the lowest priority number is selected as the root bridge If two or more bridges have the same priority value the bridge with the numerically lowest MAC address becomes the root bridge When a root bridge goes offline the bridge with the next priority number automatically takes over as the root bridge This parameter can be from 0 zero to 61 440 in increments of 4096 with O being the highest priority For a list of the valid values refer to Table 4 Bridge Priority Value Increments on page 95 To configure the ports refer to Configuring the Spanning Tree Port Settings next Do one of the following 0 Click OK to save the changes D Click Reload to restore the previous settings To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 Click Save AT S86 Management Software User s Guide Configuring the Spanning Tree Port Settings To configure the spanning tree port settings perform the following procedure 1 From the main menu select Bridge gt Spanning Tree The Spanning Tree page is shown in Figure 33 on page 102 In the Port List select the port you want to configure or scroll through the list below
33. 12 Authentication Server key Confirm Authentication key e c Figure 37 RADIUS Page 2 In the Authentication Server IP field specify the IP addresses of the network server containing the RADIUS server software 3 In the Authentication Server Port field specify the UDP port of the RADIUS protocol 4 In the Authentication Server Key field specify the encryption key for the RADIUS server 5 In the Confirm Authentication Key field retype the encryption key for the RADIUS server 6 Doone of the following 0 Click OK to save the changes O Click Reload to clear the changes and start over 7 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 8 Click Save 121 Chapter 11 Security 122 Chapter 12 Statistics This chapter contains the following sections Statistics Overview on page 124 Viewing the Traffic Comparison Statistic on page 125 Viewing the Error Groups on page 129 un uuu Viewing the Historical Status on page 131 123 Chapter 12 Statistics Statistics Overview Statistics provide important information for troubleshooting switch problems at the port level The AT 886 management software provides a versatile set of statistics charts that you can customize for your needs including depending upon the chart the ports whose statistics
34. C Addresses Associated with a Port nenne eene nene 139 Dynamic MAC Addresses Associated with a VLAN ID sssseeeeeen meme 139 Dynamic MAC Addresses Associated with a MAC Address sssssssseeeeeeeemeem nenne 140 Static Addresses Page ia rock eim te eme te D Re E EROR D NE EE eR EE REI d eise fere 142 Firmware Upgr de Page ee 146 Figures Tables Table 1 Table 2 Table 3 Table 4 Table 5 Table 6 Table 7 Table 8 Default Mappings of IEEE 802 1p Priority Levels to Priority Queues sssee emm 81 Customized Mappings of IEEE 802 1p Priority Levels to Priority Queues ss 81 Example of Weighted Round Robin Priority eene enne nemen nene enne nnns 83 Bridge Priority Value Increments ee a a na nen en 95 STP Auto Port COStS u 2er 96 RSTP Auto Port Costs 1 96 RSTP Auto Port Trunk COslts 1 1 riu Hee HR eei Hope d diee iene HI 96 Port Priority Value Increments o tein eh ric een deba egeta ers e oae d ene duke drm d De 97 Tables Preface This guide contains instructions on how to use the AT S86 management software to manage and monitor the AT FS750 48 Fast Ethernet Smart Switch The AT S86 management software has a web browser interface that you can access from any management workstation on your network that has a web browser application
35. Cost 10 Mbps 2 000 000 100 Mbps 200 000 1000 Mbps 20 000 Table 6 lists the RSTP port costs with Auto Table 7 lists the RSTP port costs with Auto when the port is part of a port trunk Table 6 RSTP Auto Port Costs Table 7 RSTP Auto Port Trunk Costs Port Speed Port Cost 10 Mbps 2 000 000 100 Mbps 200 000 1000 Mbps 20 000 Port Speed Port Cost 10 Mbps 20 000 100 Mbps 20 000 1000 Mbps 2 000 You can override Auto and set the port cost manually AT S86 Management Software User s Guide Port Priority If two paths have the same port cost the bridges must select a preferred path In some instances this can involve the use of the port priority parameter This parameter is used as a tie breaker when two paths have the same cost The range for port priority is 0 to 240 As with bridge priority this range is broken into increments in this case multiples of 16 Table 8 lists the values and increments The default value is 128 Table 8 Port Priority Value Increments Port Port Priority Priority 0 128 16 144 32 160 48 176 64 192 80 208 96 224 112 240 Forwarding Delay and Topology Changes If there is a change in the network topology due to a failure removal or addition of any active components the active topology also changes This may trigger a change in the state of some blocked ports However a change in a po
36. Management Software AT S86 User s Guide For the AT FS750 48 Fast Ethernet Smart Switch Version 1 0 Allied Telesis 613 000536 Rev B Copyright O 2006 Allied Telesis Inc All rights reserved No part of this publication may be reproduced without prior written permission from Allied Telesis Inc Allied Telesis 1s a trademark of Allied Telesis Inc Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation Netscape Navigator is a registered trademark of Netscape Communications Corporation All other product names company names logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners Allied Telesis Inc reserves the right to make changes in specifications and other information contained in this document without prior written notice The information provided herein is subject to change without notice In no event shall Allied Telesis Inc be liable for any incidental special indirect or consequential damages whatsoever including but not limited to lost profits arising out of or related to this manual or the information contained herein even if Allied Telesis Inc has been advised of known or should have known the possibility of such damages Contents Lad 51 E 02 SWERERBERBERCRESEIBTEEFTNERPEEFETFURERELETERSERRLEEEESNELEEEFLEHEEREERTELSEHBEFEEESSEFEEERLTHRRSFERTERSEEELEELESSEPEFEPELFRPBFL EHRE LPLECFESEEREFELTFERSERLEFER 11 Where t
37. N list select the VLAN you want to modify The graphic image of the switch is updated to show the ports that are included in this VLAN 3 Doone of the following O Click Attach All to attach all the ports to the VLAN as tagged ports and then modify the designations by clicking the ports 0 Click once to assign the port as a tagged member of the VLAN A T is placed on that port AT S86 Management Software User s Guide 0 Click twice to assign the port as an untagged member of the VLAN A U is placed on that port 0 Click Detach All to remove all the ports from the VLAN and start over 4 Doone of the following D Click OK to save the changes D Click Reload to reload any previous settings for the VLAN 5 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 6 Click Save Viewing a Tagged To view a tagged VLAN perform the following procedure VEAN 1 From the main menu select Bridge gt VLAN gt Tagged VLAN The Tagged VLAN page is shown in Figure 22 on page 72 2 In the Show VLAN list select the VLAN you want to view The graphic image of the switch is updated to show the ports that are included in this VLAN 75 Chapter 7 VLANs Changing a Ports VLAN Mode 76 The switch can operate in only one VLAN mode at a time tagged VLAN mode 802 1Q or port based VLAN mode
38. STP and RSTP However only one spanning tree protocol can be active on the switch at a time To select and activate a spanning tree protocol or to disable spanning tree perform the following procedure 1 From the main menu select Bridge gt Spanning Tree The Spanning Tree page is shown in Figure 33 Spanning Tree Root Port None Root Port Path Cost 0 Root MAC Address 00 00 00 00 00 26 Switch MAC Address 00 00 00 00 00 26 Spanning Tree is Disabled v Hello Time 2 1 10 seconds Forward Delay 15 4 30 seconds Port 1 v Priority Edge Port True v 128 Path Cost Bridge Hello Time 2 Bridge Max Age 20 Bridge Forward Delay 15 Root Bridge Priority 32768 Max Age 20 B 40 seconds Bridge Priority 32768 0 61440 Auto 1 200000000 or Auto Modify Point to Point Auto v AdminCost dmin 0 EdgePort True Point to point Auto 0 EdgePort True Point to point Auto 0 EdgePort True Point to point Auto EdgePort t True Point to point Auto rt Tri to point Auto int Auto oint Auto Figure 33 Spanning Tree Page The top portion of the page displays the following information Root Port The root port of the root bridge Root Port Path Cost The spanning tree algorithm uses the cost parameter to decide which port provides the lowest cost path to the root bridge for that LAN The range is 0 to 61 440 The
39. ackets This is referred to as prioritizing traffic CoS applies primarily to tagged packets A tagged packet as explained in Tagged VLAN Overview on page 67 contains information within it that specifies the VLAN to which the packet belongs A tagged packet can also contain a priority level This priority level is used by network switches and other networking devices to know how important delay sensitive that packet is compared to other packets Packets of a high priority are typically handled before packets of a low priority CoS as defined in the IEEE 802 1p standard has eight levels of priority The priorities are 0 to 7 with O the lowest priority and 7 the highest When a tagged packet is received on a port on the switch it is examined by the AT S86 software for its priority The switch software uses the priority to determine which egress priority queue the packet should be directed to on the egress port Each switch port has four egress queues labeled Q1 Q2 Q3 and Q4 Q1 is the lowest priority queue and Q4 is the highest A packet in a high priority egress queue is typically transmitted out a port sooner than a packet in a low priority queue Table 1 lists the default mappings between the eight CoS priority levels AT S86 Management Software User s Guide and the four egress queues of a switch port Table 1 Default Mappings of IEEE 802 1p Priority Levels to Priority Queues IEEE 802 1p Priority Level Port Prio
40. add an administrative user to the system perform the following procedure 1 From the main menu select System Administration The Administration page is shown in Figure 4 Administration Password Protection is Disabled v User Name Password Add Modify Confirm Password ok Reload Figure 4 Administration Page 2 In the User Name field type a name for the new administrative user 3 In the Password field type a password for the user and re type the name in the Confirm Password field 4 Doone of the following D Click Add to add the user D Click Reload to clear the fields and start over 5 Click OK 23 Chapter 2 Basic Switch Parameters 6 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 7 Click Save Modifying an To modify an administrative user on the system perform the following Administrative Procedure User 4 From the main menu select System Administration The Administration page is shown in Figure 4 on page 23 2 Inthe list of users select the user whose information you want to change The user name is displayed in the fields above 3 To change the user s name in the User Name field type a name for the new administrative user 4 To change the user s password in the Password field type a new password for the user and re type the na
41. arena xe detener rege Rhe a ka eua enge nan e dE tr Auen 140 Working with Static MAC Addresses ssssssssssssssese eee eene nnne nennen nennen ner nennen nnne nnns 142 Adding a Static MAC Address sssssssssseesseeeeeenen nennen nennen nennn enirn rnnnr enirn e nnn nennen 142 Modifying a Static MAC Address ssssssssssssseeee eene enne nne nennen inen n nennen innere nennen 143 Removing a Static MAC AddiesSs oe ecreis a aa eene nme nnne nennen irren nnne nennen nes 143 Chapter 14 Downloading New Management Software sss eee 145 Downloading New Management Software ssssssssssesseeneeeeneneeeen eene nennen nennen enne nennen 146 DLD P M 147 Contents Figures Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Figure 11 Figure 12 Figure 13 Figure 14 Figure 15 Figure 16 Figure 17 Figure 18 Figure 19 Figure 20 Figure 21 Figure 22 Figure 23 Figure 24 Figure 25 Figure 26 Figure 27 Figure 28 Figure 29 Figure 30 Figure 31 Figure 32 Figure 33 Figure 34 Figure 35 Figure 36 Figure 37 Figure 38 Figure 39 Figure 40 Figure 41 Figure 42 Figure 43 Figure 44 Figure 45 Figure 46 Figure 47 Figure 48 Figure 49 Malin Page ebene en onen 16 dtc c E 20 Save Configura
