3Com 3CRUS2475 User-Guide

3Com® Unified Gigabit WirelessPoE Switch 24User Guide3CRUS2475

www.3Com.comPart No. 10015245 Rev. AAPublished October 2006

3Com Corporation350 Campus Drive Marlborough, MA 01752-3064

Copyright © 2006, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.

3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.

3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.

If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.

UNITED STATES GOVERNMENT LEGEND

If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the following:

All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.

Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.

3Com and the 3Com logo are registered trademarks of 3Com Corporation.

ntel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of Novell, Inc. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd.

IEEE and 802 are registered trademarks of the Institute of Electrical and Electronics Engineers, Inc.

All other company and product names may be trademarks of the respective companies with which they are associated.

ENVIRONMENTAL STATEMENT

It is the policy of 3Com Corporation to be environmentally friendly in all operations. To uphold our policy, we are committed to:

Establishing environmental performance standards that comply with national legislation and regulations.

Conserving energy, materials and natural resources in all operations.

Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards. Maximizing the recyclable and reusable content of all products.

Ensuring that all products can be recycled, reused and disposed of safely.

Ensuring that all products are labelled according to recognized environmental standards.

Improving our environmental record on a continual basis.

End of Life Statement

3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.

Regulated Materials Statement

3Com products do not contain any hazardous or ozone-depleting material.

Environmental Statement about the Documentation

The documentation for this product is printed on paper that comes from sustainable, managed forests; it is fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally friendly, and the inks are vegetable-based with a low heavy-metal content.

ABOUT THIS GUIDE

This guide provides information about the Web user interface for the 3Com® Unified Gigabit Wireless PoE Switch 24. The Embedded Web System (EWS) is a network management system. The Embedded Web Interface configures, monitors, and troubleshoots network devices from a remote web browser. The Embedded Web Interface web pages are easy-to-use and easy-to-navigate. In addition, The Embedded Web Interface provides real time graphs and RMON statistics to help system administrators monitor network performance.

This preface provides an overview to the Embedded Interface User Guide, and includes the following sections:

■ User Guide Overview

■ Intended Audience

2 CHAPTER : ABOUT THIS GUIDE

User Guide Overview

This section provides an overview to the Embedded Web System User Guide. The Embedded Web System User Guide provides the following sections:

■ Configuring the Wizard — Provides information for configuring the Setup wizard which enables system administrator configure basic device settings at the Setup stage or to return and reconfigure the device settings at any stage.

■ Getting Started — Provides information for using the Embedded Web Management System, including adding, editing, and deleting device configuration information.

■ Viewing Basic Settings — provides information for viewing and configuring essential information required for setting up and maintaining device settings.

■ Section 4, Configuring Device Security — Provides information for configuring both system and network security, including traffic control, ACLs, and device access methods.

■ Managing System Information — Provides information for configuring general system information including the user-defined system name, the user-defined system location, and the system contact person.

■ Configuring Wired Ports — Provides information for configuring Port Settings.

■ Aggregating Ports — Provides information for configuring Link Aggregation which optimizes port usage by linking a group of ports together to form a single LAG.

■ Configuring VLANs — Provides information for configuring VLANs. VLANs are logical subgroups with a Local Area Network (LAN) which combine user stations and network devices into a single unit, regardless of the physical LAN segment to which they are attached.

■ Defining WLAN — Provides information for configuring WLANs. A Wireless Local Area Network (WLAN) is a technology that provides network services using radio waves.

■ Configuring IP Information — Provides information for configuring IP addresses, DHCP and ARP.

■ Configuring Mulitcast Forwarding — Provides information for configuring Multicast forwarding.

User Guide Overview 3

■ “Configuring Spanning Tree” — Provides information for configuring Classic, Rapid, and multiple Spanning Tree.

■ Configuring Quality of Service — Provides information for Basic and Advanced Quality of Service, including DSCP and CoS mapping, policies, and configuring Trust mode.

■ Managing System Logs — Provides information for viewing system logs, and configuring device log servers.

■ Managing System Files — Provides information for defining File maintenance and includes both configuration file management as well as device access.

■ Viewing Statistics — Provides information for viewing RMON and interface statistics.

■ WLAN Country Settings — Provides the individual WLAN country settings.

4 CHAPTER : ABOUT THIS GUIDE

Intended Audience This guide is intended for network administrators familiar with IT concepts and terminology.

If release notes are shipped with your product and the information there differs from the information in this guide, follow the instructions in the release notes.

Most user guides and release notes are available in Adobe Acrobat Reader Portable Document Format (PDF) or HTML on the 3Com World Wide Web site:http://www.3com.com/

Conventions Table 1 lists conventions that are used throughout this guide.

Related Documentation

In addition to this guide, other documentation available for the 3Com Unified Switch 24 include the following:

■ Quick Start Guide: Provides installation and set-up information.

■ Command Reference Guide: Provides complete details for using the command line interface (CLI).

Table 1 Notice Icons

Icon Notice Type Description

Information note Information that describes important features or instructions.

Caution Information that alerts you to potential loss of data or potential damage to an application, system, or device.

Warning Information that alerts you to potential personal injury.

CONTENTS

ABOUT THIS GUIDE

User Guide Overview 2Intended Audience 4Conventions 4Related Documentation 4

1 CONFIGURING THE WIZARD

Step 1 — Viewing Factory Defaults 13Step 2 — Configuring System Settings 16Step 3 — Configuring IP Settings 17Step 4 — Defining Wireless Settings 18Step 5 — Saving Configured Settings 19

2 GETTING STARTED

Starting the 3Com Embedded Web Interface 20Understanding the 3Com Embedded Web Interface 22Using Screen and Table Options 25Saving the Configuration 30Resetting the Device 30Restoring Factory Defaults 31Logging Off the Device 32

3 VIEWING BASIC SETTINGS

Device Summary Section 33Viewing Device Settings 34Viewing Wired Settings 35Viewing Wireless Settings 37

6 CONTENTS

3 MANAGING DEVICE SECURITY

Configuring Management Security 39Defining Management Access 39Configuring Password Management 44Defining RADIUS Authentication 48Defining TACACS+ Authentication 50Configuring Network Security 53Modifying Port Authentication 56Advanced Port-based Authentication 58Viewing Authenticated Hosts 59Defining Multiple Hosts 59Defining Multiple Hosts 61Modifying Multiple Hosts 62Managing Port Security 64Enabling Storm Control 68Configuring EAP Statistics 71Defining ACLs 73Configuring ACLs 76Defining MAC-based ACL Rules 78Removing MAC-based ACLs 80Defining IP-based ACLs 82Defining IP-based ACLs 84Defining IP-based ACLs 87Removing IP-based ACLs 90Binding ACLs 92

4 MANAGING SYSTEM INFORMATION

Viewing System Description 95Defining System Settings 97Configuring Country Codes 98Configuring System Name 107Configuring System Time 108Saving the Device Configuration 113Resetting the Device 114

CONTENTS 7

5 CONFIGURING WIRED PORTS

Viewing Port Settings 116Defining Port Settings 119Configuring Address Tables 122Viewing Static Addresses 122Defining Static Addresses 123Removing Static Addresses 125Viewing Dynamic Addresses 127

6 AGGREGATING PORTS

Configuring LACP 130Defining Link Aggregation 132Configuring Link Aggregation 132Defining LAG Membership 136

7 CONFIGURING VLANS

Defining VLAN Properties 140Defining VLAN Membership 144Defining VLAN Interface Settings 147Defining GVRP 151Defining Voice VLAN 154

8 DEFINING WLANDefining Wireless Access Points 157Defining Wireless Security 162Configuring Wireless Access Point Security 162Defining Wireless Rogue Handling 164Mitigating Rogue Handling 168Defining Wireless Radio Settings 169Configuring Radio 802.11a Settings 174Defining Radio 802.11a Settings 176Managing VAPs 177Viewing WLAN Profiles 179Defining WLAN Profiles 181

8 CONTENTS

Modifying WLAN Profiles 182Removing WLAN Profiles 185Viewing WLAN Stations 186Removing WLAN Stations 187Defining WLAN Power Settings 189

9 CONFIGURING IP INFORMATION

Defining IP Addressing 191Configuring ARP 193Defining ARP Interface Settings 195Configuring Address Tables 198Defining Static Addresses 200Viewing Dynamic Addresses 202

10 CONFIGURING MULITCAST FORWARDING

Defining IGMP Snooping 205Enabling IGMP Snooping 207Defining Multicast Groups 209Defining Router Groups 215

11 CONFIGURING SPANNING TREE

Defining Classic Spanning Tree for Ports 219Configuring Classic Spanning Tree 222Modifying Spanning Tree Settings 225Defining Rapid Spanning Tree 227Modifying Rapid Spanning Tree Settings 229Defining Multiple Spanning Tree 232Defining Multiple STP Instance Settings 234Defining MSTP Port Settings 239

12 CONFIGURING QUALITY OF SERVICE

Quality of Service Overview 243Defining QoS Basic Mode 243Configuring Trust Settings 244

CONTENTS 9

Configure DSCP Rewrite 245Defining QoS General Mode 247Defining CoS Services 247Defining Queues 250Defining Bandwidth Settings 251DSCP to Queue 254Configuring DSCP Queue Mappings 255Configuring QoS Mapping 256Defining CoS to Queue 257

13 MANAGING SYSTEM LOGS

Viewing Logs 260Configuring Logging 261

14 MANAGING SYSTEM FILES

Backing Up and Restoring System Files 265Downloading the Software Image 267Activating Image Files 269

15 VIEWING STATISTICS

Viewing RMON Statistics 271Configuring RMON History 274Modifying RMON History Entries 277Removing RMON History Entries 279Viewing RMON History Summeries 281Configuring RMON Events 283Configuring RMON Event Control 285Configuring RMON Events Control 287Removing RMON Events 289Viewing RMON Events 291Defining RMON Alarms 292Defining RMON Alarm Setups 294Removing RMON Alarms 298

10 CONTENTS

A WLAN COUNTRY SETTINGS

B DEVICE SPECIFICATIONS AND FEATURES

Related Standards 308Environmental 308Physical 309Electrical 309Unified Switch 24 Features 310

C TROUBLESHOOTING

Problem Management 316Troubleshooting Solutions 316

GLOSSARY

INDEX

1
CONFIGURING THE WIZARD
This section contains information for configuring the Setup wizard. The 3Com Web-based Interface presents a Setup wizard as part of the Device Summary Section . The Setup wizard enables system administrator configure basic device settings at the Setup stage or to return and reconfigure the device settings at any stage. Each step in the wizard displays a set of parameters that can be manually configured by the system administrator. The wizard includes the following steps:

■ Step 1 — Viewing Factory Defaults

■ Step 2 — Configuring System Settings

■ Step 3 — Configuring IP Settings

■ Step 4 — Defining Wireless Settings

■ Step 5 — Saving Configured Settings

Step 1 — Viewing Factory Defaults

The Welcome to the Setup Wizard Page is the first step in the wizard and it displays a summary of factory default settings. The table displays three sets of settings: System parameters, IP configuration and Wireless configuration. Each section is displayed as a step within the wizard.

14 SECTION 1: CONFIGURING THE WIZARD

To start the Setup Wizard:

1 Click Device Summary > Wizard. The Welcome to the Setup Wizard Page opens:

Figure 1 Welcome to the Setup Wizard Page

Step 1 - The Setup Wizard Page contains the following sections:

■ System Parameters — Displays parameters for configuring general device information. The System Parameters are manually configured in Appendix 1.

■ System Name — Defines the user-defined device name. The field range is 0-160 characters.

■ System Location — Defines the location where the system is currently running. The field range is 0-160 characters.

■ System Contact — Defines the name of the contact person. The field range is 0-160 characters.

■ IP Configuration — Displays parameters for assigning IP addresses. Packets are forwarded to the default IP when frames are sent to a remote network. The IP Configuration parameters are manually configured in Step 3. The section includes the following fields:

■ Method — Indicates if the IP address has been configured statically or added dynamically. The possible field values are:

■ Manual — Indicates the IP Interface is configured by the user.

Step 1 — Viewing Factory Defaults 15

■ DHCP — Indicates the IP Interface is dynamically created.

■ IP Address — Displays the currently configured IP address.

■ Subnet Mask — Displays the currently configured IP address mask.

■ Default Gateway — Displays the currently configured default gateway.

■ Wireless Configuration — Provides information for configuring Extended Service Sets (ESS). The Wireless Configuration parameters can be manually configured in Step 4. The section includes the following fields:

■ SSID Name — Displays the Service Set Identifier SSID for the ESS. SSIDs act as a password when a mobile device attempts to connect to the BSS. SSIDs differentiate between WLANs, therefore all access points and devices which comprise the specific WLAN must have the same SSID. Devices not providing a unique SSID are denied network access. Each SSID must be unique, and can contain up-to 32 characters.

■ Security Type — Indicates the method used to secure WLAN access. The possible field values are:

■ Open — Enables open system authentication without encryption.

■ WEP — Indicates that Wired Equivalent Privacy (WEP) is the selected WLAN security method. WEP provides the same security level as a wired LAN. WEP encrypts data over radio waves during the packet transmission. WEP keys are 40 bit or 104 bit encryption keys.

■ WPA-PSK — Indicates that Wi-Fi Protected Access (WPA) is the selected WLAN security method. WPA is based on WEP, but provides enhanced encryption using Temporal Key Integrity Protocol (TKIP). In addition, WPA improves authentication using EAP. EAP ensures that only authorized network users access the network though secure encryption systems.

■ WPA2-PSK — Indicates that WPA2-PSK is the selected WLAN security method. WPA2-PSK improves system security by encrypting signals at a higher bit rates.

■ VLAN ID — Displays the VLAN ID. The field range is 1-4094.

2 Click . Start configuring the Wizard.

The System Setup Page opens:


Step 2 — Configuring System Settings

The System Setup Page displays basic parameters for configuring general device information.

Figure 2 System Setup Page

The System Setup Page contains the following fields:

■ Master Radio Enable — Enables the Master Radio.

■ Country Code — Displays a list of country codes.




3 Define the fields.

4 Click to move to the next stage.

The IP Configuration Page opens:

Step 3 — Configuring IP Settings 17

Step 3 — Configuring IP Settings

Figure 3 IP Configuration Page

The IP Configuration Page contains the following fields:

■ Configuration Method — Indicates if the IP address has been configured statically or added dynamically. The possible field values are:

■ Manual — Indicates that the IP Interface is configured by the user.

■ DHCP — Indicates that the IP Interface is dynamically created.





6 Click to move to the next stage.

The Wireless Configuration Page opens:

Note: The Wireless Configuration Page appears only if the Master Radio Enable checkbox was selected on the System Setup Page.


Step 4 — Defining Wireless Settings

Figure 4 Wireless Configuration Page

The Wireless Configuration Page contains the following fields:

■ SSID Name — Displays the Service Set Identifier SSID for the ESS. SSIDs act as a password when a mobile device attempts to connect to the BSS. SSIDs differentiate between WLANs, therefore all access points and devices which comprise the specific WLAN must have the same SSID. Devices not providing a unique SSID are denied network access. Each SSID must be unique, and can contain up-to 32 characters.

■ Security Type — Indicates the method used to secure WLAN access. The possible field values are:



■ WPA-PSK — Indicates that Wi-If Protected Access (WPA) is the selected WLAN security method. WPA is based on WEP, but provides enhanced encryption using Temporal Key Integrity

Step 5 — Saving Configured Settings 19

Protocol (TKIP). In addition, WPA improves authentication using EAP. EAP ensures that only authorized network users access the network though secure encryption systems.


■ Passphrase/Key — Indicates the encryption key type.

■ VLAN ID — Specifies the VLAN ID.


8 Click to move to the final stage.

Step 5 — Saving Configured Settings

The Manual Configuration Wizard - Completed Page opens:

Figure 5 Manual Configuration Wizard - Completed Page

The Manual Configuration Wizard - Completed Page displays the manually configured settings. The system administrator can choose to go back and edit the parameters or,

9 Click . The manually configured settings are saved, and the device is updated.

2
GETTING STARTED
This section provides an introduction to the user interface, and includes the following topics:

■ Starting the 3Com Embedded Web Interface

■ Understanding the 3Com Embedded Web Interface

■ Saving the Configuration

■ Resetting the Device

■ Restoring Factory Defaults

■ Logging Off the Device

Starting the 3Com Embedded Web Interface

Disable the popup blocker before beginning device configuration using the EWS.

This section contains information on starting the 3Com Embedded Web interface. To access the 3Com user interface:

1 Open an Internet browser.

2 Ensure that pop-up blockers are disabled. If pop-up blockers are enable, edit, add, and device information messages may not open.

3 Enter the device IP address in the address bar and press Enter. The Enter Network Password Page opens:

Starting the 3Com Embedded Web Interface 21

Figure 6 Enter Network Password Page

4 Enter your user name and password.

The device is configured with a user name that is admin and a password that is blank, and can be configured without entering a password.

Passwords are case sensitive.

To operate the device, disable all pop-ups with a popup blocker.

5 Click . The 3Com Embedded Web Interface Home Page opens:

22 CHAPTER 2: GETTING STARTED

Figure 7 3Com Embedded Web Interface Home Page

Understanding the 3Com Embedded Web Interface

The 3Com Embedded Web Interface Home Page contains the following views:

■ Tab View — Tab Area provides the device summary configuration located at the top of the home page, the tab view contains a Setup Wizard and the Summary, Wired and Wireless configuration views.

■ Tree View — Tree View provides easy navigation through the configurable device features. The main branches expand to display the sub-features.

■ Port LED Indicators — Located under the Wired Tab at the top of the home page, the port LED indicators provide a visual representation of the ports on the front panel.

Understanding the 3Com Embedded Web Interface 23

Figure 8 Embedded Web Interface Components

The following table lists the user interface components with their corresponding numbers:

This section provides the following additional information:

■ Device Representation — Provides an explanation of the user interface buttons, including both management buttons and task icons.

■ Using the 3Com Embedded Web Interface Management Buttons — Provides instructions for adding, modifying, and deleting configuration parameters.

DeviceRepresentation

The 3Com Embedded Web Interface Home Page contains a graphical panel representation of the device that appears within the Wired Tab.

Table 1: Interface Components

View Description

1 Tree View Tree View provides easy navigation through the configurable device fea-tures. The main branches expand to display the sub-features.

2 Tab View The Tab Area enables navigation through the different device features. Click the tabs to view all the components under a specific feature.

3 3Com Web Interface Informa-tion Tabs Provide access to online help, and contain information about the EWS.


To access the Device Representation:

1 Click Device Summary > Wired.

Figure 9 Device Representation

2 By selecting a specific port with your mouse, you can either choose to configure the port settings or view the port statistics.

For detailed information on configuring ports, please refer to Section 6 Configuring Wired Ports.

Using the 3ComEmbedded Web

InterfaceManagement Buttons

Configuration Management buttons and icons provide an easy method of configuring device information, and include the following:

Table 2: 3Com Web Interface Configuration Buttons

Button Button Name Description

Clear Logs Clears system logs.

Activate Activates creation of configuration entries.

Apply Saves configuration changes to the device.

Delete Deletes configuration settings.

Table 3: 3Com Web Interface Information Tabs

Tab Tab Name Description

Help Opens the online help.

Logout Opens the Logout page.

Using Screen and Table Options 25

Using Screen and Table Options

3Com contains screens and tables for configuring devices. This section contains the following topics:

■ Viewing Configuration Information

■ Adding Configuration Information

■ Modifying Configuration Information

■ Removing Configuration Information


Viewing Configuration Information

To view configuration information:

1 Click Wired Ports > Port Settings > Summary. The Port Settings Summary Page opens:

Figure 10 Port Settings Summary Page

Adding Configuration Information

User-defined information can be added to specific 3Com Web Interface pages, by opening a Setup page.

To configure Password Management:

1 Click Administration > Authentication > Password Management > Setup. The Password Management Setup Page opens:


Figure 11 Password Management Setup Page


3 Click . The configuration information is saved, and the device is updated.


Modifying Configuration Information

1 Click Wired Ports > LACP > Modify. A modification page, such as the LACP Modify Page opens:

Figure 12 LACP Modify Page

2 Modify the fields.

3 Click . The fields are modified, and the information is saved to the device.


Removing Configuration Information

1 Click Administration > Management Access > Remove. The Management Access [Remove] Page opens:

Figure 13 Management Access [Remove] Page

2 Select the management method to be deleted.

3 Click . The Management Method is deleted, and the device is updated.

X62976 \* MERGEFORMAT



Saving the Configuration

The Save Configuration tab allows the latest configuration to be saved to the flash memory.

To save the device configuration:

1 Click Save Configuration. The Save Configuration Page opens:

Figure 14 Save Configuration Page

A message appears: The operation will save your configuration. Do you wish to continue?

2 Click . A Configuration is saved to flash memory successful message appears.

3 Click . The configuration is saved.

Resetting the Device

The Reset page enables resetting the device from a remote location.

To prevent the current configuration from being lost, save all changes from the running configuration file to the startup configuration file before resetting the device.

Restoring Factory Defaults 31

To reset the device:

1 Click Administration > Reset. The Reset page opens:

Figure 15 Reset Page

2 Click . A confirmation message is displayed.

3 Click . The device is reset, and a prompt for a user name and password is displayed.

4 Enter a user name and password to reconnect to the web interface.

Restoring Factory Defaults

The Restore option appears on the Reset page. The Restore option restores device factory defaults.




To Restore the device:

1 Click Administration > Reset. The Reset Page opens:

Figure 16 Reset Page

2 Click . The system is restored to factory defaults.

Logging Off the Device

To log off the device:

1 Click . The Logout Page opens.

2 The following message appears:

3 Click . The 3Com Embedded Web Interface Home Page closes.

3
VIEWING BASIC SETTINGS
This section contains information for viewing basic settings. The 3Com Embedded Web Interface Home Page presents a device summary section that provides the system administrator with the option to view and configure essential information required for setting up and maintaining device settings. The various views display the settings configured in the Wizard and other basic maintenance views. For further information regarding the Wizard refer to Section 3, Configuring the Wizard.

Device Summary Section

The Device Summary Section contains the following views:

■ Viewing Device Settings

■ Viewing Wired Settings

■ Viewing Wireless Settings

34 CHAPTER 3: VIEWING BASIC SETTINGS

Viewing Device Settings

The Device Summary Page displays parameters for configuring general device information, including the system name, location, and contact, the system MAC Address, System Object ID, System Up Time, and MAC addresses, and both software, boot, and hardware versions.

To view the Device Summary Page:

1 Click Device Summary. The Device Summary Page opens:

Figure 17 Device Summary Page

The Device Summary Page contains the following fields:

■ Product Description — Displays the device model number and name




■ Serial Number — Displays the device serial number.

■ Product 3C Number — Displays the 3Com device serial number.

SystemDescription \* MERGEFORMAT

Viewing Wired Settings 35

■ System Object ID — Displays the vendor’s authoritative identification of the network management subsystem contained in the entity.

■ MAC Address — Displays the device MAC address.

■ System Up Time — Displays the amount of time since the most recent device reset. The system time is displayed in the following format: Days, Hours, Minutes, and Seconds. For example, 41 days, 2 hours, 22 minutes and 15 seconds.

■ Software Version — Displays the installed software version number.

■ Boot Version — Displays the current boot version running on the device.

■ Hardware Version — Displays the current hardware version of the device.

Viewing Wired Settings

The Device Summary Wired Page displays port LED Indicators that include port status and basic port settings. The port status is presented with a color scheme that is described in the following table. The system administrator can view the port settings by scrolling over the relevant port with the mouse.


To view Wired Settings:

1 Click Device Summary > Wired. The Device Summary Wired Page opens:

Figure 18 Device Summary Wired Page

The Device Summary Wired Page contains the following fields:

■ Poll Now — Enables polling the ports for port information including speed, utilization and port status.

■ RJ45 — Displays the port status of the RJ45 (Registered Jack 45) connections which are the physical interface used for terminating twisted pair type cable.

■ SFP — Displays the port status of the Small Form Factor (SFP) optical transmitter modules that combine transmitter and receiver functions.

The table includes the color and the port status:

■ White — Unconnected. No link detected.

■ Yellow — Lower speed on 10/100/1000M capable port.

■ Green — Maximum speed 10/100/1000M RJ45 or RJ45 SFP. Link detected.

■ Light Blue — SX/LX SFP. Link detected.

Viewing Wireless Settings 37

■ Light Gray — Port has been set to inactive by User or Protocol.

■ Dark Blue — Port has been selected by user.

■ Red — Port or Transceiver has failed POST or Transceivers not recognized.

Viewing Wireless Settings

The Wireless Page displays information regarding the currently configured access points including IP Address, MAC address, the type and radio configuration and the current access point status. Ensure that the Wireless Controller Software (WCS) has been activated.

To view Wireless Access Point Settings:

1 Click Device Summary > Wireless. The Wireless Page opens:

Figure 19 Wireless Page

The Wireless Page contains the following fields:

■ Display — Displays access points according to categories. The possible field values are:

■ Discovered APs — Displays the discovered access points.

■ Activated APs — Displays the activated access points.

■ All — Displays the access points on the network.

■ Name — Displays the user-defined access point name.

■ IP Address — Displays the IP Address assigned to the access point.


■ MAC Address — Displays the MAC Address assigned to the access point.

■ Type — Displays the antenna type.

■ Radios — Displays the radio type attached to the access point. The possible field values are:

■ A — Indicates the radio type is 802.11a and provides specifications for wireless ATM systems.

■ G — Indicates the radio type is 802.11g that offers transmission over relatively short distances at up to 54 mbps.

■ b/g — Indicates the radio type is 802.11b/g.

■ n — Indicates the radio type that is based on MIMO (Multiple input, multiple output) technology, which uses multiple antennas at both the source (transmitter) and the destination (receiver) to minimize errors and optimize data speed.

■ Channel — Displays the access point channel used.

■ State — Displays the selected access point transceiver’s status. The possible field values are:

■ Disabled — Indicates the Access Point is currently disabled.

■ Enabled — Indicates the Access point is currently enabled.

■ Activation — Indicates the access point state. The possible field values are:

■ Activated — Indicates access point is currently active.

■ Discovered — Indicates access point was discovered, but was not activated by the user.

2 Select an option from the Display drop-down list.

3
MANAGING DEVICE SECURITY
This section provides access to security pages that contain fields for setting security parameters for ports, device management methods, users, and server security. This section contains the following topics:

■ Configuring Management Security

■ Configuring Network Security

Configuring Management Security

The Management Security section provides links that enable you to configure device management security, password management, defining RADIUS and TACACS+ authentication. This section includes the following topics:

■ Defining Management Access

■ Configuring Password Management

■ Port-based Authentication

■ Defining TACACS+ Authentication

Defining Management Access

Management Access are rules for accessing the device. Access to management functions can be limited on the source IP Address level. Administrative Interfaces contain management methods for accessing and managing the device. The device administrative interfaces include:

■ Telnet

■ SNMP

■ HTTP

■ Secure HTTP (HTTPS)

■ Secure Telnet (SSH)

40 CHAPTER 3: MANAGING DEVICE SECURITY

Management access to different management methods may differ between source IP Addresses. The Management Access Summary Page contains currently configured administrative interfaces and their activity status. Assigning an access profile to an interface denies access via other interfaces. If an access profile is assigned to any interface, the device can be accessed by all interfaces.

To view Management Access:

1 Click Administration > Management Access > Summary. The Management Access Summary Page opens:

Figure 20 Management Access Summary Page

The Management Access Summary Page contains the following fields:

■ Administrative Interfaces — Defines the management access methods.

■ Source IP Address — Defines the interface source IP address to which the Management Access applies. The Source IP Address field is valid for a subnetwork.

■ Prefix Length — Defines the number of bits that comprise the source IP address prefix, or the network mask of the source IP address.



Defining Management Access 41

To configure Management Access:

1 Click Administration > Management Access > Setup. The Management Access Setup Page opens:

Figure 21 Management Access Setup Page

The Management Access Setup Page contains the following fields:

■ Administrative Interfaces — Defines the management access methods. The possible field values are:

■ Telnet — Assigns Telnet access to the rule. If selected, users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device.

■ SNMP — Assigns SNMP access to the rule. If selected, users accessing the device using SNMP meeting access profile criteria are permitted or denied access to the device.

■ HTTP — Assigns HTTP access to the rule. If selected, users accessing the device using HTTP meeting access profile criteria are permitted or denied access to the device.

■ Secure HTTP (SSL) — Assigns SSL access to the rule. If selected, users accessing the device using SSL meeting access profile criteria are permitted or denied access to the device.

■ Secure Telnet (SSH) — Assigns SSH access to the rule. If selected, users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device.





■ Network Mask — Determines what subnet the source IP Address belongs to in the network.


■ Authentication Method Binding — Assigns authentication methods for accessing the system. User authentication can be performed either locally or on an external server. User authentication occurs in the order the methods are selected. If the first authentication method is not available, the next selected method is used. The possible field values are:

■ Optional Methods — The user authentication methods. The possible options are:

■ Local — Authenticates the user at the device level. The device checks the user name and password for authentication.

■ RADIUS — Authenticates the user at the RADIUS server.

■ TACACS+ — Authenticates the user at the TACACS+

■ Selected Methods — The selected authentication method. The possible options is:

■ None — Assigns no authentication method to the authentication profile.


3 Click . Management Access is defined, and the device is updated.



Defining Management Access 43

To remove Management Access Methods:

1 Click Administration > Management Access > Remove. The Management Access Remove Page opens:

Figure 22 Management Access Remove Page

The Management Access Remove Page contains the following fields:

■ Remove — Removes the selected access profile. The possible field values are:

■ Checked — Removes the selected access profile. Access Profiles cannot be removed when Active.

■ Unchecked — Maintains the access profiles.

■ Management Method — Defines the management method for which the rule is defined.



2 Select a Source IP to be removed.

3 Click . The Source IP is removed, and the device is updated.






Configuring Password Management

Network administrators can define users, passwords, and access levels for users using the Password Management Interface.

To view Password Management:

1 Click Administration > Authentication > Password Management > Summary. The Password Management Summary Page opens:

Figure 23 Password Management Summary Page

The Password Management Summary Page contains the following fields:

■ User Name — Displays the user name.

■ Access Level — Displays the user access level. The lowest user access level is Monitoring and the highest is Configuration.

■ Configuration — Provides the user with read and write access rights.

■ Monitoring — Provides the user with read access rights.

Configuring Password Management 45

To define Password Management:

1 Click Administration > Authentication > Password Management > Setup. The Password Management Setup Page opens:

Figure 24 Password Management Setup Page

The Password Management Setup Page contains the following fields:



■ Configuration — Provides users read and write access rights.

■ Monitoring — Provides users read access rights.

■ Password — Defines the local user password. Local user passwords can contain up to 159 characters.

■ Confirm Password — Verifies the password.


3 Click . The Users are created, and the device is updated.


To modify Password Management:

1 Click Administration > Authentication > Password Management > Modify. The Password Management Modify Page opens:

Figure 25 Password Management Modify Page

The Password Management Modify Page contains the following fields:





■ Password — Defines the local user password. Local user passwords can contain up to 159 characters.

■ Confirm Password — Verifies the password.

2 Select a User Name to be modified.


4 Click . The User settings are modified, and the device is updated.

Configuring Password Management 47

To remove Password Management:

1 Click Administration > Authentication > Password Management > Remove. The Password Management Remove Page opens:

Figure 26 Password Management Remove Page

The Password Management Remove Page contains the following fields:

■ Remove — Removes the user from the User Name list. The possible field values are:

■ Checked — Removes the selected local user.

■ Unchecked — Maintains the local users.





