Advertisement
Advertisement
SmartSTACK ETHERNET ELS10-27TX SUPPLEMENT RESET PWR COM 9033517 CPU TX ACT FDX MON RX COL 100 USR 2X 4X 6X 8X 10X 12X 14X 16X 18X 20X 22X 24X 25X LINK LINK 26X STATUS STATUS STATUS LINK PORT STATUS MODE ELS10-27TX 10BASE-T/100BASE-TX STATUS LINK STATUS LINK STATUS LINK STATUS LINK STATUS LINK STATUS LINK STATUS LINK STATUS LINK STATUS LINK STATUS LINK STATUS LINK STATUS LINK STATUS EPIM100 ETHERNET SWITCH 27X 26 27 Only qualified personnel should perform installation procedures. NOTICE Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made. The hardware, firmware, or software described in this manual is subject to change without notice. IN NO EVENT SHALL CABLETRON SYSTEMS BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF OR RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT, EVEN IF CABLETRON SYSTEMS HAS BEEN ADVISED OF, KNOWN, OR SHOULD HAVE KNOWN, THE POSSIBILITY OF SUCH DAMAGES. Cabletron Systems, Inc. 35 Industrial Way Rochester, NH 03867 2000 by Cabletron Systems, Inc. All Rights Reserved Printed in the United States of America Order Number: 9033517 May 2000 Cabletron Systems is a registered trademark: SmartSTACK and ELS10-27TX are trademarks of Cabletron Systems, Inc. All other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies. i Notice FCC NOTICE This device complies with Part 15 of the FCC rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment uses, generates, and can radiate radio frequency energy and if not installed in accordance with the operator’s manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause interference in which case the user will be required to correct the interference at his own expense. WARNING: Changes or modifications made to this device which are not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment. INDUSTRY CANADA NOTICE This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications. Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la class A prescrites dans le Règlement sur le brouillage radioélectrique édicté par le ministère des Communications du Canada. VCCI NOTICE This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions. ii Notice CABLETRON SYSTEMS, INC. PROGRAM LICENSE AGREEMENT IMPORTANT: THIS LICENSE APPLIES FOR USE OF PRODUCT IN THE FOLLOWING GEOGRAPHICAL REGIONS: CANADA MEXICO CENTRAL AMERICA SOUTH AMERICA BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between You, the end user, and Cabletron Systems, Inc. (“Cabletron”) that sets forth your rights and obligations with respect to the Cabletron software program (“Program”) in the package. The Program may be contained in firmware, chips or other media. UTILIZING THE ENCLOSED PRODUCT, YOU ARE AGREEING TO BECOME BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES THE LICENSE AND THE LIMITATION OF WARRANTY AND DISCLAIMER OF LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, RETURN THE UNOPENED PRODUCT TO CABLETRON OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND. IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT CABLETRON SYSTEMS +1-603-332-9400. Attn: Legal Department. 1. LICENSE. You have the right to use only the one (1) copy of the Program provided in this package subject to the terms and conditions of this License Agreement. You may not copy, reproduce or transmit any part of the Program except as permitted by the Copyright Act of the United States or as authorized in writing by Cabletron. 2. OTHER RESTRICTIONS. You may not reverse engineer, decompile, or disassemble the Program. 3. APPLICABLE LAW. This License Agreement shall be interpreted and governed under the laws and in the state and federal courts of New Hampshire. You accept the personal jurisdiction and venue of the New Hampshire courts. 4. EXPORT REQUIREMENTS. You understand that Cabletron and its Affiliates are subject to regulation by agencies of the U.S. Government, including the U.S. Department of Commerce, which prohibit export or diversion of certain technical products to certain countries, unless a license to export the product is obtained from the U.S. Government or an exception from obtaining such license may be relied upon by the exporting party. If the Program is exported from the United States pursuant to the License Exception CIV under the U.S. Export Administration Regulations, You agree that You are a civil end user of the Program and agree that You will use the Program for civil end uses only and not for military purposes. iii Notice If the Program is exported from the United States pursuant to the License Exception TSR under the U.S. Export Administration Regulations, in addition to the restriction on transfer set forth in Sections 1 or 2 of this Agreement, You agree not to (i) reexport or release the Program, the source code for the Program or technology to a national of a country in Country Groups D:1 or E:2 (Albania, Armenia, Azerbaijan, Belarus, Bulgaria, Cambodia, Cuba, Estonia, Georgia, Iraq, Kazakhstan, Kyrgyzstan, Laos, Latvia, Libya, Lithuania, Moldova, North Korea, the People’s Republic of China, Romania, Russia, Rwanda, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or E:2 (as defined herein) the direct product of the Program or the technology, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List, or (iii) if the direct product of the technology is a complete plant o r any major component of a plant, export to Country Groups D:1 or E:2 the direct product of the plant or a major component thereof, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List or is subject to State Department controls under the U.S. Munitions List. 5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Product (i) was developed solely at private expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section 52.227-19 (a) through (d) of the Commercial Computer Software-Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Cabletron and/or its suppliers. For Department of Defense units, the Product is considered commercial computer software in accordance with DFARS section 227.7202-3 and its successors, and use, duplication, or disclosure by the Government is subject to restrictions set forth herein. 6. EXCLUSION OF WARRANTY. Except as may be specifically provided by Cabletron in writing, Cabletron makes no warranty, expressed or implied, concerning the Program (including its documentation and media). CABLETRON DISCLAIMS ALL WARRANTIES, OTHER THAN THOSE SUPPLIED TO YOU BY CABLETRON IN WRITING, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE PROGRAM, THE ACCOMPANYING WRITTEN MATERIALS, AND ANY ACCOMPANYING HARDWARE. 7. NO LIABILITY FOR CONSEQUENTIAL DAMAGES. IN NO EVENT SHALL CABLETRON OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR RELIANCE DAMAGES, OR OTHER LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THIS CABLETRON PRODUCT, EVEN IF CABLETRON HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, OR IN THE DURATION OR LIMITATION OF IMPLIED WARRANTIES IN SOME INSTANCES, THE ABOVE LIMITATION AND EXCLUSIONS MAY NOT APPLY TO YOU. iv Notice CABLETRON SYSTEMS SALES AND SERVICE, INC. PROGRAM LICENSE AGREEMENT IMPORTANT: THIS LICENSE APPLIES FOR USE OF PRODUCT IN THE UNITED STATES OF AMERICA AND BY UNITED STATES OF AMERICA GOVERNMENT END USERS. BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between You, the end user, and Cabletron Systems Sales and Service, Inc. (“Cabletron”) that sets forth your rights and obligations with respect to the Cabletron software program (“Program”) in the package. The Program may be contained in firmware, chips or other media. UTILIZING THE ENCLOSED PRODUCT, YOU ARE AGREEING TO BECOME BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES THE LICENSE AND THE LIMITATION OF WARRANTY AND DISCLAIMER OF LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, RETURN THE UNOPENED PRODUCT TO CABLETRON OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND. IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT CABLETRON SYSTEMS +1-603-332-9400. Attn: Legal Department. 1. LICENSE. You have the right to use only the one (1) copy of the Program provided in this package subject to the terms and conditions of this License Agreement. You may not copy, reproduce or transmit any part of the Program except as permitted by the Copyright Act of the United States or as authorized in writing by Cabletron. 2. OTHER RESTRICTIONS. You may not reverse engineer, decompile, or disassemble the Program. 3. APPLICABLE LAW. This License Agreement shall be interpreted and governed under the laws and in the state and federal courts of New Hampshire. You accept the personal jurisdiction and venue of the New Hampshire courts. 