42. can be all twisted pair ports or all fiber optic ports o The ports of a trunk can be either consecutive for example Ports 5 9 or nonconsecutive for example ports 4 8 11 20 0 Before creating a port trunk examine the speed duplex mode flow control and back pressure settings of all of the ports that will be in the trunk Verify that the settings are the same for all ports in the trunk If these settings are not the same then the switch will not allow you to create the trunk C After you have created a port trunk a change to the speed duplex mode flow control or back pressure of any port in the trunk automatically implements the same change on all the other member ports o A port can belong to only one static trunk at a time 0 The ports of a static trunk can be untagged or untagged members of the same VLAN The switch selects a port in the trunk to handle broadcast packets and packets of unknown destination The switch makes this choice based on a hash algorithm depending upon the source and destination MAC addresses 51 Chapter 5 Port Trunking Creating a Port Trunk To create a port trunk perform the following procedure 1 From the main menu select Bridge gt Trunking The Trunking page is shown in Figure 15 Trunking Show Trunk Add a new Trunk Name Trunk ID 1 10 Wie ach wi aye eh 13 15 17 19 21 23 25 27 29 31 33 35 37 30 41 43 46 47 49 te Geek at 12 14 16 18 22 28 30 32 34 36
43. cast storms but they can also maintain network connectivity by activating a backup redundant path in case a main link fails Where the two protocols differ is in the time each takes to complete the process referred to as convergence When a change is made to the network topology such as the addition of a new bridge a spanning tree protocol must determine whether there are redundant paths that must be blocked to prevent data loops or activated to maintain communications between the various network segments This is the process of convergence With STP convergence can take up to a minute to complete in a large network This can result in the loss of communication between various parts of the network during the convergence process and the subsequent lost of data packets The STP implementation on the AT S86 management software complies with the IEEE 802 1d standard The first task that bridges perform when a spanning tree protocol is activated on a network is the selection of a root bridge A root bridge distributes network topology information to the other network bridges and is used by the other bridges to determine if there are redundant paths in the network A root bridge is selected by the bridge priority number also referred to as the bridge identifier and sometimes the bridge s MAC address The bridge with the lowest bridge priority number in the network is selected as the root bridge If two or more bridges have the same bridge p
44. ch associates a received untagged packet to the Group ID that matches the PVID assigned to the port As a result the packet is only forwarded to those ports that are members of that VLAN Below is a summary of the rules to observe when you create a tagged VLAN C Each tagged VLAN must be assigned a unique VID If a particular VLAN spans multiple switches each part of the VLAN on the different switches must be assigned the same VID CD A tagged port can be a member of multiple VLANs o An AT FS750 48 Fast Ethernet switch can support up to 52 tagged VLANS AT S86 Management Software User s Guide Creating a Port Based VLAN This section contains the following procedures 0 Creating a Port Based VLAN next 0 Modifying a Port Based VLAN on page 70 D Viewing a Port Based VLAN on page 71 The default setting on the switch is for all ports to be untagged members of the default VLAN VLAN ID 1 Creating a Port To create a port based VLAN perform the following procedure Based VLAN 1 From the main menu select Bridge gt VLAN gt Port Based VLAN The Port Based VLAN page is shown in Figure 20 Because the default VLAN is a tagged VLAN this page automatically displays the Add a new VLAN selection Port Based VLAN Show Port Based VLAN Add a new VLAN v 4 Group ID 1 Name 52 Detach All Attach All Lee JS a hele Sees Cot Bsc 2 27 2 31 3 w 37 39 41 43 46 47 48 vA Mo poete va 14 16 18
45. ddresses A static MAC address is a MAC address of an end node that you assign to a switch port manually A static MAC address after being entered in the table remains in the table indefinitely and is never deleted even when the end node is inactive The maximum number of static MAC addresses is 1024 You might need to enter static MAC addresses of end nodes the switch does not learn in its normal dynamic learning process or if you want a MAC address to remain permanently in the table even when the end node is inactive 137 Chapter 13 MAC Addresses Working with Dynamic MAC Addresses This section contains the following procedures 0 Displaying the Dynamic MAC Addresses next D Changing the Aging Time on page 140 Displaying the To display the dynamic MAC address table perform the following Dynamic MAC Procedure Addresses 4 From the main menu select Bridge gt Dynamic Addresses The Dynamic Addresses page is shown in Figure 44 Dynamic Addresses Port Porti w VLAN ID 1 4000 Query MAC Address Aging Time 300 0 or 15 3825 seconds multiple of 15 m Figure 44 Dynamic Addresses Page 2 To view the dynamic MAC addresses associated with a specific port in the Query by section click Port select a port from the Port list and click Query 138 AT S86 Management Software User s Guide The page is redisplayed to contain a list similar to the one in Figure 45
46. default setting is Automatic Update which sets port cost depending on the speed of the port The Auto default values are shown in Table 5 on page 96 AT S86 Management Software User s Guide Root MAC Address The MAC address of the root bridge Switch MAC Address The MAC address of the switch This value cannot be changed Bridge Hello Time The time interval between generating and sending configuration messages by the bridge This parameter can be from 1 to 10 seconds The default is 2 seconds Bridge Max Age The length of time after which stored bridge protocol data units BPDUS are deleted by the bridge All bridges in a bridged LAN use this aging time to test the age of stored configuration messages called bridge protocol data units BPDUs For example if you use the default value 20 all bridges delete current configuration messages after 20 seconds This parameter can be from 6 to 40 seconds When you select a value for maximum age observe the following rules MaxAge must be greater than 2 x HelloTime 1 MaxAge must be less than 2 x ForwardingDelay 1 Note The aging time for BPDUs is different from the aging time used by the MAC address table Bridge Forward Delay The waiting period in seconds before a bridge changes to a new state for example becomes the new root bridge after the topology changes If the bridge transitions too soon not all links may have yet adapted to the change resulting in ne
47. e Hello Time and Bridge Protocol Data Units BPDUs The bridges that are part of a spanning tree domain communicate with each other using a bridge broadcast frame that contains a special section devoted to carrying STP or RSTP information This portion of the frame is referred to as the bridge protocol data unit BPDU When a bridge is brought online it issues a BPDU in order to determine whether a root bridge has already been selected on the network and if not whether it has the lowest bridge priority number of all the bridges and should therefore become the root bridge The root bridge periodically transmits a BPDU to determine whether there have been any changes to the network topology and to inform other bridges of topology changes The frequency with which the root bridge sends out a BPDU is called the hello time This is a value that you can set in the AT S86 management software The interval is measured in seconds and the default is two seconds Consequently if an AT FS750 48 Fast Ethernet Smart Switch is selected as the root bridge of a spanning tree domain it transmits a BPDU every two seconds AT S86 Management Software User s Guide Point to Point and Edge Ports Note This section applies only to RSTP Part of the task of configuring RSTP is defining the port types on the bridge This relates to the device s connected to the port With the port types defined RSTP can reconfigure a network much quicker than STP
48. e Show Trunk list select the trunk you want to modify 3 Click OK The display is refreshed to show the trunk name you selected 4 Selector de select the ports you want to include in the trunk by clicking the port icon in the graphic image of the switch front A check mark is placed for each port you select as for example Figure 16 on page 52 5 Doone of the following 0 Click OK to save the trunk O Click Reload to clear the changes and start over 6 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 7 Click Save 54 Removing a Trunk AT S86 Management Software User s Guide To remove a port trunk perform the following procedure 1 From the main menu select Bridge gt Trunking The Trunking page is shown in Figure 15 on page 52 In the Show Trunk list select the trunk you want to remove Check the Remove Trunk box Click OK To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 Click Save 55 Chapter 5 Port Trunking 56 Chapter 6 Port Mirroring This chapter describes port mirroring and contains the following topics o Port Mirroring Overview on page 58 a Configuring Port Mirroring on page 59 ao Modifying a Port Mirror on page 62
49. e of the following 0 Click OK to save the changes O Click Reload to clear the changes and start over To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 Click Save 87 Chapter 8 Class of Service CoS 88 Chapter 9 IGMP This chapter contains the following topics o IGMP Snooping Overview on page 90 D Enabling or Disabling IGMP Snooping on page 92 89 Chapter 9 IGMP IGMP Snooping Overview 90 The IGMP protocol enables routers to create lists of nodes that are members of multicast groups A multicast group is a group of end nodes that want to receive multicast packets from a multicast application The router creates a multicast membership list by periodically sending out queries to the local area networks connected to its ports A node wanting to become a member of a multicast group responds to a query by sending a report A report indicates an end node s desire to become a member of a multicast group Nodes that join a multicast group are referred to as host nodes After becoming a member of a multicast group a host node must continue to periodically issue reports to remain a member After the router has received a report from a host node it notes the multicast group that the host node wants to join and the port on the router where the node is located Any mult
50. e of the following 0 Click OK to save the community names D Click Reload to clear the fields and start over 5 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 6 Click Save AT S86 Management Software User s Guide Setting Up the Host Table When you assign a host IP address to a community string you identify which management workstations can access the string A community string can have up to eight IP addresses of management workstations hosts assigned to it To set up the host table perform the following procedure 1 From the main menu select SNMP gt Host Table The Host Table page is shown in Figure 12 Host Table Host IP Address Community 127 0 0 1 private M 0 0 0 0 public v private v private v private v private v private private M private private M Figure 12 SNMP Host Table Page 2 n the Host IP Address field enter the IP address of a management workstation 3 In the Community list select the name of the SNMP community that the host can access Continue to assign host addresses to the community strings you configured 4 Doone of the following D Click OK to save the SNMP hosts D Click Reload to clear the fields and start over 5 To permanently save these settings in the configuration file from the main menu select Save Configura
51. ect as for example Figure 19 Mirror Mode Disable v Monitor Port w Ingress Port 3 15 17 19 21 23 25 27 29 31 33 35 37 39 41 1 43 ACARAN 00808 Z55ARS AAAA SECTTe UUUEEE VUVVUV FETE S 0E 2 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 i Be e ES em Egress Port 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 9 43 amp fth amp t amp ARSARA AAAAAG AAAA WuUNNENM CUVEE BUNTEN VEEE 14 16 18 20 22 24 20 28 30 32 34 36 38 40 42 Be a Em e a c Figure 19 Egress Ports Selected 4 Inthe Monitor Port list select the port to which the traffic will be sent 5 Inthe Mirror Mode list select Enable 60 AT S86 Management Software User s Guide Do one of the following o Click OK to save the port mirror O Click Reload to clear the port mirror and start over To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 Click Save 61 Chapter 6 Port Mirroring Modifying a Port Mirror 62 To modify a port mirror perform the following procedure 1 From the main menu select Bridge gt Mirroring The Mirroring page is shown in Figure 17 on page 59 Select or de select the ports whose ingress traffic you want to monitor by clicking the port icon in the graphic image of the switch front at the top of the page Select or de select the po