2 Select a User to be deleted.

3 Click . The User is deleted, and the device is updated.


Defining RADIUS Authentication

Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. RADIUS servers provide a centralized authentication method for web access.

The default parameters are user-defined, and are applied to newly defined RADIUS servers. If new default parameters are not defined, the system default values are applied to newly defined RADIUS servers.

To configure RADIUS Servers:

1 Click Administration > Authentication > RADIUS > Setup. The Radius Authentication Setup Page opens:

Figure 27 Radius Authentication Setup Page

The Radius Authentication Setup Page contains the following fields:

■ Primary Server — Defines the RADIUS Primary Server authentication fields.

■ Backup Server — Defines the RADIUS Backup Server authentication fields.

■ Host IP Address — Defines the RADIUS Server IP address.

■ Authentication Port — Identifies the authentication port. The authentication port is used to verify the RADIUS server authentication. The authenticated port default is 1812.

Defining RADIUS Authentication 49

■ Number of Retries — Defines the number of transmitted requests sent to the RADIUS server before a failure occurs. Possible field values are 1-10. The default value is 3.

■ Timeout for Reply — Defines the amount of time (in seconds) the device waits for an answer from the RADIUS server before retrying the query, or switching to the next server. Possible field values are 1-30. The default value is 3.

■ Dead Time — Defines the default amount of time (in minutes) that a RADIUS server is bypassed for service requests. The range is 0-2000. The default value is 0.

■ Key String — Defines the default key string used for authenticating and encrypting all RADIUS-communications between the device and the RADIUS server. This key must match the RADIUS encryption.

■ Usage Type — Specifies the RADIUS server authentication type. The default value is All. The possible field values are:

■ Log in — Indicates the RADIUS server is used for authenticating user name and passwords.

■ 802.1X — Indicates the RADIUS server is used for 802.1X authentication.

■ All — Indicates the RADIUS server is used for authenticating user names and passwords, and 802.1X port authentication.


3 Click . The RADIUS Servers are enabled, and the system is updated.


Defining TACACS+ Authentication

Terminal Access Controller Access Control System (TACACS+) provides centralized security user access validation. The system supports up-to 4 TACACS+ servers. TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. TACACS+ provides the following services:

■ Authentication — Provides authentication during login and via user names and user-defined passwords.

■ Authorization — Performed at login. Once the authentication session is completed, an authorization session starts using the authenticated user name.

The TACACS+ protocol ensures network integrity through encrypted protocol exchanges between the client and TACACS+ server.

The TACACS+ default parameters are user-assigned defaults. The default settings are applied to newly defined TACACS+ servers. If default values are not defined, the system defaults are applied to the new TACACS+ new servers.

Defining TACACS+ Authentication 51

To define TACACS+ Authentication Settings:

1 Click Administration > Authentication > TACACS+. The TACACS+ Setup Page opens:

Figure 28 TACACS+ Setup Page

The TACACS+ Setup Page contains the following fields:

■ Primary Server — Defines the RADIUS Primary Server authentication fields.

■ Backup Server — Defines the RADIUS Backup Server authentication fields.

■ Host IP Address — Defines the TACACS+ Server IP address.

■ Key String — Defines the default authentication and encryption key for TACACS+ communication between the device and the TACACS+ server.

■ Authentication Port (0-65535) — Defines the port number via which the TACACS+ session occurs. The default port is port 49.

■ Timeout for Reply — Defines the default time that passes before the connection between the device and the TACACS+ times out. The default is 5.

■ Single Connection — Maintains a single open connection between the device and the TACACS+ server. The possible field values are:


■ Checked — Enables a single connection.

■ Unchecked — Disables a single connection.


3 Click . The TACACS+ Server is enabled, and the device is updated.

Configuring Network Security 53

Configuring Network Security

The Network Security section provides links that enable you to configure Port-based authentication, port security, storm control and EAP statistics.

This section includes the following:

■ Port-based Authentication

■ Advanced Port-based Authentication

■ Managing Port Security

■ Enabling Storm Control

■ Configuring EAP Statistics

■ Binding ACLs

Port-basedAuthentication

Port-based authentication authenticates users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the RADIUS server using the Extensible Authentication Protocol (EAP). Port-based authentication includes:

■ Authenticators — Specifies the device port which is authenticated before permitting system access.

■ Supplicants — Specifies the host connected to the authenticated port requesting to access the system services.

■ Authentication Server — Specifies the server that performs the authentication on behalf of the authenticator, and indicates whether the supplicant is authorized to access system services.

Port-based authentication creates two access states:

■ Controlled Access — Permits communication between the supplicant and the system, if the supplicant is authorized.

■ Uncontrolled Access — Permits uncontrolled communication regardless of the port state.


Configuring Port Authentication Settings

To configure 802.1x Global Settings:

1 Click Policy > Security > 802.1x Global Settings > Setup. The 802.1x Global Settings Setup Page opens:

Figure 29 802.1x Global Settings Setup Page

The 802.1x Global Settings Setup Page contains the following fields:

■ Port-based Authentication State — Indicates if Port Authentication is enabled on the device. The possible field values are:

■ Enable — Enables port-based authentication on the device.

■ Disable — Disables port-based authentication on the device.

■ Authentication Method — Specifies the authentication method used for port authentication. The possible field values are:

■ RADIUS — Provides port authentication using the RADIUS server.

■ RADIUS, None — Provides port authentication, first using the RADIUS server. If the port is not authenticated, then no authentication method is used, and the session is permitted.

■ None — Indicates that no authentication method is used to authenticate the port.

■ Enable Guest VLAN — Provides limited network access to authorized ports. If a port is denied network access via port-based authorization,

Configuring Network Security 55

but the Guest VLAN is enabled, the port receives limited network access. For example, a network administrator can use Guest VLANs to deny network access via port-based authentication, but grant Internet access to unauthorized users.

■ Guest VLAN ID — Specifies the guest VLAN ID.


3 Click . The 802.1x Global Settings are enabled, and the device is updated.

To view Port-based Authentication:

1 Click Policy > Security > Port Authentication > Summary. The Port Authentication Summary Page opens:

Figure 30 Port Authentication Summary Page

The Port Authentication Summary Page contains the following fields:

■ Copy from Entry Number — Copies port authentication information from the selected port.

■ To Entry Number(s) — Copies port authentication information to the selected port.






■ Port — Displays a list of interfaces on which port-based authentication is enabled.

■ User Name — Displays the supplicant user name.

■ Current Port Control — Displays the current port authorization state.

■ Guest VLAN — Indicates if the Guest VLAN is enabled.

■ Periodic Reauthentication — Indicates if Period Reauthentication is enabled on the device.

■ Reauthentication Period — Displays the time span (in seconds) in which the selected port is reauthenticated. The field default is 3600 seconds. The field range is 300-4294967295 seconds.

■ Termination Cause — Displays the reason for which the port authentication was terminated.

■ Authenticator State — Displays the current authenticator state.

Modifying Port Authentication

The Port Authentication Modify Page allows network managers to configure port-based authentication parameters.

To modify Port-based Authentication:

Modifying Port Authentication 57


1 Click Policy > Security > Port Authentication > Modify. The Port Authentication Modify Page opens:

Figure 31 Port Authentication Modify Page

The Port Authentication Modify Page contains the following fields:

■ Port — Displays a list of interfaces on which port-based authentication is enabled.

■ Admin Port Control — Displays the admin port authorization state.

■ ForceUnauthorized — Indicates that either the port control is force Unauthorized and the port link is down, or the port control is Auto but a client has not been authenticated via the port.

■ ForceAuthorized — Indicates that the port control is Forced Authorized, and clients have full port access.

■ Auto — Indicates that the port control is Auto and a single client has been authenticated via the port.

■ Current Port Control — Displays the current port authorization state.

■ Enable Guest VLAN — Specifies whether the Guest VLAN is enabled on the device. The possible field values are:




■ Enable — Enables using a Guest VLAN for unauthorized ports. If a Guest VLAN is enabled, the unauthorized port automatically joins the VLAN selected in the VLAN List field.

■ Disable — Disables port-based authentication on the device. This is the default.

■ Enable Periodic Reauthentication — Permits immediate port reauthentication.

■ Reauthentication Period — Displays the time span (in seconds) in which the selected port is reauthenticated. The field default is 3600 seconds. The field range is 300-4294967295 seconds.


■ Quiet Period — Displays the Quiet Period. The field range is 0-65535.

■ Resending EAP — Defines the amount of time (in seconds) that lapses before EAP requests are resent. The field default is 30 seconds. The field range is 0-65535.

■ Max EAP Requests — Displays the total amount of EAP requests sent. If a response is not received after the defined period, the authentication process is restarted. The field default is 2 retries. The field range is 0-65535.

■ Supplicant Timeout — Displays the Supplicant Timeout. The field range is 0-65535.

■ Server Timeout— Displays the Server Timeout. The field range is 0-65535.

■ Termination Cause — Indicates the reason for which the port authentication was terminated.

2 Click . Port Authentication is enabled, and the device is updated.

Advanced Port-based Authentication

Advanced port-based authentication enables multiple hosts to be attached to a single port. Advanced port-based authentication requires only one host to be authorized for all hosts to have system access. If the port is unauthorized, all attached hosts are denied access to the network.

Advanced port-based authentication also enables user-based authentication. Specific VLANs in the device are always available, even if specific ports attached to the VLAN are unauthorized. For example, Voice over IP does not require authentication, while data traffic requires authentication. VLANs for which authorization is not required can be

Viewing Authenticated Hosts 59

defined. Unauthenticated VLANs are available to users, even if the ports attached to the VLAN are defined as authorized.

Advanced port-based authentication is implemented in the following modes:

■ Single Host Mode — Allows port access only to the authorized host.

■ Multiple Host Mode — Multiple hosts can be attached to a single port. Only one host must be authorized for all hosts to access the network. If the host authentication fails, or an EAPOL-logoff message is received, all attached clients are denied access to the network.

■ Unauthenticated VLANS — Are available to users, even if the ports attached to the VLAN are defined as unauthorized.

Viewing Authenticated Hosts

The Authenticated Hosts Page displays user port access lists. The Authenticated Hosts Page contians the following fields:

■ User Name — Contains a list of the various RADIUS servers used as authenticators, as defined in the Add User Name.

■ Port — Indicates the port number for which the User Name List applies. User Name Lists can apply to more than one port.

■ Session Time — Indicates the amount of time the user was logged on to the device. The field format is Day:Hour:Minute:Seconds, for example, 3 days:2 hours: 4 minutes: 39 seconds.

■ Authentication Method — Indicates the method by which the last session was authenticated. The possible field values are:

■ Remote — Indicates that the user was authenticated from a remote server.

■ None — Indicates that the user was not authenticated.

■ MAC Address — Indicates the supplicant MAC address was used for authentication.

■ MAC Address — Displays the supplicant MAC address.

Defining Multiple Hosts

The Authenticated Host Summary Page contains a list of authenticated users.


To view Authenticated Hosts:

1 Click Policy > Security > Authenticated Host > Summary. The Authenticated Host Summary Page opens:

Figure 32 Authenticated Host Summary Page

The Authenticated Host Summary Page contains the following fields:

■ Port — Displays the port number.

■ Multiple Hosts

■ User Name — Lists the supplicants that were authenticated, and are permitted on each port.

■

■ Session Time — Displays the amount of time (in seconds) the supplicant was logged on the port.

■ Authentication Method — Displays the method by which the last session was authenticated. The possible field values are:

■ Remote — 802.1x authentication is not used on this port (port is forced-authorized).

■ None — The supplicant was not authenticated.

■ RADIUS — The supplicant was authenticated by a RADIUS server.

■ MAC Address — Displays the supplicant MAC address.

AuthenticatedUsers \* MERGEFORMAT


Defining Multiple Hosts 61

Defining Multiple Hosts

The Multiple Host Summary Page allows network managers to configure advanced port-based authentication settings for specific ports and VLANs. To view Multiple Hosts:

1 Click Policy > Security > Multiple Host > Summary. The Multiple Host Summary Page opens:

Figure 33 Multiple Host Summary Page

The Multiple Host Summary Page contains the following fields:

■ Port — Displays the port number for which advanced port-based authentication is enabled.

■ Multiple Hosts — Indicates whether multiple hosts are enabled. Multiple hosts must be enabled in order to either disable the ingress-filter, or to use port-lock security on the selected port.

■ Action on Violation — Defines the action to be applied to packets arriving in single-host mode, from a host whose MAC address is not the supplicant MAC address. The possible field values are:

■ Forward — Forwards the packet.

■ Discard — Discards the packets. This is the default value.

■ Shutdown — Discards the packets and shuts down the port. The port remains shut down until reactivated, or until the device is reset.



■ Traps — Indicates if traps are enabled for multiple Hosts. The possible field values are:

■ Checked — Indicates that traps are enabled for multiple hosts.

■ Unchecked — Indicates that traps are disabled for Multiple hosts.

■ Trap Frequency — Defines the time period by which traps are sent to the host. The Trap Frequency field can be defined only if multiple hosts are disabled. The field range is 1-1,000,000. The default is 10 seconds.

■ Status — Indicates the host status. If there is an asterisk (*), the port is either not linked or is down. The possible field values are:

■ Number of Violations — Indicates the number of packets that arrived on the interface in single-host mode, from a host whose MAC address is not the supplicant MAC address.

Modifying Multiple Hosts

The Multiple Host Modify Page allows network managers to configure advanced port-based authentication settings for specific ports and VLANs.

Modifying Multiple Hosts 63

To modify Multiple Hosts:

1 Click Policy > Security > Multiple Host > Modify. The Multiple Host Modify Page opens:

Figure 34 Multiple Host Modify Page

The Multiple Host Modify Page contains the following fields:


■ Enable Multiple Hosts — Indicates whether multiple hosts are enabled. Multiple hosts must be enabled in order to either disable the ingress-filter, or to use port-lock security on the selected port. The possible field values are:

■ Multiple — Multiple hosts are enabled.

■ Disable— Multiple hosts are disabled.







■ Enable Traps — Indicates if traps are enabled for multiple Hosts. The possible field values are:

■ Checked — Indicates that traps are enabled for multiple hosts.

■ Unchecked — Indicates that traps are disabled for multiple hosts.

■ Trap Frequency — Defines the time period by which traps are sent to the host. The Trap Frequency (1-1000000) field can be defined only if multiple hosts are disabled. The default is 10 seconds.


3 Click . The Multiple Host Authentication fields are modified, and the device is updated.

Managing Port Security

Network security can be increased by limiting access on a specific port only to users with specific MAC addresses. The MAC addresses can be dynamically learned or statically configured. Locked port security monitors both received and learned packets that are received on specific ports. Access to the locked port is limited to users with specific MAC addresses. These addresses are either manually defined on the port, or learned on that port up to the point when it is locked. When a packet is received on a locked port, and the packet source MAC address is not tied to that port (either it was learned on a different port, or it is unknown to the system), the protection mechanism is invoked, and can provide various options. Unauthorized packets arriving at a locked port are either:

■ Forwarded

■ Discarded with no trap

■ Discarded with a trap

■ Shuts down the port.

Locked port security also enables storing a list of MAC addresses in the configuration file. The MAC address list can be restored after the device has been reset.



Managing Port Security 65

To view Port Security:

1 Click Policy > Security > Port Security > Summary. The Port Security Summary Page opens:

Figure 35 Port Security Summary Page

The Port Security Summary Page contains the following fields:

■ Interface — Displays the port or LAG name.

■ Port-based — Indicates the port operational status. Possible field values are:

■ Unlocked — The port is currently active and is currently receiving and transmitting traffic.

■ Locked — The port is currently disabled, and is not currently receiving or transmitting traffic.

■ Learning Mode — Defines the locked port type. The Learning Mode field is enabled only if Locked is selected in the Set Port field.The possible field values are:

■ Classic Lock — Locks the port using the classic lock mechanism. The port is immediately locked, regardless of the number of addresses that have already been learned.

■ Limited Dynamic Lock — Locks the port by deleting the current dynamic MAC addresses associated with the port. The port learns




up to the maximum addresses allowed on the port. Both relearning and aging MAC addresses are enabled.

■ Max Entries — Specifies the number of MAC address that can be learned on the port. The Max Entries field is enabled only if Locked is selected in the Set Port field. In addition, the Limited Dynamic Lock mode is selected. The field range is 1- 128. The default is 1.

■ Action — Defines the action to be applied to packets arriving in single-host mode, from a host whose MAC address is not the supplicant MAC address. The possible field values are:




■ Trap — Enables traps when a packet is received on a locked port.

■ Trap Frequency (Sec) — The amount of time (in seconds) between traps. The field range is 1-1,000,000. The default value is 10 seconds.

2 Modify the relevant fields.

3 Click . The Port Security settings are defined, and the device is updated.

Managing Port Security 67

To modify Port Security:

1 Click Policy > Security > Port Security > Modify. The Port Security Modify Page opens:

Figure 36 Port Security Modify Page

The Port Security Modify Page contains the following fields:

■ Interface — Displays the port or LAG name.

■ Enable Lock Interface — Enables locking the port. When a port is locked, all the current addresses that had been dynamically learned by the switch on that port, are transformed to static MAC addresses. When the port is unlocked, they are removed from the static list.

■ Learning Mode — Defines the locked port type. The Learning Mode field is enabled only if Locked is selected in the Set Port field.The possible field values are:

■ Classic Lock — Locks the port using the classic lock mechanism. The port is immediately locked, regardless of the number of addresses that have already been learned.

■ Limited Dynamic Lock — Locks the port by deleting the current dynamic MAC addresses associated with the port. The port learns up to the maximum addresses allowed on the port. Both relearning and aging MAC addresses are enabled.




■ Max Entries — Specifies the number of MAC address that can be learned on the port. The Max Entries field is enabled only if Locked is selected in the Set Port field. In addition, the Limited Dynamic Lock mode is selected. The field range is 1- 128. The default is 1.





■ Trap — Enables traps when a packet is received on a locked port.

■ Trap Frequency (Sec) — The amount of time (in seconds) between traps. The default value is 10 seconds.


3 Click . The Port Security settings are modified, and the device is updated.

Enabling Storm Control

Storm control limits the amount of Multicast, Broadcast and Unknown Unicast frames accepted and forwarded by the device. When Layer 2 frames are forwarded, Broadcast, Multicast and Unknown Unicast frames are flooded to all ports on the relevant VLAN. This occupies bandwidth, and loads all nodes on all ports.

A Broadcast Storm is a result of an excessive amount of broadcast messages simultaneously transmitted across a network by a single port. Forwarded message responses are heaped onto the network, straining network resources or causing the network to time out.

Storm control is enabled for all Gigabit ports by defining the packet type and the rate the packets are transmitted. The system measures the incoming Broadcast and Multicast frame rates separately on each port, and discards the frames when the rate exceeds a user-defined rate.

Enabling Storm Control 69

To view Storm Control Traffic:

1 Click Policy > Storm Control > Summary. The Storm Control Summary Page opens:

Figure 37 Storm Control Summary Page

The Storm Control Summary Page contains the following fields:

■ Copy from Entry Number — Copies the storm control parameters from the selected port.

■ To Entry Numbers — Copies the storm control parameters to the selected ports.

■ Port — Indicates the port from which storm control is enabled.

■ Enable Broadcast Control — Indicates if forwarding Broadcast packet types is enabled on the interface.

■ Enable — Enables broadcast control on the selected port.

■ Disable — Disables broadcast control on the selected port.

■ Broadcast Rate Threshold — Indicates the maximum rate (kilobits per second) at which unknown packets are forwarded. The range is 3,500-1,000,000. The default value is 3,500.

■ Broadcast Mode — Specifies the Broadcast mode currently enabled on the device. The possible field values are:




■ Unknown Unicast, Multicast & Broadcast — Counts Unicast, Multicast, and Broadcast traffic.

■ Multicast & Broadcast — Counts Broadcast and Multicast traffic together.

■ Broadcast Only — Counts only Broadcast traffic.

The Storm Control Modify Page provides fields for configuring broadcast storm control.

To modify Storm Control Settings:

1 Click Policy > Storm Control > Modify. The Storm Control Modify Page opens:

Figure 38 Storm Control Modify Page

The Storm Control Modify Page contains the following fields:

■ Port — Indicates the port from which storm control is enabled.

■ Enable Broadcast Control — Indicates if forwarding Broadcast packet types on the interface. The possible field values are:

■ Enable — Enables storm control on the selected port.

■ Disable — Disables storm control on the selected port.



Configuring EAP Statistics 71

■ Broadcast Mode — Specifies the Broadcast mode currently enabled on the device. The possible field values are:

■ Unknown Unicast, Multicast & Broadcast — Counts Unicast, Multicast, and Broadcast traffic.

■ Multicast & Broadcast — Counts Broadcast and Multicast traffic together.

■ Broadcast Only — Counts only Broadcast traffic.

■ Broadcast Rate Threshold — Indicates the maximum rate (kilobits per second) at which unknown packets are forwarded. The range is 3,500-1,000,000. The default value is 3,500.


3 Click . Storm control is enabled on the device.

Configuring EAP Statistics

The EAP Statistics Summary Page contains information about EAP packets received on a specific port.

To view EAP Statistics:

1 Click Policy > Security > EAP Statistics. The EAP Statistics Summary Page opens:

Figure 39 EAP Statistics Summary Page

The EAP Statistics Summary Page contains the following fields:






■ Refresh Rate — Defines the amount of time that passes before the statistics are refreshed. The possible field values are:

■ 15 Sec—Indicates that the statistics are refreshed every 15 seconds.



■ No Refresh—Indicates that the statistics are not refreshed.

■ Frames Receive — Indicates the number of valid EAPOL frames received on the port.

■ Frames Transmit — Indicates the number of EAPOL frames transmitted via the port.

■ Start Frames Receive — Indicates the number of EAPOL Start frames received on the port.

■ Log off Frames Receive — Indicates the number of EAPOL Logoff frames that have been received on the port.

■ Respond ID Frames Receive — Indicates the number of EAP Resp/Id frames that have been received on the port.

■ Respond Frames Receive — Indicates the number of valid EAP Response frames received on the port.

■ Request ID Frames Transmit — Indicates the number of EAP Req/Id frames transmitted via the port.

■ Request Frames Transmit — Indicates the number of EAP Request frames transmitted via the port.

■ Invalid Frames Receive — Indicates the number of unrecognized EAPOL frames that have been received by on this port.

■ Length Error Frames Receive — Indicates the number of EAPOL frames with an invalid Packet Body Length received on this port.

■ Last Frame Version — Indicates the protocol version number attached to the most recently received EAPOL frame.

■ Last Frame Source — Indicates the source MAC address attached to the most recently received EAPOL frame.

Defining ACLs 73


3 Click . The Port Statistics are displayed, and the device is updated.

Defining ACLs Access Control Lists (ACL) allow network managers to define classification actions and rules for specific ingress ports. Packets entering an ingress port, with an active ACL, are either admitted or denied entry and the ingress port is disabled. If they are denied entry, the user can disable the port.

For example, an ACL rule is defined that states, port number 20 can receive TCP packets, however, if a UDP packet is received, the packet is dropped. ACLs are composed of access control entries (ACEs) that are made of the filters that determine traffic classifications.

The following fiters can be defined as ACEs:

■ Source Port IP Address and Wildcard Mask — Filters the packets by the Source port IP address and wildcard mask.

■ Destination Port IP Address and Wildcard Mask — Filters the packets by the Source port IP address and wildcard mask.

■ ACE Priority — Filters the packets by the ACE priority.

■ Protocol — Filters the packets by the IP protocol.

■ DSCP — Filters the packets by the DiffServ Code Point (DSCP) value.

■ IP Precendence — Filters the packets by the IP Precedence.

■ Action — Indicates the action assigned to the packet matching the ACL. Packets are forwarded or dropped. In addition, the port can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding.




Viewing MAC-basedACLs

To view MAC-based ACLs:

1 Click Policy > ACL > MAC Based ACL > ACL Summary. The MAC-based ACL Summary Page opens:

Figure 40 MAC-based ACL Summary Page

The MAC-based ACL Summary Page contains the following fields:

■ Priority — Indicates the ACE priority, which determines which ACE is matched to a packet on a first-match basis. The possible field values are 1-2147483647.

■ Source Address — Indicates the source MAC address.

■ Source Mask— Indicates the MAC address Source Mask.

■ Destination Address — Indicates the destination MAC address.

■ Destination Mask— Indicated the MAC address Destination Mask.


■ CoS — Classifies traffic based on the CoS tag value.

■ CoS Mask — Defines the Cost of Service mask.

■ Ethertype — Provides an identifier that differentiates between various types of protocols.

Defining ACLs 75

■ Action — Indicates the ACL forwarding action. Possible field values are:

■ Permit — Forwards packets which meet the ACL criteria.

■ Deny — Drops packets which meet the ACL criteria.

■ Shutdown — Drops packet that meet the ACL criteria, and disables the port to which the packet was addressed. Ports are reactivated from the Interface Configuration Page.


Configuring ACLs

1 Click Policy > ACL > MAC Based ACL > ACL Setup. The ACL Setup Page opens:

Figure 41 ACL Setup Page

The ACL Setup Page contains the following fields:

■ ACL Name — Contains a list of the MAC-based ACLs.

■ New Rule Priority — Defines the rule priority. When the packet is matched to a rule, user groups are either granted permission or denied device management access. The rule number is essential to matching packets to rules, as packets are matched on a first-fit basis.


■ Source Wild Card Mask — Indicates the source MAC Address wild card mask. Wild cards are used to mask all or part of a source MAC address. Wild card masks specify which bits are used and which are ignored. A wild card mask of FF:FF:FF:FF:FF:FF indicates that no bit is important. A wildcard of 00.00.00.00.00.00.00 indicates that all bits are important. For example, if the source MAC address is E0:3B:4A:C2:CA:E2 and the wildcard mask is 00:3B:4A:C2:CA:FF, the first two bits of the MAC are used, while the last two bits are ignored.


Configuring ACLs 77

■ Destination Wild Card Mask — Indicates the destination MAC Address wild card mask. Wild cards are used to mask all or part of a destination MAC address. Wild card masks specify which bits are used and which are ignored. A wild card mask of FF:FF:FF:FF:FF indicates that no bit is important. A wild card mask of 00.00.00.00.00.00 indicates that all bits are important. For example, if the destination MAC address is E0:3B:4A:C2:CA:E2 and the wildcard mask is 00:3B:4A:C2:CA:FF, the first two bits of the MAC are used, while the last two bits are ignored.

■ VLAN ID — Matches the packet's VLAN ID to the ACL.


■ CoS Mask — Defines the CoS mask used to classify network traffic.







3 Click .


Defining MAC-based ACL Rules

To define MAC-based ACL Rules:

1 Click Policy > ACL > MAC Based ACL > Rule Setup. The MAC-based ACL Rule Setup Page opens:

Figure 42 MAC-based ACL Rule Setup Page

The MAC-based ACL Rule Setup Page contains the following fields:


■ New Rule Priority — Defines the ACL priority. ACLs are checked on the first fit basis. The ACL priority defines the ACL order in the ACL list.


■ Source Wild Card Mask — Indicates the source MAC Address wild card mask. Wild cards are used to mask all or part of a source MAC address. Wild card masks specify which bits are used and which are ignored. A wild card mask of FF:FF:FF:FF:FF:FF indicates that no bit is important. A wildcard of 00.00.00.00.00.00.00 indicates that all bits are important. For example, if the source MAC address is E0:3B:4A:C2:CA:E2 and the wildcard mask is 00:3B:4A:C2:CA:FF, the first two bits of the MAC are used, while the last two bits are ignored.


Defining MAC-based ACL Rules 79

■ Destination Wild Card Mask — Indicates the destination MAC Address wild card mask. Wild cards are used to mask all or part of a destination MAC address. Wild card masks specify which bits are used and which are ignored. A wild card mask of FF:FF:FF:FF:FF indicates that no bit is important. A wild card mask of 00.00.00.00.00.00 indicates that all bits are important. For example, if the destination MAC address is E0:3B:4A:C2:CA:E2 and the wildcard mask is 00:3B:4A:C2:CA:FF, the first two bits of the MAC are used, while the last two bits are ignored.



■ CoS Mask — Defines the CoS mask used to classify network traffic.







3 Click . The Rule Setup settings are configured, and the device is updated.





Removing MAC-based ACLs

To remove MAC-based Class Maps:

1 Click Policy > ACL > MAC Based ACL > Remove. The MAC-based ACL Remove Page opens:

Figure 43 MAC-based ACL Remove Page

The MAC-based ACL Remove Page contains the following fields:


■ Remove ACL — Enables the ACL to be removed.

■ Priority — Defines the rule priority for the MAC-based ACL.


■ CoS — Classifies Class of Service of the packet.

■ CoS Mask — Defines the wildcard bits to be applied to the CoS.





Removing MAC-based ACLs 81


2 Select the ACL Name to be deleted.

3 Enable ACL Removal and select the ACL to be removed from the table.

4 Click the Remove Checkbox. The ACL is removed.

5 Click . The selected ACLs are deleted, and the device is updated.





Defining IP-based ACLs

The IP Based ACL Page contains information for defining IP-based ACLs, including defining the ACEs defined for IP-based ACLs. To view IP-based Class Maps:

1 Click Policy > ACL > IP Based ACL > ACL Summary. The IP-based ACL Summary Page opens:

Figure 44 IP-based ACL Summary Page

The IP-based ACL Summary Page contains the following fields:

■ ACL Name — Contains a list of the IP-based ACLs.

■ Priority — Indicates the ACE priority that determines which ACE is matched to a packet based on a first-match basis. The possible field value is 1-2147483647.

■ Protocol — Creates an ACE based on a specific protocol. The possible field values are:

■ IP — Internet Protocol (IP). Specifies the format of packets and their addressing method. IP addresses packets and forwards the packets to the correct port.

■ TCP — Transmission Control Protocol (TCP). Enables two hosts to communicate and exchange data streams. TCP guarantees packet delivery, and guarantees packets are transmitted and received in the order the are sent.

Defining IP-based ACLs 83

■ UDP — User Datagram Protocol (UDP). Communication protocol that transmits packets but does not guarantee their delivery.

■ ICMP — Internet Control Message Protocol (ICMP). The ICMP allows the gateway or destination host to communicate with the source host. For example, to report a processing error.

■ IGMP — Internet Group Management Protocol (IGMP). Allows hosts to notify their local switch or router that they want to receive transmissions assigned to a specific multicast group.

■ Flag Type — Indicates TCP flags by which the packet is classified.

■ Flag Set —Sets the indicated TCP flag that can be triggered.

■ ICMP Type — Specifies an ICMP message type for filtering ICMP packets.

■ ICMP Code —Specifies an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code.

■ IGMP Type — IGMP packets can be filtered by IGMP message type.

■ Source — Defines the TCP/UDP source port to which the ACL is matched.

■ Destination — Defines the TCP/UDP destination port.

■ DSCP —Matches the packet DSCP value to the ACL. Either the DSCP value or the IP Precedence value is used to match packets to ACLs. The possible field range is 0-63.

■ IP - Prec. — Indicates matching ip-precedence with the packet ip-precedence value.

■ Action — Indicates the ACL forwarding action.



To configure IP-based Class Maps:

1 Click Policy > ACL > IP Based ACL > ACL Setup. The IP-based ACL Setup Page opens:

Figure 45 IP-based ACL Setup Page

The IP-based ACL Setup Page contains the following fields:


■ Enable New Rule Priority — Enables the new rule priority.


■ Protocol — Creates an ACE based on a specific protocol.

■ Select from List — Selects a protocol from a list on which ACE can be based. Some of the possible field values are:

■ Any — Matches the protocol to any protocol.