4. EXPORT REQUIREMENTS. You understand that Cabletron and its Affiliates are subject to regulation by agencies of the U.S. Government, including the U.S. Department of Commerce, which prohibit export or diversion of certain technical products to certain countries, unless a license to export the product is obtained from the U.S. Government or an exception from obtaining such license may be relied upon by the exporting party. If the Program is exported from the United States pursuant to the License Exception CIV under the U.S. Export Administration Regulations, You agree that You are a civil end user of the Program and agree that You will use the Program for civil end uses only and not for military purposes. v Notice If the Program is exported from the United States pursuant to the License Exception TSR under the U.S. Export Administration Regulations, in addition to the restriction on transfer set forth in Sections 1 or 2 of this Agreement, You agree not to (i) reexport or release the Program, the source code for the Program or technology to a national of a country in Country Groups D:1 or E:2 (Albania, Armenia, Azerbaijan, Belarus, Bulgaria, Cambodia, Cuba, Estonia, Georgia, Iraq, Kazakhstan, Kyrgyzstan, Laos, Latvia, Libya, Lithuania, Moldova, North Korea, the People’s Republic of China, Romania, Russia, Rwanda, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or E:2 (as defined herein) the direct product of the Program or the technology, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List, or (iii) if the direct product of the technology is a complete plant o r any major component of a plant, export to Country Groups D:1 or E:2 the direct product of the plant or a major component thereof, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List or is subject to State Department controls under the U.S. Munitions List. 5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Product (i) was developed solely at private expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section 52.227-19 (a) through (d) of the Commercial Computer Software-Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Cabletron and/or its suppliers. For Department of Defense units, the Product is considered commercial computer software in accordance with DFARS section 227.7202-3 and its successors, and use, duplication, or disclosure by the Government is subject to restrictions set forth herein. 6. EXCLUSION OF WARRANTY. Except as may be specifically provided by Cabletron in writing, Cabletron makes no warranty, expressed or implied, concerning the Program (including its documentation and media). CABLETRON DISCLAIMS ALL WARRANTIES, OTHER THAN THOSE SUPPLIED TO YOU BY CABLETRON IN WRITING, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE PROGRAM, THE ACCOMPANYING WRITTEN MATERIALS, AND ANY ACCOMPANYING HARDWARE. 7. NO LIABILITY FOR CONSEQUENTIAL DAMAGES. IN NO EVENT SHALL CABLETRON OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR RELIANCE DAMAGES, OR OTHER LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THIS CABLETRON PRODUCT, EVEN IF CABLETRON HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, OR IN THE DURATION OR LIMITATION OF IMPLIED WARRANTIES IN SOME INSTANCES, THE ABOVE LIMITATION AND EXCLUSIONS MAY NOT APPLY TO YOU. vi Notice CABLETRON SYSTEMS LIMITED PROGRAM LICENSE AGREEMENT IMPORTANT: THIS LICENSE APPLIES FOR THE USE OF THE PRODUCT IN THE FOLLOWING GEOGRAPHICAL REGIONS: EUROPE MIDDLE EAST AFRICA ASIA AUSTRALIA PACIFIC RIM BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between You, the end user, and Cabletron Systems Limited (“Cabletron”) that sets forth your rights and obligations with respect to the Cabletron software program (“Program”) in the package. The Program may be contained in firmware, chips or other media. UTILIZING THE ENCLOSED PRODUCT, YOU ARE AGREEING TO BECOME BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES THE LICENSE AND THE LIMITATION OF WARRANTY AND DISCLAIMER OF LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, RETURN THE UNOPENED PRODUCT TO CABLETRON OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND. IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT CABLETRON SYSTEMS +1-603-332-9400. Attn: Legal Department. 1. LICENSE. You have the right to use only the one (1) copy of the Program provided in this package subject to the terms and conditions of this License Agreement. You may not copy, reproduce or transmit any part of the Program except as permitted by the Copyright Act of the United States or as authorized in writing by Cabletron. 2. OTHER RESTRICTIONS. You may not reverse engineer, decompile, or disassemble the Program. 3. APPLICABLE LAW. This License Agreement shall be governed in accordance with English law. The English courts shall have exclusive jurisdiction in the event of any disputes. 4. EXPORT REQUIREMENTS. You understand that Cabletron and its Affiliates are subject to regulation by agencies of the U.S. Government, including the U.S. Department of Commerce, which prohibit export or diversion of certain technical products to certain countries, unless a license to export the product is obtained from the U.S. Government or an exception from obtaining such license may be relied upon by the exporting party. If the Program is exported from the United States pursuant to the License Exception CIV under the U.S. Export Administration Regulations, You agree that You are a civil end user of the Program and agree that You will use the Program for civil end uses only and not for military purposes. vii Notice If the Program is exported from the United States pursuant to the License Exception TSR under the U.S. Export Administration Regulations, in addition to the restriction on transfer set forth in Sections 1 or 2 of this Agreement, You agree not to (i) reexport or release the Program, the source code for the Program or technology to a national of a country in Country Groups D:1 or E:2 (Albania, Armenia, Azerbaijan, Belarus, Bulgaria, Cambodia, Cuba, Estonia, Georgia, Iraq, Kazakhstan, Kyrgyzstan, Laos, Latvia, Libya, Lithuania, Moldova, North Korea, the People’s Republic of China, Romania, Russia, Rwanda, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or E:2 (as defined herein) the direct product of the Program or the technology, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List, or (iii) if the direct product of the technology is a complete plant o r any major component of a plant, export to Country Groups D:1 or E:2 the direct product of the plant or a major component thereof, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List or is subject to State Department controls under the U.S. Munitions List. 5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Product (i) was developed solely at private expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section 52.227-19 (a) through (d) of the Commercial Computer Software-Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Cabletron and/or its suppliers. For Department of Defense units, the Product is considered commercial computer software in accordance with DFARS section 227.7202-3 and its successors, and use, duplication, or disclosure by the Government is subject to restrictions set forth herein. 6. EXCLUSION OF WARRANTY. Except as may be specifically provided by Cabletron in writing, Cabletron makes no warranty, expressed or implied, concerning the Program (including its documentation and media). CABLETRON DISCLAIMS ALL WARRANTIES, OTHER THAN THOSE SUPPLIED TO YOU BY CABLETRON IN WRITING, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE PROGRAM, THE ACCOMPANYING WRITTEN MATERIALS, AND ANY ACCOMPANYING HARDWARE. 7. NO LIABILITY FOR CONSEQUENTIAL DAMAGES. IN NO EVENT SHALL CABLETRON OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR RELIANCE DAMAGES, OR OTHER LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THIS CABLETRON PRODUCT, EVEN IF CABLETRON HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, OR IN THE DURATION OR LIMITATION OF IMPLIED WARRANTIES IN SOME INSTANCES, THE ABOVE LIMITATION AND EXCLUSIONS MAY NOT APPLY TO YOU. viii Notice SAFETY INFORMATION CLASS 1 LASER TRANSCEIVERS THE FE-100F3 FAST ETHERNET INTERFACE MODULE, FPIM-05 AND FPIM-07 FDDI PORT INTERFACE MODULES, AND APIM-29 ATM PORT INTERFACE MODULE USE CLASS 1 LASER TRANSCEIVERS. READ THE FOLLOWING SAFETY INFORMATION BEFORE INSTALLING OR OPERATING THESE MODULES. The Class 1 laser transceivers use an optical feedback loop to maintain Class 1 operation limits. This control loop eliminates the need for maintenance checks or adjustments. The output is factory set, and does not allow any user adjustment. Class 1 Laser transceivers comply with the following safety standards: • 21 CFR 1040.10 and 1040.11 U.S. Department of Health and Human Services (FDA). • IEC Publication 825 (International Electrotechnical Commission). • CENELEC EN 60825 (European Committee for Electrotechnical Standardization). When operating within their performance limitations, laser transceiver output meets the Class 1 accessible emission limit of all three standards. Class 1 levels of laser radiation are not considered hazardous. SAFETY INFORMATION CLASS 1 LASER TRANSCEIVERS LASER RADIATION AND CONNECTORS When the connector is in place, all laser radiation remains within the fiber. The maximum amount of radiant power exiting the fiber (under normal conditions) is -12.6 dBm or 55 x 10-6 watts. Removing the optical connector from the transceiver allows laser radiation to emit directly from the optical port. The maximum radiance from the optical port (under worst case conditions) is 0.8 W cm-2 or 8 x 103 W m2 sr-1. Do not use optical instruments to view the laser output. The use of optical instruments to view laser output increases eye hazard. When viewing the output optical port, power must be removed from the network adapter. ix Notice DECLARATION OF CONFORMITY Application of Council Directive(s): Manufacturer’s Name: Manufacturer’s Address: European Representative Name: European Representative Address: Conformance to Directive(s)/Product Standards: Equipment Type/Environment: 89/336/EEC 73/23/EEC Cabletron Systems, Inc. 35 Industrial Way PO Box 5005 Rochester, NH 03867 Mr. Jim Sims Cabletron Systems Limited Nexus House, Newbury Business Park London Road, Newbury Berkshire RG14 2PZ, England EC Directive 89/336/EEC EC Directive 73/23/EEC EN 55022 EN 50524 EN 60950 EN 60825 Networking Equipment, for use in a Commercial or Light Industrial Environment. We the undersigned, hereby declare, under