52. ement stations on your network can use a community string If you specify a host IP address for a community string then only those network managers working from particular workstations can use it A community string can have up to eight IP addresses of management workstations assigned to it It is a good idea to assign host IP address to all community strings that have a Read Write access Set mode and then assign the IP addresses of your management workstations to those strings This helps reduce the chance of someone gaining management access to a switch through a community string and making unauthorized configuration changes Default SNMP Community Strings AT S86 Management Software User s Guide Trap Receivers A trap is a signal sent to one or more management workstations by the switch to indicate the occurrence of a particular operating event on the device There are numerous operating events that can trigger a trap For instance resetting the switch is an example of an occurrence that can cause a switch to send a trap to the management workstations You can use traps to monitor activities on the switch Trap receivers are the devices typically management workstations or servers that you want to receive the traps sent by the switch You specify the trap receivers by their IP addresses You assign the IP addresses to the community strings Each community string can have up to eight trap IP addresses It does not matter which co
53. es a port functioning as both a point to point and edge port aaaaaa aaa aaa EN a MENEENMNEENENMENE NENEEENENENEE NM HN 1025 Ne Point to Point and Edge Port Workstation Full duplex Mode Figure 31 Point to Point and Edge Port Determining whether a bridge port is point to point edge or both can be a bit confusing For that reason do not change the default values for this RSTP feature unless you have a good grasp of the concept In most cases the default values work well RSTP IEEE 802 1w is fully compliant with STP IEEE 802 1d Your network can consist of bridges running both protocols STP and RSTP in the same network can operate together to create a single spanning tree domain If you decide to activate spanning tree on the switch there is no reason Spanning Tree and VLANs AT S86 Management Software User s Guide not to activate RSTP on an AT FS750 48 Fast Ethernet Smart Switch even when all other switches are running STP The switch can combine its RSTP with the STP of the other switches The switch monitors the traffic on each port for BPDU packets Ports that receive RSTP BPDU packets operates in RSTP mode while ports receiving STP BPDU packets operate in STP mode The spanning tree implementation in the AT S86 management software is a single instance spanning tree The switch supports just one spanning tree You cannot define multiple s
54. estination address that is on the same port on which the packet was received it discards the packet without forwarding it on to any port Because both the source node and the destination node for the packet are located on the same port on the switch there is no reason for the switch to forward the packet This too increases network performance by preventing frames from being forwarded unnecessarily to other network devices The type of MAC address described above is referred to as a dynamic MAC address Dynamic MAC addresses are addresses that the switch learns by examining the source MAC addresses of the frames received on the ports AT S86 Management Software User s Guide Dynamic MAC addresses are not stored indefinitely in the MAC address table The switch deletes a dynamic MAC address from the table if it does not receive any frames from the node after a specified period of time The switch assumes that the node with that MAC address is no longer active and that its MAC address can be purged from the table This prevents the MAC address table from becoming filled with addresses of nodes that are no longer active The period of time that the switch waits before purging an inactive dynamic MAC address is called the aging time You can adjust this value The default value is 300 seconds 5 minutes For instructions on changing the aging timer refer to Changing the Aging Time on page 140 The MAC address table can also store static MAC a
55. figure or scroll through the list below The port is highlighted in the port list In the AuthMode list select the type of authentication you want the port to perform one of the following Port based Only one host per port needs to be authenticated by a remote RADIUS server or the local database This option also supports multiple host access and guest VLAN IDs MAC based Each host s MAC address must be authenticated before gaining access to the switch up to a maximum of 256 hosts If you choose this setting enable reauthentication in the bridge settings for the switch In the AuthCtrl list select the type of authorization control one of the following AT S86 Management Software User s Guide Force authorized Disables IEEE 802 1X port based authentication and causes the port to transition to the authorized state without any authentication exchange required The port transmits and receives normal traffic without 802 1x based authentication of the client This is the default setting Force unauthorized Causes the port to remain in the unauthorized state ignoring all attempts by the client to authenticate The switch cannot provide authentication services to the client through the interface Auto Enables 802 1x port based authentication and causes the port to begin in the unauthorized state allowing only EAPOL frames to be sent and received through the port The authentication process begins when the link state of the
56. following o Click OK to save the changes D Click Reload to restore the previous settings To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 10 Click Save Chapter 11 Security This chapter provides information on the AT S86 security features as described in the following sections o Port based Network Access Control on page 110 O Setting Up a Dial In User on page 116 o RADIUS on page 119 109 Chapter 11 Security Port based Network Access Control 110 Configuring the Bridge Settings Port based Network Access Control IEEE 802 1x uses the RADIUS protocol to control who can send traffic through and receive traffic from a switch port With this feature the switch does not allow an end node to send or receive traffic through a port until the user of the node has logged on by entering a username and password that the RADIUS server has validated The benefit of this type of network security is obvious This feature can prevent an unauthorized individual from connecting a computer to a switch port or using an unattended workstation to access your network resources Only those users to whom you have assigned valid usernames and passwords are able to use the switch to access the network See Setting Up a Dial In User on page 116 for information about how to set up a remote
57. gt F Limit Rate 70 Port 1 w Control Disable M Mode All v 250000 70 Kbps Modify Port 0l gt Control Disabled Port 02 gt Control Disabled Port 03 gt Control Disabled Port 04 gt Control Disabled Port 05 gt Control Disabled Port 6 rol Disabled Port Disabled Disabled Disabled j Disabled Limit Rate Limit Rate LimitRate Limit Rate LimitRate 7 LimitRate 7 OOV LimitRate 7 Port 0 LimitRat Port 09 LimitRat Port LimitRate 70 Port 1 w Control Disable v Limit Rate 70 250000 70 Kbps Modify Port 0 Control Disabled Port 02 Control Disabled Port 0 Control Disabled Port Control Disabled Port Control Disabled Port Control Disabled c Disabled C Disabled C Disabled C Disabled ok Reload Figure 10 Bandwidth Control Page 2 Inthe Ingress Bandwidth Control section do the following a Inthe Port List select the port you want to configure or scroll through the list below The port is highlighted in the port list AT S86 Management Software User s Guide b In the Control list select Enable to enable the control or Disable to disable it c In the Mode list select one of the following All Affects broadcast multicast and DIf packets Bcast Controls only broadcast packets Bcast Mcast Limits broadcast and multicast packets Bcast Mcast DIf Limits broadcast multicast and DIf packets d In the Lim
58. he bridge settings perform the following procedure 1 From the main menu select Bridge Spanning Tree The Spanning Tree page is shown in Figure 33 on page 102 In the Hello Time field enter a number for the time interval between generating and sending configuration messages by the bridge This parameter can be from 1 to 10 seconds The default is 2 seconds In the Forward Delay field enter a number for the waiting period in seconds before a bridge changes to a new state for example becomes the new root bridge after the topology changes If the bridge transitions too soon not all links may have yet adapted to the change resulting in network loops The range is 4 to 30 seconds The default is 15 seconds In the Max Age field enter a number for the length of time after which stored bridge protocol data units BPDUS are deleted by the bridge All bridges in a bridged LAN use this aging time to test the age of stored configuration messages called bridge protocol data units BPDUs For example if you use the default value 20 all bridges delete current configuration messages after 20 seconds This parameter can be from 6 to 40 seconds When you select a value for maximum age observe the following rules MaxAge must be greater than 2 x HelloTime 1 MaxAge must be less than 2 x ForwardingDelay 1 Note The aging time for BPDUs is different from the aging time used by the MAC address table 105 Chapter 1
59. he procedures in this chapter show you how to create and manage SNMP community strings through which your SNMP application program at your management workstation can access the switch s MIB objects To manage a switch using an SNMP application program you must load the Allied Telesis MIBs for the switch onto your management workstation containing the SNMP application program The MIBs are available from the Allied Telesis web site at www alliedtelesis com To manage a switch using SNMP you need to know the IP address of the switch and at least one of the switch s community strings A community string is a string of alphanumeric characters that gives you access to the switch A community string has several attributes that you can use to control who can use the string and what the string will allow a network management to do on the switch The community string attributes are defined below Community String Name You must give the community string a name The name can be from one to 16 alphanumeric characters Spaces are allowed Access Mode Set This defines what the community string will allow a network manager to do There are two access modes Read and Read Write A community string with an access mode of Read can only be used to view but not change the MIB objects on a switch A community string with a Read Write access can be used to both view the MIB objects and change them Host Table You can use this feature to control which manag
60. how often authentication is performed The default value is 3600 and the range is 1 to 4294967295 seconds 5 In the Retransmission Time field enter a number for how often the authentication is transmitted The default value is 30 seconds and the range is 1 to 65 535 seconds 111 Chapter 11 Security 112 Configuring the Port Settings 10 In the Quiet Period field enter a number for the number of seconds that the port remains in the quiet state following a failed authentication exchange with the client The default value is 60 seconds and the range is 1to 65 535 seconds In the Max Reauthentication Attempts field enter a number for the maximum number of times that the switch retransmits an EAP Request packet to the client before it times out the authentication session The default value for this parameter is 2 retransmissions and the range is 1 to 10 retransmissions Do one of the following 0 Click OK to save the changes O Click Reload to clear the changes and start over To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 Click Save To configure the ports for authentication perform the following procedure 1 From the main menu select Security Port Access Control The Port Access Control page is shown in Figure 34 on page 111 In the Port List select the port you want to con
61. hysical Interface The Physical Interface page is shown in Figure 9 on page 34 In the Port List select the port you want to configure or scroll through the list below The port is highlighted in the port list In the Flow Control list select Enabled or Disabled Click Modify The flow control setting shown in the table for that port is changed Continue to select and modify other ports as necessary Do one of the following 0 Click OK to save the changes 0 Click Reload to clear the settings and start over To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 Click Save 37 Chapter 3 Port Configuration Configuring Bandwidth Control If the performance of your network is affected by heavy traffic you can use bandwidth control to set the rate of various types of packets that a port receives You can control ingress packet types including broadcast multicast and DIf packets or a combination of all three types and limit their rates For egress packets you can only configure the rate DIf packets are unicast packets that are broadcast because of a destination address lookup failure To configure bandwidth control perform the following procedure 1 From the main menu select Bridge Bandwidth Control The Bandwidth Control page is shown in Figure 10 Bandwidth Control 38 C