■ IDRP— Matches the packet to the Inter-Domain Routing Protocol (IDRP).

■ RSVP — Matches the packet to the ReSerVation Protocol (RSVP).


■ OSPF — Matches the packet to the Open Shortest Path First (OSPF) protocol.

■ PIM — Matches the packet to Protocol Independent Multicast (PIM).

■ L2IP — Matches the packet to Layer 2 Internet Protocol (L2IP).

■ Protocol ID — Adds user-defined protocols by which packets are matched to the ACE. Each protocol has a specific protocol number which is unique. The possible field range is 0-255.

■ Source Port— Enables creating an ACL based on a specific protocol.

■ Destination Port — Indicates the destination port that is matched packets. Enabled only when TCP or UDP are selected in the Protocol list.

■ Any — Enables creating an ACL based on any protocol.

■ Source Wild Card Mask — Source IP address wildcard mask.Wild card masks specify which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important.

A wildcard of 0.0.0.0 indicates that all the bits are important.

For example, if the source IP address 149.36.184.198 and the wildcard mask is 255.36.184.00, the first eight bits of the IP address are ignored, while the last eight bits are used.

■ Source IP Address — Matches the source IP address from which packets originate to the ACL.

■ Destination IP Address — Matches the destination IP address to which packets are addressed to the ACL.

■ Destination Wild Card Mask — Indicates the destination IP Address wild card mask. Wild cards are used to mask all or part of a destination IP Address. Wild card masks specify which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard of 00.00.00.00 indicates that all bits are important.

For example, if the destination IP address 149.36.184.198 and the wildcard mask is 255.36.184.00, the first two bits of the IP address are used, while the last two bits are ignored.

■ Match DSCP — Matches the packet DSCP value to the ACL. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.


■ Match IP Precedence — Matches the packet IP Precedence value to the ACE. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.







To configure IP-based Rules:

1 Click Policy > ACL > IP Based ACL > Rule Setup. The IP-based ACL Rule Setup Page opens:

Figure 46 IP-based ACL Rule Setup Page

The IP-based ACL Rule Setup Page contains the following fields:



■ Protocol — Enables creating an ACL based on a specific protocol.

■ Select from List — Selects a protocol from a list on which ACE can be based.Some of the possible field values are:

■ Protocol ID — Adds user-defined protocols by which packets are matched to the ACE. Each protocol has a specific protocol number which is unique. The possible field range is 0-255.

■ Source Port — Enables creating an ACL based on a specific protocol.

■ Any — Enables creating an ACL based on any protocol.


■ Destination Port — Indicates the destination port that is matched packets. Enabled only when TCP or UDP are selected in the Protocol list.

■ Any — Enables creating an ACL Based on any protocol.

■ Source IP Address — Matches the source IP address to which packets are addressed to the ACL.

■ Wild Card Mask — Indicates the destination IP Address wild card mask. Wild cards are used to mask all or part of a destination IP Address. Wild card masks specify which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard of 00.00.00.00 indicates that all bits are important. For example, if the destination IP address 149.36.184.198 and the wildcard mask is 255.36.184.00, the first two bits of the IP address are used, while the last two bits are ignored.

■ Destination IP Address — Matches the destination IP address to which packets are addressed to the ACL.

■ Wild Card Mask — Indicates the destination IP Address wild card mask. Wild cards are used to mask all or part of a destination IP Address. Wild card masks specify which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard of 00.00.00.00 indicates that all bits are important. For example, if the destination IP address 149.36.184.198 and the wildcard mask is 255.36.184.00, the first two bits of the IP address are used, while the last two bits are ignored.

■ Match DSCP — Matches the packet DSCP value to the ACL. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.

■ Match IP Precedence — Matches the packet IP Precedence value to the ACE. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.


■ Permit — Forwards packets which meet the ACL criteria.■ Deny — Drops packets which meet the ACL criteria.



2 Select an ACL from the ACL Name drop-down list.

3 Define the rule setup fields.

4 Click . The ACL rule setup is enabled, and the device is updated.





Removing IP-based ACLs

To remove IP-based ACL:

1 Click Policy > ACL > IP Based ACL > Remove ACL. The IP-based ACL Remove Page opens:

Figure 47 IP-based ACL Remove Page

The IP-based ACL Remove Page contains the following fields:


■ Remove ACL — Removes an ACL. The possible field values are:

■ Checked — Removes the selected IP-based ACL.

■ Unchecked — Maintains the IP-based ACL.

■ Priority — Indicates the ACL priority, which determines which ACL is matched to a packet on a first-match basis. The possible field values are 1-2147483647.

■ Protocol — Creates an ACE based on a specific protocol.

■ Destination Port— Defines the TCP/UDP destination port.

■ Source Port— Defines the TCP/UDP source port to which the ACL is matched.

■ Flag Set — Sets the indicated TCP flag matched to the packet.

Removing IP-based ACLs 91

■ ICMP Type — Specifies an ICMP message type for filtering ICMP packets.

■ ICMP Code — Specifies an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code.

■ IGMP Type — IGMP packets can be filtered by IGMP message type.

■ DSCP — Matches the packet DSCP value to the ACL. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.

■ IP - Prec. — Indicates matching ip-precedence with the packet ip-precedence value.





2 Select an ACL to be removed.

3 Click . The selected ACLs are deleted, and the device is updated.





Binding ACLs To define ACL Binding:

1 Click Policy > ACL > ACL Binding > Binding Summary. The ACL Binding Summary Page opens:

Figure 48 ACL Binding Summary Page

The ACL Binding Summary Page contains the following fields:

■ Ports — Displays the ACL Port parameters. The possible field values are:

■ Interface — Displays the port interface for which the ACL parameters are defined.

■ ACL Name — Contains a list of ACL Names.

■ LAGs — Displays the ACL LAG parameters. The possible field values are:

■ Interface — Displays the LAG interface for which the ACL parameters are defined.

■ ACL Name — Contains a list of ACL Names.

Binding ACLs 93

To define ACL Binding:

1 Click Policy > ACL > ACL Binding > Binding Setup. The ACL Binding Setup Page opens:

Figure 49 ACL Binding Setup Page

The ACL Binding Setup Page contains the following fields:

■ Interface — Selects the Ports or LAGs interface to be configured.

■ Ports — Selects the ports interface to be bound.

■ LAGs — Selects the LAGs interface to be bound.

■ Bind ACL — Binds the interface to the ACL interface.

■ MAC-based ACL — Binds the interface to the MAC-based ACL.

■ IP-based ACL — Binds the interface to the IP-based ACL.

■ Select ACL — Selects the ACL to be bound. Define the fields.


3 Click . The ACL Binding Page is defined, and the device is updated.



4
MANAGING SYSTEM INFORMATION
This section contains information for configuring general system information, and includes the following:

■ Viewing System Description

■ Defining System Settings

■ Configuring Country Codes

■ Configuring System Name

■ Configuring System Time

■ Saving the Device Configuration

Viewing System Description 95

Viewing System Description

The Device Summary Information Page displays parameters for configuring general device information, including the system name, location, and contact, the system MAC Address, System Object ID, System Up Time, and MAC addresses, and both software, boot, and hardware versions.

To view Service Summary Information:

1 Click Device Summary. The Device Summary Information Page opens:

Figure 50 Device Summary Information Page

The Device Summary Information Page contains the following fields:

■ Product Description — Displays the device model number and name




■ Serial Number — Displays the device serial number.

SystemDescription \* MERGEFORMAT

96 CHAPTER 4: MANAGING SYSTEM INFORMATION

■ Product 3C Number — Displays the internal 3Com device serial number.

■ System Object ID — Displays the vendor’s authoritative identification of the network management subsystem contained in the entity.

■ MAC Address — Displays the device MAC address.

■ System Up Time — Displays the amount of time since the most recent device reset. The system time is displayed in the following format: Days, Hours, Minutes, and Seconds. For example, 41 days, 2 hours, 22 minutes and 15 seconds.

■ Software Version — Displays the installed software version number.

■ Boot Version — Displays the current boot version running on the device.

■ Hardware Version — Displays the current hardware version of the device.

Defining System Settings 97

Defining System Settings

The following section allows system administrators to configure advanced system settings. The section includes the following:

■ Configuring Country Codes

■ Configuring System Name

■ Configuring System Time


Configuring Country Codes

Defines the country code by which WLAN settings are set. For the complete list of country codes and settings, see WLAN Country Settings.

To configure the Country Code:

1 Click Administration > Country Code. The Country Codes Page opens:

Figure 51 Country Codes Page

The Country Codes Page contains the following fields:

■ Master Radio Enable — Enables the master radio.

■ Country Code — Displays a list of country codes.

The following are the possible country code settings:

Configuring Country Codes 99

Country Country Code

Access Point Domain

Channels Allowed

Maximum Transmit Power (Radio Tx + Antenna Gain = EIRP)

Frequency Range (GHz)

Austria AT -E 36, 40, 44, 48 60 mW EIRP 5.15-5.25

1 - 11 100 mW EIRP 2.4-2.4835

Australia AU -N 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161

200 mW EIRP

200 mW EIRP

1 W EIRP

5.15-5.25 5.25-5.35 5.725-5.825

1 - 11 200 mW EIRP 2.4-2.4835

Belgium BE -E 36, 40, 44, 48,52, 56, 60, 64

120 mW EIRP

120 mW EIRP

5.15-5.25

1 - 12,13 100 mW EIRP

100 mW EIRP

2.4-2.4835

Brazil BR -C 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161

200 mW EIRP

1 W EIRP

5.725-5.85

1 - 11 1 W EIRP 2.4-2.4835

Canada CA -A 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161

50 mW+6 dBi=200 mW, 250 mW+6 dBi=1 W, 1 W+6 dBi=4 W

5.15-5.25 5.25-5.35 5.725-5.85

1-11 1 W+Restricted Antennas

2.4-2.4835

Switzerland and Liechtenstein

CH -E 36, 40, 44, 48,52, 56, 60, 64

200 mW EIRP 200 mW EIRP

5.15-5.255.25-5.35

1-11 100 mW EIRP 2.4-2.4835

China CN -C 149, 153, 157, 161

150 mW+6 dBi~600 mW

5.725-5.825

1-13 150 mW+6 dBi~600 mW

2.4-2.4835

Cyprus CY -E 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161

50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6 dBi=4 W

5.15-5.25 5.25-5.35 5.725-5.85


2.4-2.4835


Czech Republic CZ -E 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161

200 mW EIRP200 mW EIRP1 W EIRP

5.15-5.255.25-5.355.725-5.825

1-11 200 mW EIRP 2.4-2.4835

Germany DE -E 36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140


5.15-5.255.25-5.355.47-5.725

1-11 2.4-2.4835

Denmark DK -E 36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140


5.15-5.255.25-5.355.47-5.725

1-11 100 mW EIRP 2.4-2.4835

Estonia EE -E 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161


5.15-5.25 5.25-5.35 5.725-5.85


2.4-2.4835

Spain ES -E

1-11 100 mW EIRP

Finland FI -E 36, 40, 44, 48,52, 56, 60,


5.15-5.255.25-5.355.47-5.725

64,104, 108,

112, 116, 120,

124, 128, 132,

140

1-11 100 mW EIRP 2.4-2.4835


Access Point Domain

Channels Allowed




France FR -E 36, 40, 44, 48,52, 56, 60, 64

200 mW EIRP200 mW EIRP

5.15-5.255.25-5.35

1 - 7,8 - 11 100 mW EIRP100 mW EIRP

2.4-2.48352.4-2.454

United Kingdom GB -E 36, 40, 44, 48,52, 56, 60, 64,104, 108,


5.15-5.25 5.25-5.35 5.47-5.725

112, 116, 120,

124, 128, 132,

140

1-11 100 mW EIRP 2.4-2.4835

Greece GR -E 1-11 100 mW EIRP 2.4-2.4835

Hong Kong HK -N 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161

200 mW EIRP200 mW EIRP1 W+6 dBi=4 W

5.15-5.25 5.25-5.35 5.725-5.85

1-11 100 mW EIRP 2.4-2.4835

Hungary HU -E 36, 40, 44, 48,52, 56, 60, 64

200 mW EIRP 5.15-5.255.25-5.35

1-11 1 W EIRP 2.4-2.4835

Indonesia ID -R N/A N/A 5.725-5.875

1-13 100 mW EIRP 2.4-2.5

Ireland IE -E 36, 40, 44, 48,52, 56, 60, 64


5.15-5.25 5.25-5.35 5.47-5.725

1-11 100 mW EIRP 2.4-2.4835

Israel IL -I 36, 40, 44, 48,52, 56, 60, 64


5.15-5.25 5.25-5.35


Access Point Domain

Channels Allowed




1-13 100 mW EIRP 2.4-2.4835

Israel OUTDOOR ILO 36, 40, 44, 48,52, 56, 60, 64


5.15-5.255.25-5.35

5-13 100 mW EIRP 2.4-2.4835

India IN TBA N/A N/A N/A

4 W EIRP 2.4-2.4835

Iceland IS -E 36, 40, 44, 48,52, 56, 60,


5.15-5.25 5.25-5.35 5.47-5.725

64,104, 108,

112, 116, 120,

124, 128, 132,

140

1-11 100 mW EIRP 2.4-2.4835

Italy IT -E 36, 40, 44, 48,52, 56, 60,


5.15-5.25 5.25-5.35 5.47-5.725

64,104, 108, 112, 116, 120,

124, 128, 132,

140

1-11 100 mW EIRP 2.4-2.4835

Japan JP -J 1-3,1-4 100 mW EIRP100 mW EIRP

5.03-5.09 5.15-5.25

1-14 10 mW/ MHz~200mW EIRP

2.4-2.497


2.4-2.497

Republic of Korea KR -C 149, 153, 157, 161

150 mW+6 dBi~600 mW

5.725-5.825


Access Point Domain

Channels Allowed




1-13 150 mW+6 dBi~600 mW

2.4-2.4835

Lithuania LT -E 36, 40, 44, 48,52, 56, 60,

50 mW+6 dBi=200 mW250 mW+6

5.15-5.25 5.25-5.35 5.725-5.85

64,149, 153, dBi=1 W1 W+6

157, 161 dBi=4 W


2.4-2.4835

Luxembourg LU -E 36, 40, 44, 48,52, 56, 60,


5.15-5.25 5.25-5.35 5.47-5.725

64,104, 108,

112, 116, 120, 124, 128, 132,

140

1-11 100 mW EIRP 2.4-2.4835

Latvia LV -E 36, 40, 44, 48,52, 56, 60,

50 mW+6 dBi=200 mW250 mW+6

5.15-5.25 5.25-5.35 5.725-5.85

64,149, 153, dBi=1 W1 W+6

157, 161 dBi=4 W


2.4-2.4835

Malaysia MY -E 1-13 100 mW EIRP 2.4-2.5

Netherlands NL -E 36, 40, 44, 48,52, 56, 60,


5.15-5.25 5.25-5.35 5.47-5.725

64,104, 108,

112, 116, 120,

124, 128, 132,

140


Access Point Domain

Channels Allowed




1-11 100 mW EIRP 2.4-2.4835

Norway NO -E 36, 40, 44, 48,52, 56, 60, 64,104, 108,


5.15-5.25 5.25-5.35 5.47-5.725

112, 116, 120,

124, 128, 132, 140

1-11 100 mW EIRP 2.4-2.4835

New Zealand NZ -N 36, 40, 44, 48,52, 56, 60,

50 mW+6 dBi=200 mW250 mW+6

5.15-5.25 5.25-5.35 5.725-5.85

64,149, 153, dBi=1 W1 W+6

157, 161 dBi=4 W


2.4-2.4835

Philippines PH -C TBA TBA 5.725-5.875

100 mW EIRP 2.4-2.4835

Poland PL -E 36, 40, 44, 48,52, 56, 60,

200 mW EIRP 1 W EIRP

2.4-2.4835

64,149, 153,

157, 161

1-11 100 mW EIRP 2.4-2.4835

Portugal PT -E 36, 40, 44, 48,52, 56, 60,


5.15-5.25 5.25-5.35 5.47-5.725

64,104, 108,

112, 116, 120, 124, 128, 132,

140

1-11 100 mW EIRP 2.4-2.4835


Access Point Domain

Channels Allowed




Sweden SE -E 36, 40, 44, 48,52, 56, 60,


5.15-5.25 5.25-5.35 5.47-5.725

64,104, 108,

112, 116, 120,

124, 128, 132,

140

1-11 100 mW EIRP 2.4-2.4835

Singapore SG -S 36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161


5.15-5.25 5.25-5.35 5.725-5.85

1-13 200 mW EIRP 2.4-2.4835

Slovenia SI -E 36, 40, 44, 48,52, 56, 60,

50 mW+6 dBi=200 mW250 mW+6

5.15-5.255.25-5.355.725-5.85

64,149, 153, dBi=1 W1 W+6

157, 161 dBi=4 W


2.4-2.4835

Slovak Republic SK -E 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161


5.15-5.25 5.25-5.35 5.725-5.85


2.4-2.4835

Thailand TL -R N/A N/A 5.725-5.875

1-13 100 mW EIRP 2.4-2.5

Taiwan TW -T 56, 60, 64, 100 - 140,149, 153,

50 mW+6 dBi=200 mW250 mW+6

5.25-5.35 5.47-5.725 5.725-5.825

157, 161 dBi=1 W1 W+6

dBi=4 W


Access Point Domain

Channels Allowed




1-13 1 W EIRP 2.4-2.4835

United States US -A 36, 40, 44, 50 mW+6 dBi=200 5.15-5.25 5.25-5.35

of America 48,52, 56, 60, mW250 mW+6 5.725-5.85

64,149, 153, dBi=1 W1 W+6

157, 161 dBi=4 W

1-11 1 W Conducted Output

2.4-2.4835

United States of America

USE -A 36, 40, 44, 48,52, 56, 60, 64

50 mW+6 dBi=200 mW250 mW+6 dBi=1 W

5.15-5.25 5.25-5.35


2.4-2.4835

United States of America LOW

USL -A 36, 40, 44, 48,52, 56, 60, 64

50 mW+6 dBi=200 mW250 mW+6 dBi=1 W

5.15-5.25 5.25-5.35


2.4-2.4835

United States of America EXTENDED

USX TBA 36, 40, 44, 48,52, 56, 60, 64

50 mW+6 dBi=200 mW250 mW+6 dBi=1 W

5.15-5.25 5.25-5.35


2.4-2.4835

South Africa ZA TBA N/A N/A 5.25-5.355.725-5.825

1-13 1 W EIRP 2.4-2.4835


Access Point Domain

Channels Allowed



Configuring System Name 107

Configuring System Name

To configure the System Name:

1 Click Administration > System Name > Setup. The System Name Setup Page opens:

Figure 52 System Name Setup Page

The System Name Setup Page includes the following fields:





3 Click . The System Name is enabled, and the device is updated.


Configuring System Time

The Time Page contains fields for defining system time parameters for both the local hardware clock and the external SNTP clock. If the system time is kept using an external SNTP clock, and the external SNTP clock fails, the system time reverts to the local hardware clock. Daylight Savings Time can be enabled on the device.

The following is a list of Daylight Savings Time start and end times in specific countries:

■ Albania — From the last weekend of March until the last weekend of October.

■ Australia — From the end of October until the end of March.

■ Australia - Tasmania — From the beginning of October until the end of March.

■ Armenia — From the last weekend of March until the last weekend of October.

■ Austria — From the last weekend of March until the last weekend of October.

■ Bahamas — From April to October, in conjunction with Daylight Savings Time in the United States.

■ Belarus — From the last weekend of March until the last weekend of October.

■ Belgium — From the last weekend of March until the last weekend of October.

■ Brazil — From the third Sunday in October until the third Saturday in March. During the period of Daylight Saving Time, Brazilian clocks go forward one hour in most of the Brazilian southeast.

■ Chile — In Easter Island, from March 9 until October 12. In the rest of the country, from the first Sunday in March or after 9th March.

■ China — China does not use Daylight Saving Time.

■ Canada — From the first Sunday in April until the last Sunday of October. Daylight Saving Time is usually regulated by provincial and territorial governments. Exceptions may exist in certain municipalities.

■ Cuba — From the last Sunday of March to the last Sunday of October.

■ Cyprus — From the last weekend of March until the last weekend of October.

Configuring System Time 109

■ Denmark — From the last weekend of March until the last weekend of October.

■ Egypt — From the last Friday in April until the last Thursday in September.

■ Estonia — From the last weekend of March until the last weekend of October.

■ Finland — From the last weekend of March until the last weekend of October.

■ France — From the last weekend of March until the last weekend of October.

■ Germany — From the last weekend of March until the last weekend of October.

■ Greece — From the last weekend of March until the last weekend of October.

■ Hungary — From the last weekend of March until the last weekend of October.

■ India — India does not use Daylight Saving Time.

■ Iran — From Farvardin 1 until Mehr 1.

■ Iraq — From April 1 until October 1.

■ Ireland — From the last weekend of March until the last weekend of October.

■ Israel — Varies year-to-year.

■ Italy — From the last weekend of March until the last weekend of October.

■ Japan — Japan does not use Daylight Saving Time.

■ Jordan — From the last weekend of March until the last weekend of October.

■ Latvia — From the last weekend of March until the last weekend of October.

■ Lebanon — From the last weekend of March until the last weekend of October.

■ Lithuania — From the last weekend of March until the last weekend of October.

■ Luxembourg — From the last weekend of March until the last weekend of October.


■ Macedonia — From the last weekend of March until the last weekend of October.

■ Mexico — From the first Sunday in April at 02:00 to the last Sunday in October at 02:00.

■ Moldova — From the last weekend of March until the last weekend of October.

■ Montenegro — From the last weekend of March until the last weekend of October.

■ Netherlands — From the last weekend of March until the last weekend of October.

■ New Zealand — From the first Sunday in October until the first Sunday on or after March 15.

■ Norway — From the last weekend of March until the last weekend of October.

■ Paraguay — From April 6 until September 7.

■ Poland — From the last weekend of March until the last weekend of October.

■ Portugal — From the last weekend of March until the last weekend of October.

■ Romania — From the last weekend of March until the last weekend of October.

■ Russia — From the last weekend of March until the last weekend of October.

■ Serbia — From the last weekend of March until the last weekend of October.

■ Slovak Republic - From the last weekend of March until the last weekend of October.

■ South Africa — South Africa does not use Daylight Saving Time.

■ Spain — From the last weekend of March until the last weekend of October.

■ Sweden — From the last weekend of March until the last weekend of October.

■ Switzerland — From the last weekend of March until the last weekend of October.

■ Syria — From March 31 until October 30.

Configuring System Time 111

■ Taiwan — Taiwan does not use Daylight Saving Time.

■ Turkey — From the last weekend of March until the last weekend of October.

■ United Kingdom — From the last weekend of March until the last weekend of October.

■ United States of America — From the first Sunday in April at 02:00 to the last Sunday in October at 02:00.

To configure the System Time:

1 Click Administration > Time. The Time Page opens:

Figure 53 Time Page

The Time Page contains the following sections:

■ Local Settings — Displays the system time in the following format:

■ Time — Indicates the system time. The system time is displayed in the following format HH:MM:SS. Hour, Minute, Seconds.

■ Day — Displays the week day. The possible field range is Sunday-Saturday.

■ Month — Displays the month of the year. The possible field range is Jan-Dec.

■ Year — Displays the year.

■ Time Zone Offset — Indicates the difference between Greenwich Mean Time (GMT) and local time. For example, the Time Zone Offset


for Paris is GMT +1, while the Time Zone Offset for New York is GMT –5.

■ Daylight Savings — Enables automatic Daylight Savings Time (DST) on the device based on the device’s location. There are two types of daylight settings, either by a specific date in a particular year or a recurring setting irrespective of the year. Define the fields.

■ From — Defines the time that DST ends each year. For example, DST ends locally every fourth Friday in October at 5:00 am. The possible field values are:

■ Day — The day of the week at which DST ends every year. The possible field range is Sunday-Saturday.

■ Week — The week within the month at which DST ends every year. The possible field range is 1-5.

■ Month — The month of the year in which DST ends every year. The possible field range is Jan.-Dec.

■ Time — The time at which DST ends every year. The field format is Hour:Minute, for example, 05:30.

■ To — Defines the time that DST begins each year. For example, DST begins locally every second Sunday in April at 5:00 am. The possible field values are:

■ Day — The day of the week from which DST begins every year. The possible field range is Sunday-Saturday.

■ Week — The week within the month from which DST begins every year. The possible field range is 1-5.

■ Month — The month of the year in which DST begins every year. The possible field range is Jan.-Dec.

■ Time — The time at which DST begins every year. The field format is Hour:Minute, for example, 02:10.

■ Recurring — Defines the time that DST starts in countries other than USA or European where the DST is constant year to year.

2 Click . The Time settings are saved, and the device is updated.

Saving the Device Configuration 113

Saving the Device Configuration

The Save Configuration tab allows the latest configuration to be saved to the flash memory.

To save the device configuration:

1 Click Save Configuration. The Save Configuration Page opens:

Figure 54 Save Configuration Page

The following message displays:

The operation will save your configuration. Do you wish to continue?


Resetting the Device

The Reset page enables resetting the device from a remote location.

To prevent the current configuration from being lost, save all changes from the running configuration file to the startup configuration file before resetting the device.

5
CONFIGURING WIRED PORTS
This section contains information for configuring Port Settings, and includes the following sections:

■ Viewing Port Settings

■ Defining Port Settings

■ Configuring Address Tables

■ Viewing Static Addresses

■ Defining Static Addresses

■ Viewing Dynamic Addresses

116 CHAPTER 5: CONFIGURING WIRED PORTS

Viewing Port Settings

The Port Setting Summary Page contains information regarding specific port settings. To view Port Settings:

1 Click Wired Ports > Port Settings > Summary. The Port Setting Summary Page opens:

Figure 55 Port Setting Summary Page

The Port Setting Summary Page contains the following fields:

■ Port — Indicates the selected port number.

■ PortType — Displays the type of the port.

■ Port Status — Indicates whether the port is currently operational or non-operational. The possible field values are:

■ Up — Indicates the port is currently operating.

■ Down — Indicates the port is currently not operating.

■ Port Speed — Displays the configured rate for the port. The port type determines what speed setting options are available. Port speeds can only be configured when auto negotiation is disabled. The possible field values are:

Viewing Port Settings 117

■ 10M — Indicates the port is currently operating at 10 Mbps.



■ Duplex Mode — Displays the port duplex mode. This field is configurable only when auto negotiation is disabled, and the port speed is set to 10M or 100M or 1000M per second. This field cannot be configured on LAGs. The possible field values are:

■ Full — The interface supports transmission between the device and its link partner in both directions simultaneously.

■ Half — The interface supports transmission between the device and the client in only one direction at a time.

■ Auto Negotiation — Displays the auto negotiation status on the port. Auto negotiation is a protocol between two link partners that enables a port to advertise its transmission rate, duplex mode, and flow control abilities to its partner.

■ Advertisement — Defines the auto negotiation setting the port advertises. The possible field values are:

■ Max Capability — Indicates that all port speeds and duplex mode settings are accepted.

■ 10 Half — Indicates that the port advertises for a 10 Mbps speed port and half duplex mode setting.

■ 10 Full — Indicates that the port advertises for a 10 Mbps speed port and full duplex mode setting.




■ Back Pressure — Displays the back pressure mode on the Port. Back pressure mode is used with half duplex mode to disable ports from receiving messages.

■ Flow Control — Displays the flow control status on the port. Operates when the port is in full duplex mode.

■ MDI/MDIX — Displays the MDI/MDIX status on the port. Hubs and switches are deliberately wired opposite the way end stations are


wired, so that when a hub or switch is connected to an end station, a straight through Ethernet cable can be used, and the pairs are matched up properly. When two hubs or switches are connected to each other, or two end stations are connected to each other, a crossover cable is used to ensure that the correct pairs are connected. The possible field values are:

■ MDIX (Media Dependent Interface with Crossover) — Use for hubs and switches.

■ MDI (Media Dependent Interface) — Use for end stations.

■ Auto — Use to automatically detect the cable type.

■ LAG — Displays the LAG for which the port setting parameters are defined.

Defining Port Settings 119

Defining Port Settings

The Port Settings Setup Page allows network managers to configure port parameters for specific ports. To configure Port Settings:

1 Click Wired Ports> Port Settings > Setup. The Port Settings Setup Page opens:

Figure 56 Port Settings Setup Page

The Port Settings Setup Page contains the following fields:

■ Port — Indicates the selected port number.

■ Description — Displays a port description.

■ Port Type — Indicates the type of the port.

■ Admin Status — Indicates whether the port is currently operational or non-operational. The possible field values are:

■ Up — Indicates the port is currently operating.

■ Down — Indicates the port is currently not operating.

■ Current Port Status — Displays current port status.

■ Reactivate Suspended Port — Reactivates a port if the port has been disabled through the locked port security option.


■ Operational Status — Indicates whether the port is currently operational or non-operational.

■ Admin Speed — Displays the configured rate for the port. The port type determines what speed setting options are available. Port speeds can only be configured when auto negotiation is disabled. The possible field values are:




■ Current Port Speed — Displays the current configured port speed.

■ Admin Duplex — Displays the port duplex mode. This field is configurable only when auto negotiation is disabled, and the port speed is set to 10M or 100M. This field cannot be configured on LAGs. The possible field values are:

■ Full — The interface supports transmission between the device and its link partner in both directions simultaneously.

■ Half — The interface supports transmission between the device and the client in only one direction at a time.

■ Current Duplex Mode — Displays the current port duplex mode.

■ Auto Negotiation — Displays the auto negotiation status on the port. Auto negotiation is a protocol between two link partners that enables a port to advertise its transmission rate, duplex mode, and flow control abilities to its partner.

■ Current Auto Negotiation — Displays the current auto negotiation status on the port.

■ Admin Advertisement — Defines the auto negotiation setting the port advertises. The possible field values are:

■ Max Capability — Indicates that all port speeds and duplex mode settings are accepted.




Defining Port Settings 121



■ Current Advertisement — Displays the current port advertisement.

■ Neighbor Advertisement — Indicates the neighboring ports advertisement settings. The field values are identical to the Admin Advertisement field values.

■ Back Pressure — Displays the back pressure mode on the Port. Back pressure mode is used with half duplex mode to disable ports from receiving messages.

■ Current Back Pressure — Displays the currently configured back pressure mode on the port.

■ Flow Control — Displays the flow control status on the port. Operates when the port is in full duplex mode.

■ Current Flow Control — Displays the current flow control status on the port.

■ MDI/MDIX — Displays the MDI/MDIX status on the port. Hubs and switches are deliberately wired opposite the way end stations are wired, so that when a hub or switch is connected to an end station, a straight through Ethernet cable can be used, and the pairs are matched up properly. When two hubs or switches are connected to each other, or two end stations are connected to each other, a crossover cable is used to ensure that the correct pairs are connected. The possible field values are:

■ MDIX (Media Dependent Interface with Crossover) — Use for hubs and switches.

■ MDI (Media Dependent Interface) — Use for end stations.

■ Auto — Use to automatically detect the cable type.

■ Current MDI/MDIX — Displays the current MDI/MDIX status on the port.

■ LAG — Displays the LAG for which the port setting parameters are defined.


3 Click . The ports are enabled, and the device is updated.


Configuring Address Tables

MAC addresses are stored in either the Static Address or the Dynamic Address databases. A packet addressed to a destination stored in one of the databases is forwarded immediately to the port. The Dynamic Address Table can be sorted by interface, VLAN, and MAC Address. MAC addresses are dynamically learned as packets from sources arrive at the device . Addresses are associated with ports by learning the ports from the frames source address. Frames addressed to a destination MAC address that is not associated with any port, are flooded to all ports of the relevant VLAN. Static addresses are manually configured. In order to prevent the bridging table from overflowing, dynamic MAC addresses, from which no traffic is seen for a certain period, are erased.