our sole responsibility, that the equipment packaged with this notice conforms to the above directives. Manufacturer Legal Representative in Europe Mr. Thomas R. Whissel ___________________________________ Full Name Mr. Jim Sims ___________________________________ Compliance Engineering Manager ___________________________________ Title President - E.M.E.A. ___________________________________ Rochester, NH, USA ___________________________________ Location Newbury, Berkshire, England ___________________________________ Location x Full Name Title CONTENTS ABOUT THIS SUPPLEMENT Getting Help....................................................................................................... xvi Document Conventions..................................................................................... xvii Related Documentation....................................................................................xviii CHAPTER 1 INTRODUCTION 1.1 Product Overview .......................................................................................1-1 1.2 Using VLANs on the ELS10-27TX ...........................................................1-1 1.2.1 IEEE 802.1Q Standard.......................................................................1-2 1.3 802.1Q Mode on els10-27TX.....................................................................1-3 1.3.1 VLAN Hybrid Ports (802.1Q Mode).................................................1-3 1.3.2 VLAN Access Ports (802.1Q Mode).................................................1-3 1.3.3 802.1Q Trunk Ports ...........................................................................1-4 1.3.3.1 Preserving Priority................................................................1-4 1.3.3.2 Non-Preserving Priority .......................................................1-5 1.3.4 Accessing Network Management Using VLANs..............................1-5 1.3.5 Switch Mode......................................................................................1-6 1.3.6 Assigning Ports to a VLAN...............................................................1-6 1.3.7 Default Port VLAN ID ......................................................................1-6 1.3.8 Restricting VLANs (802.1Q Mode) ..................................................1-7 1.3.9 Enable GVRP.....................................................................................1-7 1.4 Workgroups ................................................................................................1-8 1.5 Default Gateway .........................................................................................1-9 1.6 Installation and Management......................................................................1-9 CHAPTER 2 ENHANCEMENTS TO LCM COMMANDS 2.1 Overview ....................................................................................................2-1 2.2 LCM Conventions ......................................................................................2-1 2.3 LCM Command Summary .........................................................................2-2 2.3.1 Subset of LCM Commands ...............................................................2-2 2.3.2 LCM Command Syntax.....................................................................2-3 2.4 Basic LCM Commands ..............................................................................2-4 2.4.1 Help....................................................................................................2-4 2.4.2 Erase ..................................................................................................2-4 2.4.3 Exit or Logout....................................................................................2-4 2.5 LCM Commands ........................................................................................2-5 2.5.1 Enable Command (Address Limit)....................................................2-5 xi Contents 2.5.2 Route Command ................................................................................2-6 2.5.3 Port Command ...................................................................................2-7 2.5.4 Switch Command...............................................................................2-9 2.5.5 Trap Control Command ...................................................................2-10 2.5.6 VLAN Command.............................................................................2-11 CHAPTER 3 CONFIGURING VLANS USING SNMP 3.1 Overview.....................................................................................................3-1 3.2 The Config Table ........................................................................................3-1 3.2.1 Modifying, Creating and Deleting VLANs .......................................3-2 3.2.1.1 Modifying a VLAN ..............................................................3-2 3.2.1.2 Creating a VLAN..................................................................3-3 3.2.1.3 Deleting a VLAN..................................................................3-3 3.3 The Config Egress List ...............................................................................3-4 3.3.1 Modifying a Config Egress List Entry...............................................3-5 3.4 The Filter GVRP table ................................................................................3-6 3.4.1 Modifying, Creating or Deleting a Filter GVRP Table Entry ...........3-6 3.4.1.1 Creating a Filter ....................................................................3-7 3.4.1.2 Deleting a Filter ....................................................................3-7 3.5 The Static MAC Entry ................................................................................3-8 3.5.1 Creating a Static MAC Entry.............................................................3-8 3.5.2 Deleting a Static MAC Entry.............................................................3-8 CHAPTER 4 VLAN MIB OBJECTS 4.1 Overview.....................................................................................................4-1 4.2 Bridge Configuration ..................................................................................4-1 4.2.1 VLAN Version Number.....................................................................4-1 4.2.2 Operating Mode (VlanOperatingMode) ............................................4-2 4.2.3 Reset (VlanReset) ..............................................................................4-2 4.2.4 GVRP Enable (VlanGVRPEnable) ...................................................4-3 4.2.5 Access List (VlanAccessList) ............................................................4-4 4.2.6 VLAN (VlanConfigVlan) ..................................................................4-4 4.3 Configuration Entries..................................................................................4-5 4.3.1 Entry (VlanConfigEntry) ...................................................................4-5 4.3.1.1 VlanConfigEntry ..................................................................4-5 4.3.2 Index (VlanConfigIndex)...................................................................4-6 4.3.3 VID (VlanConfigVID).......................................................................4-6 4.3.4 Ports (VlanConfigPorts) ....................................................................4-7 4.3.5 IP (VlanConfigIP)..............................................................................4-7 4.3.6 IP Mask (VlanConfigIPMask) ...........................................................4-8 xii Contents 4.4 4.5 4.6 4.7 4.3.7 Name (VlanConfigName)..................................................................4-8 4.3.8 Status (VlanConfigStatus) .................................................................4-9 4.3.9 Establish (VlanConfigEstablish) .......................................................4-9 Device Entries...........................................................................................4-10 4.4.1 Active (VlanNumActiveEntries) .....................................................4-10 4.4.2 Static Configured (VlanNumConfiguredEntries) ............................4-10 4.4.3 Maximum Number (VlanMaxNumEntries) ....................................4-11 4.4.4 Configuration Table (VlanConfigTable) .........................................4-11 Egress Table .............................................................................................4-12 4.5.1 Egress Table (VlanConfigEgressTable) ..........................................4-12 4.5.2 Egress Entry (VlanConfigEgressEntry)...........................................4-12 4.5.2.1 VlanConfigEgressEntry......................................................4-13 4.5.3 Index (VlanEgressIndex) .................................................................4-13 4.5.4 VID (VlanEgressVID) .....................................................................4-14 4.5.5 List (VlanEgressList).......................................................................4-14 4.5.6 Status (VlanEgressStatus)................................................................4-15 Filter GVRP..............................................................................................4-16 4.6.1 GVRP (VlanFilterGVRPTable).......................................................4-16 4.6.2 Entry (VlanFilterGVRPEntry).........................................................4-16 4.6.2.1 VlanFilterGVRPEntry ........................................................4-17 4.6.3 VlanFilterGVRPIndex .....................................................................4-17 4.6.4 VID (VlanFilterGVRPVID) ............................................................4-18 4.6.5 List (VlanFilterGVRPList) ..............................................................4-18 4.6.6 Status (VlanFilterGVRPStatus) .......................................................4-19 4.6.7 EstablishVID (VlanFilterGVRPEstablishVID) ...............................4-19 Static MAC Address Entries.....................................................................4-20 4.7.1 Table (VlanStaticTable)...................................................................4-20 4.7.2 Entry (VlanStaticEntry) ...................................................................4-20 4.7.2.1 VlanStaticEntry ..................................................................4-21 4.7.3 VID (VlanStaticVID).......................................................................4-21 4.7.4 MAC (VlanStaticMAC)...................................................................4-22 4.7.5 Port (VlanStaticPort) .......................................................................4-22 4.7.6 Establish (VlanStaticEstablish) .......................................................4-23 xiii Contents CHAPTER 5 CONFIGURING WORKGROUPS USING LCM 5.1 Overview.....................................................................................................5-1 5.2 Workgroup Configuration Examples..........................................................5-2 5.3 LCM Workgroup Commands .....................................................................5-4 CHAPTER 6 CONFIGURING WORKGROUPS USING SNMP 6.1 Overview.....................................................................................................6-1 6.2 Workgroup Configuration Procedures........................................................6-2 CHAPTER 7 WORKGROUP MIB OBJECTS 7.1 Overview.....................................................................................................7-1 7.2 Workgroups Using SNMP ..........................................................................7-1 7.2.1 Next Number (WorkGroupNextNumber)..........................................7-1 7.2.2 Current Count (WorkGroupCurrentCount) .......................................7-2 7.2.3 MAX Count (WorkGroupMaxCount) ...............................................7-2 7.2.4 Table (WorkGroupTable) ..................................................................7-3 7.2.5 Entry (WorkGroupEntry)...................................................................7-4 7.2.5.1 Number (WorkGroupNumber) .............................................7-5 7.2.5.2 Name (WorkGroupName) ....................................................7-5 7.2.5.3 Ports (WorkGroupPorts) .......................................................7-6 7.2.5.4 Type (WorkGroupType)........................................................7-6 APPENDIX A VIRTUAL LANS (VLANS) INDEX xiv ABOUT THIS SUPPLEMENT This document is a supplement to the existing SmartSTACK Ethernet ELS10-27TX User Guide and should be used in conjunction with the SmartSTACK Ethernet ELS10-27TX User Guide. The information in this document describes the changes resulting from firmware revision 1.01.00. This manual is for system administrators responsible for configuring, monitoring, and maintaining the SmartSTACK Ethernet ELS10-27TX (also referred to as ELS10-27). You should have a familiarity with networking concepts and principles. In addition, a basic understanding of SNMP is helpful. The contents of each chapter are described below. • Chapter 1, Introduction, provides an overview of new VLAN and Workgroup functionality as well as additional functions for the SmartSTACK Ethernet ELS10-27TX. • Chapter 2, Configuring VLANs Using LCM, provides instructions on how to configure the SmartSTACK Ethernet ELS10-27TX VLAN functions using LCM. • Chapter 3, Configuring VLANs Using SNMP, provides instructions on how to configure the SmartSTACK Ethernet ELS10-27TX VLAN functions using SNMP. • Chapter 4, VLAN MIB Objects, provides a list of VLAN Configuration MIB Objects. • Chapter 5, Configuring Workgroups Using LCM, provides an overview of workgroup configurations and LCM commands. • Chapter 6, Configuring Workgroups Using SNMP, provides an overview of workgroup configurations and SNMP commands. • Chapter 7, Workgroup MIB Objects, provides a list of Workgroup MIB Objects used to configure Workgroups using SNMP. • Appendix A, Virtual LANs, describes how the switch uses VLANs to create isolated network domains, and provides illustrations of VLAN switch configurations. xv About This Supplement GETTING HELP For additional support related to this device or document, contact Enterasys Networks using one of the following methods: World Wide Web http://www.enterasys.com/ Phone (603) 332-9400 Internet mail [email protected] FTP ftp://ftp.enterasys.com/ anonymous your email address Login Password To send comments or suggestions concerning this document, contact the Cabletron Systems Technical Writing Department via the following email address: [email protected] Make sure to include the document Part Number in the email message. Before calling Enterasys Networks, have the following information ready: • Your Enterasys Networks service contract number • A description of the failure • A description of any action(s) already taken to resolve the problem (e.g., changing mode switches, rebooting the unit, etc.) • The serial and revision numbers of all involved Enterasys Networks products in the network • A description of your network environment (layout, cable type, etc.) • Network load and frame size at the time of trouble (if known) • The device history (i.e., have you returned the device before, is this a recurring problem, etc.) • Any previous Return Material Authorization (RMA) numbers xvi About This Supplement DOCUMENT CONVENTIONS The following conventions are used throughout this document: LCM commands, prompts, and information displayed by the computer appear in Courier typeface, for example: Current Number of Learned Addresses: 133 Information that you enter appears in Courier bold typeface, for example: ELS10-27>workgroup Information that you need to enter with a command is enclosed in angle brackets < >. For example, you must enter an IP address to execute the ipaddr <IP address> command: ELS10-27>ipaddr 194.161.138.40 Field value options appear in bold typeface: ELS10-27>workgroup alpha add 5-9 The following conventions are also used in this document: Note: Calls the reader’s attention to any item of information that may be of special importance. Tip: Conveys helpful hints concerning procedures or actions. Caution: Contains information essential to avoid damage to the equipment. Warning: Warns against an action that could result in equipment damage, personal injury or death. xvii About This Supplement RELATED DOCUMENTATION This document should be used in conjunction with the following document to assist the user in using this product: Document Title Part Number SmartSTACK Ethernet ELS10-27TX User Guide 9032800 xviii CHAPTER 1 INTRODUCTION 1.1 PRODUCT OVERVIEW The SmartSTACK Ethernet ELS10-27TX provides a low cost, high performance solution for 10/100 Mbps switched networks. The SmartSTACK Ethernet ELS10-27TX is configured with twenty-seven RJ45 ports supporting twenty-four autonegotiating 10 Mbps ports and three autonegotiating 10/100 Mbps ports. The device also features two EPIM-100 slots that allow the user to install up to two EPIM-100s to provide multimode fiber uplinks (with potential for single mode fiber). It also includes an RS232C port for local console management. In ELS10-27TX Version 1.0.1.00, the SmartSTACK Ethernet ELS10-27TX supports two forms of Virtual LANs. One is the IEEE 802.1Q standard and the other is a proprietary form that was developed prior to the IEEE standard being available. The proprietary form is known as Workgroups. Virtual Workgroups are only supported in the 802.1D mode and VLANs are only supported in the 802.1Q mode. This manual documents both forms. Also, modification of existing LCM commands were added that describe how to set an address limit on a port and how to configure destination IP addresses for traps. For information on “enable address limit” and “trap control” refer to Chapter 2, Enhancements to LCM Commands. This document does not attempt to describe the entire functionality of the SmartSTACK Ethernet ELS10-27TX product, but only differences between Version 1.00.xx and Version 1.01.00 of the SmartSTACK Ethernet ELS10-27TX product. 1.2 USING VLANS ON THE ELS10-27TX This section describes Virtual Local Area Networks (VLANs) support for the SmartSTACK Ethernet ELS10-27TX switch. This section describes support for the IEEE 802.1Q standard. 