62. icast packets belonging to that multicast group are then forwarded by the router out the port If a particular port on the router has no nodes that want to be members of multicast groups the router does not send multicast packets out the port This improves network performance by restricting multicast packets only to router ports where host nodes are located There are three versions of IGMP versions 1 2 and 3 One of the differences between the versions is how a host node signals that it no longer wants to be a member of a multicast group In version 1 it stops sending reports If a router does not receive a report from a host node after a predefined length of time referred to as a time out value it assumes that the host node no longer wants to receive multicast frames and removes it from the membership list of the multicast group In version 2 a host node exits from a multicast group by sending a eave request After receiving a leave request from a host node the router removes the node from appropriate membership list The router also stops sending multicast packets out the port to which the node is connected if it determines there are no further host nodes on the port Version 3 adds the ability of host nodes to join or leave specific sources in a multicast group through the use of Group Source report and Group Source leave messages The AT S86 management software does not support IGMP V3 The IGMP snooping feature enables the switch
63. ing the switch The contact name is optional and can contain up to 24 characters 4 n the System Location field enter information to describe the location of the switch for example Third Floor The location is optional and can contain up to 24 characters 5 Doone of the following DO Click OK to save the system information AT S86 Management Software User s Guide D Click Reload to clear the fields and start over To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 Click Save 27 Chapter 2 Basic Switch Parameters Setting Up IP Address Access Adding an IP Address to the IP 28 Access List You can restrict remote management of the switch by creating an IP access list The switch uses the list to filter the management packets it receives and accepts and processes only those packets that originate from an IP address in the list In addition to creating the list you can disable or enable the IP access list filtering To add an IP address to the IP access list perform the following procedure 1 From the main menu select System IP Access List The IP Access List page is shown in Figure 6 IP Access List IP Restriction is Disabled v Add IP Address Modify Remove Bote Please remember to add your IP address to the access list ion abl when the IP restric
64. ion RMA number A product sent to Allied Telesis without an RMA number will be returned to the sender at the sender s expense To obtain an RMA number contact the Allied Telesis Technical Support group at our web site www alliedtelesis com support rma Select your country from the list displayed on the website Then select the appropriate menu tab You can contact Allied Telesis for sales or corporate information through our web site www alliedtelesis com To find the contact information for your country select Contact Us gt Worldwide Contacts New releases of management software for our managed products are available from either of the following Internet sites D Allied Telesis web site www alliedtelesis com o Allied Telesis FTP server ftp ftp alliedtelesis com To download new software from the Allied Telesis FTP server from your workstation s command prompt you must have FTP client software Additionally you must log in to the server The user name is anonymous and your email address is the password Preface 14 Chapter 1 Getting Started This chapter contains the following sections o Starting a Management Session on page 16 D Quitting a Management Session on page 18 Chapter 1 Getting Started Starting a Management Session 16 To start a management session on the switch perform the following procedure 1 In a web browser address box enter the following IP address 192
65. is on a per port basis Strict Priority Scheduling AT S86 Management Software User s Guide With this type of scheduling a port transmits all packets out of higher priority queues before transmitting any from the lower priority queues For instance as long as there are packets in Q3 it does not handle any packets in Q2 The value to this type of scheduling is that high priority packets are always handled before low priority packets The problem with this method is that some low priority packets might never be transmitted out the port because a port might never get to the low priority queues A port handling a large volume of high priority traffic may be so busy transmitting the high priority packets that traffic that it never has an opportunity to get to any packets that are stored in its low priority queues Weighted Round Robin Priority Scheduling The weighted round robin WRR scheduling method functions as its name implies The port transmits a set number of packets from each queue in a round robin fashion so that each has a chance to transmit traffic This method guarantees that every queue receives some attention from the port for transmitting packets Table 3 shows the WRR factory default settings for the number of packets transmitted from each queue Table 3 Example of Weighted Round Robin Priority Port Egress Queue Maximum Number of Packets Q3 8 Q2 4 Q1 2 QO 1 83 Chapter 8
66. it rate field enter a number for the rate limit The range is 70 to 250 000 packets per second e Click Modify In the Egress Bandwidth Control section do the following a In the Port List select the port you want to configure or scroll through the list below The port is highlighted in the port list b In the Control list select Enable to enable the control or Disable to disable it c In the Limit rate field enter a number for the rate limit The range is 70 to 250 000 packets per second d Click Modify Do one of the following 0 Click OK to save the changes 0 Click Reload to clear the settings and start over To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 Click Save 39 Chapter 3 Port Configuration 40 Chapter 4 SNMP This chapter contains the following topics SNMP Overview on page 42 Setting Up the SNMP Community Table on page 44 Setting Up the Host Table on page 45 un uuu Setting Up SNMP Trap Receivers on page 47 41 Chapter 4 SNMP SNMP Overview 42 The Simple Network Management Program SNMP is another way for you to manage the switch This type of management involves viewing and changing the management information base MIB objects on the device using an SNMP application program By default SNMP is enabled on the switch T
67. load is complete the switch is automatically rebooted and you lose your connection to the switch You will need to log in again 3 Click Upload Note The reboot process that occurs after the new firmware is uploaded will stop network traffic 146 Index A aging time changing 140 defined 137 B BPDU See bridge protocol data unit bridge forwarding delay Spanning Tree Protocol STP 103 105 bridge hello time Spanning Tree Protocol STP 103 bridge identifier described 94 Spanning Tree Protocol STP 103 bridge max age Spanning Tree Protocol STP 103 bridge priority described 94 Spanning Tree Protocol STP 103 bridge protocol data unit BPDU 98 103 C Class of Service CoS described 80 mapping to egress queues 86 priority level and egress queue mappings 80 community name SNMP 42 CoS See Class of Service CoS D destination port 58 dynamic MAC address defined 136 E edge port described 99 F flow control described 37 enabling or disabling 37 forwarding delay 97 H hello time described 98 Spanning Tree Protocol STP 103 l IEEE 802 1D standard 93 IEEE 802 1p standard 80 M MAC address aging time changing 140 MAC address table defined 136 MAC addresses defined 136 max age Spanning Tree Protocol STP 103 P path cost described 95 point to point port described 99 port mirror destination port 58 source port 58 port mirroring described 58 port priority de
68. me in the Confirm Password field 5 Doone of the following D Click Modify to modify the user parameters D Click Reload to clear the fields and start over 6 Click OK 7T To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 8 Click Save Deleting a User To remove a user from the system perform the following procedure 1 From the main menu select System Administration The Administration page is shown in Figure 4 on page 23 2 Inthe list of users select the user you want to delete 3 Click Remove 24 Enabling or Disabling Password Protection AT S86 Management Software User s Guide Note Be careful not to delete all the users You should have at least one user with a password to manage the switch 4 Click OK 5 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 6 Click Save To enable or disable password protection authentication for the users perform the following procedure 1 From the main menu select System Administration The Administration page is shown in Figure 4 on page 23 Note Allied Telesis recommends that you keep password protection enabled to protect the switch from unauthorized changes 2 In the Password Protectio
69. mmunity strings you assign your trap receivers When the switch sends a trap it looks at all the community strings and sends the trap to all trap receivers on all community strings This is true even for community strings that have a access mode of only Read If you are not interested in receiving traps then you do not need to enter any IP addresses of trap receivers The AT S86 management software provides two default community strings public and private The public string has an access mode of Read Only and the private string has an access mode of Read Write If you activate SNMP management on the switch you should change the status of the private community string from open to closed to prevent unauthorized changes to the switch 43 Chapter 4 SNMP Setting Up the SNMP Community Table 44 To define the SNMP community names and their settings perform the following procedure 1 From the main menu select SNMP Community Table The Community Table page is shown in Figure 11 Community Table Community Name Set private A public c CD Figure 11 SNMP Community Table Page 2 To add a community name enter it in one of the Community Name fields 3 To allow read write access for any community name click the adjoining box in the Set column If you do not click Set for a particular community name that community name has read access only 4 Doon
70. n list select one of the following Enabled To enable the feature Disabled To disable password protection This is the default 3 Click OK 4 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 5 Click Save 25 Chapter 2 Basic Switch Parameters Configuring the System Management Information 26 This section explains how to assign a name to the switch as well as specify the location of the switch and the name of the switch s administrator Entering this information is optional To set a switch s management information perform the following procedure 1 From the main menu select System Management The Management page is shown in Figure 5 Management Model Name AT FS750 48 MAC Address 00 10 20 30 40 50 System Name ATI System Contact Not Available System Location Not Available cs Cc Figure 5 Management Page 2 In the System Name field enter a name for the switch for example Sales The system name is optional and can contain up to 24 characters Note Allied Telesis recommends that you assign a name to the switch A name helps you identify a switch when you manage it and can also help you avoid performing a configuration procedure on the wrong switch 3 In the System Contact field enter the name of the network administrator responsible for manag
71. n page 21 Click Save TT Chapter 7 VLANs 78 Chapter 8 Class of Service CoS This chapter contains the following topics CoS Overview on page 80 Configuring CoS on page 84 Mapping CoS Priorities to Egress Queues on page 86 Specifying the Scheduling Algorithm on page 87 un oo 0 0 79 Chapter 8 Class of Service CoS CoS Overview 80 When a port on an Ethernet switch becomes oversubscribed its egress queues contain more packets than the port can handle in a timely manner the port may be forced to delay the transmission of some packets resulting in the delay of packets reaching their destinations A port may be forced to delay transmission of packets while it handles other traffic and in some situations some packets destined to be forwarded to an oversubscribed port from other switch ports may be discarded Minor delays are often of no consequence to a network or its performance But there are applications referred to as delay or time sensitive applications that can be impacted by packet delays Voice transmission and video conferences are two examples If packets carrying data for either of these are delayed from reaching their destination the audio or video quality may suffer This is where CoS is of value It allows you to manage the flow of traffic through a switch by having the switch ports give higher priority to some packets such as delay sensitive traffic over other p