Viewing Static Addresses

To open the Figure 57:

1 Click Wired Ports > Address Tables > Static Addresses Summary.

Figure 57 Static Addresses Summary Page

The Static Addresses Summary Page contains the following fields:

■ VLAN ID — The VLAN ID attached to the MAC Address, and a VLAN called a Routed Interface.

Defining Static Addresses 123

■ MAC Address — The MAC addresses listed in the current static addresses list.

■ Interface — The specific port or LAG to which the static MAC address is applied.

■ Status — Displays the MAC address status. Possible values are:

■ Permanent — The MAC address is permanent.

■ Delete on Reset — The MAC address is deleted when the device is reset.

■ Delete on Time out —The MAC address is deleted when a timeout occurs.

■ Secure — Used for defining static MAC Addresses for Locked ports.

Defining Static Addresses

The Static Address Table page contains a list of static MAC addresses. Static Address can be added and removed from the Static Address Table


page. In addition, several MAC Addresses can be defined for a single port. To open the Figure 58:

1 Click Wired Ports > Address Tables > Static Addresses > Setup. The Static Addresses Setup Page opens:

Figure 58 Static Addresses Setup Page

The Static Addresses Setup Page contains the following fields:

■ Interface — Displays specific port or LAG to which the static MAC address is applied.

■ MAC address — Displays the MAC addresses listed in the current static addresses list.

■ VLAN ID — Displays the VLAN ID attached to the MAC Address, and a VLAN called a Routed Interface. Routed Interfaces are the internally-used VLANs assigned to an port or trunk on which an IP address is configured.

■ VLAN Name — Displays the User-defined VLAN name.

■ Status — Displays the MAC address status. Possible values are:

Removing Static Addresses 125





Removing Static Addresses

To remove Static addresses:

1 Click Wired Ports > Address Tables > Static Addresses > Remove. The Figure 59 opens:

Figure 59 Static Addresses Remove Page



■ Remove — Removes a specific static address. The possible field values are:

■ Checked — Removes the selected static address entries.

■ Unchecked — Maintains the current static address entries.

■ VLAN ID — The VLAN ID attached to the MAC Address, and a VLAN called a Routed Interface.Routed Interfaces are the internally-used VLANs assigned to an port or trunk on which an IP address is configured.

■ MAC address — The MAC addresses listed in the current static addresses list.


■ Status — MAC address status. Possible values are:





Viewing Dynamic Addresses 127

Viewing Dynamic Addresses

The Dynamic MAC Address page contains information for querying information in the dynamic address table, including the interface type, MAC addresses, VLAN, and table sorting. Packets forwarded to an address stored in the address table are forwarded directly to those ports. The Dynamic MAC Address page also contains information about the aging time before a dynamic MAC address is erased, and includes parameters for querying and viewing the Dynamic Address list. The Current Address Table contains dynamic address parameters by which packets are directly forwarded to the ports.

To open the Dynamic MAC Address Summary Page:

1 Click Wired Ports > Address Tables > Dynamic Addresses > Summary. The Dynamic MAC Address Summary Page opens:

Figure 60 Dynamic MAC Address Summary Page

The Dynamic MAC Address Summary Page contains the following fields:

■ Aging Interval (10-630) — Specifies the amount of time the MAC Address remains in the Dynamic MAC Address before it is timed out if no traffic from the source is detected. The default value is 300 seconds.

■ Clear Table — Clears the Dynamic Address table when checked.


■ Interface — Specifies the interface for which the table is queried. There are two interface types from which to select.

■ MAC Address — Specifies the MAC address for which the table is queried.

■ VLAN ID — The VLAN ID for which the table is queried.

■ Address Table Sort Key — Specifies the means by which the Dynamic Address Table is sorted. The address table can be sorted by address, VLAN or interface.

6
AGGREGATING PORTS
This section contains information for configuring Link Aggregation which optimizes port usage by linking a group of ports together to form a single LAG. Aggregating ports multiplies the bandwidth between the devices, increases port flexibility, and provides link redundancy.

The device supports both static LAGs and Link Aggregation Control Protocol (LACP) LAGs. LACP LAGs negotiate aggregating port links with other LACP ports located on a different device. If the other device ports are also LACP ports, the devices establish a LAG between them. Ensure the following:

■ All ports within a LAG must be the same media type.

■ A VLAN is not configured on the port.

■ The port is not assigned to a different LAG.

■ Auto-negotiation mode is not configured on the port.

■ The port is in full-duplex mode.

■ All ports in the LAG have the same ingress filtering and tagged modes.

■ All ports in the LAG have the same back pressure and flow control modes.

■ All ports in the LAG have the same priority.

■ All ports in the LAG have the same transceiver type.

■ The device supports up to 64 LAGs, and eight ports in each LAG.

■ Ports can be configured as LACP ports only if the ports are not part of a previously configured LAG.

■ Ports added to a LAG lose their individual port configuration. When ports are removed from the LAG, the original port configuration is applied to the ports.

This section contains the following topics:

130 CHAPTER 6: AGGREGATING PORTS

■ Configuring LACP

■ Defining Link Aggregation

Configuring LACP LAGs can contain different media types if the ports are operating at the same speed. Aggregated links can be set up manually or automatically established by enabling LACP on the relevant links. Aggregate ports can be linked into link-aggregation port-groups. Each group is comprised of ports with the same speed.

To configure LACP Setup:

1 Click Wired Ports > LACP > Setup. The “LACP Setup Page” opens:

Figure 61 LACP Setup Page

The LACP Setup Page contains the following fields:

■ LACP System Priority — Specifies system priority value. The field range is 1-65535. The field default is 1.

■ Port — Displays the port number to which timeout and priority values are assigned.

■ Port Priority — Specifies port priority value. The field range is 1-65535. The field default is 1.

Configuring LACP 131

■ LACP Timeout — Displays the administrative LACP timeout.

■ Long — Specifies a long timeout value.

■ Short — Specifies a short timeout value.

To modify LACP for LAGs:

1 Click Wired Ports > LACP > Modify. The “LACP Modify Page” opens:

Figure 62 LACP Modify Page

The LACP Modify Page contains the following fields:

■ Port — Displays the port number to which timeout and priority values are assigned.

■ LACP Port Priority — Specifies port priority value. The field range is 1-65535. The field default is 1.

■ LACP Timeout — Displays the administrative LACP timeout.

■ Long — Specifies a long timeout value.

■ Short — Specifies a short timeout value.

2 Edit the Port Priority and LACP Timeout fields.

3 Click . The LACP settings are saved, and the device is updated.


Defining Link Aggregation


■ Configuring Link Aggregation

■ Defining LAG Membership

Configuring Link Aggregation

The Link Aggregation Page optimizes port usage by linking a group of ports together to form a single LAG. Aggregating ports multiplies the bandwidth between the devices, increases port flexibility, and provides link redundancy.

To view Link Aggregation:

1 Click Wired Ports > Link Aggregation > Summary. The “Link Aggregation Summary Page” opens:

Figure 63 Link Aggregation Summary Page

The Link Aggregation Summary Page includes the following pages:

■ LAG — Displays the LAG for which the link aggregation parameters are defined.

■ Description — Displays a description of the configured LAG.

■ Type — Displays the current LAG type.

■ Status — Indicates the LAG status. The possible fields values are:

Configuring Link Aggregation 133

■ Up — Indicates the LAG is active.

■ Down — Indicates the LAG is inactive.

■ Speed — Indicates the LAG speed. The possible fields values are:

■ 10M — Indicates the LAG is currently operating at 10 Mbps.



■ Auto Negotiation — Displays the auto negotiation status on the LAG. Auto negotiation is a protocol between two link partners that enables a LAG to advertise its transmission rate, duplex mode, and flow control abilities to its partner.

■ Flow Control — Displays the flow control status on the LAG. Operates when the LAG is in full duplex mode.

To configure Link Aggregation:

1 Click Wired Ports > Link Aggregation > Setup. The Link Aggregation Setup Page opens:

Figure 64 Link Aggregation Setup Page

The Link Aggregation Setup Page includes the following pages:

■ LAG — Displays the LAG number.


■ Description — Displays a description of the configured LAG.

■ Type — Displays the current LAG type.

■ Admin Status — Displays the LAG status. The possible fields values are:

■ Up — Indicates the LAG is active.

■ Down — Indicates the LAG is inactive.

■ Current Status — Indicates the current LAG status.

■ Reactivate Suspended — Select Reactivate Suspended field to return a suspended LAG to active status

■ Operational Status — Indicates whether the LAG is currently operational or non-operational.

■ Admin Auto Negotiation — Displays the LAG auto negotiation status. Auto negotiation is a protocol between two link partners that enables a LAG to advertise its transmission rate, duplex mode, and flow control abilities to its partner.

■ Current Auto Negotiation — Displays the current LAG auto negotiation status.

■ Admin Advertisement — Defines the auto negotiation setting the LAG advertises. The possible field values are:

■ Max Capability — Indicates that all LAG speeds and duplex mode settings are accepted.

■ 10 Full — Indicates that the LAG advertises for a 10 Mbps speed LAG and full duplex mode setting.



■ Current Advertisement — Displays current auto negotiation setting that the LAG advertises.

■ Neighbor Advertisement — Indicates the neighboring port’s advertisement settings. The field values are identical to the Admin Advertisement field value.

■ Admin Speed — Displays the configured rate for the LAG. The LAG type determines what speed setting options are available. LAG speeds

Configuring Link Aggregation 135

can only be configured when auto negotiation is disabled. The possible field values are:




■ Current Speed — Displays the current LAG speed.

■ Admin Flow Control — Displays the flow control status on the LAG. Operates when the LAG is in full duplex mode.

■ Current Flow Control — Displays the current flow control status on the LAG.


3 Click . Link Aggregation is configured, and the application is updated.


Defining LAG Membership

The Link Aggregation Membership Page contains fields for configuring parameters for configured LAGs. The device supports up to eight ports per LAG, and eight LAGs per system.

To define LAG Membership:

1 Click Wired Ports > Link Aggregation > Membership. The Link Aggregation Membership Page opens:

Figure 65 Link Aggregation Membership Page

The Link Aggregation Setup Page contains the following fields:

■ LAG — Specifies if the port is part of a LAG.

■ LAG Name — Displays the LAG name.

■ LACP — Displays the link operational status.

■ Port List — Displays the ports that can be assigned or removed from the LAG membership list.

■ LAG Members — Displays the ports which are currently configured to the LAG.


3 Click . LAG Membership is established, and the device is updated.

Defining LAG Membership 137

7
CONFIGURING VLANS
This section contains information for configuring VLANs. VLANs are logical subgroups with a Local Area Network (LAN) which combine user stations and network devices into a single unit, regardless of the physical LAN segment to which they are attached. VLANs allow network traffic to flow more efficiently within subgroups. VLANs use software to reduce the amount of time it takes for network changes, additions, and moves to be implemented.

VLANs have no minimum number of ports, and can be created per unit, per device, or through any other logical connection combination, since they are software-based and not defined by physical attributes.

VLANs function at Layer 2. Since VLANs isolate traffic within the VLAN, a Layer 3 router working at a protocol level is required to allow traffic flow between VLANs. Layer 3 routers identify segments and coordinate with VLANs. VLANs are Broadcast and Multicast domains. Broadcast and Multicast traffic is transmitted only in the VLAN in which the traffic is generated.

VLAN tagging provides a method of transferring VLAN information between VLAN groups. VLAN tagging attaches a 4-byte tag to packet headers. The VLAN tag indicates to which VLAN the packets belong. VLAN tags are attached to the VLAN by either the end station or the network device. VLAN tags also contain VLAN network priority information.

Combining VLANs and GARP (Generic Attribute Registration Protocol) allows network managers to define network nodes into Broadcast domains.


■ Defining VLAN Properties

■ Defining VLAN Membership

■ Defining VLAN Interface Settings

139

■ Defining Voice VLAN

■ Defining GVRP

140 CHAPTER 7: CONFIGURING VLANS

Defining VLAN Properties

The VLAN Setup Summary provides information and global parameters on VLANS configured on the system. To view VLANs:

1 Click Policy > VLAN > Setup > Summary. The VLAN Setup Summary Page opens:

Figure 66 VLAN Setup Summary Page

The VLAN Setup Summary Page contains the following fields and buttons:

■ Back — Displays the following page of VLANs in the VLAN Summary table, if there is a page following the current page.

■ Next — Displays the previous page of VLANs in the VLAN Summary table, if there is a previous page.

■ Go To — Displays a specific page of VLANs in the VLAN Summary table.

■ VLAN ID — Displays the VLAN ID. The field range is 1-4094.

■ VLAN Name — Displays the user-defined VLAN name.

■ Type — Displays the VLAN type. The possible field values are:

Defining VLAN Properties 141

■ Dynamic — Indicates the VLAN was dynamically created through GVRP.

■ Static — Indicates the VLAN is user-defined.

■ Default — Indicates the VLAN is the default VLAN.

■ Authentication — Indicates whether authentication is enabled for the specific VLAN ID. The possible field values are:

■ Enabled — Indicates authentication is disabled for the specified VLAN ID.

■ Disabled — Indicates authentication is enabled for the specified VLAN ID.

The Setup Page creates VLANS on the system.

To create VLANs:

1 Click Policy > VLAN > Setup > Setup. The VLAN Setup [Setup]Page opens:

Figure 67 VLAN Setup [Setup]Page

The Setup Page contains the following fields:

■ VLAN ID — Displays the VLAN ID.




3 Click . The VLANs are configured, and the device is updated.

To edit VLAN Settings:

1 Click Policy > VLAN > Setup > Modify. The “Modify VLAN Page” opens:

Figure 68 Modify VLAN Page

The Modify VLAN Page contains the following fields:



■ Disable Authentication — Indicates whether authentication is enabled for the specific VLAN ID. The possible field values are:

■ Enable — Indicates authentication is disabled for the specified VLAN ID.

■ Disable — Indicates authentication is enabled for the specified VLAN ID.


3 Click . The VLANs are configured, and the device is updated.

Defining VLAN Properties 143

To delete VLANs:

1 Click Policy > VLAN > Setup > Remove. The “VLAN Remove Page” opens:

Figure 69 VLAN Remove Page

The VLAN Remove Page contains the following fields:

■ Remove — Removes a specific VLAN. The possible field values are:

■ Checked — Removes the selected VLAN entries.

■ Unchecked — Maintains the current VLAN entries.

■ VLAN ID — Displays the VLAN ID.■ VLAN Name — Displays the user-defined VLAN name.■ Type — Indicates the if the VLAN was dynamically or statically

created. ■ Authentication — Indicates whether authentication is enabled for

the specific VLAN ID. The possible field values are:

■ Enabled— Indicates authentication is disabled for the specified VLAN ID.

■ Disabled — Indicates authentication is enabled for the specified VLAN ID.

2 Select the VLAN ID to be deleted.

3 Click . The selected VLANs are deleted, and the device is updated.


Defining VLAN Membership

The VLAN Membership Summary Page contains a table that maps VLAN parameters to ports. Ports are assigned VLAN membership by toggling through the Port Control settings.

To define VLAN Membership:

1 Click Policy > VLAN > Membership > Summary. The VLAN Membership Summary Page opens:

Figure 70 VLAN Membership Summary Page

The VLAN Membership Summary Page contains the following fields:

■ VLAN ID — Displays the user-defined VLAN ID.

■ VLAN Name — Displays the name of the VLAN

■ VLAN Type— Indicates the VLAN type. The possible field values are:

■ Dynamic — Indicates the VLAN was dynamically created through GARP.

■ Static — Indicates the VLAN is user-defined.

■ Default — Indicates the VLAN is the default VLAN.

■ Port — Indicates the port membership.

Defining VLAN Membership 145

■ LAG — Indicates the LAG membership.

■ Interface — Displays the port or LAG number included in the VLAN.

■ Interface Status— Displays the port-based for each Interface.

The Membership Modify Page contains a table that maps VLAN parameters to ports. Ports are assigned VLAN membership by toggling through the Port Control settings.

To modify VLAN Membership:

1 Click Policy > VLAN > Membership > Modify. The VLAN Membership Modify Page opens:

Figure 71 VLAN Membership Modify Page

The VLAN Membership Modify Page contains the following fields:

■ VLAN ID — Displays the user-defined VLAN ID.

■ VLAN Name — Displays the name of the VLAN


■ Interface Status— Displays the port-based for each Interface.


■ Exclude — Excludes the interface from the VLAN. However, the interface can be added to the VLAN through GARP.

■ Forbidden — Denies the interface VLAN membership, even if GARP indicates the port is to be added.

■ Tagged — Indicates the interface is a tagged member of a VLAN. All packets forwarded by the interface are tagged. The packets contain VLAN information.

■ Untagged — Indicates the interface is a untagged member of the VLAN.


3 Click . VLAN membership is modified, and the device is updated.

Defining VLAN Interface Settings 147

Defining VLAN Interface Settings

The VLAN contains fields for managing ports that are part of a VLAN. The Port Default VLAN ID (PVID) is configured on the VLAN Interface Settings Modify Page. All untagged packets arriving at the device are tagged with the port PVID.

To view VLAN Settings:

1 Click Policy > VLAN > Interface Settings > Summary. The VLAN Interface Settings Summary Page opens:

Figure 72 VLAN Interface Settings Summary Page

The VLAN Interface Settings Summary Page contains the following fields:

■ Port — Displays the port interface settings.

■ LAG — Displays the LAG interface settings.

■ Interface — Displays the port number or LAG number included in the VLAN.

■ Interface VLAN Mode — Displays the interface mode. The possible values are:

■ General — Indicates the port belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full IEEE802.1q mode).


■ Access — Indicates a port belongs to a single untagged VLAN. When a port is in Access mode, the packet types which are accepted on the port cannot be designated. Ingress filtering cannot be enabled or disabled on an access port.

■ Trunk — Indicates the port belongs to VLANs in which all ports are tagged, except for one port that can be untagged.

■ PVID — Assigns a VLAN ID to untagged packets. The possible values are 1-4094. VLAN 4095 is defined as per standard and industry practice as the Discard VLAN. Packets classified to the Discard VLAN are dropped.

■ Frame Type — Specifies the packet type accepted on the port. The possible field values are:

■ Admit Tag Only — Only tagged packets are accepted on the port.

■ Admit All — Both tagged and untagged packets are accepted on the port.

■ Ingress Filtering— Indicates whether ingress filtering is enabled on the port. The possible field values are:

■ Enable — Enables ingress filtering on the device. Ingress filtering discards packets that are defined to VLANs of which the specific port is not a member.

■ Disable — Disables ingress filtering on the device.

Defining VLAN Interface Settings 149

To modify VLAN Interfaces:

1 Click Policy > VLAN > Interface Settings > Modify. The VLAN Interface Settings Modify Page opens:

Figure 73 VLAN Interface Settings Modify Page

The VLAN Interface Settings Modify Page contains the following fields:


■ Port VLAN Mode — Displays the port mode. The possible values are:

■ General — Indicates the port belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full IEEE802.1q mode).

■ Access — Indicates a port belongs to a single untagged VLAN. When a port is in Access mode, the packet types which are accepted on the port cannot be designated. Ingress filtering cannot be enabled or disabled on an access port.

■ Trunk — Indicates the port belongs to VLANs in which all ports are tagged, except for one port that can be untagged.

■ PVID — Assigns a VLAN ID to untagged packets. The possible values are 1-4094. VLAN 4095 is defined as per standard and industry practice as the Discard VLAN. Packets classified to the Discard VLAN are dropped.


■ Frame Type — Specifies the packet type accepted on the port. The possible field values are:

■ Admit Tag Only — Only tagged packets are accepted on the port.

■ Admit All — Both tagged and untagged packets are accepted on the port.

■ Ingress Filtering— Indicates whether ingress filtering is enabled on the port. The possible field values are:

■ Enable — Enables ingress filtering on the device. Ingress filtering discards packets that are defined to VLANs of which the specific port is not a member.

■ Disable — Disables ingress filtering on the device.


3 Click . The VLAN interface settings are defined, and the device is updated.

Defining GVRP 151

Defining GVRP GARP VLAN Registration Protocol (GVRP) is specifically provided for automatic distribution of VLAN membership information among VLAN-aware bridges. GVRP allows VLAN-aware bridges to automatically learn VLANs to bridge ports mapping, without having to individually configure each bridge and register VLAN membership.

The GVRP Summary Page displays the GVRP configuration for ports and LAGS.

To view GVRP Settings:

1 Click Policy > VLAN > GVRP > Summary. The GVRP Summary Page opens:

Figure 74 GVRP Summary Page

The GVRP Summary Page contains the following fields:

■ GVRP Global Status — Indicates if GVRP is enable on the device. The possible field values are:

■ Enable — Enables GVRP on the device.

■ Disable — Disables GVRP on the device. This is the default value.


■ Ports — Displays the GVRP port configuration.

■ LAGs — Displays the GVRP LAGs configuration.

■ GVRP State — Indicates if GVRP is enabled on the selected interface. The possible field values are:

■ Enable — Enables GVRP on the interface.

■ Disable — Disables GVRP on the interface. This is the default value.

■ Dynamic VLAN Creation — Indicates if Dynamic VLAN creation is enabled on the interface. The possible field values are:

■ Enabled — Enables Dynamic VLAN creation on the interface.

■ Disabled — Disables Dynamic VLAN creation on the interface.

■ GVRP Registration — Indicates if VLAN registration through GVRP is enabled on the device. The possible field values are:

■ Enabled — Enables GVRP registration on the device.

■ Disabled — Disables GVRP registration on the device.

To configure GVRP:

1 Click Policy > VLAN > GVRP > Modify. The GVRP Modify Page opens:

Figure 75 GVRP Modify Page

The GVRP Modify Page contains the following fields:

Defining GVRP 153

■ Interface — Displays the port or LAG drop-down list.

■ GVRP State — Indicates if GVRP is enabled on the selected interface. The possible field values are:

■ Enable — Enables GVRP on the interface.

■ Disable — Disables GVRP on the interface. This is the default value.

■ Dynamic VLAN Creation — Indicates if Dynamic VLAN creation is enabled on the interface. The possible field values are:

■ Enable — Enables Dynamic VLAN creation on the interface.

■ Disable — Disables Dynamic VLAN creation on the interface.

■ GVRP Registration — Indicates if VLAN registration through GVRP is enabled on the device. The possible field values are:

■ Enable — Enables GVRP registration on the device.

■ Disable — Disables GVRP registration on the device.


3 Click . GVRP is enabled, and the device is updated.


Defining Voice VLAN

Voice VLANs allows network administrators enhance VoIP service by configuring access ports to carry IP voice traffic from IP phones on specific VLANs. Network Administrators can configure VLANs on which voice IP traffic is forwarded. Non-VoIP traffic is dropped from the Voice VLAN. Voice VLAN also provides QoS to VoIP, ensuring that the quality of sounds does not deteriorate if the IP traffic is received unevenly. The system currently supports one voice VLAN.

When configuring Voice VLAN, ensure the following:

■ IP phones are configured with VLAN-mode as enabled, ensuring that tagged packets are used for all communications.

■ If the IP phone’s VLAN-mode is disabled, the phone uses untagged packets. The phone uses untagged packets while retrieving the initial IP address through DHCP. The phone eventually use the Voice VLAN and start sending tagged packets.

The Voice VLAN Page contains the following fields:

To configure Voice VLANs:

1 Click Policy > Voice VLAN. The Voice VLAN Page opens:

Figure 76 Voice VLAN Page

The Voice VLAN Page contains the following fields:

Defining Voice VLAN 155

■ Activate — Activates voice VLAN on the device. Voice VLAN is disabled by default.

■ Port — Indicates the ports which are members of the voice VLAN. Only ports which were defined in the VLAN membership page, are active.

■ Secured — Indicates if secure ports drop all non-voice IP traffic. The possible field values are:

■ Checked — Indicates that all ports are secured, and all non-voice IP traffic originating from the port is dropped from the VLAN.

■ Unchecked — Permits all non VoIP traffic on the VLAN with high-priority.

8
DEFINING WLAN
This section contains information for configuring WLANs. A Wireless Local Area Network (WLAN) is a technology that provides network services using radio waves. WLAN provides wireless network service connections to all users within a defined service area. WLAN users are connected to the network via the access points. Access Points act as communication hubs for wireless networks. In additional, access points provide both encryption and bridging between 802.11 and ethernet points. Access points also extend the physical size of wireless networks. When several access points are grouped, they allow network users to roam.

This section includes the following topics:

■ Defining Wireless Access Points

■ Defining Wireless Security

■ Configuring Wireless Access Point Security

■ Defining Wireless Rogue Handling

■ Mitigating Rogue Handling

■ Defining Wireless Radio Settings

■ Defining 802.11b/g Radio Settings

■ Managing VAPs

■ Configuring Radio 802.11a Settings

■ Defining Radio 802.11a Settings

■ Viewing WLAN Profiles

■ Defining WLAN Profiles

■ Modifying WLAN Profiles

■ Removing WLAN Profiles

■ Viewing WLAN Stations

Defining Wireless Access Points 157

■ Removing WLAN Stations

■ Defining WLAN Power Settings

Defining Wireless Access Points

This section contains information for configuring and viewing general WLAN parameters.

The Wireless Access Point Summary Page displays information regarding the currently configured access points including IP Address, MAC address, the type and radio configuration and the current access point status. Ensure that the Wireless Controller Software (WCS) has been activated.

To view Wireless Access Points:

1 Click Wireless > Access Point > Summary. The Wireless Access Point Summary Page opens:

Figure 77 Wireless Access Point Summary Page

The Wireless Access Point Summary Page contains the following fields:

■ Display — Displays access points according to categories. The possible field values are:

■ Discovered APs — Displays the discovered access points.

■ Active APs — Displays the activated access points.

158 CHAPTER 8: DEFINING WLAN

■ All — Displays the access points on the network.





■ Radios — Indicates the radio transceiver type. The field values are:

■ A — Indicates the radio type is 802.11a.

■ G — Indicates the radio type is 802.11g.


■ n — Indicates the radio type is 802.11n.






To configure Wireless Access Points:

1 Click Wireless > Access Point > Setup. The Wireless Access Point Setup Page opens:

Figure 78 Wireless Access Point Setup Page

The Wireless Access Point Setup Page contains the following fields:

■ Access Point — Displays the current Access Points.

■ Activation State — Indicates the access point state. The possible field values are:




■ Radio 802.11b/g— Enables High-frequency and longer transmission ranges.

■ Radio 802.11a— Enables radio 802.11a transmissions.


3 Click . The Access Point is enabled, and the device is updated.


To Reset Access Points:

1 Click Wireless > Access Point > Reset. The Wireless Access Point Reset Page opens:

Figure 79 Wireless Access Point Reset Page

The Wireless Access Point Reset Page contains the following fields:

■ Access Point — Contains a list of either the user-defined access points or the MAC address assigned to wireless networks.

■ All — Resets all the access points.

2 Reset — Resets the selected device.Select the Access Point to be Reset.

■ Click . The Access Point is reset, and the device is updated.


To remove Wireless Access Points:

1 Click Wireless > Access Point > Remove. The Wireless Access Point Setup Page opens:

Figure 80 Wireless Access Point Remove Page

The Wireless Access Point Remove Page contains the following fields:

■ Display — Displays the current Access Points. The optional displays are:

■ All — Displays all Access Points.

■ Discovered APs — Displays discovered Access Points.

■ Active APs — Displays active Access Points.





■ Radios — Indicates the radio transceiver type. The field values are:

■ A — Indicates the radio type is 802.11a.

■ G — Indicates the radio type is 802.11g.



■ n — Indicates the radio type is 802.11n.






3 Click . The Access Point is enabled, and the device is updated.

Defining Wireless Security

The Wireless Configuration section in the wizard provides information for configuring Extended Service Sets (ESS). ESS are the primary method of organizing access points, security, and VLANs in a WLAN network. An ESS are a group of access points that share the same Service Set Identification (SSID).

APs announce their ESS membership by SSID parameter via Beacon frames. When stations roam between the same ESS APs, stations remain connected to the same wired network domain. Since the station remains in the same broadcast domain and IP subnet, the station retains the same IP address while roaming between the same ESS APs.

Configuring Wireless Access Point Security

The Wireless Setup Wizard provides the option to configure access point security as part of the device’s Setup wizard. The wireless configuration following the stage of configuring the basic IP Interfaces and is saved at the end of the process.

To configure Access Point Security:

The Access Point security is configured through the Setup Wizard that appears within the Device Summary Link.

Configuring Wireless Access Point Security 163

Note: The Wireless Configuration Page appears only if the Master Radio Enable checkbox was selected on the System Setup Page.

1 Click Device Summary > Wizard > Wireless Configuration. The Wireless Configuration Page opens:

Figure 81 Wireless Configuration Page

The Wireless Configuration Page contains the following fields:

■ Enabled — Enables the SSID configuration.

■ SSID Name — Displays the Service Set Identifier SSID for the ESS. SSIDs act as a password when a mobile device attempts to connect to the BSS. SSIDs differentiates between WLANs, therefore all access points and devices which comprise the specific WLAN must have the same SSID. Devices not providing a unique SSID are denied network access. Each SSID must be unique, and can contain up-to 32 characters.

■ Security Type — Displays the WLAN security type. The possible field values are:


■ WEP — Indicates that Wired Equivalent Privacy (WEP) is the selected WLAN security method. WEP provides the same security


level as a wired LAN. WEP encrypts data over radio waves during the packet transmission. WEP keys are 40 bit or 104 bit encryption keys.

■ WPA-PSK — Indicates that Wi-Fi Protected Access (WPA) is the selected WLAN security method. WPA is based on WEP, but provides enhanced encryption using Temporal Key Integrity Protocol (TKIP). In addition, WPA improves authentication using EAP. EAP ensures that only authorized network users access the network though secure encryption systems.


■ Passphrase/Key — Indicates the encryption key type.


3 Click . The Wireless Configuration is saved at the end of the wizard setup, and the device is updated.

Defining Wireless Rogue Handling

Access points are constantly scanning wireless channels. Scanning occurs while WLAN stations are being serviced. The WLAN rogue contains information for viewing WLAN rogue statistics. Access points then report the discovered neighbors to the system. The system filters the information and looks for rogue neighbors or known SSIDs. Access points are considered rouges if: An issue occurs in the security configuration.

The access point is located in an Ad-hoc network.

A Organizationally Unique Identifier (OUI) is detected in the rogue BSSID.

WLAN rogues can cause disrupt WLAN service, in addition, stations which are connected to the rogue AP are disconnected.

Defining Wireless Rogue Handling 165

To configure Rogue Handling:

1 Click Wireless > Rogue Handling > Setup. The Rogue Handling Setup Page opens:

Figure 82 Rogue Handling Setup Page

The Rogue Handling Setup Page contains the following fields:

■ Access Point — Contains a list of either the user-defined access points or the MAC address assigned to wireless networks.

■ Scanning Interval — Indicates the scanning Intervals. The possible field values are:

■ Long — Scans for rouges at 240 second intervals.

■ Short — Scans for rouges at 20 second intervals.

■ Medium — Scans for rouges at 150 second intervals.

■ Detect on Radio 802.11b/g — Enables Rogue Detection on the Radio 802.11b/g range.

■ Detect on Radio 802.11a — Enables Rogue Detection on Radio 802.11a range.