1-1 Introduction 1.2.1 IEEE 802.1Q Standard IEEE 802.1Q is a standard for virtual bridged local area networks (VLANs). It provides an alternate method for forwarding packets through a switch. In an 802.1D (Spanning Tree) bridge, packets are forwarded in accordance with the spanning tree as dynamically created by the 802.1D protocol (Bridge Protocol Data Units [BPDUs]), and the spanning tree state of each port. In 802.1Q, in addition to spanning tree, packets are forwarded in accordance with a VLAN tag that is embedded in the packet, and the set of ports registered for that VLAN. A set of rules is used for ingress (receipt), forwarding, and egress (transmit). The SmartSTACK Ethernet ELS10-27TX provides support for port based VLANs. The ingress rules deal with the reception of tagged and untagged packets and the decision to either drop them, or forward them to the forwarding process. The forwarding rules deal with forwarding packets using topology restrictions, the filtering database, queue frames (not supported), map priorities (not supported), and recalculation of the FCS. The forward/filtering database can contain three types of entries: • Permanent entries • Static entries • Dynamic entries Dynamic entries are created using the protocols supported by the switch (GVRP). There will be no learning of VLANs outside of this protocol. NOTE There is no support for GVRP with ELS10-27TX Version 1.01.00. GVRP will be supported in a subsequent release. The egress rules deal with whether the destination port(s) are members of the VLAN, and whether the VLAN tag is to be stripped. There is also an issue of address translation on a packet that is having the VLAN tag stripped. This only applies to multi-protocol environments, such as a combination of Ethernet, FDDI, and Token Ring protocols and does not apply to the SmartSTACK Ethernet ELS10-27TX. The 802.1Q standard does not replace 802.1D. It limits the relaying of packets on the spanning tree to a subset: the subset being the members of a particular VLAN. This is determined by comparing the VLAN ID, which is a field within the tag, to the ports which are members of that VLAN. 1-2 Introduction The 802.1Q VLANs spans multiple systems and could span the entire network. Unlike Workgroups, VLANs are not limited within a particular unit. The maximum number of VLANs supported in 802.1Q mode on ELS10-27TX is 32. 1.3 802.1Q MODE ON ELS10-27TX The SmartSTACK Ethernet ELS10-27TX operates in two modes: 802.1D and 802.1Q. While operating in 802.1Q mode, ports can be configured to allow non802.1Q devices to operate in this environment. 1.3.1 VLAN Hybrid Ports (802.1Q Mode) A VLAN Hybrid port is used to connect one or more VLAN-aware or VLANunaware devices to the switch. Both tagged and untagged frames can be received and transmitted on Hybrid ports. If a port on the ELS10-27TX is not configured as an Access port, it is a Hybrid port. 1.3.2 VLAN Access Ports (802.1Q Mode) The VLAN feature must be used only when non-802.1Q devices are attached to this port. These ports are known as access ports. An access command is a sub-command of the port command. An access port is used to allow each segment to have multiple tag-unaware devices on it, and to have those devices communicating on multiple VLANs. An access port has three major characteristics: 1. When a packet is received, it will always insert a tag into the packet. NOTE Tag-aware devices should not exist on a segment connected to an access port. 2. When a port transmits a packet, it always strips off the tag, even if it does not match the default VLAN ID for that port. 3. Additional entries must be placed into the database to support it. When addresses are learned on access ports, additional MAC addresses/VLAN ID pairs are placed into the database to avoid flooding and to establish connectivity. For further information on Access Ports, refer to Appendix A, Virtual LANs (VLANs). 1-3 Introduction 1.3.3 802.1Q Trunk Ports An 802.1Q trunk port passes all packets with the tag in place. It will not strip the tag. The port must be a hybrid port. There is no explicit command to create 802.1Q trunks ports. The following are two ways of implementing trunk ports: • Preserving Priority. The default port VLAN ID (PVID) must be identical at both ends of the trunk link. The PVID used must be a value not used anywhere else in the network to pass traffic. Because this VLAN ID is unique, it will not be stripped from the packet on egress and therefore will pass the priority bits intact. • Non-Preserving Priority. The default port VLAN ID (PVID) must be identical at both ends of the trunk link. The VLAN ID will be stripped on egress and reinserted on ingress. However, the priority bits will be lost. NOTE All VLAN ports by default are hybrid ports. 1.3.3.1 Preserving Priority The 802.1Q trunk passes all packets with the tag in place. It will not strip the tag. All packets traversing the link will contain a tag. The administrator should set a policy that certain VLAN IDs must be reserved and must not be used for traffic. For example, when reserving VLAN IDs 0xff0 through 0xffe, one of these can be used as the PVID for both ends of trunk links. By doing this, the priority bits can be passed intact. Both ends of the link should be defined as Hybrid so that they only strip tags if they match the PVID. Because the tag in the packet traversing the trunk will never match the PVID, it will not be stripped. Also, because the packet is always received with a tag, the PVID is never inserted. Preserving priority works best when the end device inserts the tag and supports priority (priority is not used by the ELS10-27TX, but is passed within the packet). Therefore, the trunk will not strip a tag or insert a tag, thus the priority fields are passed intact. 1-4 Introduction 1.3.3.2 Non-Preserving Priority Use this method if there is no concern about passing priority from one device to another. Configure the same PVID at both ends of the trunk link to ensure that all traffic will be forwarded correctly. In order to implement this, the ports at both ends of the link must work the same, that is: • Strips tags on egress of the ports that match the PVID • Inserts a tag using the PVID when there is no tag • Changes the tag on egress with an ID of zero to the PVID The tag will be stripped on egress of that port, when it matches the PVID. When the packet is received by the peer, a tag with the same VLAN ID will be inserted and the packet will be forwarded as though the packet traversed the trunk link with the tag in place. However, the priority bits will not be reserved. 1.3.4 Accessing Network Management Using VLANs When an IP address is configured on the unit, it must be associated with the VLAN. If multiple VLANs are configured on a switch, you can configure multiple IP addresses provided they are on separate subnets. Therefore, when an IP address is assigned to a switch, the VLAN ID for the subnet must be specified. When the network management processor issues a response to a network management packet, it selects the correct VLAN ID to use based on the IP subnet. For further information, refer to IP Address Command or the VLAN Command in Chapter 2, Enhancements to LCM Commands. 1-5 Introduction 1.3.5 Switch Mode The unit operates in either an 802.1D or 802.1Q mode. The mode must be selected by the user and applies to all ports. The unit will not operate in a mixed mode. The default is to operate in 802.1D mode. For further information, refer to Switch Command in Chapter 2, Enhancements to LCM Commands. 1.3.6 Assigning Ports to a VLAN A port becomes a member of a VLAN, by using the VLAN command. For further information, refer to the Port Command in Chapter 2, Enhancements to LCM Commands. 1.3.7 Default Port VLAN ID If the unit is operating in 802.1Q mode, then each port will be configured with a default port VLAN ID (PVID). The default value for each port will be the default VLAN ID of 0x001. You are allowed to modify this on a per port basis. When 802.1Q was developed, it was decided to configure a default VLAN ID for a port. If a packet is received on a port that does not have a VLAN ID or does not have a VLAN ID of zero, the default VLAN ID will be inserted. Once this tag is in place the packet is sent to the forwarding engine. Once the forwarding engine receives it, it will use this tag to determine which VLAN to restrict this packet to. The sub-command of the port command known as the VLAN sub-command is used to set the default VLAN ID for the port. NOTE There is a sub-command of the port command known as the VLAN sub-command. This is not used to make a port a member of the VLAN, and is not directly used in the forwarding and filtering decision. For further information, refer to Port Command in Chapter 2, Enhancements to LCM Commands. 1-6 Introduction 1.3.8 Restricting VLANs (802.1Q Mode) This command will allow you to specify a list of VLAN IDs that should not be dynamically learned by GVRP. When the management processor receives a GVRP packet, it checks this database to determine if the learning of this ID should be restricted. NOTE There is no support for GVRP with ELS10-27TX Version 1.01.00. GVRP will be supported in a subsequent release. For usage, refer to the VLAN Command in Chapter 2, Enhancements to LCM Commands. 1.3.9 Enable GVRP GVRP can be enabled on a per port basis using the Port command. NOTE There is no support for GVRP with ELS10-27TX Version 1.01.00. GVRP will be supported in a subsequent release. For further information, refer to the Port Command in Chapter 2, Enhancements to LCM Commands. 