72. nt eed eene deed anre EL nee ga ineo dk ete dn nn 23 Modifying an Administrative User ssssssssssesseeeeneneen nennen rennen enne eene nnne enne nnne nnns 24 Deleting o USOT moriis E 24 Enabling or Disabling Password Protection ssssssssesessee enne nennen nnne nnns 25 Configuring the System Management Information ssssesseeeeneeeenne nennen nennen nnns 26 setting Up IP Address Access oen PD ome RADIATION 28 Adding an IP Address to the IP Access List eene rne enne nnns 28 Modifying an IP Address in the IP Access List eene 29 Removing an IP Address from the IP Access List ssssssesseeeeeneee ener 29 Enabling or Disabling IP Access sssessssseeeneeee EI ARASA eene nemene nenne sen en nennen enne nnn 30 Rebooting the Switch cie aa de eed ar eua n eee nia eve enge ee 31 Returning the AT S86 Management Software to the Default Values ssseenm nenn 32 Chapter 3 Port Configuration 44444Hnnnnnnennnnnnnnnnnnnnnnnnnnnennnnnnnnnnnnnnnnsnnnnnnnnsnnnnnnnnnnsnnnnnnnnnnnnnnn 33 Enabling or Disabling a Port ead t e bd ood getaggt 34 Setting a Port s Speed and Duplex Mode cccceceeececeeceeeeeeeeeeeceeeeeaaaeaeeeeeeeeeeesescaaacaaeeeeeeeeeeeeesensacesaeeeeeees 35 Enabling or Disabling Flow Control aiara eaan EEEE AA AEAEE nnn nennen nns 37 Configuring Bandwidth Control sssss
73. number of frames not transmitted correctly or dropped per unit of time specified by the Auto Refresh parameter due to internal MAC Tx errors Outbound Error Rate The number of frames not transmitted correctly or dropped per unit of time specified by the Auto Refresh parameter due to internal MAC Tx error Ethernet Undersize Packet Rate The number of undersize packets received per unit of time specified by the Auto Refresh parameter Ethernet Oversize Packet Rate The number of oversize packets received per unit of time specified by the Auto Refresh parameter Inbound Octets The sum of lengths of all good Ethernet frames received that are neither bad Ethernet frames nor MAC Control packets Inbound Unicast Packets The total number of good packets received that were not directed to the broadcast or multicast address 4 5 AT S86 Management Software User s Guide Inbound Non unicast Packets The total number of good packets received that were directed to the broadcast or multicast address Inbound Discards The number of inbound packets discarded because they do not conform to the forwarding rules of the switch Inbound Errors The number of inbound malformed packets not forwarded to the switch Outbound Octets The sum of lengths of all good Ethernet frames sent from this MAC Outbound Unicast Packets The number of good packets sent that do not have a broadcast or multicast destination MAC address Outbound Non
74. o Find Web based Guides eese einen tenen tnnt nente nante ennnnn nn nernnnn nennen 12 Gontacting Allied Telese enia rare ren Heeres 13 Online RS 10 eK UM EPRSTEISPERESENTEERERFETTEERERESTTELDRETENSTRRERTENSIENERGBERTTRUELTTENTTELENSEITUERLEREUEITTTELTERTSORROECUTTETETERTSTIRERLESERFTRUER 13 Email and Telephone Suppott 44244444404nnnnnnsnnnnnnnnnnnnennennnnnnnnnnnnnnnnnennnennennnnnnnennnnnrnnernnnne nn 13 Warranty i scitu troie tiet rogue e Pectus d e o Lo et EH 13 Returning Products o dea eo OI aetema ai ER adt 13 Sales or Gorporate InformoatiOniau 2 ilie ec t er latet each Lese tct Te duget i tabo lend la fedet naa 13 Management Software Update cece ner inne eee etnies eerie nemen nnn nene nennen nennen nennen 13 Chapter 1 Getting Started 0 0 0 rr nn nn te ee nennen nennen ennemis nennen ener nnne enn 15 Starting a Management Session sonus apaa ee Ear aA E Ta aer EAA nennen TER nenne 16 Quitting a Management Session sssssssssssssssesesee eene nennen nenne rnn nennen nne A aaia 18 Chapter 2 Basic Switch Parameters cccccccccceeeeeeeeeeceeeceeeeeeeeeeeeeecaacaaeaaeeeeeeeeeeeeeseesensisaeeaeeseeess 19 Configuring the IP Address Subnet Mask and Gateway Address ssssssse een 20 Enabling or Disabling DACP Em 22 Configuring System Administration Information esses eene enne nnns 23 Adding an Administrative lser aie
75. ot port If redundant paths exist the bridges that are a part of the paths must determine which path will be the primary active path and which path s will be placed in the standby blocking mode This is accomplished by an determination of path costs The path offering the lowest cost to the root bridge becomes the primary path and all other redundant paths are placed into blocking state Path cost is determined through an evaluation of port costs Every port on a bridge participating in STP has a cost associated with it The cost of a 95 Chapter 10 STP and RSTP 96 port on a bridge is typically based on port speed The faster the port the lower the port cost The exceptions to this are 0 The ports on the root bridge where all ports have a port cost of 0 O When a port is a member of a trunk the port cost of each trunk member is the auto port cost divided by the number of trunk members Path cost is simply the sum of the port costs between a bridge and the root bridge Port cost also has an Auto feature This feature allows spanning tree to automatically set the port cost according to the speed of the port assigning a lower value for higher speeds Auto is the default setting Table 6 lists the STP port costs with Auto When a port is an active member of a trunk the port cost is equal to the auto port cost divided by the number of ports in the trunk Table 5 STP Auto Port Costs Port Speed Port
76. panning trees The single spanning tree encompasses all ports on the switch If the ports are divided into different VLANs the spanning tree crosses the VLAN boundaries This point can pose a problem in networks containing multiple VLANSs that span different switches and are connected with untagged ports In this situation STP blocks a data link because it detects a data loop This can cause fragmentation of your VLANs This issue is illustrated in Figure 32 Two VLANs Sales and Production span two AT FS750 48 Fast Ethernet Smart Switches Two links consisting of untagged ports connect the separate parts of each VLAN If STP or RSTP is activated on the switches one of the links is disabled In the example the port on the top switch that links the two parts of the Production VLAN is changed to the block state This leaves the two parts of the Production VLAN unable to communicate with each other Sales Production VLAN VLAN Cep epe peo ee npe pepe pe reels pee pe pe qe iMENEEEM TR U I FR FR N NN M N N p gt ba c Port AT TTITUIIIITUITIITULIITIIUH S MM I FI FR RR RR FR NN B N 727 N 7 a a Sales Production VLAN VLAN Figure 32 VLAN Fragmentation 101 Chapter 10 STP and RSTP Enabling or Disabling Spanning Tree 102 The AT S86 management software supports
77. port changes or the port receives an EAPOL Start packet from a supplicant The switch requests the identity of the client and begins relaying authentication messages between the client and the authentication server Each client that attempts to access the network is uniquely identified by the switch using the client s MAC address In the Multi host list select one of the following Disable Only one host among the ones that passed authentication is allowed to access the switch Enable All hosts connected to the port are allowed access so long as at least one host passed authentication Note Strictly limit the use of the multi host feature Otherwise undesirable switch operation may result Use this feature only when the link will carry traffic from just one client or only management traffic In the GuestVID field enter the VLAN ID for guests to allow the users without 802 1x clients to have limited network access Do one of the following 0 Click OK to save the changes O Click Reload to clear the changes and start over To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 113 Chapter 11 Security 9 Click Save Viewing the Port To view the port access control status perform the following procedure Access Control 1 From the main menu select Security Port Access Control Status Statu
78. procedure 1 From the main menu select Security gt Dial in User The Dial in User page is shown in Figure 36 on page 116 In the list of dial in users highlight the user you want to delete Click Delete Do one of the following 0 Click OK to save the changes O Click Reload to clear the changes and start over To permanently save these settings in the configuration file from the main menu select Save Configuration 117 Chapter 11 Security 118 The Save Configuration page is shown in Figure 3 on page 21 6 Click Save RADIUS AT S86 Management Software User s Guide RADIUS Implementation Guidelines RADIUS is an acronym for Remote Authentication Dial In User Services an authentication protocol You can use RADIUS to transfer the task of validating management access from a switch to an authentication protocol server With the protocols you can create a series of username and password combinations that define who can manage an AT FS750 48 Fast Ethernet Smart Switch There are three basic functions an authentication protocol provides g Authentication D Authorization CD Accounting When a network manager logs in to a switch to manage the device the switch passes the username and password entered by the manager to the authentication protocol server The server checks to see if the username and password are valid for that switch This is referred to as authentication If the combination i
79. r only means of managing the switch is through a web browser which requires that you have the switch s IP address 21 Chapter 2 Basic Switch Parameters Enabling or Disabling DHCP 22 To enable or disable the DHCP client perform the following procedure 1 From the main menu select System gt IP Setup The IP Setup Page is shown in Figure 2 on page 20 From the DHCP Client list choose Enabled or Disabled The default setting is disabled Note If you lose connectivity after enabling DHCP or to determine the switch s new IP address in the future use the SSM Utility You can access the utility in one of the following ways Click the SSM Utility link on the AT FS750 48 Fast Ethernet Switch CD and on the SSM Utility page click the SSM Utility link Download the SSM Utility files and documentation located in the SSM Utility folder on the AT FS750 48 Fast Ethernet Switch CD Download the SSM Utility files and documentation from the Allied Telesis website www alliedtelesis com AT S86 Management Software User s Guide Configuring System Administration Information Adding an Administrative User You can allow multiple users to access and administer the system by adding their passwords to the system and or set up password protection Note When you start up the switch for the first time you should add a user to the system protected by a password who will be managing the switch To
80. raphic image of the switch front Do one or more of the following T is placed on that port A U is placed on that port 0 Click Attach All to attach all the ports to the VLAN as tagged ports and then modify the designations by clicking the ports o Click once to assign the port as a tagged member of the VLAN A I Click twice to assign the port as an untagged member of the VLAN 73 Chapter 7 VLANs 74 Figure 24 shows an example of a tagged VLAN with the ports selected Tagged VLAN Show VLAN Add a new VLAN M Name offshore VLAN ID 1 4000 300 Detach All Attach All 1 JST QI EN See ETE Al 25 27 29 31 33 35 37 39 41 43 46 47 48 S28000 ancoas ascanas Hamm A WwUNDUM FEUEEET ENUNEN FEVE u rd er s Fr dO TO eee 24 26 28 30 32 34 36 38 40 42 44 46 48 50 51 52 a c Figure 24 Tagged VLAN Ports Selected 7 To start over click Detach All remove all the ports from the VLAN 8 Do one of the following D Click OK to save the VLAN D Click Reload to reload any previous settings for the VLAN 9 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 10 Click Save Modifying a To modify a tagged VLAN perform the following procedure Tagged VLAN 1 From the main menu select Bridge VLAN Tagged VLAN The Tagged VLAN page is shown in Figure 22 on page 72 2 In the Show VLA
81. re 20 on page 69 2 In the Show Port Based VLAN list select the VLAN you want to modify The graphic image of the switch is updated to show the ports that are included in this VLAN 3 Do one of the following o Click a port to add it to or remove it from the VLAN 0 Click Detach All to remove all the ports from the VLAN and start Over 0 Click Attach All to add all the ports to the VLAN and then AT S86 Management Software User s Guide selectively click the ones you do not want included 4 Doone of the following D Click OK to save the changes 0 Click Reload to clear the changes and start over 5 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 6 Click Save Viewing a Port To view a port based VLAN perform the following procedure Based VLAN 1 From the main menu select Bridge gt VLAN gt Port Based VLAN The Port Based VLAN page is shown in Figure 20 on page 69 2 In the Show Port Based VLAN list select the VLAN you want to view The graphic image of the switch is updated to show the ports that are included in this VLAN 71 Chapter 7 VLANs Creating a Tagged VLAN This section contains the following procedures D Creating a Tagged VLAN next 0 Modifying a Tagged VLAN on page 74 D Viewing a Tagged VLAN on page 75 The switch s default setting is