2 Select the Access Point to be configured.

3 Enable Radio 802.11b/g or Radio 802.11a Rogue Handling detection.


4 Click . Rouge Handling is enabled, and the device is updated.

To view Wireless Rogue Handling:

1 Click Wireless > Rogue Handling > Display. The Rogue Handling Display Page opens:

Figure 83 Rogue Handling Display Page

The Rogue Handling Display Page contains the following fields:

■ Sort by — Defines the parameter that will be applied to displaying the table. The possible field values are:

■ SSID — Sorts according to the access point Service Set IDentifier (SSID) associated with the rogue. The SSID is the name of the ESS to which the transceiver belongs.

■ Status — Sorts according to the Rogue status.

■ Mac Address — Sorts according to the MAC address associated with the rogue WLAN device.

■ Radio — Sorts according to the selected Radio Interface.

■ Last Time Heard — Sorts according to the last time the rogue was detected on wireless network.

■ Channel — Sorts according to the access point channel used from which the rogue is transmitting.

Defining Wireless Rogue Handling 167

■ Status — Defines the Rogue status. The possible field values are:

■ Known — Indicates the rogue is known to the system.

■ Unknown — Indicates the rogue is unknown to the system.

2 Select an Access Point to from the List.

3 Click . The table information is cleared.

4 Select a field from the Sort by drop-down list.

5 Once the detected access points appears in the table, define the Status for each access point.

6 Click . The table is updated, and the device is updated.


Mitigating Rogue Handling

The Rogue Handling Mitigate Page allows network managers to configure WLAN mitigation. Deleting a rogue AP does not mitigate or suppress the rogue. If the rogue AP is still physically present and active, it will still appear in the Rogue Access Point list after scanning for rogue APs.

To configure Rogue Mitigation:

1 Click Wireless > Rogue Handling > Mitigate. The Rogue Handling Mitigate Page opens:

Figure 84 Rogue Handling Mitigate Page

The Rogue Handling Mitigate Page contains the following fields:

■ Sort by — Defines the parameter that will be applied to displaying the table. The possible field values are:

■ SSID — Sorts according to the access point Service Set IDentifier (SSID) associated with the rogue. The SSID is the name of the ESS to which the transceiver belongs.

■ Status — Sorts according to the Rogue status.

■ Mac Address — Sorts according to the MAC address associated with the rogue WLAN device.

■ Radio — Sorts according to the selected Radio Interface.

Defining Wireless Radio Settings 169

■ Last Time Heard — Sorts according the last time the rogue was detected on wireless network.

■ Channel — Sorts according to the access point channel used from which the rogue is transmitting.

■ Mitigate — Sorts by mitigated access point channels.

2 Select an option from Sort by drop-down list to display the table.

3 Once the table appears, select the check box to enable mitigation for each access point.

4 Click . The Mitigation table is updated, and the device is updated.

Defining Wireless Radio Settings

Access Points can have up-to two radio interfaces. However, each radio interface is configured and controlled separately. Radio interfaces inherit the common configuration parameters from the ESS configuration. This section contains information for defining WLAN Radio settings, and includes the following topics:

■ Defining 802.11b/g Radio Settings

■ Configuring Radio 802.11a Settings

Defining 802.11b/gRadio Settings

WLAN communications are transmitted via radio waves. The “Defining 802.11b/g Radio Settings” allows network managers to configure WLAN Radio settings for transmitting WLAN communications.


To view Radio 802.11 b/g Settings:

1 Click Wireless > Radio 802.11b/g > Summary. The 802.11b/g Radio Summary Page opens:

Figure 85 802.11b/g Radio Summary Page

The 802.11b/g Radio Summary Page contains the following fields:

■ Access Point Name — Displays the specific access point to which the radio settings are assigned.

■ VAP — Displays the virtual access point number.

■ SSID Broadcast — Indicates SSID Broadcasting is enabled. SSID Broadcasting allows access points to advertise their presence several times per second by broadcasting beacon frames that carry the SSID Name.

■ BSSID — Defines the Basic Service set by SSID.

■ Profile — Displays the Profile Name.

2 Select the Access Point to be displayed from the drop-down list.


To configure the Radio 802.11b/g Settings:

1 Click Wireless > Radio 802.11b/g > Setup. The Radio 802.11b/g Setup Page opens:

Figure 86 Radio 802.11b/g Setup Page

The Radio 802.11b/g Setup Page contains the following fields:

■ Access Point — Displays the specific access point to which the radio settings are assigned.

■ RTS Threshold — Defines the Request-to-Send (RTS) Threshold that reduces collisions when multiple stations are within a specific common access point range but outside range of each other.

■ Beacon Interval — Indicates the access point beacon transmission rates.

■ Short Preamble — Indicates that a short preamble is enabled. Radio preambles contain data that the access point and the client devices use for sending and receiving packets. A short preamble improves the system’s performance.

■ Power Level — Indicates the access point’s power settings. The possible field values are:

■ Max — Defines a Maximum power setting relative to the selected country’s device power regulations.

■ Half — Defines half of the maximum power relative to the selected country’s device power regulations.


■ Quarter — Defines a quarter of the maximum power relative to the selected country’s device power regulations.

■ Eighth — Defines an eighth of the maximum power relative to the selected country’s device power regulations.

■ Minimum — Sets the power to the minimum power settings relative to the selected country’s device power regulations.

■ Auto-Channel — Enables access point channeling.

■ Channel — Displays the user-defined channel.

2 Select the Access Point.

3 Select the relevant Radio 802.11b/g fields.

4 Click . The Radio 802.11b/g option is enabled, and the device is updated.

Managing VAPs VAPs are virtual access points and are based on (VAP) technology on 802.11a, 802.11b and 802.11g standards. VAP enables a single device to be divided, with each layer being assigned different usage rights.


To Manage VAPs:

1 Click Wireless > Radio 802.11b/g > Manage VAPs. The Radio 802.11b/g Manage VAPs Page opens:

Figure 87 Radio 802.11b/g Manage VAPs Page

The Radio 802.11b/g Manage VAPs Page contains the following fields:


■ Remove — Removes VAP management for the specific VAP.

■ Select — Enables VAP management for the specific VAP.

■ VAP — Displays the VAP (Virtual Access Point).

■ BSSID — Defines the Basic Service set by the SSID.

■ Suppress SSID Broadcast — Enables SSID Broadcast Suppression.


■ Radio Type — Displays the radio type attached to the BSS. The possible field values are:


■ 802.11g — Indicates that the radio attached to the BSS in 802.11g.

■ 802.11b/g — Indicates that the radio attached to the BSS in 802.11b/g.

■ Data Rate — Indicates the rate at which data is transferred. . The data rage can help ensure the link quality between the client device and the access point. The default wireless data rates are 1, 2, 5.5, and 11Mbps. The possible field values are:

■ Mandatory – Indicates the device must transmit or communicate at this data rate.

■ Optional – Indicates the device can communicate at this date rate, but does not transmit at the selected data rate.

■ Not Allowed – Indicates the device cannot transmit or communicate at this data rate.

2 Select the Access Point to be configured.


4 Click . VAP Management is enabled, and the device is updated.

Configuring Radio 802.11a Settings

WLAN communications are transmitted via radio waves. The Radio 802.11a Summary Page allows network managers to configure WLAN Radio settings for transmitting WLAN communications.

Configuring Radio 802.11a Settings 175

To view Radio 802.11a Settings:

1 Click Wireless > Radio 802.11a > Summary. The Radio 802.11a Summary Page opens:

Figure 88 Radio 802.11a Summary Page

The Radio 802.11a Summary Page contains the following fields:


■ DFS Status — Indicates the current Dynamic Frequency Selection (DFS) status. DFS permits the system to scan and switch to different channels. DFS listens for signals and monitors operating spectrums. IF DFS detects a signal, the channel associated with the signal is vacated or tagged as unavailable. The possible field values is:

■ Scanning – Indicates the system is currently scanning channels.

■ VAP — Displays the Virtual Access Point number.

■ SSID Broadcast — Indicates that SSID Broadcasting is enabled.

■ BS SID — Defines the Basic Service set by the SSID.


Select the access point to be displayed from the drop-down list.


Defining Radio 802.11a Settings

To configure Radio 802.11a Settings:

1 Click Wireless > Radio 802.11a > Setup. The Radio 802.11a Setup Page opens:

Figure 89 Radio 802.11a Setup Page

The Radio 802.11a Setup Page contains the following fields:


■ RTS Threshold — Defines the Request-to-Send (RTS) Threshold that reduces collisions when multiple stations are within a specific common access point range but outside range of each other.

■ Beacon Interval — Indicates the access point beacon transmission rates.

■ Power Level — Indicates the access point’s power setting. The possible field values are:

Managing VAPs 177

■ Max — Defines a Maximum power setting relative to the selected country’s device power regulations.

■ Half — Defines half of the maximum power relative to the selected country’s device power regulations.

■ Quarter — Defines a quarter of the maximum power relative to the selected country’s device power regulations.

■ Eighth — Defines an eighth of the maximum power relative to the selected country’s device power regulations.

■ Minimum — Sets the power to the minimum power settings relative to the selected country’s device power regulations.

■ Auto-Channel — Enables the access point channeling.

■ Channel — Displays the user-defined access point channel.

2 Select the Access Point.

3 Define the Radio 802.11a fields.

4 Click . The Radio 802.11a option is enabled, and the device is updated.

Managing VAPs VAPs are virtual access points and is based on (VAP) technology on 802.11a, 802.11b and 802.11g standards. VAP enables a single device to be divided, with each layer being assigned different usage rights.


To manage VAPs:

1 Click Wireless > Radio 802.11a > Manage VAPs. The Radio 802.11a Manage VAPs Page opens:

Figure 90 Radio 802.11a Manage VAPs Page

The Radio 802.11a Manage VAPs Page contains the following fields:


■ Remove — Removes VAP management for the specific VAP.

■ Select — Enables VAP management for the specific VAP.

■ VAP — Displays the VAP (Virtual Access Point).

■ VAP Enabled — Enables VAP management.

■ BSSID — Defines the Basic Service set by the SSID.

■ Suppress SSID Broadcast — Enables SSID Broadcast Suppression.


■ Radio Type — Displays the radio type attached to the BSS. The possible field values are:

Viewing WLAN Profiles 179

■ 802.11a — Indicates that the radio attached to the BSS in 802.11a.

■ Data Rate - Indicates the rate at which data is transferred. . The data rage can help ensure the link quality between the client device and the access point. The default wireless data rates are 1, 2, 5.5, and 11Mbps. The possible field values are:

■ Mandatory – Indicates the device must transmit or communicate at this data rate.

■ Optional – Indicates the device can communicate at this date rate, but does not transmit at the selected data rate.

■ Not Allowed – Indicates the device cannot transmit or communicate at this data rate.

Viewing WLAN Profiles

The Profiles Summary Page allows network managers to define profiles and rules for accessing the device. Just one profile can be defined per ESS and contains configurations of security type, MAC address filtering, load


balancing, QoS and VLAN are belonged to this ESS. Viewing Wireless Profiles:

1 Click Wireless > Profiles> Summary . The Profiles Summary Page Profiles Summary Page opens:

Figure 91 Profiles Summary Page

■ Profile Name SSID —Displays the Profile Name.

■ QoS Mode — Determines the QoS mode on the interface. The possible values are:

■ WMM — Indicates that QoS is enabled for Wi-Fi Multimedia (EDCF).

■ None — Indicates that QoS mode is disabled.

■ MAC Address Control Status —Indciates the MAC address control status.

■ Security Suite — Defines the WLAN Security method applied.

■ VLAN — Defines the VLAN associated with the access point.

Defining WLAN Profiles 181

Defining WLAN Profiles

To configure WLAN profiles:

1 Click Wireless > Profiles > Setup. The Profiles Summary Page Profiles Setup Page opens:

Figure 92 Profiles Setup Page

The Profiles Setup Page contains the following fields:

■ Profile Name (SSID) — Displays the user-defined WLAN profile name.

■ Profile Name Index — Displays the WLAN profile index.


Modifying WLAN Profiles

To Modify the Profiles Page:

1 Click Wireless > Profiles > Modify. The Profiles Modify Page Profiles Modify Page opens:

Figure 93 Profiles Modify Page

The Profiles Modify Page contains the following fields:

■ Profile Name (SSID) — Displays the user-defined WLAN profile name.

■ Rename SSID— Enables renaming of SSID.

■ Load Balancing — Enables the even distribution of data or processing packets across available network resources. For example, load balancing may distribute the incoming packets evenly to all servers, or redirect the packets to the next available server.

■ Disable — Indicates that load balancing is not enabled for the wireless network. If load balancing is not enabled, the system autonomously provides services to stations. However, this may result in uneven stations distribution between AP.

Modifying WLAN Profiles 183

■ At Association — Enables load balancing with the associated station. Stations can be moved to an adjacent access point when load balancing is set to At Association. Services are assigned when the stations associate with the access point. If there is a access point which is not as busy, the station to access point association is rejected.

■ Periodically — Enables load balancing to occur at a fixed time period. Stations are moved to less busy APs in the ESS based on load balancing periods.




■ VLAN — Displays the VLAN mapped to the SSID.

■ Security Type — Defines the WLAN Security type. The security type options are:



■ Open WEP — Enables Open WEP. Open WEP authenticates only with WEP encryption.

Open-WEP, shared WEP, and Open-shared-WEP security suites cannot be enabled simultaneously.

■ Shared WEP — Enables Shared WEP. Shared authentication only with WEP encryption.

■ Open-Shared WEP — Enables Shared WEP. Open or shared authenticates with WEP encryption.

■ Key Input — Indicates the key type used for authentication. The possible field values are:

■ Hex — Authenticates using an Hex key. One hexadecimal character is 4 bits.


■ ASCII — Authenticates using an ASCII key. Each letter, number, or symbol, is 8 bits.

■ WEP Key — Indicates the WEP key used for authentication.

■ WPA — Indicates that Wi-Fi Protected Access (WPA) is the selected WLAN security method. WPA is based on WEP, but provides enhanced encryption using Temporal Key Integrity Protocol (TKIP). In addition, WEP improves authentication using EAP. EAP ensures that only authorized network users access the network though secure encryption systems.

■ WPA2-PSK — Indicates that WPA2-PSK is the selected WLAN security method.

■ Network Key — Indicates that network key is the selected WLAN security method.


■ Network Key — Indicates that network key is the selected WLAN security method.

■ 802.1X — Indicates that 802.1x authentication is enabled.

■ MAC Address Control List — Displays the MAC addresses on which the WLAN profile is enabled.

■ Disable — Disables source MAC address filtering on an ESS.

■ Deny — Denies stations with a MAC address in the MAC-address-filtering list.

■ Permit — Permits only stations with a MAC address in the MAC-address-filtering list

■ Add MAC Address — Allows network managers to create new MAC address for filtering.

■ New MAC Address — Creates a new MAC address for filtering.

■ Select from List —Allows network managers to select a previously created MAC address from the list.

■ Remove Selected MAC Address — Deletes MAC addresses.

Removing WLAN Profiles 185

Removing WLAN Profiles

The Profiles Remove Page allows network managers to delete profiles and rules for accessing the device. Deleting Wireless Profiles:

1 Click Wireless > Profiles > Remove. The Profiles Summary Page Profiles Remove Page opens:

Figure 94 Profiles Remove Page

The Profiles Remove Page contains the following fields:

■ Profile Name SSID —Displays the Profile Name.




■ MAC Address Control Status —Indciates the MAC address control status.

■ Security Suite — Defines the WLAN Security method applied.

■ VLAN — Defines the VLAN associated with the access point.


Viewing WLAN Stations

The Wireless Stations Summary Page provides information to network manager regarding the stations associated with the access point. To view the WLAN stations:

1 Click Wireless > Stations > Summary. The Wireless Stations Summary Page opens:

Figure 95 Wireless Stations Summary Page

The Wireless Stations Summary Page contains the following fields:

■ MAC Address — Displays the MAC address attached to the WLAN station.

■ Type — Displays the WLAN

■ IP Address — Displays the WLAN station’s IP address.

■ State — Indicates the station’s current status. The possible field values are:

■ Associated — Indicates that the station is currently associated with the wireless network but has not been authorized and authenticated.

■ Authorized — Indicates that the station is currently in the authorization process and waiting for authentication.

Removing WLAN Stations 187

■ Authenticated — Indicates that the station has been authenticated.

■ Access Point— Displays the access point associated with the wireless station.

■ SSID — Displays the SSID associated with the wireless network.

■ Security — Displays Security suite used to protect station communications.

■ VLAN — Displays the VLAN on which the WLAN station is located.

■ Session Time — Indicates the amount of time the station has been connected to the access point.

Removing WLAN Stations

The Removing WLAN Stations page provides information to network manager regarding removing stations associated with the access point. To remove WLAN stations

Figure 96 Removing Wireless Stations Page:

The Removing WLAN Stations page contains the following fields:


■ Remove — Removes stations associated with the access point. The possible field values for:

■ Checked — Removes the selected WLAN stations

■ Unchecked — Maintains the WLAN stations.

■ MAC Address — Displays the MAC address attached to the WLAN station.

■ Type — Displays the WLAN station type.

■ IP Address— Displays the WLAN station’s IP address.

■ State — Indicates the station’s current status. The possible field values are:

■ Associated — Indicates that the station is currently associated with the wireless network but has not been authorized and authenticated.

■ Authorized — Indicates that the station is currently in the authorization process and waiting for authentication.

■ Authenticated — Indicates that the station has been authenticated.

■ Access Point— Displays the access point associated with the wireless station.

■ SSID — Displays the SSID associated with the wireless network.

■ Security — Displays Security suite used to protect station communications.

■ VLAN — Displays the VLAN on which the WLAN station is located.

■ Session Time — Indicates the amount of time the station has been connected to the access point.

Defining WLAN Power Settings 189

Defining WLAN Power Settings

The WLAN Radio Power Settings Page allows network managers to define WLAN radio power settings. To define WLAN radio power settings:

1 Click Wireless > Power Settings. The WLAN Radio Power Settings Page opens:

Figure 97 WLAN Radio Power Settings Page

The WLAN Radio Power Settings Page contains the following fields:

■ Auto Adjust Signal Strength — Enables adjusting the target signal strength received by closest access point. The possible field values are:

■ Checked — Enables automatic signal adjustments.

■ Unchecked — Disables automatic signal adjustments.

9
CONFIGURING IP INFORMATION
This section contains information for defining IP interfaces, and includes the following sections:

■ Defining IP Addressing

■ Configuring ARP

■ Configuring Address Tables

Defining IP Addressing 191

Defining IP Addressing

The IP Interface Setup Page contains fields for assigning IP addresses. Packets are forwarded to the default IP when frames are sent to a remote network. The configured IP address must belong to the same IP address subnet of one of the IP interfaces.

To define an IP interface:

1 Click Administration > IP Addressing > IP Interface > Setup. The IP Interface Setup Page opens:

Figure 98 IP Interface Setup Page

The IP Interface Setup Page contains the following fields:

■ Configuration Method — Indicates if the IP address has been configured statically or added dynamically. The possible field values are:

■ Static — Indicates that the IP Interface is configured by the user.

■ DHCP — Indicates that the IP Interface is dynamically created.




2 Select Manual or DHCP mode.



192 CHAPTER 9: CONFIGURING IP INFORMATION

3 If Manual has been selected, configure the IP Address, Subnet Mask and Default Gateway.

4 Click . The IP configuration is enabled, and the device is updated.

Configuring ARP 193

Configuring ARP The Address Resolution Protocol (ARP) converts IP addresses into physical addresses, and maps the IP address to a MAC address. ARP allows a host to communicate with other hosts only when the IP address of its neighbors is known. To view ARP Settings:

1 Click Administration > IP Addressing > ARP Settings > Summary. The ARP Settings Summary Page opens:

Figure 99 ARP Settings Summary Page

The ARP Settings Summary Page contains the following fields:

■ Interface — Displays the interface type for which ARP parameters are displayed. The possible field value is:

■ VLAN — Indicates the VLAN for which ARP parameters are defined.

■ IP Address — Indicates the station IP address, which is associated with the MAC Address.

■ MAC Address — Displays the station MAC address, which is associated in the ARP table with the IP address.

■ Status — Displays the ARP table entry type. Possible field values are:

■ Dynamic — Indicates the ARP entry is learned dynamically.


■ Static — Indicates the ARP entry is a static entry.

Defining ARP Interface Settings 195

Defining ARP Interface Settings

To configure ARP Entries:

1 Click Administration > IP Addressing > ARP Settings > Setup. The ARP Settings Setup Page opens:

Figure 100 ARP Settings Setup Page

The ARP Settings Setup Page allows network managers to define ARP parameters for specific interfaces. The ARP Settings Setup Page contains the following fields:

■ Interface — Displays the interface type for which ARP parameters are displayed. The possible field value is:

■ VLAN — Indicates the VLAN for which ARP parameters are defined.

■ IP Address — Indicates the station IP address, which is associated with the MAC address filled in below.

■ MAC Address — Displays the station MAC address, which is associated in the ARP table with the IP address.

■ ARP Entry Age Out — Specifies the amount of time (in seconds) that passes between ARP Table entry requests. Following the ARP Entry Age period, the entry is deleted from the table. The range is 1 - 40000000. The default value is 60000 seconds.


■ Clear ARP Table Entries — Specifies the types of ARP entries that are cleared. The possible values are:

■ None — Maintains the ARP entries.

■ All — Clears all ARP entries.

■ Dynamic — Clears only dynamic ARP entries.

■ Static — Clears only static ARP entries.


3 Click . The ARP parameters are defined, and the device is updated.

Removing ARP Entries To remove ARP Entries:

1 Click Administration > IP Addressing > ARP Settings > Remove. The ARP Settings Remove Page opens:

Figure 101 ARP Settings Remove Page

The ARP Settings Remove Page provides parameters for removing ARP entries from the ARP Table. The ARP Settings Remove Page contains the following fields:

■ Remove — Removes a specific ARP entry. The possible field values are:

■ Checked — Removes the selected ARP entries.

Defining ARP Interface Settings 197

■ Unchecked — Maintains the current ARP entries.


Configuring Address Tables

MAC addresses are stored in either the Static Address or the Dynamic Address databases. A packet addressed to a destination stored in one of the databases is forwarded immediately to the port. The Dynamic Address Table can be sorted by interface, VLAN, and MAC Address. MAC addresses are dynamically learned as packets from sources arrive at the device . Addresses are associated with ports by learning the ports from the frames source address. Frames addressed to a destination MAC address that is not associated with any port, are flooded to all ports of the relevant VLAN. Static addresses are manually configured. In order to prevent the bridging table from overflowing, dynamic MAC addresses, from which no traffic is seen for a certain period, are erased.

1 Click Wired Ports>Address Tables > Static Addresses. The Port Settings Setup Page opens:

Figure 102 Static Addresses Summary Page

The Static Addresses Summary Page contains the following fields:


■ MAC Address — Displays the static MAC address.

■ Interface — Displays the interface.

Configuring Address Tables 199

■ Status —Displays the static address status. The possible field values are:






Defining Static Addresses

The Static Addresses Setup Page contains a list of static MAC addresses. Static Address can be added and removed from the Static Address Table page. In addition, several MAC Addresses can be defined for a single port.

1 Click Wired Ports>Address Tables > Static Addresses. The Static Addresses Setup Page opens:

Figure 103 Static Addresses Setup Page



■ MAC address — The MAC addresses listed in the current static addresses list.

■ VLAN ID — The VLAN ID attached to the MAC Address, and a VLAN called a Routed Interface.Routed Interfaces are the internally-used VLANs assigned to an port or trunk on which an IP address is configured.

■ VLAN Name — User-defined VLAN name.

■ Status — MAC address status. Possible values are:



Defining Static Addresses 201




Viewing Dynamic Addresses

The Dynamic MAC Address contains information for querying information in the dynamic address table, including the interface type, MAC addresses, VLAN, and table sorting. Packets forwarded to an address stored in the address table are forwarded directly to those ports. The Dynamic MAC Address page also contains information about the aging time before a dynamic MAC address is erased, and includes parameters for querying and viewing the Dynamic Address list. The Current Address Table contains dynamic address parameters by which packets are directly forwarded to the ports.

■ Click Wired Ports >Address Tables > Dynamic Addresses. The Dynamic Addresses Summary Page opens:

Figure 104 Dynamic Addresses Summary Page

The Dynamic Addresses Summary Page contains the following fields and button:

■ Query — Updates the Dynamic Address table.

Viewing Dynamic Addresses 203

■ Aging Interval (10-630) — Specifies the amount of time the MAC Address remains in the Dynamic MAC Address before it is timed out if no traffic from the source is detected. The default value is 300 seconds.

■ Clear Table — Clears the Dynamic Address table when checked.

■ Interface — Specifies the interface for which the table is queried. There are two interface types from which to select. Port or LAG

■ MAC Address — Specifies the MAC address for which the table is queried.

■ VLAN ID — The VLAN ID for which the table is queried.

■ Address Table Sort Key — Specifies the means by which the Dynamic Address Table is sorted. The address table can be sorted by address, VLAN or interface.

2 Select the check box to remove the selected ARP entries.

3 Click . The ARP entries are deleted, and the device is updated.

10
CONFIGURING MULITCAST FORWARDING
This section contains information for configuring Multicast forwarding, and includes the following sections:

■ Defining IGMP Snooping

■ Defining Multicast Groups

■ Defining Router Groups

Defining IGMP Snooping 205

Defining IGMP Snooping

When IGMP Snooping is enabled globally, all IGMP packets are forwarded to the CPU. The CPU analyzes the incoming packets and determines:

■ Which ports want to join which Multicast groups.

■ Which ports have Multicast routers generating IGMP queries.

■ Which routing protocols are forwarding packets and Multicast traffic.

Ports requesting to join a specific Multicast group issue an IGMP report, specifying that Multicast group is accepting members. This results in the creation of the Multicast filtering database.

To view IGMP Snooping configuration:

1 Click Policy > Multicast > IGMP Snooping > Summary. The IGMP Snooping Summary Page opens:

Figure 105 IGMP Snooping Summary Page

The IGMP Snooping Summary Page contains the following fields:


■ IGMP Snooping Status — Indicates if IGMP snooping is enabled on the VLAN. The possible field values are:

206 CHAPTER 10: CONFIGURING MULITCAST FORWARDING

■ Enabled — Enables IGMP Snooping on the VLAN.

■ Disabled — Disables IGMP Snooping on the VLAN.

■ Auto Learn — Indicates if Auto Learn is enabled on the device. If Auto Learn is enabled, the devices automatically learns where other Multicast groups are located. Enables or disables Auto Learn on the Ethernet device. The possible field values are:

■ Enabled — Enables auto learn.

■ Disabled — Disables auto learn.

■ Host Timeout — Indicates the amount of time host waits to receive a message before timing out. The field range is 1-2147483648. The default time is 260 seconds.

■ MRouter Timeout — Indicates the amount of the time the Multicast router waits to receive a message before it times out. The field range is 1-2147483648. The default value is 300 seconds.

■ Leave Timeout — Indicates the amount of time the host waits, after requesting to leave the IGMP group and not receiving a Join message from another station, before timing out. If a Leave Timeout occurs, the switch notifies the Multicast device to stop sending traffic The Leave Timeout value is either user-defined, or an immediate leave value. The field range is 1-2147483648. The default timeout is 10 seconds.

Enabling IGMP Snooping 207

Enabling IGMP Snooping

The IGMP Snooping Setup Page allows network manages to define IGMP Snooping parameters:

To enable IGMP Snooping:

1 Click Policy > Multicast > IGMP Snooping > Setup. The IGMP Snooping Setup Page opens:

Figure 106 IGMP Snooping Setup Page

The IGMP Snooping Setup Page contains the following fields:

■ IGMP Snooping Status — Indicates if IGMP Snooping is enabled on the device. IGMP Snooping can be enabled only if Bridge Multicast Filtering is enabled. The possible field values are:

■ Enable — Indicates that IGMP Snooping is enabled on the device.

■ Disable — Indicates that IGMP Snooping is disabled on the device.


■ IGMP Snooping Status — Indicates if IGMP snooping is enabled on the VLAN. The possible field values are:

■ Enable — Enables IGMP Snooping on the VLAN.

■ Disable — Disables IGMP Snooping on the VLAN.


■ Auto Learn — Indicates if Auto Learn is enabled on the device. If Auto Learn is enabled, the devices automatically learns where other Multicast groups are located. Enables or disables Auto Learn on the Ethernet device. The possible field values are:

■ Enable — Enables auto learn.

■ Disable — Disables auto learn.

■ Host Timeout — Indicates the amount of time host waits to receive a message before timing out. The default time is 260 seconds.

■ MRouter Timeout — Indicates the amount of the time the Multicast router waits to receive a message before it times out. The default value is 300 seconds.

■ Leave Timeout — Indicates the amount of time the host waits, after requesting to leave the IGMP group and not receiving a Join message from another station, before timing out. If a Leave Timeout occurs, the switch notifies the Multicast device to stop sending traffic The Leave Timeout value is either user-defined, or an immediate leave value. The default timeout is 10 seconds.

2 Select Enable IGMP Snooping.


4 Click . IGMP Snooping is enabled, and the device is updated.

Defining Multicast Groups 209

Defining Multicast Groups

The Multicast Group Summary Page displays the ports and LAGs attached to the Multicast service group in the Ports and LAGs tables. The Port and LAG tables also reflect the manner in which the port or LAGs joined the Multicast group. Ports can be added either to existing groups or to new Multicast service groups. The Multicast Group Summary Page permits new Multicast service groups to be created. The Multicast Group Summary Page also assigns ports to a specific Multicast service address group.

To view Multicast Groups:

1 Click Policy > Multicast > Multicast Group > Group Summary. The Multicast Group Summary Page opens:

Figure 107 Multicast Group Summary Page

The Multicast Group Summary Page contains the following information:

■ VLAN ID — Identifies a VLAN and contains information about the Multicast group address.

■ Multicast Address — Identifies the Multicast group MAC address/IP address.


To enable Multicast Filtering:

1 Click Policy > Multicast > Multicast Group > Setup Group. The Multicast Group Setup Page opens:

Figure 108 Multicast Group Setup Page

The Multicast Group Setup Page contains the following information:

■ Enables Bridge Multicast Filtering — Indicate if bridge Multicast filtering is enabled on the device. The possible field values are:

■ Enabled — Enables Multicast filtering on the device.

■ Disabled — Disables Multicast filtering on the device. If Multicast filtering is disabled, Multicast frames are flooded to all ports in the relevant VLAN. Disabled is the default value.


■ Bridge Multicast IP Address — Identifies the Multicast group IP address.

■ Bridge Multicast MAC Address — Identifies the Multicast group MAC address.


3 Click . The Multicast group is defined, and the device is updated.


To configure Port Setup:

1 Click Policy > Multicast > Multicast Group > Setup Port. The Multicast Port Setup Page opens:

Figure 109 Multicast Port Setup Page

The Multicast Port Setup Page contains the following information:


■ Bridge Multicast IP Address — Identifies the Multicast group IP address.

■ Bridge Multicast IP Address — Identifies the Multicast group MAC address.

■ Interface — Displays the port number.

■ Interface Status— Indicates the port status. The possible field values are:

■ Static — Attaches the port to the Multicast group as static member.

■ Forbidden — Indicates the port is not included in the Multicast group, even if IGMP snooping designated the port to join a Multicast group.


■ Excluded — Excludes the interface from the Multicast group.

■ None — Indicates the port is not part of a Multicast group.

2 Select the Interface Status.

3 Click . The Interface Status is set, and the device is enabled.

To view Port Details:

1 Click Policy > Multicast > Multicast Group > Port Details. The Multicast Port Details Page opens:

Figure 110 Multicast Port Details Page

The Multicast Port Details Page contains the following information:


■ Bridge Multicast Address — Identifies the Multicast group MAC/IP address.