1-7 Introduction 1.4 WORKGROUPS This section describes Workgroup support for the SmartSTACK Ethernet ELS10-27TX switch. The switch supports up to eight user defined Workgroups, with limited support for overlapping Workgroups. The purpose of Workgroups is to isolate broadcast and multicast traffic to within the Workgroup. In some cases, unicast traffic will also be isolated. Due to the fact that a typical unicast address is obtained by first issuing an ARP packet (which is a broadcast, and the broadcast packet will not be forwarded outside of the Workgroup), the unicast address will not be learned outside of the Workgroup. The end result is that host or servers will not be able to communicate with other hosts or servers outside of their Workgroup. Unlike IEEE standard VLANs which span switches, Workgroups only deal with filtering and forwarding of frames within the single switch. When packets are received on a port, the packet will be identified with a single Workgroup. The packet will then be forwarded or filtered based on that single Workgroup marking. When a packet leaves the switch, the packet will appear just as it did when it was received on the inbound port. The SmartSTACK Ethernet ELS10-27TX allows you to define ports for logical groups of associated devices (virtual workgroups) to provide a more efficient flow of traffic across your Ethernet network. You can define a maximum of eight virtual workgroups. The number of ports within a Workgroup is not restricted and an individual port can be a member of multiple Virtual Workgroups. NOTE Virtual Workgroups will only operate in 802.1D mode. Virtual workgroups offer the ability to limit broadcasts to logical domains within the network. Workgroup destinations are recognized by the SmartSTACK Ethernet ELS10-27TX and broadcast and unicast packets are routed directly to hosts within the workgroup, eliminating the need to perform a general broadcast across each segment of the network to find specific host addresses. For further information, refer to the Workgroup Command in Chapter 5, Configuring Workgroups Using LCM. 1-8 Introduction 1.5 DEFAULT GATEWAY A default gateway field was added to the router command to allow communication to a device on a subnet not configured on this switch. For information on configuring the Default Gateway, refer to Chapter 2, Enhancements to LCM Commands. 1.6 INSTALLATION AND MANAGEMENT For instructions on how to unpack, install, manage, troubleshoot and cable the SmartSTACK Ethernet ELS10-27TX and for a complete list of commands, refer to the SmartSTACK Ethernet ELS10-27TX User Guide. 1-9 CHAPTER 2 ENHANCEMENTS TO LCM COMMANDS 2.1 OVERVIEW The Local Console Manager (LCM) is a command-line interface built into the SmartSTACK Ethernet ELS10-27TX. The LCM enables you to monitor, manage, and configure the switch through the RS232C connection attached to any nonintelligent terminal or workstation running terminal emulation. Two modified LCM commands were added that allow setting an address limit on a port and configuring destination IP addresses for traps. For information on these commands, refer to the section titled Enable Command (Address Limit) and the section titled Trap Control Command described later in this chapter. 2.2 LCM CONVENTIONS The following conventions apply as you use LCM commands as needed by VLAN and Workgroups: • Press the Enter key to execute a command after you type it in. • A port range is either a single port number, or a list of port numbers separated by commas or hyphens. For example, 3 is port 3; 3,7 are ports 3 and 7; 35 are ports 3,4, and 5; and 3-5,7 are ports 3,4,5, and 7. • To quit any command, press the Control-C keys (^C or Ctrl-C). • Commands are not case sensitive. • A previous command can be repeated by typing!! • MAC addresses are displayed in little-endian Ethernet (least significant bit) bit order, with each octet separated by a colon. For example: ELS10-27 >address 00:40:27:04:1a:0f • Information that is optional with an LCM command is enclosed in square brackets [ ]. ELS10-27>workgroup [NAME [ad[d] [del[ete]| PORT_RANGE]] 2-1 Enhancements to LCM Commands Parameters that appear in all capital letters, for example workgroups [PORT-RANGE], indicate that you must enter a value for that parameter. If a string of parameters is displayed between braces, for example [name {add|PORT-RANGE}], you must select one of the displayed options. For example, if you wanted to add ports to a workgroup, you would enter: ELS10-27>workgroup alpha add 23, 24 For example, if you wanted to add a range of ports in a workgroup, you would enter: ELS10-27>workgroup omega add 2-18 For a complete list of commands, refer to the SmartSTACK Ethernet ELS1027TX User Guide. 2.3 LCM COMMAND SUMMARY This section contains a subset of LCM commands and syntax. 2.3.1 Subset of LCM Commands The following is a subset of LCM commands and definitions. Use ... To ... help or ? display this menu ipaddr [IPADDR [MASK]] set or display IP addresses port [? for syntax] set or display port parameters reboot [? for syntax] reboot the unit after SECONDS switch [? for syntax] set or display switch parameters vlan [? for syntax] configure IEEE Vlans workgroup [? for syntax] set or display workgroups 2-2 Enhancements to LCM Commands 2.3.2 LCM Command Syntax The following is a subset of LCM commands and syntax: switch [802.1d | 802.1Q] cut[-through] | store[-and-forward] [back[pressure] {on | off}] enable [PORT-RANGE [RIP] [TransmitPacing] [Address_Limit]] port [PORT-RANGE [speed {auto | 10[Mbps] | 100[Mbps]}] [vlan {name |VLAN-ID}] (The default VLAN ID for that port.) [GVRP {On | off}] [access {add | del[ete]}]] reboot [SECONDS [down[load]] | off] [par[ameters] PATH [IP-ADDR [GATEWAY-ADDR]]] route [add | del GATEWAY-ADDR] [display [IPADDR]] vlan [add PORT-RANGE NAME VLAN-ID [IP-ADDR] [MASK]] [del[ete] PORT_RANGE NAME VLAN-ID] [res[trict] {add | de[lete]} PORT-RANGE VLAN-ID] trunk [add PORT-RANGE] [del[ete] PORT-RANGE] workgroup [NAME [{del[ete] | PORT_RANGE [INFO]]}] 2-3 Enhancements to LCM Commands 2.4 BASIC LCM COMMANDS To manage the SmartSTACK Ethernet ELS10-27TX using LCM, you first must connect the switch to an ASCII terminal or terminal emulator. To use LCM, begin by pressing the Enter key several times to get the LCM prompt (ELS10-27>). 2.4.1 Help Displays the menu of available commands. Help can also be displayed by typing a question mark (?). Telnet support allows you to telnet to the device and gain access to LCM. The device allows 4 sessions. The only password for telnet is the Read-Write community name for the device and this name allows full access. You are not allowed to modify passwords via a Telnet session. If an IP address is added or modified using Telnet, the new address will not take affect until the next reboot. The Read-Write community name is not used to make modifications to the configuration. Reading the configuration can be accomplished without knowledge of the Read-Write community name. There is no support for the Read-Only community name. Any name other than the Read-Write Community name will allow for Read-Only access. 2.4.2 Erase Entering erase to erase the current SmartSTACK Ethernet ELS10-27TX configuration returns all parameters to the default values. You will be prompted to complete the command. NOTE You must type “YES” and reboot the system to implement the change. If only “Y” is entered, the change will not be implemented. 2.4.3 Exit or Logout This command logs you out of LCM. (The exit command is functionally equivalent to the logout command.) 2-4 Enhancements to LCM Commands 2.5 LCM COMMANDS The following is a list of commands that were modified for this release: • • • • • • Enable Command Route Command Port Command Switch Command Trap Control Command VLAN Command Commands are listed alphabetically in this chapter. 2.5.1 Enable Command (Address Limit) The address limit parameter was added to the enable command. If you set a limit on a port, the number of end user devices that can have connectivity will be limited. This is done by limiting the number of MAC addresses that can be learned on that port. The format is: enable [PORT-RANGE [RIP] [TransmitPacing] [ADDRESS_LIMIT]] The default is “no limit” to the number of addresses that can be learned on a port. If you set the limit to zero, you allow unlimited access. If you enable a port without specifying an address limit, you remove the limit that was in effect. 2-5 Enhancements to LCM Commands 2.5.2 Route Command A default gateway field was added to the route command to allow communication to a device on a subnet not configured on this switch. The gateway address must be for a subnet already configured on this switch. A VLAN ID is not necessary for the gateway as it will use the VLAN ID associated with the subnet address already configured. The syntax is: route [add | del GATEWAY-ADDR] [display [IPADDR]] Refer to the VLAN Command or IP Address Command to associate a VLAN with an IP subnet address. 