82. ree Protocol RSTP The chapter also contains procedures on how to adjust the STP and RSTP bridge and port parameters The sections in this chapter include O STP Overview on page 94 D Enabling or Disabling Spanning Tree on page 102 0 Configuring the Spanning Tree Port Settings on page 107 Note For detailed information on the Spanning Tree Protocol refer to IEEE Standard 802 1D For detailed information on the Rapid Spanning Tree Protocol refer to IEEE Standard 802 1w 93 Chapter 10 STP and RSTP STP Overview 94 Bridge Priority and the Root Bridge The performance of a Ethernet network can be negatively impacted by the formation of a data loop in the network topology A data loop exists when two or more nodes on a network can transmit data to each other over more than one data path The problem that data loops pose is that data packets can become caught in repeating cycles referred to as broadcast storms that needlessly consume network bandwidth and can significantly reduce network performance STP prevents data loops from forming by ensuring that only one path exists between the end nodes in your network Where multiple paths exist these protocols place the extra paths in a standby or blocking mode leaving only one main active path STP can also activate a redundant path if the main path goes down So not only do these protocols guard against multiple links between segments and the risk of broad
83. requirements For example you could create separate VLANs for the different departments in your company such as one for Sales and another for Accounting VLANs offer several important benefits O Improved network performance Network performance often suffers as networks grow in size and as data traffic increases The more nodes on each LAN segment vying for bandwidth the greater the likelihood overall network performance decreases VLANs improve network perform because VLAN traffic stays within the VLAN The nodes of a VLAN receive traffic only from nodes of the same VLAN This reduces the need for nodes to handle traffic not destined for them It also frees up bandwidth within all the logical workgroups In addition because each VLAN constitutes a separate broadcast domain broadcast traffic remains within the VLAN This too can improve overall network performance O Increased security Because data traffic generated by a node in a VLAN is restricted only to the other nodes of the same VLAN you can use VLANs to control the flow of packets in your network and prevent packets from flowing to unauthorized end nodes O Simplified network management VLANS can also simplify network management Before the advent of VLANS physical changes to the network often had to been made at the switches in the wiring closets For example if an employee changed departments changing the employee s LAN segment assignment might require a change
84. riority number of those bridges the one with the lowest MAC address is designated as the root bridge AT S86 Management Software User s Guide You can change the bridge priority number in the AT S86 management software You can designate which switch on your network you want as the root bridge by giving it the lowest bridge priority number You might also consider which bridge should function as the backup root bridge in the event you need to take the primary root bridge offline and assign that bridge the second lowest bridge identifier number The bridge priority has a range 0 to 61440 To make this easier for you the AT S86 management software divides the range into increments of 4096 The valid bridge priority values that you can enter are shown in Table 4 Table 4 Bridge Priority Value Increments Bridge Bridge Priority Priority 0 32768 4096 36864 8192 40960 12288 45056 16384 49152 20480 53248 24576 57344 28672 61440 Path Costs and Port Costs After the root bridge has been selected the bridges must determine if the network contains redundant paths and if one is found they must select a preferred path while placing the redundant paths in a backup or blocking state Where there is only one path between a bridge and the root bridge the bridge is referred to as the designated bridge and the port through which the bridge is communicating with the root bridge is referred to as the ro
85. rity Queue 0 Q2 1 Q1 Q1 Q2 Q3 Q3 Q4 Q4 NIL OO oO AJ OJN For example if a tagged packet with a priority level of 3 entered a port on the switch the switch would store the packet in Q2 queue on the egress port Note that priority 0 is mapped to CoS queue 2 instead of CoS queue 1 because tagged traffic that has never been prioritized has a VLAN tag User Priority of 1 If priority O was mapped to CoS queue 1 this default traffic goes to the lowest queue which is probably undesirable This mapping also makes it possible to give some traffic a lower priority than the default traffic You can change these mappings For example you might decide that packets with a priority of 5 need to be handled by egress queue Q3 and packets with a priority of 2 should be handled in Q1 The result is shown in Table 2 Table 2 Customized Mappings of IEEE 802 1p Priority Levels to Priority Queues IEEE ek a Port Priority Queue 0 Q2 1 Q1 3 Q1 3 Q3 2 Q3 81 Chapter 8 Class of Service CoS 82 Scheduling Table 2 Customized Mappings of IEEE 802 1p Priority Levels to Priority Queues Continued IEEE De Port Priority Queue 5 Q3 6 Q4 7 Q4 The procedure for changing the default mappings is found in Mapping CoS Priorities to Egress Queues on page 86 Note that because all ports must use the same priority to egress queue mappings
86. rt state is not activated immediately It might take time for the root bridge to notify all bridges that a topology change has occurred especially if it is a large network If a topology change is made before all bridges have been notified a temporary data loop could occur and that could adversely impact network performance To forestall the formation of temporary data loops during topology changes a port designated to change from blocking to forwarding passes through two additional states listening and learning before it begins to forward frames The amount of time a port spends in these states is set by the forwarding delay value This value states the amount of time that a port spends in the listening and learning states prior to changing to the forwarding state The forwarding delay value is adjustable in the AT S86 management 97 Chapter 10 STP and RSTP 98 software The appropriate value for this parameter depends on a number of variables the size of your network is a primary factor For large networks you should specify a value large enough to allow the root bridge sufficient time to propagate a topology change throughout the entire network For small networks you should not specify a value so large that a topology change is unnecessarily delayed which could result in the delay or loss of some data packets Note The forwarding delay parameter applies only to ports on the switch that are operating STP compatible mod
87. rts whose egress traffic you want to monitor by clicking the port icon in the graphic image of the switch front at the top of the page In the Monitor Port list select the port to which the traffic will be sent if you want to change that In the Mirror Mode list select Enable Do one of the following o Click OK to save the port mirror O Click Reload to clear the port mirror and start over To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 Click Save Chapter 7 VLANs This chapter about VLANs contains the following sections VLAN Overview on page 64 Port based VLAN Overview on page 66 Tagged VLAN Overview on page 67 Creating a Port Based VLAN on page 69 Creating a Tagged VLAN on page 72 Changing a Port s VLAN Mode on page 76 OQ oo 22 0 0 63 Chapter 7 VLANs VLAN Overview 64 A VLAN is a group of ports on an Ethernet switch that form a logical Ethernet segment The ports of a VLAN form an independent traffic domain where the traffic generated by the nodes of a VLAN remains within the VLAN With VLANs you can segment your network through the switch s AT S86 management software and so be able to group nodes with related functions into their own separate logical LAN segments These VLAN groupings can be based on similar data needs or security
88. s 131 Chapter 12 Statistics 132 Inbound Unicast Packets The total number of good packets received that were not directed to the broadcast or multicast address Inbound Non unicast Packets The total number of good packets received that were directed to the broadcast or multicast address Inbound Discards The number of inbound packets discarded because they do not conform to the forwarding rules of the switch Inbound Errors The number of inbound malformed packets not forwarded to the switch Outbound Octets The sum of lengths of all good Ethernet frames sent from this MAC Outbound Unicast Packets The number of good packets sent that do not have a broadcast or multicast destination MAC address Outbound Non unicast Packets The number of good packets sent that have a broadcast or multicast destination MAC address Outbound Discards The number of outbound packets discarded because they do not conform to the forwarding rules of the switch Outbound Errors The number of outbound malformed packets not forwarded by the switch Ethernet Undersize Packets The number of undersize packets received Ethernet Oversize Packets The number of oversize packets received In the Auto Refresh list choose the number of seconds the switch waits before polling for statistics 5 10 15 or 30 seconds In the Port list select a port whose statistics you want to view In the Color list select a color for that port Click Draw
89. s The Port Access Control Status page is shown Figure 35 Port Access Control Status Port l AuthMode de Port based AuthCtrl Force authorized Status unauthorized VID de Port based AuthCtrl Force authorized Status unauthorized VID Port based AuthCtrl Force authorized Status unauthorized VID rt based AuthCtrl Force authorized Status unauthorized VID Port based AuthCtrl Force authorized Status unauthorized VID rt based AuthCtrl Force authorized Status unauthoriz rt based AuthCtrl Force authorized Status author Port based AuthCtrl Force authorized Status unauthor Port based AuthCtrl Force authorized Status PortlO gt AuthMode Port_based AuthCtrl Force authorized Status unauthorized VID a PEEPEEPEEHH Port 1 M Figure 35 Port Access Control Status Page The Port Access Control Status page displays the following items of information for each port AuthMode The mode that is used to authenticate access one of the following Port based This option also supports multiple host access and guest VLAN IDs MAC based Each host s MAC address must be authenticated before gaining access to the switch AuthCtrl The manner in which the port is handling authentication one of the following Force authorized The port transitions to the authorized state without any authentication exchange required Force unauthorized The port remains in the unauthorized state ignoring all a
90. s valid the authentication protocol server notifies the switch and the switch completes the login process allowing the manager to manage the switch If the username and password are invalid the authentication protocol server notifies the switch and the switch cancels the login Authorization defines what a manager can do after logging in to a switch You assign an authorization level to each username and password combination that you create on the server software The access level can either Manager or Operator The AT S86 management software does not support RADIUS authorization The final function of an authentication protocol is accounting which keeps track of user activity on network devices The AT S86 management software does not support RADIUS accounting as part of manager accounts Following are the guidelines for using RADIUS authentication O First you need to install RADIUS server software on one or more of your network servers or management stations Authentication protocol server software is not available from Allied Telesis O The authentication protocol server can be on the same subnet or a different subnet as the switch If the server and switch are on different 119 Chapter 11 Security 120 Configuring RADIUS subnets be sure to specify a default gateway in the IP Setup page Figure 2 on page 20 so that the switch and server can communicate with each other O You need to configure the RADIUS software on
91. scribed 97 port trunk creating 52 described 50 guidelines 51 modifying 54 removing 55 port trunking example 50 port based VLAN defined 66 rules 66 priority level and egress queue mappings 80 Q Quality of Service QoS described 80 scheduling configuring 86 described 82 R root bridge 94 S scheduling configuring 86 described 82 strict priority described 83 weighted round robin described 83 SNMP community name 42 SNMP community string access mode 42 closed access status 42 default 43 147 Index name 42 open access status 42 Source port 58 Spanning Tree Protocol STP and VLANs 101 bridge forwarding delay 103 105 bridge hello time 103 bridge identifier 103 bridge max age 103 bridge parameters configuring 105 bridge priority 103 defined 94 forwarding delay 103 static unicast MAC address defined 137 strict priority scheduling 83 T tagged VLAN defined 67 overview 67 rules 68 trap receivers 43 V virtual LAN VLAN defined 64 overview 64 port based defined 66 tagged defined 67 VLAN ID described 66 VLAN name described 66 VLAN See virtual LAN VLAN Ww weighted round robin priority scheduling 83 148