■ Ports/LAG — Ports that can be added to a Multicast service.








To remove Multicast Groups:

1 Click Policy > Multicast > Multicast Group > Remove Group. The Multicast Port Remove Group Page opens:

Figure 111 Multicast Port Remove Group Page

The Multicast Port Remove Group Page contains the following information:

■ Remove — Removes the selected access profile. The possible field values are:

■ Checked — Removes the selected multicast group.

■ Unchecked — Maintains the selected multicast group.



■ Multicast Address — Identifies the Multicast group MAC/IP address.

2 Select the VLAN ID to be removed.

3 Click . The Multicast group is deleted, and the device is updated.

Defining Router Groups 215

Defining Router Groups

The Multicast Router Group Summary Page allows net work managers to define Multicast groups.

To view Multicast Router Groups:

1 Click Policy > Multicast > Router Group. The Multicast Router Group Summary Page opens:

Figure 112 Multicast Router Group Summary Page

The Multicast Router Group Summary Page contains the following information:


■ Ports/LAG — Displays status table according to Port/LAG.







■ None — Indicates the port is not part of a Multicast group

To modify Multicast Router Group Status:

1 Click Policy > Multicast > Router Group. The Multicast Router Group Modify Page opens:

Figure 113 Multicast Router Group Modify Page

The Multicast Router Group Modify Page contains the following information:








Defining Router Groups 217

2 Modify the Interface Status.

3 Click . The Interface Status is modified, and the device is updated.

11
CONFIGURING SPANNING TREE
This section contains information for configuring STP. The Spanning Tree Protocol (STP) provides tree topography for any arrangement of bridges. STP also provides a single path between end stations on a network, eliminating loops.

Loops occur when alternate routes exist between hosts. Loops in an extended network can cause bridges to forward traffic indefinitely, resulting in increased traffic and reducing network efficiency.

The device supports the following STP versions:

■ Classic STP — Provides a single path between end stations, avoiding and eliminating loops. For more information on configuring Classic STP, see Defining Classic Spanning Tree for Ports.

■ Rapid STP — Detects and uses network topologies that provide faster convergence of the spanning tree, without creating forwarding loops. For more information on configuring Rapid STP, see Defining Rapid Spanning Tree.

■ Multiple STP — Provides various load balancing scenarios. For example, if port A is blocked in one STP instance, the same port can be placed in the Forwarding State in another STP instance. For more information on configuring Multiple STP, see Defining Multiple Spanning Tree.


■ Configuring Classic Spanning Tree

■ Defining Rapid Spanning Tree

■ Defining Multiple Spanning Tree

Defining Classic Spanning Tree for Ports 219

Defining Classic Spanning Tree for Ports

Network administrators can assign STP settings to specific interfaces using the Classic STP Summary Page. The Global LAGs section displays the STP information for Link Aggregated Groups. To assign STP settings to an interface:

To view Classic STP:

1 Click Policy > Spanning Tree > Classic STP > Summary. The Classic STP Summary Page opens:

Figure 114 Classic STP Summary Page

The Classic STP Summary Page contains the following fields:

■ Port — The interface for which the information is displayed.

■ STP — Indicates if STP is enabled on the port. The possible field values are:

■ Enable — Indicates that STP is enabled on the port.

■ Disable — Indicates that STP is disabled on the port.

■ Port Fast — Indicates if Fast Link is enabled on the port. If Fast Link mode is enabled for a port, the Port State is automatically placed in

220 CHAPTER 11: CONFIGURING SPANNING TREE

the Forwarding state when the port link is up. Fast Link optimizes the STP protocol convergence. STP convergence can take 30-60 seconds in large networks.

■ Root Guard — Restricts the interface from acting as the root port of the switch.

■ Port State — Displays the current STP state of a port. If enabled, the port state determines what forwarding action is taken on traffic. Possible port states are:

■ Forwarding — Indicates that the port forwards traffic while learning MAC addresses.

■ Port Role — Displays the port role assigned by the STP algorithm to provide to STP paths. The possible field values are:

■ Root — Provides the lowest cost path to forward packets to the root switch.

■ Designated — The port or LAG through which the designated switch is attached to the LAN.

■ Alternate — Provides an alternate path to the root switch from the root interface.

■ Backup — Provides a backup path to the designated port path toward the Spanning Tree leaves. Backup ports occur only when two ports are connected in a loop by a point-to-point link, or when a LAN has two or more connections connected to a shared segment.

■ Disabled — The port is not participating in the Spanning Tree.

■ Speed — Indicates the speed at which the port is operating.

■ Path Cost — Indicates the port contribution to the root path cost. The path cost is adjusted to a higher or lower value, and is used to forward traffic when a path is re-routed.

■ Priority — Priority value of the port. The priority value influences the port choice when a bridge has two ports connected in a loop. The priority range is between 0 -240. The priority value is determined in increments of 16.

■ Designated Bridge ID — Indicates the bridge priority and the MAC Address of the designated bridge.

■ Designated Port ID — Indicates the selected port priority and interface.

Defining Classic Spanning Tree for Ports 221

■ Designated Cost — Indicates the cost of the port participating in the STP topology. Ports with a lower cost are less likely to be blocked if STP detects loops.

■ Forward Transitions — Indicates the number of times the port has changed from Forwarding state to Blocking state.


Configuring Classic Spanning Tree

To configure Classic STP Setup:

1 Click Policy > Spanning Tree > Classic STP > Setup. The Classic STP Setup Page opens:

Figure 115 Classic STP Setup Page

The Classic STP Setup Page contains the following fields:

■ Global Settings

■ Bridge Settings

■ Designated Root Settings

Global Setting Parameters

■ Spanning Tree State — Indicates whether STP is enabled on the device. The possible field values are:

■ Enable — Enables STP on the device.

■ Disable — Disables STP on the device.

■ STP Operation Mode — Specifies the STP mode that is enabled on the device. The possible field values are:

Configuring Classic Spanning Tree 223

■ Classic STP — Enables Classic STP on the device. This is the default value.

■ Rapid STP — Enables Rapid STP on the device.

■ Multiple STP — Enables Multiple STP on the device.

■ BPDU Handling — Determines how BPDU packets are managed when STP is disabled on the port or device. BPDUs are used to transmit spanning tree information. The possible field values are:

■ Filtering — Filters BPDU packets when spanning tree is disabled on an interface. This is the default value.

■ Flooding — Floods BPDU packets when spanning tree is disabled on an interface.

■ Path Cost Default Values — Specifies the method used to assign default path cost to STP ports. The possible field values are:

■ Short — Specifies 1 through 65,535 range for port path cost. This is the default value.

■ Long — Specifies 1 through 200,000,000 range for port path cost. The default path cost assigned to an interface varies according to the selected method (Hello Time, Max Age, or Forward Delay).

Bridge Setting Parameters

■ Priority — Specifies the bridge priority value. When switches or bridges are running STP, each is assigned a priority. After exchanging BPDUs, the device with the lowest priority value becomes the Root Bridge. The field range is 0-61440. The default value is 32768. The port priority value is provided in increments of 4096.

■ Hello Time (1-10) — Specifies the device Hello Time. The Hello Time indicates the amount of time in seconds a Root Bridge waits between configuration messages. The default is 2 seconds.

■ Max Age (6-40) — Specifies the device Maximum Age Time. The Maximum Age Time is the amount of time in seconds a bridge waits before sending configuration messages. The default Maximum Age Time is 20 seconds.

■ Forward Delay (4-30) — Specifies the device Forward Delay Time. The Forward Delay Time is the amount of time in seconds a bridge remains in a listening and learning state before forwarding packets. The default is 15 seconds.

Designated Root Parameters


■ Bridge ID — Identifies the Bridge priority and MAC address.

■ Root Bridge ID — Identifies the Root Bridge priority and MAC address.

■ Root Port — Indicates the port number that offers the lowest cost path from this bridge to the Root Bridge. This field is significant when the bridge is not the Root Bridge. The default is zero.

■ Root Path Cost — Specifies the cost of the path from this bridge to the Root Bridge.

■ Topology Changes Counts — Specifies the total amount of STP state changes that have occurred.

■ Last Topology Change — Indicates the amount of time that has elapsed since the bridge was initialized or reset, and the last topographic change that occurred. The time is displayed in a day-hour-minute-second format, such as 2 days 5 hours 10 minutes and 4 seconds.


3 Click . STP is enabled, and the device is updated.

Modifying Spanning Tree Settings 225

Modifying Spanning Tree Settings

To modify Classic STP:

1 Click Policy > Spanning Tree > Classic STP > Modify. The Classic STP Modify Page opens:

Figure 116 Classic STP Modify Page

The Classic STP Modify Page contains the following fields:

■ Interface — The interface for which the information is displayed.

■ STP — Indicates if STP is enabled on the port. The possible field values are:

■ Enabled — Indicates that STP is enabled on the port.

■ Disabled — Indicates that STP is disabled on the port.

■ Port Fast — Indicates if Fast Link is enabled on the port. If Fast Link mode is enabled for a port, the Port State is automatically placed in the Forwarding state when the port link is up. Fast Link optimizes the STP protocol convergence. STP convergence can take 30-60 seconds in large networks.

■ Root Guard — Restricts the interface from acting as the root port of the switch.




■ Speed — Indicates the speed at which the port is operating.

■ Default Path Cost — Indicates that default path cost is enabled.

■ Path Cost — Indicates the port contribution to the root path cost. The path cost is adjusted to a higher or lower value, and is used to forward traffic when a path is re-routed. The field range is 1-200,000,000.

■ Priority — Priority value of the port. The priority value influences the port choice when a bridge has two ports connected in a loop. The priority value is between 0 -240. The priority value is determined in increments of 16.





3 Click . Classic STP is modified on the interface, and the device is updated.

Defining Rapid Spanning Tree 227

Defining Rapid Spanning Tree

While Classic STP prevents Layer 2 forwarding loops in a general network topology, convergence can take between 30-60 seconds. This time may delay detecting possible loops and propagating status topology changes. Rapid Spanning Tree Protocol (RSTP) detects and uses network topologies that allow a faster STP convergence without creating forwarding loops. The Global System LAG information displays the same field information as the ports, but represent the LAG RSTP information.

To define RSTP:

1 Click Policy > Spanning Tree > Rapid STP > Summary. The RSTP Summary Page opens:

Figure 117 RSTP Summary Page

The RSTP Summary Page contains the following fields:

■ Interface — Displays the port or LAG on which Rapid STP is enabled.

■ Role — Displays the port role assigned by the STP algorithm to provide to STP paths. The possible field values are:







■ Mode — Displays the current STP mode. The STP Operation Mode is selected in the Global STP Properties Page. The possible field values are:

■ Classic STP — Classic STP is enabled on the device.

■ Rapid STP — Rapid STP is enabled on the device.

■ Multiple STP — Multiple STP is enabled on the device.

■ Port Status — Displays the current STP state of a port. If enabled, the port state determines what forwarding action is taken on traffic. Possible port states are:

■ Disabled — Indicates that STP is currently disabled on the port. The port forwards traffic while learning MAC addresses.

■ Blocking — Indicates that the port is currently blocked and cannot forward traffic or learn MAC addresses. Blocking is displayed when Classic STP is enabled.

■ Fast Link Operational Status — Indicates whether Fast Link is enabled or disabled for the port or LAG. If Fast Link is enabled for a port, the port is Automatically placed in the forwarding state.

■ Point-to-Point Operational Status — Displays the point-to-point operating state.

■ Migrate to RSTP — Indicates whether sending Link Control Protocol (LCP) packets to configure and test the data link is enabled. The possible field values are:

■ Activate — Activates port migration to Rapid STP.

2 Click . The selected port is migrated to RSTP.

Modifying Rapid Spanning Tree Settings 229

Modifying Rapid Spanning Tree Settings

To modify Rapid STP:

1 Click Policy > Spanning Tree > Rapid STP > Modify. The RSTP Summary Page opens:

Figure 118 Rapid STP Modify Page

The Rapid STP Modify Page contains the following fields:

■ Interface — Displays the port or LAG on which Rapid STP is enabled.




■ Alternate — Provides an alternate path to the root switch from the root interface. .

■ Backup — Provides a backup path to the designated port path toward the Spanning Tree leaves. Backup ports occur only when


two ports are connected in a loop by a point-to-point link, or when a LAN has two or more connections connected to a shared segment.


■ Mode — Displays the current STP mode. The STP Operation Mode is selected in the Global STP Properties Page. The possible field values are:

■ Classic STP — Classic STP is enabled on the device.



■ Fast Link Operational Status — Indicates whether Fast Link is enabled or disabled for the port or LAG. If Fast Link is enabled for a port, the port is Automatically placed in the forwarding state.


■ Disabled — Indicates that STP is currently disabled on the port. The port forwards traffic while learning MAC addresses.

■ Blocking — Indicates that the port is currently blocked and cannot forward traffic or learn MAC addresses. Blocking is displayed when Classic STP is enabled.

■ Point-to-Point Admin Status — Indicates whether a point-to-point link is established, or if the device is permitted to establish a point-to-point link. The possible field values are:

■ Auto — Detects and enables the point-to-point link automatically.

■ Enable — Enables the device to establish a point-to-point link, or is configured to automatically establish a point-to-point link. To establish communications over a point-to-point link, the originating PPP first sends Link Control Protocol (LCP) packets to configure and test the data link. After a link is established and optional facilities are negotiated as needed by the LCP, the originating PPP sends Network Control Protocol (NCP) packets to select and configure one or more network layer protocols. When each of the chosen network layer protocols has been configured, packets from each network layer protocol can be sent over the link. The link remains configured for communications until explicit LCP or NCP packets close the link, or until some external event occurs.

Modifying Rapid Spanning Tree Settings 231

This is the actual switch port link type. It may differ from the administrative state.

■ Disable — Disables point-to-point link.

■ Point-to-Point Operational Status — Displays the point-to-point operating state.

2 Click . The Rapid STP Interface settings are modified, and the device is updated.


Defining Multiple Spanning Tree

Multiple Spanning Tree (MSTP) provides differing load balancing scenarios. For example, while port A is blocked in one STP instance, the same port can be placed in the Forwarding state in another STP instance. The Multiple STP Setup Page contains information for defining global MSTP settings, including region names, MSTP revisions, and maximum hops.

To configure Multiple STP:

1 Click Policy > Spanning Tree > Multiple STP > Setup. The Multiple STP Setup Page opens:

Figure 119 Multiple STP Setup Page

The Multiple STP Setup Page contains the following fields:

■ Region Name — User-defined STP region name.

■ Revision — An unsigned 16-bit number that identifies the revision of the current MSTP configuration. The revision number is required as part of the MSTP configuration. The possible field range is 0-65535.

■ Max Hops — Specifies the total number of hops that occur in a specific region before the BPDU is discarded. Once the BPDU is discarded, the port information is aged out. The possible field range is 1-40. The field default is 20 hops.

■ IST Master — Identifies the Spanning Tree Master instance. The IST Master is the specified instance root.

Defining Multiple Spanning Tree 233


3 Click . The Multiple STP properties are defined, and the device is updated.


Defining Multiple STP Instance Settings

MSTP maps VLANs into STP instances. Packets assigned to various VLANs are transmitted along different paths within Multiple Spanning Tree Regions (MST Regions). Regions are one or more Multiple Spanning Tree bridges by which frames can be transmitted. In configuring MSTP, the MST region to which the device belongs is defined. A configuration consists of the name, revision, and region to which the device belongs.

Network administrators can define the MSTP instance settings using the Multiple STP Instance Summary Page.

To view Multiple STP:

1 Click Policy > Spanning Tree > Multiple STP> Instance Summary. The Multiple STP Instance Summary Page opens:

Figure 120 Multiple STP Instance Summary Page

The Multiple STP Instance Summary Page contains the following fields:

■ Instance ID — Specifies the VLAN group to which the interface is assigned.

■ Included VLAN — Maps the selected VLANs to the selected instance. Each VLAN belongs to one instance.

Defining Multiple STP Instance Settings 235

■ Bridge Priority — Specifies the selected spanning tree instance device priority. The field range is 0-61440.

■ Designated Root Bridge ID — Indicates the ID of the bridge with the lowest path cost to the instance ID.

■ Root Port — Indicates the selected instance’s root port.

■ Root Path Cost — Indicates the selected instance’s path cost.

■ Bridge ID — Indicates the bridge ID of the selected instance.

■ Remaining Hops — Indicates the number of hops remaining to the next destination.


3 Click . The MSTP instance is displayed, and the device is updated.

To configure Multiple STP Configuration Table:

1 Click Policy > Spanning Tree > Multiple STP > Modify Instance. The Multiple STP Instance Summary Page opens:

Figure 121 Multiple STP Modify Instance Page

The Multiple STP Modify Instance Page contains the following fields:


■ VLAN — Specifies the VLAN to be assigned to the Instance ID.

■ Instance ID — Specifies the VLAN group to which the VLAN is assigned.

2 Define the Instance ID field.

3 Click . The Multiple STP Instances are assigned, and the device is updated.

To view Multiple STP Port Settings:

1 Click Policy > Spanning Tree > Multiple STP > Port Summary. The Multiple STP Port Summary Page opens:

Figure 122 Multiple STP Port Summary Page

The Multiple STP Port Summary Page contains the following fields:

■ Interface — The interface for which the information is displayed.




Defining Multiple STP Instance Settings 237




■ Mode — Indicates the STP mode by which STP is enabled on the device. The possible field values are:

■ Classic STP — Classic STP is enabled on the device. This is the default value.



■ Type — Indicates whether the port is a Boundary or Master port. The possible field values are:

■ Boundary Port — Indicates that the port is a Boundary port. A Boundary port attaches MST bridges to LANs in an outlying region. If the port is a Boundary port, this field also indicates whether the device on the other side of the link is working in RSTP or STP mode

■ Master Port — Indicates the port is a master port. A Master port provides connectivity from a MSTP region to the outlying CIST root.

■ Port Priority — Priority value of the port. The priority value influences the port choice when a bridge has two ports connected in a loop. The priority range is between 0-240. The priority value is determined in increments of 16.

■ Path Cost — Indicates the port contribution to the root path cost. The path cost is adjusted to a higher or lower value, and is used to forward traffic when a path is re-routed.







■ Remaining Hops — Indicates the number of hops remaining to the next destination.

Defining MSTP Port Settings 239

Defining MSTP Port Settings

Network Administrators can assign MSTP port settings in the Multiple STP Modify Port Page.

To define Multiple STP Port settings:

1 Click Policy > Spanning Tree > Multiple STP > Modify Port. The Multiple STP Modify Port Page opens:

Figure 123 Multiple STP Modify Port Page

The Multiple STP Modify Port Page contains the following fields:

■ Instance ID — Lists the MSTP instances configured on the device. Possible field range is 0-15.

■ Port State— Indicates whether the port is enabled for the specific instance. The possible field values are:

■ Enabled — Enables the port for the specific instance.

■ Disabled — Disables the port for the specific instance.

■ Type — Indicates whether the port is a Boundary or Master port. The possible field values are:

■ Boundary Port — Indicates that the port is a Boundary port. A Boundary port attaches MST bridges to LANs in an outlying region.


If the port is a Boundary port, this field also indicates whether the device on the other side of the link is working in RSTP or STP mode

■ Master Port — Indicates the port is a master port. A Master port provides connectivity from a MSTP region to the outlying CIST root.

■ Role — Indicates the port role assigned by the STP algorithm to provide to STP paths. The possible field values are:

■ Root — Provides the lowest cost path to forward packets to the root device.

■ Designated — Indicates the port or LAG through which the designated device is attached to the LAN.

■ Alternate — Provides an alternate path to the root device from the root interface.

■ Backup — Provides a backup path to the designated port path toward the Spanning Tree leaves. Backup ports occur only when two ports are connected in a loop by a point-to-point link or when a LAN has two or more connections connected to a shared segment.

■ Disabled — Indicates the port is not participating in the Spanning Tree.

■ Mode — Indicates the STP mode by which STP is enabled on the device. The possible field values are:

■ Classic STP — Classic STP is enabled on the device. This is the default value.



■ Interface Priority — Defines the interface priority for the specified instance. The field range is 0-240. The default value is 128.

■ Path Cost — Indicates the port contribution to the Spanning Tree instance. The range should always be 1-200,000,000.

■ Designated Bridge ID — Displays the ID of the bridge that connects the link or shared LAN to the root.

■ Designated Port ID — Displays the ID of the port on the designated bridge that connects the link or the shared LAN to the root.

■ Designated Cost — Indicates that the default path cost is assigned according to the method selected on the Spanning Tree Global Settings page.

Defining MSTP Port Settings 241

■ Forward Transitions — Indicates the number of times the LAG State has changed from a Forwarding state to a Blocking state.

■ Remain Hops — Indicates the hops remaining to the next destination.Define the Instance ID, MSTP Port Status and the Interface Priority fields.

2 Click . The Multiple STP ports are assigned, and the device is updated.

12
CONFIGURING QUALITY OF SERVICE
This section contains information for configuring QoS, and includes the following topics:

■ Quality of Service Overview

■ Defining QoS Basic Mode

■ Defining QoS General Mode

■ Configuring QoS Mapping

Quality of Service Overview 243

Quality of Service Overview

Quality of Service (QoS) provides the ability to implement QoS and priority queuing within a network. For example, certain types of traffic that require minimal delay, such as Voice, Video, and real-time traffic can be assigned a high priority queue, while other traffic can be assigned a lower priority queue. The result is an improved traffic flow for traffic with high demand. QoS is defined by:

■ Classification — Specifies which packet fields are matched to specific values. All packets matching the user-defined specifications are classified together.

■ Action — Defines traffic management where packets are forwarded are based on packet information, and packet field values such as VLAN Priority Tag (VPT) and DiffServ Code Point (DSCP).

VPT Classification Information

VLAN Priority Tags (VPT) are used to classify packets by mapping packets to one of the egress queues. VPT-to-queue assignments are user-definable. Packets arriving untagged are assigned a default VPT value, which is set on a per-port basis. The assigned VPT is used to map the packet to the egress queue.

Defining QoS Basic Mode

This section contains information for defining QoS basic settings and includes the following topics:

■ Configuring Trust Settings

■ Configure DSCP Rewrite

244 CHAPTER 12: CONFIGURING QUALITY OF SERVICE

Configuring Trust Settings

The Trust Setup Page contains information for enabling trust on configured interfaces. The original device QoS default settings can be reassigned to the interface in the Trust Setup Page.

To enable Trust:

1 Click Policy > QoS Basic Mode > Trust. The Trust Setup Page opens:

Figure 124 Trust Setup Page

The Trust Setup Page contains the following fields:

■ Trust Mode — Defines which packet fields to use for classifying packets entering the device. When no rules are defined, the traffic containing the predefined packet CoS field is mapped according to the relevant trust modes table. Traffic not containing a predefined packet field is mapped to best effort. The possible Trust Mode field values are:


■ DSCP — Classifies traffic based on the DSCP tag value.

■ Always Rewrite DSCP — Enables Rewrite DSCP classified traffic.


3 Click . Trust mode is enabled on the device.



Configure DSCP Rewrite 245

Configure DSCP Rewrite

The DSCP Rewrite Summary page allows network managers to assign new DSCP values to incoming packets.

To view DSCP Rewrite Values:

1 Click Policy > QoS Basic Mode > DSCP Rewrite > Summary. The DSCP Rewrite Summary Page opens:

Figure 125 DSCP Rewrite Summary Page

The DSCP Rewrite Summary Page contains the following fields:

■ DSCP In — Displays the incoming packet’s DSCP value.

■ DSCP Out — Displays the outgoing packet’s DSCP value.


To rewrite DSCP values:

1 Click Policy > QoS Basic Mode > DSCP Rewrite > Setup. The DSCP Rewrite Setup Page opens:

Figure 126 DSCP Rewrite Setup Page

The DSCP Rewrite Setup Page contains the following fields:

■ DSCP In — Displays the incoming packet’s DSCP value.

■ DSCP Out — Displays the outgoing packet’s DSCP value.

2 Select an DSCP Out value for each DSCP In entry.

3 Click . The DSCP values are updated on the device.



Defining QoS General Mode 247

Defining QoS General Mode

This section contains information for configuring QoS general mode, and includes the following topics:

■ Defining CoS Services

■ Defining Queues

■ Defining Bandwidth Settings

■ DSCP to Queue

Defining CoS Services

To view CoS Settings:

1 Click Policy > QoS General > CoS > Summary. The CoS Summary Page opens:

Figure 127 CoS Summary Page

The CoS Summary Page contains the following fields:


■ Disable — Disables QoS on the interface.

■ Basic — Enables Basic mode on the device.

■ Advanced — Enables the Advanced QoS mode on the device.


■ Interface — Displays the interface for which the global QoS parameters are defined.

■ Default CoS — Displays the default CoS value for incoming packets for which a VLAN tag is not defined. The possible field values are 0-7. The default CoS is 0.

■ Restore Defaults — Displays the device factory defaults for mapping CoS values to a forwarding queue.

2 Select the Restore Defaults field to restore Interface factory defaults.

To configure CoS Settings:

1 Click Policy > QoS General > CoS > Modify. The CoS Modify Page opens:

Figure 128 CoS Modify Page

The CoS Modify Page contains the following fields:


■ Disable — Disables QoS on the interface.

■ Basic — Enables Basic mode on the device.

■ Advanced — Enables the Advanced QoS mode on the device.

■ Interface — Displays the interface for which the global QoS parameters are defined. The possible values are:

Defining CoS Services 249

■ Port — Selects the port for which the global QoS parameters are defined.

■ LAG — Selects the LAG for which the global QoS parameters are defined.

■ Set Default User Priority — Determines the default CoS value for incoming packets for which a VLAN tag is not defined. The possible field values are 0-7. The default CoS is 0.


3 Click . CoS is enabled on the device, and the device is updated.





Defining Queues The Queue Setup Page contains fields for defining the QoS queue forwarding types.

To set Queue Settings:

1 Click Policy > QoS General > Queue > Setup. The Queue Setup Page opens:

Figure 129 Queue Setup Page

The Queue Setup Page contains the following fields:

■ Strict Priority — Specifies whether traffic scheduling is based strictly on the queue priority.

■ WRR — Assigns WRR weights to queues. This field is enabled only for queues in WRR queue mode. When WRR is selected, the weight are assigned to queues in the ratio 1:2:4:8.

2 Select the Strict Priority or WRR field.

3 Click . The queue settings are set, and the device is updated.




Defining Bandwidth Settings 251

Defining Bandwidth Settings

The Bandwidth Summary Page allows network managers to define the bandwidth settings for a specified egress interface. Modifying queue scheduling affects the queue settings globally.

Viewing Bandwidth SettingsQueue shaping can be based per queue and/or per interface. Shaping is determined by the lower specified value. The queue shaping type is selected in the Bandwidth Summary Page.

To view Bandwidth Settings:

1 Click Policy > QoS General > Bandwidth > Summary. The Bandwidth Summary Page opens:

Figure 130 Bandwidth Summary Page

The Bandwidth Summary Page contains the following fields:

■ Interface — Displays the interface for which the global QoS parameters are defined.

■ Ingress Rate Limit Status — Indicates if rate limiting is defined on the interface. The field range is 1-1,000,000 kbits per second. The possible field values are:

■ Enable — Enables ingress rate limiting on the interface.

■ Disable — Disables ingress rate limiting on the interface.


■ Egress Shaping Rates — Configures the traffic shaping type for selected interfaces. The possible field values are:

■ Status — Defines the shaping status.

■ CIR — Defines CIR as the queue shaping type. The possible field range is 64-1,000,000,000 kbits per second.

■ CbS — Defines CbS as the queue shaping type. The possible field range is 4096-16,769,020 kbits per second.

To configure Bandwidth Settings:

1 Click Policy > QoS General > Bandwidth > Setup. The Bandwidth Setup Page opens:

Figure 131 Bandwidth Setup Page

The Bandwidth Setup Page contains the following fields:

■ Interface — Displays the interface for which the global QoS parameters are defined. The possible values are:

■ Port — Selects the port for which the global QoS parameters are defined.

■ LAG — Selects the LAG for which the global QoS parameters are defined.

■ Enable Ingress Rate Limit — Enables setting an Ingress Rate Limit.

■ Ingress Rate Limit — Indicates the traffic limit for the port.

Defining Bandwidth Settings 253

■ Enable Egress Shaping Rate — Enable Egress Shaping Rates.

■ Committed Information Rate (CIR) — Defines CIR as the queue shaping type. The possible field value is 4096 - 1,000,000,000 bits per second.

■ Committed Burst Size (CbS) — Defines CbS as the queue shaping type. The possible field value is 4096-16,000,000 bytes.


3 Click . The bandwidth is defined, and the device is updated.





DSCP to Queue The DSCP Queue contains fields for mapping DSCP settings to traffic queues. For example, a packet with a DSCP tag value of 3 can be assigned to queue 2.

To view the DSCP Queue:

1 Click Policy > QoS General > DSCP to Queue > Summary. The DSCP to Queue Summary Page opens:

Figure 132 DSCP to Queue Summary Page

The DSCP to Queue Summary Page contains the following fields:

■ DSCP — Displays the incoming packet’s DSCP value.

■ Queue — Specifies the traffic forwarding queue to which the DSCP priority is mapped. Eight traffic priority queues are supported.

Configuring DSCP Queue Mappings 255

Configuring DSCP Queue Mappings

The DSCP to Queue Setup Page contains fields for mapping DSCP settings to traffic queues. For example, a packet with a DSCP tag value of 3 can be assigned to queue 2.

To map General CoS to Queues:

1 Click Policy > QoS General > DSCP to Queue > Setup. The DSCP to Queue Setup Page opens:

Figure 133 DSCP to Queue Setup Page

The DSCP to Queue Setup Page contains the following fields:

■ DSCP — Displays the incoming packet’s DSCP value.

■ Queue — Specifies the traffic forwarding queue to which the DSCP priority is mapped. Eight traffic priority queues are supported.

2 Define the queue number in the Queue field next to the required DSCP value.

3 Click . The DSCP values are mapped to a queue, and the device is updated.





Configuring QoS Mapping

This section contains information for mapping CoS and DSCP values to queues, and includes the following sections:

■ Defining CoS to Queue

■ Defining Class Maps

Defining CoS to Queue 257

Defining CoS to Queue

The CoS to Queue Summary Page contains fields for mapping CoS values to traffic queues.

To view CoS Values to Queues:

1 Click Policy > QoS General > CoS to Queue > Summary. The CoS to Queue Summary Page opens:

Figure 134 CoS to Queue Summary Page

The CoS to Queue Summary Page contains the following fields:

■ Class of Service — Specifies the CoS priority tag values, where zero is the lowest and 7 is the highest.

■ Queue — Defines the traffic forwarding queue to which the CoS priority is mapped. Eight traffic priority queues are supported.

The CoS to Queue Setup Page contains fields for mapping CoS values to traffic queues.


To configure CoS values to queues:

1 Click Policy > QoS General > CoS to Queue > Setup. The CoS to Queue Setup Page opens:

Figure 135 CoS to Queue Setup Page

The CoS to Queue Setup Page contains the following fields:

■ Restore Defaults — Restores the device factory defaults for mapping CoS values to a forwarding queue.

■ Class of Service — Specifies the CoS priority tag values, where zero is the lowest and 7 is the highest.

■ Queue — Defines the traffic forwarding queue to which the CoS priority is mapped. Eight traffic priority queues are supported.