2-6 Enhancements to LCM Commands 2.5.3 Port Command The Port command allows you to configure the port(s) on the unit in regards to speed, duplex mode, broadcast storm protection values, GVRP, access ports, flow control, and the default VLAN ID used on each port. If the default VLAN ID for a port was configured, the port will not automatically become a member of that VLAN. Naming a VLAN. A VLAN is not named using the port command. The VLAN must be created first using the VLAN command and this port made a member. Refer to the VLAN command to name a VLAN described later in this chapter. Likewise, if the default VLAN ID is changed, the port is not removed from the old VLAN. You must use the VLAN command to remove the port from the VLAN. The VLAN sub-command is used to configure the port VLAN ID for a port. Three of the VLAN sub-commands relate to configuring VLANs such as, VLAN, GVRP, and Access. VLAN Sub-Command. The VLAN sub-command is used to configure the default VLAN ID for a port. GVRP Sub-Command. The GVRP sub-command allows you to specify that GVRP is enabled on all specified ports. If enabled, GVRP messages are received on these ports and GVRP messages are propagated to these ports. Access Sub-Command. The access sub-command allows you to specify which ports are treated as access ports. The Port Command port [PORT-RANGE [speed {auto | 10[Mbps] | 100[Mbps]}] [duplex [{auto | full[-duplex] | half[-duplex]}]] [storm THRESHOLD TIME-INTERVAL] [vlan {name |VLAN-ID}] [802.3x [flow control] {on | off}] [GVRP {On | off}] [access {add | del[ete]}] 2-7 Enhancements to LCM Commands The following are examples of three port sub-commands on VLANs: [vlan {name |VLAN-ID}] ELS10-27>port 5-9 vlan 0x00B [GVRP {On | off}] ELS10-27>port 5-9 gvrp on [access {add | del[ete]}]] ELS10-27>port 5-9 access add 2-8 Enhancements to LCM Commands 2.5.4 Switch Command The SmartSTACK Ethernet ELS10-27TX supports two forms of Virtual LANs. One is the IEEE 802.1Q standard (spanning tree) and the other is Workgroups. The switch command allows you to select the mode in which the SmartSTACK Ethernet ELS10-27TX operates. NOTE switch Prior to changing to 802.1Q mode, all Workgroups must be deleted. When in 802.1Q mode, do not configure any workgroups. [802.1D| 802.1Q] [cut[-through] | store[-and-forward]] [back[pressure] {on | off}] The command by itself displays the following: ELS10-27>switch The present switch mode is: 802.1d The switch mode upon the next reboot will be: 802.1d The forwarding mode in use is: Store and Forward Backpressure is off 2-9 Enhancements to LCM Commands 2.5.5 Trap Control Command The IP address parameter was added to the trap control command. This section describes how to configure destination IP addresses for traps. Trap control gives you the ability to allow all traps or to disallow all traps. SNMP MIB variables are available to disable a particular trap, or all traps of a particular severity. The default for trap control is “disabled”. Trap control allows the switch to be configured or to enable or disable sending trap messages to the Network Management System (NMS). Previously, the switch would use the last NMS IP address that it learned. To avoid this, configure an IP address for the intended NMS. If the trap command is not used, the switch will continue to learn the IP address of the last NMS it heard from and will send traps only to that address. The IP address used in Trap Control must reside in the same subnet as previously defined. For example, the IP address is 134.143.110.53 and the Trap control address is 134.143.110. The IP address can be modified when traps are either being turned off or on. Applying a zero IP address (0.0.0.0) effectively removes the address. The format is: Trapcontrol [on | off] [IPADDR] 2-10 Enhancements to LCM Commands 2.5.6 VLAN Command The VLAN command, when operating in 802.1Q mode, allows you to specify an IEEE 802.1Q VLAN. You can specify a VLAN ID, and a name to associate with that ID (optional). If you want to manage this unit on this VLAN you must also assign an IP Address either here or using the IP address command. vlan [add PORT-RANGE NAME VLAN-ID [IP ADDR] [[IP MASK]] [del[ete] PORT-RANGE {NAME |VLAN-ID}] [res[trict] {add | de[lete]} PORT-RANGE VLAN-ID] If the command alone is specified, the existing VLANs are displayed. Two types of VLANs are displayed; the static entries that have been created by this command, and dynamic entries which have been learned by the switch via GVRP. NOTE The available range of VLANs in hex is 0x001 to 0xffe. This corresponds to decimal 1 to 4094. Only 32 can be used at one time on the ELS10-27TX. ELS10-27>vlan add 5-9 blue 0x025 VLAN-ID NAME TYPE IP Addr IP MASK PORTS 0x001 Default STATIC 10.2.7.225 255.255.0.0 1-27 0x025 Blue STATIC 0.0.0.0 0.0.0.0 5-9 By using the VLAN command, the default VLAN ID on the specified group of ports for the port will not be changed. Refer to the port command to change the default VLAN ID for a port. If the restriction option is specified, the switch will not allow a VLAN to be established for that ID on the specified group of ports from either a user interface or GVRP. NOTE There is no support for GVRP with ELS10-27TX Version 1.01.00. GVRP will be supported in a subsequent release. 2-11 CHAPTER 3 CONFIGURING VLANS USING SNMP 3.1 OVERVIEW This chapter describes how to create, delete or modify VLANs on the SmartSTACK Ethernet ELS10-27TX using SNMP. This chapter describes the procedure for using the following VLAN Configuration MIBs: • The Config Table • The Config Egress List • 802.1Q Mode • The Filter GVRP table • The Static MAC table This chapter should be used in conjunction with Chapter 4, VLAN MIB Objects, in this manual. 3.2 THE CONFIG TABLE The SmartSTACK Ethernet ELS10-27TX is capable of supporting 32 VLANs. The index into the VLAN table is from 0 to 31. The present table entries can be read, but not written, by setting the index to a value of 0 - 31. When configuring an entry, several values are used. These values are the VLAN ID, the ports on the VLAN, an IP address, an IP mask, and a VLAN name. If the index is between 0 and 31, and one of these variables is read, the presently configured table entry will be returned. To create, modify, or delete a VLAN entry, a multiple step process is required. The local variables must first be set with the values desired, followed by a command to process the variables. For a list of configuration MIBs, refer to Chapter 3, VLAN MIB Objects. 3-1 Configuring VLANs Using SNMP 3.2.1 Modifying, Creating and Deleting VLANs VLAN information that is being modified, created or deleted will remain in local variables until the status variable is set. At that time, the local variables will be processed, the Global VLAN Table will be updated and the hardware configuration modified. To Create, Delete or Modify local variables, proceed as follows: Step Action 1 Set the Config Table index to a value outside of the table range (range is 0 through 31). When a variable is now read or written it will reference the local variables. 2 Set all of the local variables desired. 3 Set the Establish variable to Create or Delete as desired. 4 Set the index to the table entry you want to impact. (A read of all VLAN table entries should be completed first to establish which are in use, and which VLAN is contained in each table entry. A VLAN ID of zero indicates this table entry is unused.) 5 Perform any write to the status variable. This will process the command using the local variables. 3.2.1.1 Modifying a VLAN If a VLAN is created or deleted, the following checks are completed. In addition, other checks will be done if specifying create or delete using the VLAN command. For a list of additional checks performed when creating or deleting a VLAN, refer to the sections titled Creating a VLAN or Deleting a VLAN. • Verify that the “Establish” variable is set to either Create or Delete. If neither is selected the command is aborted. • Determine if the VLAN ID is valid. If not, the command is aborted. • Determine if an IP address was entered; a check is made to determine that the subnet is unique. If not, the command is aborted. • Determine if the index is checked to ensure it is within the range of 0 - 31. If not, the command is aborted. • Determine if the VLAN ID of the table entry pointed to by index is either zero for a new entry, or equal to the local VLAN ID for a modify. If the entry is not zero or does not match the local variable, the command is aborted. 3-2 Configuring VLANs Using SNMP 3.2.1.2 Creating a VLAN In addition to the checks stated in the section titled Modifying a VLAN, the following checks are also completed, if you created a VLAN: • If a restriction is in effect for any port selected for this VLAN. If one of these ports is restricted from becoming a member of this VLAN, the command is aborted. • If the IP address was specified, the IP address is set. • After passing all tests, the local variables are stored in the VLAN table. The ports selected are added to the existing port list. • If the unit is not in 802.1Q mode, the changes are saved in non-volatile memory and used when the unit is configured in 802.1Q mode and then rebooted. After the hardware is informed about a VLAN in 802.1Q mode, the following will be performed by the firmware: - The hardware is informed of which ports on the VLAN to delete. - The BPDU addresses and Management Processor (MP) MAC address are added to the database, if they were not there already. - All of the learned addresses are deleted for this VLAN. 3.2.1.3 Deleting a VLAN In addition to the checks stated in the section titled Modifying a VLAN, the following checks are also completed, if you deleted a VLAN: • If any of the selected ports has this VLAN ID set for the default VLAN ID, the command is aborted. • If this check passes, the local variables are moved to the table entry selected by the index variable. • If the IP address was specified, the IP address is set. • If the switch is operating in 802.1Q mode, the following will be performed by the firmware: - The hardware is informed of which ports on the VLAN to delete. - All learned addresses for this VLAN are deleted. 3-3 Configuring VLANs Using SNMP - The selected ports are removed from the list of ports in the table entry. - If there are no ports left on the VLAN, and the VLAN ID does not equal 0x001, then the BPDU addresses and the MP MAC address is deleted from the address database. - All APR entries are flushed from the ARP table. - If there are no ports left on the VLAN, delete the IP address from the routing table and clear the table entry. 3.3 THE CONFIG EGRESS LIST The ConfigEgressList table is used to configure the default VLAN ID on specific ports. This is always a modify function, therefore, there is no need for the VlanConfigEstablish object. The four parameters are index, VLAN ID, ports and status. For a list of Config Egress MIB, refer to Chapter 3, Configuring VLANs Using SNMP. As in the config table, valid entries are between 0 and 31. An index outside of this range allows read/write access to the local variables. You must do a read of the entire table to gain knowledge of current table configuration. 