92. ssssssesseeeeene eene eee eee renee eee eee nnd n nnne nennen eren 38 Ec HII SN 41 SNMP Overview een ie ee In a ED per Nee rien ige 42 Default SNMP Community Strings nennen eren nennen nennen enn 43 Setting Up the SNMP Community Table sssssssssssesseeenenn nennen nennen nennen nennen sinere nennen nennen enn 44 Setting Up the Host Table eerie chau dene rn a ern AE ne 45 Setting Up SNMP Trap Receivers ssssssssssssssssseseseeeee enne emen nne n en sehen nennen meses nsns nennt nere EREEREER ses 47 Chapter 5 Port Trunking 3 Roo eR ie v be Reit 49 Port Trunkirig OVervlow eee read olet a ed ce ede teet eg ped ch e D bd eere 50 Static Port Trunk OVervIew sio etate etu dele tate Hte et RH 50 Creating a Port Turik ui oiii bittet tet het ded ced eR geb CLR LL teed nde ead dip en dg 52 Contents Modifying R a ie LED 54 Removing a TUNK ritat EE 55 Chapter 6 Port Mirroring aera EREE EE DPI eMe eim 57 Port Mirroring Overview ienien iiie eap Lp EE EE E AEA EA ARENE 58 G nfiguring Port Mirroring 2 4 2 ee nu O ATO EA 59 Modifying Port Minor 2 eret eit ene ated m etaient 62 Chapter 7 VEANS enin en tat ea t E e anda ad een 63 VEAN QVOIVIGW 1 2 2 a quud A peut Peel e deett ove Pelle A elle eee 64 Port based VECAN OVOIVIOW iecit eet ue tee e dez a Tied dude tee Le deese bea ende tne inen 66 VLAN Name rote eet e in a 66 Group Di Hi e rer t etn cu e o Mr tut es tenir du
93. t cr cete udin 66 General Rules for Creating a Port based VLAN sssssssssssssesee eene eene nnne nre 66 Tagged VLAN Overview in eae iaa 67 Tagged and Untagged Ports 2 nen ne ie I dane Lied Leod ie a nun ln hen 67 Port VEAN Identifler uice en ite cec oe o Mta ee at oet sa LO RER 68 General Rules for Creating a Tagged VLAN ssssssssseeeen eene enne en ee nrrn nennen nennen 68 Creating a Port Based VLAN 2 5 sedat aan 69 Creating a Port Based VLAN 2 ae ai re ddr nr nn Deva e ea e a ea RD ne 69 Modifying a Port Based VLAN sisrate aa iaae a a aeaa 70 Viewing a Port Based VEAN 4 dieit a eu EE ENESA E EAAS te NE A SEEE 71 Greating a Tagged VLAN M 72 Creating a Tagged VLAN 1 aiite tide ded eel aa Le oce A S diene 72 Modifying a Tagged VLAN 1 eter Ete DID ap a La dd ente I pone epu ed 74 Viewing a Tagged VLAN esee sa He al b de reed eeu ode ein 75 Changing a Ports VLAN Mode 2 222 22 ea Een ned 76 Chapter 8 Class of Service COS 444444nnnnnennnennnnnnnnnnnnnnnnnennnnnnnnnnennnnnnsnnnnnnnnsnennnnnnnsnnennn nenn 79 GOS OVeNIOW sien asin ee leans ed Ba eee ne ee 80 Scheduling 22 50 SE iit WIRD uu I ed LIMEN 82 Configuring COS reed ti kein en Ladi nts Lond t ede Le dee e egeta 84 Mapping CoS Priorities to Egress Queues ssssssssseeee eene nennen nennen nennen 86 Specifying the Sched
94. t o p Ue en tossed ne facce ids eired ten 114 Setting Up a Dak SGre nn rinnen lee re ed ue a bd er ade 116 Adding a DialdnJ User 3 ien eO Vh 116 Moditying a Dialiti SOL meneer entea e n tap oH t ee secta a ce ENE 117 Deleting 3 Dial n USer i eite ce De PERO M c bcn teens ler d ue EROR 117 AT S86 Management Software User s Guide RADIUS 119 RADIUS Implementation Guidelines sssssssssssssssesseseeeee eene nemen enne nnn nennen 119 Configuring RADIUS a se eed eda ede dade hid d eden sepia ed nhi d dd ud d dd s 120 Chapter 12 Statistics 5 o Hie imt denti di ae acina 123 Statistics OVerVIOW xcti cerit iie ho ER PE ERU DR te DE DD I ara e PER deme O 124 Viewing the Traffic Comparison Statistic ssssssssesssseeeneneneenen nennen enne nennen nnns 125 Viewing the Error Grou pSits oe EA ee tiere adest ott RR are genen Era 129 Viewing the Historical Status ote esee egt ee ed aet bg ts edle eaten tribu ez Maru dere R Pep 131 Chapter 13 MAC Addresses oie rad eed oe re eae ied d xe are Gk dat a o Re eae ia 135 MAC Address Overview nnd nad seid e ed nn a nido n dde a ner 136 Working with Dynamic MAC Addresses ssssssssss eene nennen nennen nennen nter nnnm nere nnns 138 Displaying the Dynamic MAC Addresses sssssssssee enm enne nenn nnnnn nnn nnne 138 Changing the Aging TIME n nncs
95. t to view one of the following Inbound Octet Rate The sum of lengths of all good Ethernet frames received per unit of time specified by the Auto Refresh parameter that are neither bad Ethernet frames nor MAC Control packets Inbound Unicast Packet Rate The number of good packets received per unit of time specified by the Auto Refresh parameter that were not directed to the broadcast address or multicast address 125 Chapter 12 Statistics 126 Inbound Non unicast Packet Rate The number of good packets received per unit of time specified by the Auto Refresh parameter that were directed to the broadcast address or multicast address Inbound Discard Rate The number of bad Ethernet frames received per unit of time specified by the Auto Refresh parameter Inbound Error Rate The number of bad Ethernet frames received per unit of time specified by the Auto Refresh parameter Outbound Octet Rate The sum of lengths of all good Ethernet frames sent from this MAC per unit of time specified by the Auto Refresh parameter Outbound Unicast Packet Rate The number of good packets sent per unit of time specified by the Auto Refresh parameter that do not have a broadcast or multicast destination MAC address Outbound Non unicast Packet Rate The number of good packets sent per unit of time specified by the Auto Refresh parameter that have a broadcast or multicast destination MAC address Outbound Discard Rate The
96. the following o Click OK to save the changes 0 Click Reload to clear the setting and start over 6 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 7 Click Save 34 AT S86 Management Software User s Guide Setting a Port s Speed and Duplex Mode To set the speed and duplex mode on the port perform the following procedure 1 From the main menu select Physical Interface The Physical Interface page is shown in Figure 9 on page 34 In the Port List select the port you want to configure or scroll through the list below The port is highlighted in the port list In the Mode list select one of the following combinations of port speed and duplex mode Auto The port uses Auto Negotiation to set its speed and duplex mode This is the default setting for all ports 10M Half 10 Mbps half duplex 10M Full 10 Mbps full duplex 100M Half 100 Mbps half duplex 100M Full 100 Mbps full duplex 1G Full 1 Gbps full duplex When a twisted pair port on the switch is set to Auto Negotiation the default setting the end node should also be using Auto Negotiation to prevent a duplex mode mismatch A switch port using Auto Negotiation defaults to half duplex if it detects that the end node is not using Auto Negotiation This can result in a mismatch if the end node is operating at a fixed
97. the main menu select Save Configuration and click Save before proceeding To reboot the switch perform the following procedure 1 From the main menu select System Reboot The Reboot page is shown in Figure 7 Reboot Reboot Switch Reboot Figure 7 Reboot Page 2 Click Reboot 31 Chapter 2 Basic Switch Parameters Returning the AT S86 Management Software to the Default Values To restore the management software to the factory default values perform the following procedure 1 From the main menu select Save Configuration The Save Configuration page is shown in Figure 8 Save Configuration Save Configuration Permanently Save Restore Factory Defaults Cc Figure 8 Save Configuration Page Note After the system defaults are restored the switch is automatically rebooted and you lose your connection to the switch Refer to Starting a Management Session on page 16 for information about how to establish a new connection to the switch 2 Click Restore to restore the factory defaults Note The reboot process that occurs after the system defaults are restored stops network traffic 32 Chapter 3 Port Configuration This chapter contains the following procedures Enabling or Disabling a Port on page 34 Setting a Port s Speed and Duplex Mode on page 35 Enabling or Disabling Flow Control on page 37 un uuu Configuring Bandwidth Control on page 38 33
98. the main menu select System gt IP Setup The IP Setup page is shown in Figure 2 IP Setup VLANID 1 v DHCP Client Disabled v IP Address Network Mask Default Gateway Figure 2 IP Setup Page 2 From the VLAN ID list select the VLAN you want the switch to be a part of Note The default VLAN is 1 To create more VLANs refer to Chapter 7 VLANSs on page 63 3 In the IP Address field enter an IP address for the switch 4 n the Network Mask field enter an IP address for the subnet mask 5 In the Default Gateway field enter the IP address of the default gateway 6 Click OK The settings are immediately implemented and you lose your connection to the switch 20 AT S86 Management Software User s Guide 7T Loginto the switch using its new IP address 8 From the main menu select Save Configuration The Save Configuration page is shown in Figure 3 Save Configuration Save Configuration Permanently Save Restore Factory Defaults Restore Figure 3 Save Configuration Page Note If you do not save your changes they are discarded when you reboot the switch 9 Click Save For information about DHCP see Enabling or Disabling DHCP on page 22 Warning Be sure to record the switch s IP address in a safe place When you change the switch s IP address you lose your connection Because the AT FS750 48 Fast Ethernet switch does not have a console port you
99. these mappings are applied at the switch level They cannot be set on a per port basis CoS relates primarily to tagged packets rather than untagged packets because untagged packets do not contain a priority level By default all untagged packets are placed in a port s Q1 egress queue the queue with the lowest priority You can change this mapping as described in Mapping CoS Priorities to Egress Queues on page 86 One last thing to note is that the AT S86 software does not change the priority level in a tagged packet The packet leaves the switch with the same priority it had when it entered This is true even if you change the default priority to egress queue mappings A switch port needs a mechanism for knowing the order in which it should handle the packets in its four egress queues For example if all the queues contain packets should the port transmit all packets from Q3 the highest priority queue before moving on to the other queues or should it instead just do a few packets from each queue and if so how many This control mechanism is referred to as the scheduling algorithm Scheduling determines the order in which a port handles the packets in its egress queues The AT S86 software has two types of scheduling O Strict priority C Weighted round robin priority To specify the scheduling refer to Mapping CoS Priorities to Egress Queues on page 86 Note Scheduling is set at the switch level You cannot set th
100. ti is en Figure 6 IP Access List Page 2 In the IP Address field enter the IP address of the management station to which you want to give access to the switch 3 Click Add 4 Doone of the following D Click OK to save the IP address D Click Reload to clear the fields and start over 5 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 Modifying an IP Address in the IP Access List Removing an IP Address from the IP Access List AT S86 Management Software User s Guide 6 Click Save To modify an IP address in the IP access list perform the following procedure 1 From the main menu select System IP Access List The IP Access List page is shown in Figure 6 on page 28 2 In the IP address list highlight the IP address you want to modify The address is displayed in the IP Address field 3 In the IP Address field modify the IP address 4 Click Modify 5 Doone of the following D Click OK to save the modifications D Click Reload to clear the fields and start over 6 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 7 Click Save To remove an IP address from the IP access list perform the following procedure 1 From the main menu select System
101. tion The Save Configuration page is shown in Figure 3 on page 21 45 Chapter 4 SNMP 46 6 Click Save AT S86 Management Software User s Guide Setting Up SNMP Trap Receivers To set up the SNMP trap receivers perform the following procedure 1 From the main menu select SNMP gt Trap Setting The Trap Setting page is shown in Figure 13 Trap Setting Trap Version Destination IP Address Community for Trap vi M Vi w vi w Vi M V1 M Vi M vi iv Vi M Vi iv vi Im e C Figure 13 SNMP Trap Setting Page 2 In the Destination IP Address field enter the IP address of the management workstation where you want the traps sent 3 In the Community for Trap field enter the name of the community that will receive the traps 4 n the Trap Version list choose v1 or v2c for SNMPv1 or SNMPv2c 5 Doone of the following 0 Click OK to save the trap settings D Click Reload to clear the fields and start over 6 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 7 Click Save 47 Chapter 4 SNMP 48 Chapter 5 Port Trunking This chapter contains the following sections Port Trunking Overview on page 50 Creating a Port Trunk on page 52 Modifying a Trunk on page 54 un uuu Removing a Trunk on page 55 49 Chapter 5 Port Trunking Port Trunking