2 Define the queue number in the Queue field next to the required CoS value.

3 Click . The CoS value is mapped to a queue, and the device is updated.




13
MANAGING SYSTEM LOGS
This section provides information for managing system logs. The system logs enable viewing device events in real time, and recording the events for later usage. System Logs record and manage events and report errors and informational messages. Event messages have a unique format, as per the Syslog protocols recommended message format for all error reporting. For example, Syslog and local device reporting messages are assigned a severity code, and include a message mnemonic, which identifies the source application generating the message. It allows messages to be filtered based on their urgency or relevancy. Each message severity determines the set of event logging devices that are sent per each event message.

The following table lists the log severity levels:


■ Viewing Logs

■ Configuring Logging

Table 4 System Log Severity Levels

Severity Level Message

Emergency Highest (0)

The system is not functioning.

Alert 1 The system needs immediate attention.

Critical 2 The system is in a critical state.

Error 3 A system error has occurred.

Warning 4 A system warning has occurred.

Notice 5 The system is functioning properly, but a system notice has occurred.

Informational 6 Provides device information.

Debug 7 Provides detailed information about the log. If a Debug error occurs, contact Customer Tech Support.

260 CHAPTER 13: MANAGING SYSTEM LOGS

Viewing Logs The Logging Display Page contains all system logs in a chronological order that are saved in RAM (Cache).

To view Logging:

1 Click Administration > Logging > Display. The Logging Display Page opens:

Figure 136 Logging Display Page

The Logging Display Page contains the following fields and buttons:

■ Save Preview — Saves the displayed Log table.

■ Clear Logs — Deletes all logs from the Log table.

■ Log Time — Displays the time at which the log was generated.

■ Severity — Displays the log severity.

■ Description — Displays the log message text.

2 Click . The selected logs are cleared, and the device is updated.



Configuring Logging 261

Configuring Logging

The Logging Setup Page contains fields for defining which events are recorded to which logs. It contains fields for enabling logs globally, and parameters for defining logs. Log messages are listed from the highest severity to the lowest severity level.

To define Log Parameters: 1 Click Administration > Logging > Setup. The Logging Setup Page

opens:

Figure 137 Logging Setup Page

The Logging Setup Page contains the following fields:

■ Enable Local Logging — Indicates if device local logs for Cache, File, and Server Logs are enabled. Console logs are enabled by default. The possible field values are:

■ Checked — Enables device logs.

■ Unchecked — Disables device logs.

■ Emergency — The highest warning level. If the device is down or not functioning properly, an emergency log message is saved to the specified logging location.

■ Alert — The second highest warning level. An alert log is saved, if there is a serious device malfunction; for example, all device features are down.


262 CHAPTER 13: MANAGING SYSTEM LOGS

■ Critical — The third highest warning level. A critical log is saved if a critical device malfunction occurs; for example, two device ports are not functioning, while the rest of the device ports remain functional.

■ Error — A device error has occurred, for example, if a single port is offline.

■ Warning — The lowest level of a device warning. The device is functioning, but an operational problem has occurred.

■ Notice — Provides device information.

■ Info — Provides device information.

■ Debug — Provides debugging messages.

■ Not Active— Provides no messages.

When a severity level is selected, all severity level choices above the selection are selected automatically.

■ Enable Syslogging — Indicates if device local logs are enabled. The possible field values:

■ Checked — Enables device logs.

■ Unchecked — Disables device logs.

■ Emergency — The highest warning level. If the device is down or not functioning properly, an emergency log message is saved to the specified logging location.

■ Alert — The second highest warning level. An alert log is saved, if there is a serious device malfunction; for example, all device features are down.

■ Critical — The third highest warning level. A critical log is saved if a critical device malfunction occurs; for example, two device ports are not functioning, while the rest of the device ports remain functional.

■ Error — A device error has occurred, for example, if a single port is offline.

■ Warning — The lowest level of a device warning. The device is functioning, but an operational problem has occurred.

■ Note — Provides device information.

■ Informational — Provides device information.

Configuring Logging 263

■ Debug — Provides debugging messages.

■ Syslog IP Address — Defines IP Address to upload syslog messages.

■ Syslog Port — Defines the Port through which syslog messages are uploaded.

2 Enable Logging and define the fields.

3 Click. The log parameters are set, and the device is updated.

14
MANAGING SYSTEM FILES
The configuration file structure consists of the following configuration files:

■ Startup Configuration File — Contains the commands required to reconfigure the device to the same settings as when the device is powered down or rebooted. The Startup file is created by copying the configuration commands from the Running Configuration file or the Backup Configuration file.

■ Running Configuration File — Contains all configuration file commands, as well as all commands entered during the current session. After the device is powered down or rebooted, all commands stored in the Running Configuration file are lost. During the startup process, all commands in the Startup file are copied to the Running Configuration File and applied to the device. During the session, all new commands entered are added to the commands existing in the Running Configuration file. Commands are not overwritten. To update the Startup file, before powering down the device, the Running Configuration file must be copied to the Startup Configuration file. The next time the device is restarted, the commands are copied back into the Running Configuration file from the Startup Configuration file.

■ Image files — Software upgrades are used when a new version file is downloaded. The file is checked for the right format, and that it is complete. After a successful download, the new version is marked, and is used after the device is reset.

This section contains information for defining File maintenance and includes both configuration file management as well as device access. This section contains the following topics:

■ Backing Up and Restoring System Files

■ Downloading the Software Image

■ Activating Image Files

Backing Up and Restoring System Files 265

Backing Up and Restoring System Files

There are two types of files, firmware files and configuration files. The firmware files manage the device, and the configuration files configure the device for transmissions. Only one type of download can be performed at any one time. To download a file: The Backup & Restore Configurations Page contains parameters for downloading system files.

To download System Files:

1 Click Administration > Backup & Restore Configurations > Restore. The Backup & Restore Configurations Page opens:

Figure 138 Backup & Restore Configurations Page

The Backup & Restore Configurations Page contains the following fields:

■ Download via TFTP — Enables initiating a download via the TFTP server.

■ Download via HTTP — Enables initiating a download via the HTTP server or HTTPS server.

■ Configuration Download — Indicates that the download is for configuration files.

■ TFTP Server IP Address — Specifies the TFTP Server IP Address from which the configuration files are downloaded.

266 CHAPTER 14: MANAGING SYSTEM FILES

■ Source File Name — Specifies the configuration files to be downloaded.

■ Destination File — Specifies the destination file to which to the configuration file is downloaded. The possible field values are:

■ Running Configuration — Downloads commands into the Running Configuration file.

■ Startup Configuration — Downloads the Startup Configuration file, and overwrites the old Startup Configuration file.

Downloading the Software Image 267

Downloading the Software Image

The Get Image Page permits network managers to retrieve the device software or the device boot code.

To download the software image:

1 Click Administration > Software Update. The Get Image Page opens:

Figure 139 Get Image Page

The Get Image Page contains the following fields:

■ Download via TFTP — Enables initiating a download via the TFTP server.

■ Download via HTTP — Enables initiating a download via the HTTP server or HTTPS server.

■ TFTP Server IP Address — Specifies the TFTP Server IP Address from which the configuration files are downloaded.

■ Source File Name — Specifies the configuration files to be downloaded.

■ Destination File — Specifies the destination file to which to the configuration file is downloaded. The possible field values are:

268 CHAPTER 14: MANAGING SYSTEM FILES

■ Running Configuration — Downloads commands into the Running Configuration file.

■ Startup Configuration — Downloads the Startup Configuration file, and overwrites the old Startup Configuration file.


3 Click . The files are downloaded, and the device is updated.



Activating Image Files 269

Activating Image Files

The Active Image Page allows network managers to select and reset the Image files.

To upload System Files:

1 Click Administration > Backup & Restore > Active Image. The Active Image Page opens:

Figure 140 Active Image Page

The Active Image Page contains the following fields:

■ Active Image — The Image file which is currently active on the unit.

■ After Reset — The Image file which is active on the unit after the device is reset. The possible field values are:

■ Image 1 — Activates Image file 1 after the device is reset.

■ Image 2 — Activates Image file 2 after the device is reset.

15
VIEWING STATISTICS
This section contains information for viewing and configuring RMON statistics, and contains the following sections:

■ Viewing RMON Statistics

■ Configuring RMON History

■ Configuring RMON Events

■ Defining RMON Alarms

Viewing RMON Statistics 271

Viewing RMON Statistics

The RMON Statistics Page contains fields for viewing information about device utilization and errors that occurred on the device. To view RMON statistics:

1 Click Wired Ports > Stats > RMON Statistics > Display. The RMON Statistics Page opens:

Figure 141 RMON Statistics Page

The RMON Statistics Page contains the following fields:

■ Interface — Indicates the device for which statistics are displayed. The possible field values are:

■ Port — Defines the specific port for which RMON statistics are displayed.

■ LAG — Defines the specific LAG for which RMON statistics are displayed.

■ Refresh Rate — Defines the amount of time that passes before the interface statistics are refreshed. The possible field values are:

■ No Refresh — Indicates that the RMON Statistics are not refreshed.

■ 15 Sec — Indicates that the RMON statistics are refreshed every 15 seconds.


272 CHAPTER 15: VIEWING STATISTICS


■ Received Bytes (Octets) — Displays the number of octets received on the interface since the device was last refreshed. This number includes bad packets and FCS octets, but excludes framing bits.

■ Received Packets — Displays the number of packets received on the interface, including bad packets, Multicast and broadcast packets, since the device was last refreshed.

■ Broadcast Packets Received — Displays the number of good broadcast packets received on the interface since the device was last refreshed. This number does not include Multicast packets.

■ Multicast Packets Received — Displays the number of good Multicast packets received on the interface since the device was last refreshed.

■ CRC & Align Errors — Displays the number of CRC and Align errors that have occurred on the interface since the device was last refreshed.

■ Undersize Packets — Displays the number of undersized packets (less than 64 octets) received on the interface since the device was last refreshed.

■ Oversize Packets — Displays the number of oversized packets (over 1518 octets) received on the interface since the device was last refreshed.

■ Fragments — Displays the number of fragments (packets with less than 64 octets, excluding framing bits, but including FCS octets) received on the interface since the device was last refreshed.

■ Jabbers — Displays the total number of received packets that were longer than 1518 octets. This number excludes frame bits, but includes FCS octets that had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. The field range to detect jabbers is between 20 ms and 150 ms.

■ Collisions — Displays the number of collisions received on the interface since the device was last refreshed.

■ Frames of 64 Bytes — Number of 64-byte frames received on the interface since the device was last refreshed.

Viewing RMON Statistics 273

■ Frames of 65 to 127 Bytes — Number of 65 to 127 byte frames received on the interface since the device was last refreshed.





2 Select a port. The RMON statistics are displayed.

3 Click . The RMON statistics counters are cleared and the new statistics are displayed.


Configuring RMON History

The RMON History Control Summary Page contains information about samples of data taken from ports. For example, the samples may include interface definitions or polling periods.

To view RMON History:

1 Click Wired Ports > Stats > RMON History > Control Summary. The RMON History Control Summary Page opens:

Figure 142 RMON History Control Summary Page

The RMON History Control Summary Page contains the following fields:

■ History Entry No. — Displays the entry number for the History Control Table page.

■ Source Interface — Displays the interface from which the history samples were taken. The possible field values are:

■ Port — Specifies the port from which the RMON information was taken.

■ Sampling Interval — Indicates in seconds the time that samplings are taken from the ports. The field range is 1-3600. The default is 1800 seconds (equal to 30 minutes).

■ Sampling Requested — Displays the number of samples to be saved. The field range is 1-65535. The default value is 50.

Configuring RMON History 275

■ Current Number of Samples — Displays the current number of samples taken.

■ Owner — Displays the RMON station or user that requested the RMON information. The field range is 0-20 characters.

To configure RMON History:

1 Click Wired Ports > Stats > RMON History > Control Setup. The RMON History Control Setup Page opens:

Figure 143 RMON History Control Setup Page

The RMON History Control Setup Page contains the following fields:

■ New History Entry No. — Displays the new entry number for the History Control Table page.




■ Max No. of Samples to Keep — Number of samples to be saved. The default value is 50.




3 Click . RMON History Control is enabled, and the device is updated.

Modifying RMON History Entries 277

Modifying RMON History Entries

To modify RMON History:

1 Click Wired Ports > Stats > RMON History > Modify Control. The RMON History Modify Control Page opens:

Figure 144 RMON History Modify Control Page

The RMON History Modify Control Page contains the following fields:





■ Max No. of Samples to Keep — Indicates the maximum number of samples to keep.




3 Click . RMON History Control is modified, and the device is updated.

Removing RMON History Entries 279

Removing RMON History Entries

To delete RMON History:

1 Click Wired Ports > Stats > RMON History > Remove Control. The RMON History Remove Control Page opens:

Figure 145 RMON History Remove Control Page

The RMON History Remove Control Page contains the following fields:

■ Remove — Removes a RMON event. The possible field values are:

■ Checked — Removes a selected RMON event.

■ Unchecked — Maintains RMON events.






■ Sampling Requested — Displays the number of samples to be saved. The field range is 1-65535. The default value is 50.

■ Current Number of Samples — Displays the current number of samples taken.


2 Select the History Entry to be deleted from the table.

3 Click . The History Control entries are deleted, and the device is updated.

.

Viewing RMON History Summeries 281

Viewing RMON History Summeries

The RMON History Summary Page contains interface specific statistical network samplings. Each table entry represents all counter values compiled during a single sample.

To view the RMON History Table:

1 Click Wired Ports > Stats > RMON History > History Summary. The RMON History Summary Page opens:

Figure 146 RMON History Summary Page

The RMON History Summary Page contains the following fields:


■ Owner — Displays the RMON station or user that requested the RMON information.

■ Sample No.— Indicates the sample number from which the statistics were taken.

■ Received Bytes (Octets) — Displays the number of octets received on the interface since the device was last refreshed. This number includes bad packets and FCS octets, but excludes framing bits.


■ Received Packets — Displays the number of packets received on the interface since the device was last refreshed, including bad packets, Multicast and Broadcast packets.

■ Broadcast Packets — Displays the number of good Broadcast packets received on the interface since the device was last refreshed. This number does not include Multicast packets.

■ Multicast Packets — Displays the number of good Multicast packets received on the interface since the device was last refreshed.

■ CRC Align Errors — Displays the number of CRC and Align errors that have occurred on the interface since the device was last refreshed.

■ Undersize Packets — Displays the number of undersized packets (less than 64 octets) received on the interface since the device was last refreshed.

■ Oversize Packets — Displays the number of oversized packets (over 1518 octets) received on the interface since the device was last refreshed.

■ Fragments — Displays the number of fragments (packets with less than 64 octets, excluding framing bits, but including FCS octets) received on the interface since the device was last refreshed.

■ Jabbers — Displays the total number of received packets that were longer than 1518 octets. This number excludes frame bits, but includes FCS octets that had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. The field range to detect jabbers is between 20 ms and 150 ms.

■ Collisions — Displays the number of collisions received on the interface since the device was last refreshed.

■ Utilization — Displays the percentage of the interface utilized.

Configuring RMON Events 283

Configuring RMON Events


■ Defining RMON Events Control

■ Configuring RMON Events Control

Defining RMON EventsControl

The RMON Events Control Summary Page contains fields for defining RMON events.

To view RMON Events:

1 Click Wired Ports > Stats > RMON Events > Control Summary. The RMON Events Control Summary Page opens:

Figure 147 RMON Events Control Summary Page

The RMON Events Control Summary Page contains the following fields:

■ Event Entry — Displays the event.

■ Community — Displays the community to which the event belongs.

■ Description — Displays the user-defined event description.

■ Type — Describes the event type. Possible values are:

■ Log — Indicates that the event is a log entry.


■ Trap — Indicates that the event is a trap.

■ Log and Trap — Indicates that the event is both a log entry and a trap.

■ None — Indicates that no event occurred.

■ Time — Displays the time that the event occurred.

■ Owner — Displays the device or user that defined the event.

Configuring RMON Event Control 285

Configuring RMON Event Control

To configure RMON Event Control:

1 Click Wired Ports > Stats > RMON Events > Control Setup. The RMON Events Control Setup Page opens:

Figure 148 RMON Events Control Setup Page

The RMON Events Control Setup Page contains the following fields:












3 Click . The RMON Events are defined, and the device is updated.

Configuring RMON Events Control 287

Configuring RMON Events Control

To modify RMON Event Control Information:

1 Click Wired Ports > Stats > RMON Events > Modify Control. The RMON Event Modify Control Page opens:

Figure 149 RMON Event Modify Control Page

The RMON Event Modify Control Page contains the following fields:

■ Event Entry No. — Displays the event.











3 Click . The RMON Events Control is modified, and the device is updated.

Removing RMON Events 289

Removing RMON Events

To remove RMON Event Control Information:

1 Click Wired Ports > Stats > RMON Events > Remove Control. The RMON Events Remove Control Page opens:

Figure 150 RMON Events Remove Control Page

The RMON Events Remove Control Page contains the following fields:













■ Time — Displays the time that the event occurred.


2 Select the event to be deleted.

3 Click . The RMON Event is removed, and the device is updated.

Viewing RMON Events 291

Viewing RMON Events

The RMON Events Summary Page contains interface specific statistical network samplings. Each table entry represents all counter values compiled during a single sample.

To view RMON Events Summary:

1 Click Wired Ports> Stats > RMON Events > Events Summary. The RMON Events Summary Page opens:

Figure 151 RMON Events Summary Page

The RMON Events Summary Page contains the following fields:

■ Event — Displays the RMON Events Log entry number.

■ Log No.— Displays the log number.

■ Log Time — Displays the time when the log entry was entered.

■ Description — Displays the log entry description.


Defining RMON Alarms

The RMON Alarm Summary Page contains fields for setting network alarms. Network alarms occur when a network problem, or event, is detected. Rising and falling thresholds generate events.

To view RMON Alarms:

1 Click Wired Ports > Stats > RMON Alarms > Alarms Summary. The RMON Alarm Summary Page opens:

Figure 152 RMON Alarm Summary Page

The RMON Alarm Summary Page contains the following fields:

■ Alarm Entry — Indicates a specific alarm.

■ Counter Name — Displays the selected MIB variable.

■ Interface — Displays interface for which RMON statistics are displayed. The possible field values are:

■ Port — Displays the RMON statistics for the selected port.

■ LAG — Indicates LAG statistics are displayed.

■ Counter Value — Displays the selected MIB variable value.

■ Sample Type — Defines the sampling method for the selected variable and comparing the value against the thresholds. The possible field values are:

Defining RMON Alarms 293

■ Delta — Subtracts the last sampled value from the current value. The difference in the values is compared to the threshold.

■ Absolute — Compares the values directly with the thresholds at the end of the sampling interval.

■ Rising Threshold — Displays the rising counter value that triggers the rising threshold alarm. The rising threshold is presented on top of the graph bars. Each monitored variable is designated a color.

■ Rising Event — Displays the mechanism in which the alarms are reported. The possible field values are:

■ LOG — Indicates there is not a saving mechanism for either the device or in the management system. If the device is not reset, the entry remains in the Log Table.

■ TRAP — Indicates that an SNMP trap is generated, and sent via the Trap mechanism. The Trap can also be saved using the Trap mechanism.

■ Both— Indicates that both the Log and Trap mechanism are used to report alarms.

■ Falling Threshold — Displays the falling counter value that triggers the falling threshold alarm. The falling threshold is graphically presented on top of the graph bars. Each monitored variable is designated a color.

■ Falling Event — Displays the mechanism in which the alarms are reported.

■ Startup Alarm — Displays the trigger that activates the alarm generation.

■ Rising Alarm — Displays the rising counter value that triggers the rising threshold alarm. The rising threshold is presented on top of the graph bars. Each monitored variable is designated a color.

■ Falling Alarm — Displays the falling counter value that triggers the falling threshold alarm. The falling threshold is graphically presented on top of the graph bars. Each monitored variable is designated a color.

■ Rising and Falling Alarm — Indicates both Rising and Falling alarms are selected as the startup alarm.

■ Interval — Defines the alarm interval time in seconds.

■ Owner — Displays the device or user that defined the alarm.


Defining RMON Alarm Setups

To configure RMON Alarms:

1 Click Wired Ports > Stats > RMON Alarms > Alarms Setup. The RMON Alarms Alarm Setup Page opens:

Figure 153 RMON Alarms Alarm Setup Page

The RMON Alarms Alarm Setup Page contains the following fields:




■ LAG — Displays the RMON statistics for the selected LAG.




Defining RMON Alarm Setups 295







■ Both — Indicates that both the Log and Trap mechanism are used to report alarms.



■ Startup Alarm — Displays the trigger that activates the alarm generation. Rising is defined by crossing the threshold from a low-value threshold to a higher-value threshold.

■ Rising Alarm — Defines rising as crossing the threshold from a low-value threshold to a higher-value threshold.

■ Falling Alarm — Defines falling as the falling counter value that triggers the falling threshold alarm.

■ Rising and Falling Alarm — Both alarms are triggered




3 Click . The RMON alarm is added, and the device is updated.


To modify Alarm Settings:1 Click Wired Ports > Stats > RMON Alarms > Modify Alarm. The

RMON Alarms Modify Alarm Page opens:

Figure 154 RMON Alarms Modify Alarm Page

The RMON Alarms Modify Alarm Page contains the following fields:









Defining RMON Alarm Setups 297









■ Startup Alarm — Displays the trigger that activates the alarm generation. Rising is defined by crossing the threshold from a low-value threshold to a higher-value threshold.







3 Click . The RMON alarm is modified, and the device is updated.


Removing RMON Alarms

To delete Alarm Settings:

1 Click Wired Ports > Stats > RMON Alarms > Remove Alarms. The RMON Alarms Remove Alarm Page opens:

Figure 155 RMON Alarms Remove Alarm Page

The RMON Alarms Remove Alarm Page contains the following fields:










Removing RMON Alarms 299









■ Falling Threshold — Displays the falling counter value that triggers the falling threshold alarm.


■ Startup Alarm — Displays the trigger that activates the alarm generation.






2 Select the Alarm Entry to be deleted

3 Click . The RMON alarm is deleted, and the device is updated.

A
WLAN COUNTRY SETTINGS
This appendix contains vital information for configuring WLAN, including the country codes, power regulations, and frequency ranges.


Access Point Domain

Channels Allowed



Austria AT -E 36, 40, 44, 48 60 mW EIRP 5.15-5.25

1 - 11 100 mW EIRP 2.4-2.4835

Australia AU -N 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161

200 mW EIRP

200 mW EIRP

1 W EIRP

5.15-5.25 5.25-5.35 5.725-5.825

1 - 11 200 mW EIRP 2.4-2.4835

Belgium BE -E 36, 40, 44, 48,52, 56, 60, 64

120 mW EIRP

120 mW EIRP

5.15-5.25

1 - 12,13 100 mW EIRP

100 mW EIRP

2.4-2.4835

Brazil BR -C 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161

200 mW EIRP

1 W EIRP

5.725-5.85

1 - 11 1 W EIRP 2.4-2.4835

Canada CA -A 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161

50 mW+6 dBi=200 mW, 250 mW+6 dBi=1 W, 1 W+6 dBi=4 W

5.15-5.25 5.25-5.35 5.725-5.85


2.4-2.4835

309

Switzerland and Liechtenstein

CH -E 36, 40, 44, 48,52, 56, 60, 64

200 mW EIRP 200 mW EIRP

5.15-5.255.25-5.35

1-11 100 mW EIRP 2.4-2.4835

China CN -C 149, 153, 157, 161

150 mW+6 dBi~600 mW

5.725-5.825

1-13 150 mW+6 dBi~600 mW

2.4-2.4835

Cyprus CY -E 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161


5.15-5.25 5.25-5.35 5.725-5.85


2.4-2.4835

Czech Republic CZ -E 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161


5.15-5.255.25-5.355.725-5.825

1-11 200 mW EIRP 2.4-2.4835

Germany DE -E 36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140


5.15-5.255.25-5.355.47-5.725

1-11 2.4-2.4835

Denmark DK -E 36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140


5.15-5.255.25-5.355.47-5.725

1-11 100 mW EIRP 2.4-2.4835

Estonia EE -E 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161


5.15-5.25 5.25-5.35 5.725-5.85


Access Point Domain

Channels Allowed



310 APPENDIX : WLAN COUNTRY SETTINGS


2.4-2.4835

Spain ES -E

1-11 100 mW EIRP

Finland FI -E 36, 40, 44, 48,52, 56, 60,


5.15-5.255.25-5.355.47-5.725

64,104, 108,

112, 116, 120,

124, 128, 132,

140

1-11 100 mW EIRP 2.4-2.4835

France FR -E 36, 40, 44, 48,52, 56, 60, 64


5.15-5.255.25-5.35

1 - 7,8 - 11 100 mW EIRP100 mW EIRP

2.4-2.48352.4-2.454

United Kingdom GB -E 36, 40, 44, 48,52, 56, 60, 64,104, 108,


5.15-5.25 5.25-5.35 5.47-5.725

112, 116, 120,

124, 128, 132,

140

1-11 100 mW EIRP 2.4-2.4835

Greece GR -E 1-11 100 mW EIRP 2.4-2.4835

Hong Kong HK -N 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161

200 mW EIRP200 mW EIRP1 W+6 dBi=4 W

5.15-5.25 5.25-5.35 5.725-5.85

1-11 100 mW EIRP 2.4-2.4835

Hungary HU -E 36, 40, 44, 48,52, 56, 60, 64

200 mW EIRP 5.15-5.255.25-5.35


Access Point Domain

Channels Allowed



311

1-11 1 W EIRP 2.4-2.4835

Indonesia ID -R N/A N/A 5.725-5.875

1-13 100 mW EIRP 2.4-2.5

Ireland IE -E 36, 40, 44, 48,52, 56, 60, 64


5.15-5.25 5.25-5.35 5.47-5.725

1-11 100 mW EIRP 2.4-2.4835

Israel IL -I 36, 40, 44, 48,52, 56, 60, 64


5.15-5.25 5.25-5.35

1-13 100 mW EIRP 2.4-2.4835

Israel OUTDOOR ILO 36, 40, 44, 48,52, 56, 60, 64


5.15-5.255.25-5.35

5-13 100 mW EIRP 2.4-2.4835

India IN TBA N/A N/A N/A

4 W EIRP 2.4-2.4835

Iceland IS -E 36, 40, 44, 48,52, 56, 60,


5.15-5.25 5.25-5.35 5.47-5.725

64,104, 108,

112, 116, 120,

124, 128, 132,

140

1-11 100 mW EIRP 2.4-2.4835

Italy IT -E 36, 40, 44, 48,52, 56, 60,


5.15-5.25 5.25-5.35 5.47-5.725

64,104, 108, 112, 116, 120,


Access Point Domain

Channels Allowed




124, 128, 132,

140

1-11 100 mW EIRP 2.4-2.4835

Japan JP -J 1-3,1-4 100 mW EIRP100 mW EIRP

5.03-5.09 5.15-5.25


2.4-2.497


2.4-2.497

Republic of Korea KR -C 149, 153, 157, 161

150 mW+6 dBi~600 mW

5.725-5.825

1-13 150 mW+6 dBi~600 mW

2.4-2.4835

Lithuania LT -E 36, 40, 44, 48,52, 56, 60,

50 mW+6 dBi=200 mW250 mW+6

5.15-5.25 5.25-5.35 5.725-5.85

64,149, 153, dBi=1 W1 W+6

157, 161 dBi=4 W


2.4-2.4835

Luxembourg LU -E 36, 40, 44, 48,52, 56, 60,


5.15-5.25 5.25-5.35 5.47-5.725

64,104, 108,

112, 116, 120, 124, 128, 132,

140

1-11 100 mW EIRP 2.4-2.4835

Latvia LV -E 36, 40, 44, 48,52, 56, 60,

50 mW+6 dBi=200 mW250 mW+6

5.15-5.25 5.25-5.35 5.725-5.85

64,149, 153, dBi=1 W1 W+6


Access Point Domain

Channels Allowed



313

157, 161 dBi=4 W


2.4-2.4835

Malaysia MY -E 1-13 100 mW EIRP 2.4-2.5

Netherlands NL -E 36, 40, 44, 48,52, 56, 60,


5.15-5.25 5.25-5.35 5.47-5.725

64,104, 108,

112, 116, 120,

124, 128, 132,

140

1-11 100 mW EIRP 2.4-2.4835

Norway NO -E 36, 40, 44, 48,52, 56, 60, 64,104, 108,


5.15-5.25 5.25-5.35 5.47-5.725

112, 116, 120,

124, 128, 132, 140

1-11 100 mW EIRP 2.4-2.4835

New Zealand NZ -N 36, 40, 44, 48,52, 56, 60,

50 mW+6 dBi=200 mW250 mW+6

5.15-5.25 5.25-5.35 5.725-5.85

64,149, 153, dBi=1 W1 W+6

157, 161 dBi=4 W


2.4-2.4835

Philippines PH -C TBA TBA 5.725-5.875

100 mW EIRP 2.4-2.4835

Poland PL -E 36, 40, 44, 48,52, 56, 60,

200 mW EIRP 1 W EIRP

2.4-2.4835

64,149, 153,


Access Point Domain

Channels Allowed




157, 161

1-11 100 mW EIRP 2.4-2.4835

Portugal PT -E 36, 40, 44, 48,52, 56, 60,


5.15-5.25 5.25-5.35 5.47-5.725

64,104, 108,

112, 116, 120, 124, 128, 132,

140

1-11 100 mW EIRP 2.4-2.4835

Sweden SE -E 36, 40, 44, 48,52, 56, 60,


5.15-5.25 5.25-5.35 5.47-5.725

64,104, 108,

112, 116, 120,

124, 128, 132,

140

1-11 100 mW EIRP 2.4-2.4835

Singapore SG -S 36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161


5.15-5.25 5.25-5.35 5.725-5.85

1-13 200 mW EIRP 2.4-2.4835

Slovenia SI -E 36, 40, 44, 48,52, 56, 60,

50 mW+6 dBi=200 mW250 mW+6

5.15-5.255.25-5.355.725-5.85

64,149, 153, dBi=1 W1 W+6

157, 161 dBi=4 W


2.4-2.4835


Access Point Domain

Channels Allowed



315

Slovak Republic SK -E 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161


5.15-5.25 5.25-5.35 5.725-5.85


2.4-2.4835

Thailand TL -R N/A N/A 5.725-5.875

1-13 100 mW EIRP 2.4-2.5

Taiwan TW -T 56, 60, 64, 100 - 140,149, 153,

50 mW+6 dBi=200 mW250 mW+6

5.25-5.35 5.47-5.725 5.725-5.825

157, 161 dBi=1 W1 W+6

dBi=4 W

1-13 1 W EIRP 2.4-2.4835

United States US -A 36, 40, 44, 50 mW+6 dBi=200 5.15-5.25 5.25-5.35

of America 48,52, 56, 60, mW250 mW+6 5.725-5.85

64,149, 153, dBi=1 W1 W+6

157, 161 dBi=4 W


2.4-2.4835

United States of America

USE -A 36, 40, 44, 48,52, 56, 60, 64

50 mW+6 dBi=200 mW250 mW+6 dBi=1 W

5.15-5.25 5.25-5.35


2.4-2.4835

United States of America LOW

USL -A 36, 40, 44, 48,52, 56, 60, 64

50 mW+6 dBi=200 mW250 mW+6 dBi=1 W

5.15-5.25 5.25-5.35


2.4-2.4835


Access Point Domain

Channels Allowed




United States of America EXTENDED

USX TBA 36, 40, 44, 48,52, 56, 60, 64

50 mW+6 dBi=200 mW250 mW+6 dBi=1 W

5.15-5.25 5.25-5.35


2.4-2.4835

South Africa ZA TBA N/A N/A 5.25-5.355.725-5.825

1-13 1 W EIRP 2.4-2.4835


Access Point Domain

Channels Allowed



B
DEVICE SPECIFICATIONS AND FEATURES
Related Standards The 3Com® Unified Gigabit Wireless PoE Switch 24 has been designed to the following standards:

Environmental

Function IEEE 802.3 (Ethernet, 10Base-T), IEEE 802.3u (Fast Ethernet, 100Base-TX), IEEE 802.3ab (Gigabit Ethernet, 1000Base-T) and IEEE 802.3z (Gigabit Ethernet, 1000Base-X), IEEE 802.3x (Flow Control), IEEE 802.1d 1998 (Bridging), IEEE 802.1p (Virtual LAN), IEEE 802.af (DTE Power)

MAC Address 8192

Safety UL 60950-1, CSA 22.2 No. 60950-1, EN 60950-1, IEC 60950-1

EMC Emissions FCC Part 15 Subpart B Class A, EN 55022 Class A, ICES-003 Class A, CISPR 22 Class A, VCCI Class A, EN 61000-3-2, EN 61000-3-3

Immunity EN 55024, EN 60601-1-2

Operating Temperature 0 to 40 °C (32 to 104 °F)

Storage Temperature –40 to +70 °C (–40 to +158 °F)

Humidity 10 to 95% (non-condensing)

Standard EN 60068 (IEC 68)

Physical 309

Physical

Electrical

Width 44.0 cm (17.3 in.)