102. tion Page 2 Hameln Rippen SR 21 Administration Page 2 eee ere re e e epe Vae ae Pe ee o tede YR eee roO se id 23 Management Page en een bna zb nein toned ee dec ER c vin pedit unice aucune 26 IP Access List Page 2 HH nn Ee ede lade ed e dede d eene Xe dieron Are esed 28 Reboot Page te E Pet 31 Save Configuration Page m 32 Physical Interface Page ecards ER ENT 34 Bandwidth Control Page 5 2 2840er Rise ernennen 38 SNMP Community Table Page 44440s044444400nsnnnnnnnnennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 44 SNMP Host Table Page eret Ianue es ellen beaded E RE e vend PER RUE Da ETE a edt exce edel Ses 45 SNMP Trap Setting Page cene edle e RO ERE ARS HERPES UR BREMEN DRM eR MAR etr Eng Adr 47 Static Port Trunk Example 5 55 73 5 itid eet lade la ee eG aes ee 50 Trunking Page wives iue al ie Rn Me Beni ee ee 52 Trunk Ports Sele Cte PE eai 52 Mirroring Page n 59 Ingress Ports Selected eui eet Eae EEE eet dti quee 60 Egress Ports Selected nr im nis ee ee eyes oes 60 Port Based VLAN Page rre EE O ERR RON tasuesdecs HI RRLS ERE REQU tts deachasedessechestace gt 69 Port based VLAN Ports Selected iei dee tee ted pec neben seele 70 Tagged VEAN Page 22 2 2 tente eiit its 72 Add Tagged VLAN Page e 1 eer este cs ie eda inq c E n eee Sa e ie ntes E aa
103. ts as needed The VLAN can consist of all the ports on an Ethernet switch or just a few ports The parts of a port based VLAN in the AT S86 management software are o VLAN name O Group ID To create a port based VLAN you must give it aname The name should reflect the function of the network devices that are be members of the VLAN Examples include Sales Production and Engineering Each VLAN in a network must have a unique number assigned to it This number is called the Group ID This number uniquely identifies a VLAN in the switch Each port of a port based VLAN can belong to as many VLANs as needed Therefore traffic can be forwarded to the members of the groups to which the port is assigned For example port 1 and port 2 are members of group 1 and ports 1 and 3 are members of group 2 In this case traffic from port 1 is forwarded to ports 2 and 3 traffic from port 2 is forwarded only to port 1 and traffic from port 3 is forwarded only to port 1 Below is a summary of the general rules to observe when creating a port based VLAN 0 Each port based VLAN must be assigned a name o Each port based VLAN must be assigned to one or more Group IDs If a particular VLAN spans multiples switches each part of the VLAN on the different switches should be assigned the same Group ID D A port based VLAN that spans multiple switches requires a port on each switch where the VLAN is located to function as an interconnection between
104. ttempts by the client to authenticate Auto 802 1x port based authentication is enabled Initializing a Port Users can use the initialization function to discover new hosts attached to this port through a hub and request that the new hosts be authenticated 114 AT S86 Management Software User s Guide To initialize a port perform the following procedure 1 From the main menu select Security Port Access Control Status The Port Access Control Status page is shown Figure 35 on page 114 Select the port you want to initialize from the list Do one of the following 0 Click OK to save the changes O Click Reload to clear the changes and start over To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 Click Save 115 Chapter 11 Security Setting Up a Dial In User You should set up a dial in user account for each person who needs to access the switch for management purposes Adding a Dial in To set up a user s dial in access perform the following procedure User 1 From the main menu select Security Dial in User The Dial in User page is shown in Figure 36 Dial in User User Name Password Confirm Password Add Modify Dynamic VLAN Remove Figure 36 Dial In User Page 2 In the User Name field type a name for the user 3 In the Password field type a
105. twork loops Root Bridge Priority The priority number for the bridge This number is used to determine the root bridge for RSTP The bridge with the lowest priority number is selected as the root bridge If two or more bridges have the same priority value the bridge with the numerically lowest MAC address becomes the root bridge When a root bridge goes offline the bridge with the next priority number automatically takes over as the root bridge In the Spanning Tree is list select one of the following Disabled Spanning tree is disabled This is the default setting 103 Chapter 10 STP and RSTP STP Enabled STP is enabled RSTP Enabled RSTP is enabled 3 Do one of the following 0 Click OK to save the changes D Click Reload to restore the previous settings 4 To permanently save these settings in the configuration file from the main menu select Save Configuration The Save Configuration page is shown in Figure 3 on page 21 5 Click Save 104 AT S86 Management Software User s Guide Configuring the STP Bridge Settings This section contains the procedure for configuring a bridge s STP settings N Caution The default STP parameters are adequate for most networks Changing them without prior experience and an understanding of how STP works might have a negative effect on your network You should consult the IEEE 802 1d standard before changing any of the STP parameters To configure t
106. uling Algorithm sssssesseeeneenen enne enne en nennen nennen 87 Chapter 9 IGMP die I ee ER c ee LR MOL uie nenn aaa E RU een reU ERER 89 lOM Snooping Overview 3 ici epe em Pe Uter eti eb pot iru D DEREN 90 Enabling or Disabling IGMP Snoopie inn a a N EAE eme REEE EE nennen nennen nnn 92 Chapter 10 STP and RSTP idm e ett e HE eme e el RR Foe bae o RR n 93 HIR MC PLE 94 Bridge Priority and the Root Bridge ensenhe adis aaie ads laL enne eremi nnn nennen 94 Mixed STP and RSTP Networks us0 san eene tnn nenne d nnne da nnne d dann A A tae anna 100 Spanning Tree and VLANS menr ea A a a A nennen ernennen 101 Enabling or Disabling Spanning Tree 444ssennnnnnnnnennnnnnnnnennnnnnnnnnnnnnnnnnnennnnnnnsnnnnnnnnnsnnnnnnnnsnnnnnnnnsnnnnnnn 102 Configuring the STP Bridge Settings ssssssssssessseeeeneeeeen nennen ern E nennen nennen nnns 105 Configuring the Spanning Tree Port Settings sessssssssssssseeeeee enne en nennen nnns 107 Chapter 11 Security oso ee teet died io ice el us Hi Henze 109 Port based Network Access Control sese eene enne ennemi en nnne enne nnn nnns 110 Configuring the Bridge Settings rrien E a nennen trei ne nnt A nn nana n nen 110 Gonfiguririg the Port Settlngs er Hrn elei cr EEEE T RT nette Pie aea ink 112 Viewing the Port Access Control Status nennen emen nennen eren 114 Initializirig a POLt 3m cote ec te nt ete tf
107. unicast Packets The number of good packets sent that have a broadcast or multicast destination MAC address Outbound Discards The number of outbound packets discarded because they do not conform to the forwarding rules of the switch Outbound Errors The number of outbound malformed packets not forwarded by the switch Ethernet Undersize Packets The number of undersize packets received Ethernet Oversize Packets The number of oversize packets received In the Auto Refresh list choose the number of seconds the switch waits before polling for statistics 5 10 15 or 30 seconds In the Color list select a color for that statistic Click Draw 127 Chapter 12 Statistics A chart such as the one in Figure 39 is displayed Traffic Comparison Chart Statistics Inbound Octet Rate v Auto Refresh 5 Seconds M Color Light Red v Draw Inbound Octet Rate 0 days 00 00 10 342 Figure 39 Sample Traffic Comparison Chart 128 AT S86 Management Software User s Guide Viewing the Error Groups The error groups chart allows you to view a pre defined group of errors for the ports you choose To view the error groups perform the following procedure 1 From the main menu select Statistics Chart Error Group The Error Groups Chart page is shown in Figure 40 Error Group Chart Port Porti v Auto Refresh 5 Seconds M Color Light Red M Draw Port 8 0 days 00 00 10
108. user This section contains the following procedures Configuring the Bridge Settings next Configuring the Port Settings on page 112 Viewing the Port Access Control Status on page 114 un uuu Initializing a Port on page 114 To configure the bridge settings perform the following procedure 1 From the main menu select Security Port Access Control AT S86 Management Software User s Guide The Port Access Control page is shown in Figure 34 Port Access Control Authentication ication isable ADIUS Reauthentication Disable v Method RADI v HB authentication 3600 NARBE Quiet Period 60 1 65535 seconds Time seconds Retransmission m 1 65535 m ithenticati Time _ seconds a EEE HN 1 10 Attemps Port 1 w AuthMode Port based AuthCtrk Force authorized Multi host Disable 7 GuestVID Modify ort ort ort ort ort P P P P Pc P P P P P ort Figure 34 Port Access Control Page 2 In the Reauthentication list choose one of the following Enable Enables reauthentication on the switch Disable Disables reauthentication The default is Disable 3 In the Authentication Method list choose one of the following Local Stores the authentication database on the switch RADIUS Uses a remote RADIUS server for authentication To set up the RADIUS server refer to RADIUS on page 119 4 Inthe Reauthentication Time field enter a number for
109. when a change in network topology is detected There are two possible selections CJ Point to point port o Edge port If a bridge port is operating in full duplex mode than the port is functioning as a point to point port Figure 29 illustrates two AT FS750 48 Fast Ethernet Smart Switches that have been connected with one data link With the link operating in full duplex the ports are point to point ports Point to Point Ports Full duplex Mode a PIU gEE REIN SA Figure 29 Point to Point Ports If a port is not connected to any further bridges participating in STP or RSTP then the port is an edge port Figure 30 illustrates an edge port on an AT FS750 48 Fast Ethernet Smart Switch The port is connected to an Ethernet hub which in turn is connected to a series of Ethernet workstations This is an edge port because it is connected to a device operating at half duplex mode and there are no participating STP or RSTP devices connected to it 99 Chapter 10 STP and RSTP 100 Mixed STP and RSTP Networks NS Edge Port III deen MAR AMA Figure 30 Edge Port A port can be both a point to point and an edge port at the same time It operates in full duplex and has no STP or RSTP devices connected to it Figure 31 illustrat
110. which each address was learned The switch learns the MAC addresses of the end nodes by examining the source address of each packet received on a port It adds the address and port on which the packet was received to the MAC table if the address has not already been entered in the table The result is a table that contains all the MAC addresses of the devices that are connected to the switch s ports and the port number where each address was learned When the switch receives a packet it also examines the destination address and by referring to its MAC address table determines the port where the destination node is connected It then forwards the packet to the appropriate port and on to the end node This increases network bandwidth by limiting each frame to the appropriate port when the intended end node is located freeing the other switch ports for receiving and transmitting data If the switch receives a packet with a destination address that is not in the MAC address table it floods the packet to all the ports on the switch If the ports have been grouped into virtual LANs the switch floods the packet only to those ports which belong to the same VLAN as the port on which the packet was received This prevents packets from being forwarded onto inappropriate LAN segments and increases network security When the destination node responds the switch adds its MAC address and port number to the table If the switch receives a packet with a d
111. you want to view and the color to use in drawing the statistics in the chart The three types of statistics charts are O Traffic Comparison This chart allows you to display a specified traffic 124 statistic over all of the ports You can select from 24 statistics types and choose from 12 colors for the ports The Traffic Comparison statistics chart is described in Viewing the Traffic Comparison Statistic on page 125 Error Group The Error Group chart displays the discard and error counts for a specified port and is described in Viewing the Error Groups on page 129 Historical Status This chart allows you to select from 12 statistics to view for a selection of ports for however long this chart is running on the management workstation The Historical Status chart is described in Viewing the Historical Status on page 131 AT S86 Management Software User s Guide Viewing the Traffic Comparison Statistic To compare a specific type of traffic between all ports on the switch perform the following procedure 1 From the main menu select Statistics Chart gt Traffic Comparison The Traffic Comparison Chart page is shown in Figure 38 Traffic Comparison Chart 2 Statistics Inbound Non unicast Packets M Auto Refresh 5 Seconds M Color Light Blue v Draw Statistics 0 days 00 00 00 415650 Figure 38 Traffic Comparison Chart Page In the Statistics list select the statistic you wan
Download Pdf Manuals
Related Search