Length 41.5 cm (16.3 in.)

Height 4.4 cm (1.75 in.) or 1U.

Weight 5.9 kg (13.0 lb)

Mounting Free-standing, or 19 in. rack-mounted using the supplied mounting kit

Power Inlet IEC 320

AC Line Frequency 50/60 Hz (±3 Hz)

Input Voltage 100–240 Vac (auto range)

Current Rating 8 Amp (maximum)

Maximum Power Consumption

465 Watts

Maximum Power Dissipation

207 BTU/hr

PoE Maximum Output Power per Port

15.4 watts

Power can also be provided by the switch through any of its 24 Ethernet ports based on the IEEE 802.3af Power over Ethernet (PoE) specifications. For PoE to work, the receiving device must be PoE-compliant.

310 APPENDIX A: DEVICE SPECIFICATIONS AND FEATURES

Unified Switch 24 Features

This appendix describes the device features. The system supports the following features:

Feature Description

Auto Negotiation Auto negotiation allows an device to advertise modes of operation. The auto negotiation function provides the means to exchange information between two devices that share a point-to-point link segment, and to automatically configure both devices to take maximum advantage of their transmission capabilities.

Auto negotiation provides port advertisement. Port advertisement allows the system administrator to configure the port speeds advertised.

Automatic MAC Addresses Aging MAC addresses from which no traffic is received for a given period are aged out. This prevents the Bridging Table from overflowing.

Back Pressure On half-duplex links, the receiving port prevents buffer overflows by occupying the link so that it is unavailable for additional traffic.

Class Of Service The IEEE 802.1p signaling technique is an OSI Layer 2 standard for marking and prioritizing network traffic at the data link/MAC sub-layer. 802.1p traffic is classified and sent to the destination. No bandwidth reservations or limits are established or enforced. 802.1p is a spin-off of the 802.1Q (VLANs) standard. 802.1p establishes eight levels of priority, similar to the IP Precedence IP Header bit-field.

Command Line Interface Command Line Interface (CLI) syntax and semantics conform as much as possible to common industry practice. Syslog

Syslog is a protocol that enables event notifications to be sent to a set of remote servers, where they can be stored, examined and acted upon. The system sends notifications of significant events in real time, and keeps a record of these events for after-the-fact usage.

Configuration File Management The device configuration is stored in a configuration file. The Configuration file includes both system wide and port specific device configuration. The system can display configuration files in the form of a collection of CLI commands, which are stored and manipulated as text files.

DHCP Clients Dynamic Host Client Protocol. DHCP enables additional setup parameters to be received from a network server upon system startup. DHCP service is an on-going process.

Domain Name System Domain Name System (DNS) converts user-defined domain names into IP addresses. Each time a domain name is assigned the DNS service translates the name into a numeric IP address. For example, www.ipexample.com is translated to 192.87.56.2. DNS servers maintain domain name databases and their corresponding IP addresses.

Unified Switch 24 Features 311

Fast Link STP can take up to 30-60 seconds to converge. During this time, STP detects possible loops, allowing time for status changes to propagate and for relevant devices to respond. 30-60 seconds is considered too long of a response time for many applications. The Fast Link option bypasses this delay, and can be used in network topologies where forwarding loops do not occur.

Full 802.1Q VLAN Tagging Compliance IEEE 802.1Q defines an architecture for virtual bridged LANs, the services provided in VLANs and the protocols and algorithms involved in the provision of these services. An important requirement included in this standard is the ability to mark frames with a desired Class of Service (CoS) tag value.

GVRP Support GARP VLAN Registration Protocol (GVRP) provides IEEE 802.1Q-compliant VLAN pruning and dynamic VLAN creation on 802.1Q trunk ports. When GVRP is enabled, the device registers and propagates VLAN membership on all ports that are part of the active underlying Spanning Tree Protocol Features topology.

IGMP Snooping IGMP Snooping examines IGMP frame contents, when they are forwarded by the device from work stations to an upstream Multicast router. From the frame, the device identifies work stations configured for Multicast sessions, and which Multicast routers are sending Multicast frames.

LACP LACP uses peer exchanges across links to determine, on an ongoing basis, the aggregation capability of various links, and continuously provides the maximum level of aggregation capability achievable between a given pair of systems. LACP automatically determines, configures, binds and monitors the port binding within the system.

Link Aggregated Groups Link Aggregated Group (LAG). The system provides up-to eight Aggregated Links may be defined, each with up to eight member ports, to form a single. LAGs provide:

Fault tolerance protection from physical link disruption

Higher bandwidth connections

Improved bandwidth granularity

High bandwidth server connectivity

LAG is composed of ports with the same speed, set to full-duplex operation.

MAC Address Capacity Support The device supports up to 8K MAC addresses. The device reserves specific MAC addresses for system use.

Feature Description


MAC Multicast Support Multicast service is a limited broadcast service, which allows one-to-many and many-to-many connections for information distribution. Layer 2 Multicast service is where a single frame is addressed to a specific Multicast address, from where copies of the frame are transmitted to the relevant ports.

MDI/MDIX Support The device automatically detects whether the cable connected to an RJ-45 port is crossed or straight through, when auto-negotiation is enabled.

Standard wiring for end stations is Media-Dependent Interface (MDI) and the standard wiring for hubs and switches is known as Media-Dependent Interface with Crossover (MDIX).

Multiple Spanning Tree Multiple Spanning Tree (MSTP) operation maps VLANs into STP instances. MSTP provides differing load balancing scenario. Packets assigned to various VLANs are transmitted along different paths within MSTP Regions (MST Regions). Regions are one or more MSTP bridges by which frames can be transmitted. The standard lets administrators assign VLAN traffic to unique paths.

Password Management Password management provides increased network security and improved password control. Passwords for SSH, Telnet, HTTP, HTTPS, and SNMP access are assigned security features. For more information on Password Management, see “Managing Passwords“.

Port-based Authentication Port-based authentication enables authenticating system users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the Remote Authentication Dial In User Service (RADIUS) server using the Extensible Authentication Protocol (EAP).

Port-based Virtual LANs Port-based VLANs classify incoming packets to VLANs based on their ingress port.

Port Mirroring Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from a monitored port to a monitoring port. Users specify which target port receives copies of all traffic passing through a specified source port.

Feature Description


Power over Ethernet Power over Ethernet (PoE) provide power to devices over existing LAN cabling, without updating or modifying the network infrastructure. Power over Ethernet removes the necessity of placing network devices next to power sources. Power over Ethernet can be used in the following applications:

IP Phones

Wireless Access Points

IP Gateways

PDAs

Audio and video remote monitoring

Private VLANs Private VLAN ports are a Layer 2 security feature which provide isolation between ports within the same Broadcast domain.

RADIUS Clients RADIUS is a client/server-based protocol. A RADIUS server maintains a user database, which contains per-user authentication information, such as user name, password and accounting information.

Rapid Spanning Tree Spanning Tree can take 30-60 seconds for each host to decide whether its ports are actively forwarding traffic. Rapid Spanning Tree (RSTP) detects uses of network topologies to enable faster convergence, without creating forwarding loops.

Remote Monitoring Remote Monitoring (RMON) is an extension to SNMP, which provides comprehensive network traffic monitoring capabilities (as opposed to SNMP which allows network device management and monitoring). RMON is a standard MIB that defines current and historical MAC-layer statistics and control objects, allowing real-time information to be captured across the entire network.

Self-Learning MAC Addresses The device enables automatic MAC address learning from incoming packets. The MAC addresses are stored in the Bridging Table

SNMP Alarms and Trap Logs The system logs events with severity codes and timestamps. Events are sent as SNMP traps to a Trap Recipient List.

SNMP Versions 1, 2 and 3 Simple Network Management Protocol (SNMP) over the UDP/IP protocol controls access to the system, a list of community entries is defined, each of which consists of a community string and its access privileges. There are 3 levels of SNMP security read-only, read-write and super. Only a super user can access the community table.

SNTP The Simple Network Time Protocol (SNTP) assures accurate network Ethernet Switch clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. Time sources are established by Stratums. Stratums define the distance from the reference clock. The higher the stratum (where zero is the highest), the more accurate the clock.

Feature Description


Spanning Tree Protocol 802.1d Spanning tree is a standard Layer 2 switch requirement that allows bridges to automatically prevent and resolve L2 forwarding loops. Switches exchange configuration messages using specifically formatted frames and selectively enable and disable forwarding on ports.

SSH Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH version 2 is currently supported. The SSH server feature enables an SSH client to establish a secure, encrypted connection with a device. This connection provides functionality that is similar to an inbound telnet connection. SSH uses RSA and DSA Public Key cryptography for device connections and authentication.

SSL Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data through privacy, authentication, and data integrity. It relies upon certificates and public and private keys.

Static MAC Entries MAC entries can be manually entered in the Bridging Table, as an alternative to learning them from incoming frames. These user-defined entries are not subject to aging, and are preserved across resets and reboots.

TACACS+ TACACS+ provides centralized security for validation of users accessing the device. TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes.

TCP Transport Control Protocol (TCP). TCP connections are defined between 2 ports by an initial synchronization exchange. TCP ports are identified by an IP address and a 16-bit port number. Octets streams are divided into TCP packets, each carrying a sequence number.

TFTP Trivial File Transfer Protocol The device supports boot image, software and configuration upload/download via TFTP.

Traceroute Traceroute discovers IP routes that packets were forwarded along during the forwarding process. The CLI Traceroute utility can be executed from either the user-exec or privileged modes.

Virtual Cable Testing VCT detects and reports copper link cabling occurrences, such as open cables and cable shorts.

VLAN Support VLANs are collections of switching ports that comprise a single broadcast domain. Packets are classified as belonging to a VLAN based on either the VLAN tag or based on a combination of the ingress port and packet contents. Packets sharing common attributes can be grouped in the same VLAN.

Feature Description


VLAN-aware MAC-based Switching The device always performs VLAN-aware bridging. Classic bridging(IEEE802.1D) is not performed, where frames are forwarded based only on their destination MAC address. However, a similar functionality may be configured for untagged frames. Frames addressed to a destination MAC address that is not associated with any port are flooded to all ports of the relevant VLAN.

Web-based Management With web-based management, the system can be managed from any web browser. The system contains an Embedded Web Server (EWS), which serves HTML pages, through which the system can be monitored and configured. The system internally converts web-based input into configuration commands, MIB variable settings and other management-related settings.

Feature Description

C
TROUBLESHOOTING
This section describes problems that may arise when installing the and how to resolve these issue. This section includes the following topics:

■ Problem Management — Provides information about problem management with .

■ Troubleshooting Solutions — Provides a list of troubleshooting issues and solutions for using the device.

Problem Management

Problem management includes isolating problems, quantifying the problems, and then applying the solution. When a problem is detected, the exact nature of the problem must be determined. This includes how the problem is detected, and what are the possible causes of the problem. With the problem known, the effect of the problem is recorded with all known results from the problem. Once the problem is quantified, the solution is applied. Solutions are found either in this chapter, or through customer support. If no solution is found in this chapter, contact Customer Support.

Troubleshooting Solutions

Listed below are some possible troubleshooting problems and solutions. These error messages include:

■ Cannot connect to management using RS-232 serial connection

■ Cannot connect to switch management using Telnet, HTTP, SNMP, etc.

■ Self-test exceeds 15 seconds

■ No connection is established and the port LED is on

■ Device is in a reboot loop

■ No connection and the port LED is off

■ Lost password.

Troubleshooting Solutions 317

Problems Possible Cause Solution

Cannot connect to management using RS-232 serial connection

Be sure the terminal emulator program is set to VT-100 compatible, 9600 baud rate, no parity, 8 data bits and one stop bit

Use the included cable, or be sure that the pin-out complies with a standard null-modem cable

Cannot connect to switch management using Telnet, HTTP, SNMP, etc.

Be sure the switch has a valid IP address, subnet mask and default gateway configured

Check that your cable is properly connected with a valid link light, and that the port has not been disabled

Ensure that your management station is plugged into the appropriate VLAN to manage the device

If you cannot connect using Telnet or the web, the maximum number of connections may already be open. Please try again at a later time.

No response from the terminal emulation software

Faulty serial cable

Incorrect serial cable

Software settings

Replace the serial cable

Replace serial cable for a pin-to-pin straight/flat cable

Reconfigure the emulation software connection settings.

Response from the terminal emulations software is not readable

Faulty serial cable

Software settings

Replace the serial cable

Reconfigure the emulation software connection settings.

Self-test exceeds 15 seconds

The device may not be correctly installed.

Remove and reinstall the device. If that does not help, consult your technical support representative.

No connection is established and the port LED is on

Wrong network address in the workstation

No network address set

Wrong or missing protocol

Faulty ethernet cable

Faulty port

Faulty module

Incorrect initial configuration

Configure the network address in the workstation

Configure the network address in the workstation

Configure the workstation with IP protocol

Replace the cable

Replace the module

Replace the module

Erase the connection and reconfigure the port

Device is in a reboot loop Software fault Download and install a working or previous software version from the console

318 APPENDIX C: TROUBLESHOOTING

No connection and the port LED is off

Incorrect ethernet cable, e.g., crossed rather than straight cable, or vice versa, split pair (incorrect twisting of pairs)

Fiber optical cable connection is reversed

Bad cable

Wrong cable type

Check pinout and replace if necessary

Change if necessary. Check Rx and Tx on fiber optic cable

Replace with a tested cable

Verify that all 10 Mbps connections use a Cat 5 cable

Check the port LED or zoom screen in the NMS application, and change setting if necessary


Troubleshooting Solutions 319

Lost password The Password Recovery Procedure enables the user to override the current password configuration, and disables the need for a password to access the console. The password recovery is effective until the device is reset. If the password/user name has been forgotten or lost. The password must be reconfigured using either the CLI commands or via the Embedded Web Interface. The Password Recovery Procedure is invoked from the Startup menu:

1 Reboot the system either by disconnecting the power supply, or enter the command: the following message is displayed:

Console #reload

Are you sure you want to reboot the system (y/n)[n]?

2 Enter Y. The device reboots. After the POST, when the text “Autoboot in 2 seconds - press RETURN or Esc. to abort and enter prom.” is displayed, press <Enter>. The Startup Menu is displayed.

[1] Download software

[2] Erase flash file

[3] Erase flash sectors

[4] Password Recovery Procedure

[5] Enter Diagnostic Mode

[6] Back

3 Enter 4 within 15 seconds after the bootup process from the StartUp menu. If the startup menu option is not selected within 15 seconds, the accessibility requirements are erased, and the system continues to load. The password is defined using the CLI mode.

4 Enter the CLI configuration mode.

5 Enter the password commands:

username, enable password, or password [line].

For example: enable password level 1 password *****

6 Enter the command exit. The CLI mode is exited.

For example: enable password level 1 password *****.


320 APPENDIX C: TROUBLESHOOTING

GLOSSARY

Access Control List(ACL)

ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information.

Address ResolutionProtocol (ARP)

ARP converts between IP addresses and MAC (i.e., hardware) addresses. ARP is used to locate the MAC address corresponding to a given IP address. This allows the switch to use IP addresses for routing decisions and the corresponding MAC addresses to forward packets from one hop to the next.

Boot Protocol(BOOTP)

BOOTP is used to provide bootup information for network devices, including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file.

Class of Service (CoS) CoS is supported by prioritizing packets based on the required level of service, and then placing them in the appropriate output queue. Data is transmitted from the queues using weighted round-robin service to enforce priority service and prevent blockage of lower-level queues. Priority may be set according to the port default, the packet’s priority bit (in the VLAN tag), TCP/UDP port number, IP Precedence bit, or DSCP priority bit.

DifferentiatedServices Code Point

Service (DSCP)

DSCP uses a six-bit tag to provide for up to 64 different forwarding behaviors. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. The DSCP bits are mapped to the Class of Service categories, and then into the output queues.

Domain NameService (DNS)

A system used for translating host names for network nodes into IP addresses.

Distance VectorMulticast RoutingProtocol (DVMRP)

A distance-vector-style routing protocol used for routing multicast datagrams through the Internet. DVMRP combines many of the features of RIP with Reverse Path Forwarding (RPF).

322 APPENDIX : GLOSSARY

Dynamic HostControl Protocol

(DHCP)

Provides a framework for passing configuration information to hosts on a TCP/IP network. DHCP is based on the Bootstrap Protocol (BOOTP), adding the capability of automatic allocation of reusable network addresses and additional configuration options.

ExtensibleAuthentication

Protocol over LAN(EAPOL)

EAPOL is a client authentication protocol used by this switch to verify the network access rights for any device that is plugged into the switch. A user name and password is requested by the switch, and then passed to an authentication server (e.g., RADIUS) for verification. EAPOL is implemented as part of the IEEE 802.1x Port Authentication standard.

GARP VLANRegistration Protocol

(GVRP)

Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work automatically over a Spanning Tree network.

Generic AttributeRegistration Protocol

(GARP)

GARP is a protocol that can be used by endstations and switches to register and propagate multicast group membership information in a switched environment so that multicast data frames are propagated only to those parts of a switched LAN containing registered endstations. Formerly called Group Address Registration Protocol.

Generic MulticastRegistration Protocol

(GMRP)

GMRP allows network devices to register end stations with multicast groups. GMRP requires that any participating network devices or end stations comply with the IEEE 802.1p standard.

Group AttributeRegistration Protocol

(GARP)

See Generic Attribute Registration Protocol.

IEEE 802.1D Specifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol.

IEEE 802.1Q VLAN Tagging—Defines Ethernet frame tags which carry VLAN information. It allows switches to assign endstations to different virtual LANs, and defines a standard way for VLANs to communicate across switched networks.

IEEE 802.1p An IEEE standard for providing quality of service (QoS) in Ethernet networks. The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value.

323

IEEE 802.1s An IEEE standard for the Multiple Spanning Tree Protocol (MSTP) which provides independent spanning trees for VLAN groups.

IEEE 802.1x Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication.

IEEE 802.3ac Defines frame extensions for VLAN tagging.

IEEE 802.3x Defines Ethernet frame start/stop requests and timers used for flow control on full-duplex links.

IGMP Snooping Listening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members.

IGMP Query On each subnetwork, one IGMP-capable device will act as the querier — that is, the device that asks all hosts to report on the IP multicast groups they wish to join or to which they already belong. The elected querier will be the device with the lowest IP address in the subnetwork.

Internet ControlMessage Protocol

(ICMP)

A network layer protocol that reports errors in processing IP packets. ICMP is also used by routers to feed back information about better routing choices.

Internet GroupManagement

Protocol (IGMP)

A protocol through which hosts can register with their local router for multicast services. If there is more than one multicast switch/router on a given subnetwork, one of the devices is made the “querier” and assumes responsibility for keeping track of group membership.

In-Band Management Management of the network from a station attached directly to the network.

IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts.

IP Precedence The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic. The eight values are mapped one-to-one to the Class of Service categories by default, but may be configured differently to suit the requirements for specific network applications.


Layer 2 Data Link layer in the ISO 7-Layer Data Communications Protocol. This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses.

Layer 3 Network layer in the ISO 7-Layer Data Communications Protocol. This layer handles the routing functions for data moving from one open system to another.

Link Aggregation See Port Trunk.

Link AggregationControl Protocol

(LACP)

Allows ports to automatically negotiate a trunked link with LACP-configured ports on another device.

ManagementInformation Base

(MIB)

An acronym for Management Information Base. It is a set of database objects that contains information about a specific device.

MD5 Message DigestAlgorithm

An algorithm that is used to create digital signatures. It is intended for use with 32 bit machines and is safer than the MD4 algorithm, which has been broken. MD5 is a one-way hash function, meaning that it takes a message and converts it into a fixed string of digits, also called a message digest.

Multicast Switching A process whereby the switch filters incoming multicast frames for services for which no attached host has registered, or forwards them to all ports contained within the designated multicast VLAN group.

Network TimeProtocol (NTP)

NTP provides the mechanisms to synchronize time across the network. The time servers operate in a hierarchical-master-slave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio.

Open Shortest PathFirst (OSPF)

OSPF is a link-state routing protocol that functions better over a larger network such as the Internet, as opposed to distance-vector routing protocols such as RIP. It includes features such as unlimited hop count, authentication of routing updates, and Variable Length Subnet Masks (VLSM).

Out-of-BandManagement

Management of the network from a station not attached to the network.

Port Authentication See IEEE 802.1x.

325

Port Mirroring A method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe. This allows data on the target port to be studied unobstructively.

Port Trunk Defines a network link aggregation and trunking method which specifies how to create a single high-speed logical link that combines several lower-speed physical links.

Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN. Data traffic on downlink ports can only be forwarded to, and from, uplink ports.

Protected ExtensibleAuthenticationProtocol (PEAP)

A protocol proposed by Microsoft, Cisco and RSA Security for securely transporting authentication data, including passwords, over 802.11 wireless networks. Like the competing standard Tunneled Transport Layer Security (TTLS), PEAP makes it possible to authenticate wireless LAN clients without requiring them to have certificates, simplifying the architecture of secure wireless LANs.Protocol-Independent Multicasting (PIM)

This multicast routing protocol floods multicast traffic downstream, and calculates the shortest-path back to the multicast source network via reverse path forwarding. PIM uses the router’s IP routing table rather than maintaining a separate multicast routing table as with DVMRP. PIM - Sparse Mode is designed for networks where the probability of a multicast client is low, such as on a Wide Area Network. PIM - Dense Mode is designed for networks where the probability of a multicast client is high and frequent flooding of multicast traffic can be justified.

RemoteAuthentication

Dial-in User Service(RADIUS)

RADIUS is a logon authentication protocol that uses software running on a central server to control access to RADIUS-compliant devices on the network.

Remote Monitoring(RMON)

RMON provides comprehensive network monitoring capabilities. It eliminates the polling required in standard SNMP, and can set alarms on a variety of traffic conditions, including specific error types.

Rapid Spanning TreeProtocol (RSTP)

RSTP reduces the convergence time for network topology changes to about 10% of that required by the older IEEE 802.1D STP standard.

Secure Shell (SSH) A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch.


Routing InformationProtocol (RIP)

The RIP protocol seeks to find the shortest route to another device by minimizing the distance-vector, or hop count, which serves as a rough estimate of transmission cost. RIP-2 is a compatible upgrade to RIP. It adds useful capabilities for subnet routing, authentication, and multicast transmissions.

Simple Mail TransferProtocol (SMTP)

A standard host-to-host mail transport protocol that operates over TCP, port 25.

Simple NetworkManagement

Protocol (SNMP)

The application protocol in the Internet suite of protocols which offers network management services.

Simple Network TimeProtocol (SNTP)

SNTP allows a device to set its internal clock based on periodic updates from a Network Time Protocol (NTP) server. Updates can be requested from a specific NTP server, or can be received via broadcasts sent by NTP servers.

Spanning TreeProtocol (STP)

A technology that checks your network for any loops. A loop can often occur in complicated or backup linked network systems. Spanning Tree detects and directs data along the shortest available path, maximizing the performance and efficiency of the network.

Telnet Defines a remote communication facility for interfacing to a terminal device over TCP/IP.

Protocol-IndependentMulticasting (PIM)

This multicast routing protocol floods multicast traffic downstream, and calculates the shortest-path back to the multicast source network via reverse path forwarding. PIM uses the router’s IP routing table rather than maintaining a separate multicast routing table as with DVMRP. PIM - Sparse Mode is designed for networks where the probability of a multicast client is low, such as on a Wide Area Network. PIM - Dense Mode is designed for networks where the probability of a multicast client is high and frequent flooding of multicast traffic can be justified.

Terminal AccessController Access

Control System Plus(TACACS+)

TACACS+ is a logon authentication protocol that uses software running on a central server to control access to TACACS-compliant devices on the network.

Transmission Control Protocol/Internet Protocol (TCP/IP)

Protocol suite that includes TCP as the primary transport protocol, and IP as the network layer protocol.

327

Transport LayerSecurity (TLS)

Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).

Trivial File TransferProtocol (TFTP)

A TCP/IP protocol commonly used for software downloads.

Tunneled TransportLayer Security (TTLS)

A proposed wireless security protocol, developed by Funk Software and Certicom, that combines network-based certificates with other authentication such as tokens or passwords. Also known as EAP-TTLS.

User DatagramProtocol (UDP)

UDP provides a datagram mode for packet-switched communications. It uses IP as the underlying transport mechanism to provide access to IP-like services. UDP packets are delivered just like IP packets – connection-less datagrams that may be discarded before reaching their targets. UDP is useful when TCP would be too complex, too slow, or just unnecessary.

Virtual LAN (VLAN) A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. A VLAN serves as a logical workgroup with no physical barriers, and allows users to share information and resources as though located on the same LAN.

XModem A protocol used to transfer files between devices. Data is grouped in 128-byte blocks and error-corrected.

INDEX

AAccess profiles 39Access_Profiles 40ACL_Binding 92ACL_Setup 76Activating Image Files 269Active_Image 269Address Resolution Protocol 193AP_Summary 157ARP 193, 196ARP_Remove 196ARP_setup 195Authenticated_Host_Summary 59authenticated_hosts 59AuthenticatedUsers 60BBandwidth_Settings 251BPDU 232Bridge Multicast Filtering 210CCannot connect to management using RS-232 serial connection 317Cannot connect to switch management using Telnet, HTTP, SNMP, etc. 317CIR 252Class of Service 311Classic_STP 219CLI 310Command Line Interface 310Committed Information Rate 252

Configuring ARP 193Configuring_RMON_Events 283conventions

notice icons, About This Guide 4CoS 311CoS_to_queue 257CountryCode 98DDefining Default Gateways 193Defining IGMP Snooping 205Defining Port Authentication 56, 57Defining Router Groups 215Defining_RMON_alarms 292Defining_RMON_Control 283Device is in a reboot loop 317DHCP 310DNS 310Domain Name System 310Downloading 265DSCP 243DSCP to Queue Page 254, 255DSCP_Queue_Mappings 255DSCP_rewrite 245DSCP_to_Queue 254Dynamic_addresses 202EEAP 312EAP_Statistics 71Enabling System Logs 261ESS 15, 162Extended service sets 15, 162

330 INDEX

Extensible Authentication Protocol 312FFast link 219, 225, 311FCS 272, 282FCS error 272, 282Figure

153Syslog Properties Page 261

Figure 115Queue Page 250

Figure TitleFigure 145

Time Page 111Figure Title 82

IP Interface Page 191Frame Check Sequence 272, 282GGARP VLAN Registration Protocol 311General 95Get_Image 267GVRP 151, 311HHeading 1

Defining System Settings 97IIEEE 802.1Q- 311IGMP 205instance 235Internet 82IP 82IP addresses 14, 191IP_Based_ACL 82IP_based_Rules 87IP_Based_Setup 84IP_interfaces 191LLACP 130LAG_Membership 136

LCP 230LEDs 22Link Aggregation Control Protocol 130Link Control Protocol 230Log_Display 260Logging_Setup 261Lost password 319MMAC addresses 64MAC_based_Rules 78Management Access Lists 40Management_Access 39MDI 312MDIX 312mitagate 168modify_rstp 229modify_stp 225Modifyijng_RMON_History 277modifying_multiple_hosts 62modifying_port_authentication 56modifying_profiles 181, 182MST 234MSTP Instance Settings Page 236mstp_interface 234mstp_port 239MSTP_Port_Summary 236multi_stp 232Multicast Bridging 209Multicast Group Page 209Multiple Spanning Tree 232Multiple_Host_Summary 61Multiple_Hosts 59NNCP 230Network Control Protocols 230No connection and the port LED is off 318No connection is established and the port LED is on 317

INDEX 331

No response from the terminal emulation software 317PPage 29, 54, 71Passwords 44PoE 313Port Based Authenticatio 315Port_Authentication_settings 54Port_Security 65Port_Settings 116Port_Settings_Setup 119Power over Ethernet 313power_settings 189QQoS 243QoS services 247Queue 250Queue_Setup 250RRADIUS 48Rapid Spanning Tree Protocol 227Rapid_STP 240Remote Authentication Dial In User Ser-vice 31261084

figure captionFigure 13 Management Access 29

Removing_ACLs 90Removing_History_Entries 279Removing_MAC_Based_ACL 80Removing_RMON_Alarms 298Response from the terminal emulations software is not readable 317RMON_Alarm_Setup 294RMON_Events_Control 287RMON_History_Control 274RMON_History_Summeries 281RMON_statistics 271

Rouge_setup 164RSTP 227, 313rstp 227SSelf-test exceeds 15 seconds 317Service set identifier 15, 18, 16380207

figure captionFigure 6 802.1x Global Settings 54

Simple Network Management Protocol313Simple Network Time Protocol 313SNMP 313SNTP 108, 313, 315Spanning Tree 218Spanning Tree Protocol 314SSH 314SSID 15, 18, 163SSL 314Starting the application 20Static MAC Entries 314static-addresses 200Stations 187Storm contro 68Storm_Control 68STP 228, 230STP_Global 222STP_interface 222EAP Statistics 71System time 108SystemName 107TTab area 23Tabs 22TACACS+ 314TACACS_Configuration 50TCP 82, 314Temporal Key Integrity Protocol 15, 18,

332 INDEX

164Terminal Access Controller Access Con-trol System (TACACS+) 50TFTP Trivial File Transfer Protocol 314Time 108TKIP 15, 19, 164Traceroute 314, 315Transmission 82Transport Control Protocol 314Tree view 22Troubleshooting 316Trunk_Settings 132Trust 244UUDP 83Understanding the interface 22User 83VVAPs 172, 177Viewing System Description 95Virtual Cable Testing 314VLAN 140, 151VLAN priority 243VLAN_interface 147VLAN_membership 140VLAN_Membership_Modify 145VLAN_Membership_Summary 144Voice_VLAN 154

WWEP 15, 18, 163Wi-Fi Protected Access 15, 18, 19, 16482693

figure captionFigure 2 Device Summary 36

Wired Equivalent Privacy 15, 18, 163Wireless_Conf 162Wireless_Wizard 162WLAN_profiles 179, 185WPA 15, 18, 164XX22879 24X24627 20X40270 68X51921 22X78856 264X91025 28X94141 23

3Com 3CRUS2475 User-Guide

Documents

Transcript of 3Com 3CRUS2475 User-Guide