3-4 Configuring VLANs Using SNMP 3.3.1 Modifying a Config Egress List Entry To modify a Config Egress List entry, proceed as follows: Step Action 1 Set the index outside its valid range. 2 Set the VLAN ID to the value desired. 3 Set the port variable to the value desired. 4 Set the index to the table entry you desire to modify. 5 Write any value to the status variable. When the write to the status entry is completed, an attempt will be made to carry out the command. If modifying an existing entry in the table, the VLAN ID in the table entry must match the local variable. If it does not the command will be aborted. If the VLAN ID is already in use, the index must also match. If it does not the command will be aborted. The command will abort, if the VLAN ID is not valid, if the VLAN does not exist, or all ports are not members of that VLAN. After all checks pass, the VLAN ID is copied to the default table based on the index specified. The ports selected are added to the existing list of ports in the table entry. If the switch is operating in 802.1Q mode, the following will be performed by the firmware: • Inform the hardware of the new PVID for the port(s). • Delete the old default VLAN ID for these ports (PVID/MAC address pair). • Add the new MAC address pair for these ports (PVID/MAC address pair). • Delete all learned addresses for this VLAN. • Flush all ARP entries. 3-5 Configuring VLANs Using SNMP 3.4 THE FILTER GVRP TABLE The Filter GVRP Table can be used to inhibit VLANs from being learned via GVRP. It can also be used to inhibit a user from accidentally configuring a port on a VLAN they do not want. In the other tables, there are several local variables associated with the Filter GVRP Table, such as index, the VLAN ID, the list of ports, the status, and establish. In the other tables, valid entries are between 0 and 31. An index outside of this range allows read/write access to the local variables. 3.4.1 Modifying, Creating or Deleting a Filter GVRP Table Entry To modify, create, or delete an entry in the Filter GVRP Table, proceed as follows: Step Action 1 Set the index outside its valid range. 2 Set the VLAN ID to the value desired. 3 Set the port variable to the value desired. 4 Set the establish variable to Create or Delete. 5 Set the index to the table entry you desire to modify. 6 Write any value to the status variable. When a write to the status entry has completed, an attempt will be made to carry out the command. 3-6 Configuring VLANs Using SNMP 3.4.1.1 Creating a Filter If you created a Filter, a check is done to: • Ensure that the command is either a Create or a Delete. If it is not, the command is aborted. • Determine if the VLAN ID is valid. If not, the command is aborted. • Ensure the index is within the valid range. If it is not, the command is aborted. • If modifying an existing entry in the table, the VLAN ID that is in the table entry must match the local variable. If it does not, the command will be aborted. • If the VLAN ID is already in use, the index must also match. If it does not, the command will be aborted. If all of these checks pass, the VLAN ID is copied into the table entry and the ports are added to the existing port mask. If the switch is operating in 802.1Q mode, the command is passed to the GVRP task, all of the learned addresses on the VLAN are deleted, and all ARP entries are flushed. 3.4.1.2 Deleting a Filter If you deleted a Filter, a check is done to: • Ensure the index is within the valid range. If it is not the command is aborted. • If modifying an existing entry in the table, the VLAN ID that is in the table entry must match the local variable. If it does not, the command will be aborted. • If the VLAN ID is already in use, the index must also match. If it does not, the command will be aborted. If all of these checks pass, the VLAN ID is copied into the table entry and the ports are removed to the existing port mask. If the switch is operating in 802.1Q mode, the command is passed to the GVRP task, all of the learned addresses on the VLAN are deleted, and all ARP entries are flushed. 3-7 Configuring VLANs Using SNMP 3.5 THE STATIC MAC ENTRY Only three local variables are accessible, the VLAN ID; the MAC address, and the port to associate with this entry. MAC addresses added via this mechanism are not saved after a reboot, and will not age. For a list of Static MAC variables, refer to Chapter 3, Configuring VLANs Using SNMP. 3.5.1 Creating a Static MAC Entry To create a new entry, proceed as follows: Step Action 1 Set the VLAN ID. 2 Set the MAC address. 3 Set the port. 4 Set the establish variable to Create. If the VLAN ID is not valid or the entry already exists, the command will be aborted. If it does not exist, it will be added. 3.5.2 Deleting a Static MAC Entry To delete an entry, proceed as follows: Step Action 1 Set the VLAN ID. 2 Set the MAC address. 3 Set the establish variable to delete. If the entry already exists, it will be deleted. If it does not exist, the command will be aborted. 3-8 CHAPTER 4 VLAN MIB OBJECTS 4.1 OVERVIEW This chapter describes the MIB objects that relate to configuring 802.1Q VLANs. The MIB system groups described alphabetically in this chapter are as follows: • Bridge Configuration • Configuration Entries • Device Entries • Egress Table • Filter GVRP • Static MAC Address Entries For procedures describing how to configure VLANs, refer to Chapter 3, Configuring VLANs Using SNMP. 4.2 BRIDGE CONFIGURATION The els10-27VlanBridgeConfig group manages the overall configuration of the bridge’s VLAN resources. The implementation of this group is MANDATORY. The OBJECT-TYPE is from RFC-1212. 4.2.1 VLAN Version Number Specifies the version of IEEE 802.1Q VLAN that has been implemented. A value of 1 will be returned. els10-27VlanVersionNumber OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory ::= { els10-27VlanBridgeConfig 1 } The MIB OBJECT IDENTIFIER for accessing the VlanVersionNumber is: OID 1.3.6.1.4.1.97.9.20.1 4-1 VLAN MIB Objects 4.2.2 Operating Mode (VlanOperatingMode) This object selects the mode of operation (802.1D = 1 or 802.1Q = 2). The switch can operate as an 802.1d switch, or as an 802.1d switch with IEEE VLAN capability (802.1Q). A read of this object will return the current operating mode. NOTE Changing the value will not change the operation of the switch until the unit is rebooted. DEFVAL { ieee8021d } els10-27VlanOperatingMode OBJECT-TYPE SYNTAX INTEGER { ieee8021d(1), ieee8021Q(2) } ACCESS read-write STATUS mandatory ::= { els10-27VlanBridgeConfig 2 } The MIB OBJECT IDENTIFIER for accessing the VlanOperatingMode is: OID 1.3.6.1.4.1.97.9.20.2 4.2.3 Reset (VlanReset) This MIB object resets a specified bridge. This MIB is not supported in ELS1027TX Version 1.01.00. The MIB OBJECT IDENTIFIER for accessing the VlanReset is: OID 1.3.6.1.4.1.97.9.20.3 4-2 VLAN MIB Objects 4.2.4 GVRP Enable (VlanGVRPEnable) If the switch is operating in 802.1Q mode, it selects whether GVRP protocol messages should be processed and VLANs configured accordingly for each port on the switch. Each octet within the value of this object specifies a set of eight ports. This is a list of all ports within the VLAN. From right to left, the first octet specifies ports 1-8, the second octet specifies ports 9-16, the third octet specifies ports 17-24 and the fourth octet specifies ports 25-27. Within each octet, the least significant bit represents the lowest numbered port, and the most significant bit represents the highest numbered port. For Example, to include ports 1 through 4 in the VLAN, you would use the octet (0x)0000000F. If you wanted to include ports 1, 5, 9 in the VLAN, you would use the octet (0x)00000111. In this example, each port of the VLAN bridge is represented by a single bit within the value of this object. If that bit has a value of ‘1’ then that port is included in the set of ports; the port is not included if its bit has a value of ‘0.’ Writes are ignored and a value of 2 is returned on a read. els10-27VlanGVRPEnable OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..8)) ACCESS read-write STATUS mandatory ::= { els10-27VlanBridgeConfig 4 } The MIB OBJECT IDENTIFIER for accessing the VlanGVRPEnable is: OID 1.3.6.1.4.1.97.9.20.4 4-3 VLAN MIB Objects 4.2.5 Access List (VlanAccessList) A list of ports that should act as ‘Access Ports’. These ports strip all tags on egress and also make use of a shared database that will automatically be kept by the firmware. Each octet within the value of this object specifies a set of eight ports. The first octet specifies ports 1 through 8. The second octet specifies ports 9 through 16, etc. Within each octet, the least significant bit represents the lowest numbered port, and the most significant bit represents the highest numbered port. For example, each port of the VLAN bridge is represented by a single bit within the value of this object. If that bit has a value of ‘1’ then that port is included in the set of ports; the port is not included if its bit has a value of ‘0.’ els10-27VlanAccessList OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..8)) ACCESS read-write STATUS mandatory ::= { els10-27VlanBridgeConfig 5 } The MIB OBJECT IDENTIFIER for accessing the VlanAccessList is: OID 1.3.6.1.4.1.97.9.20.5 4.2.6 VLAN (VlanConfigVlan) The els10-27VlanConfigVlan manages the configuration of a specific VLAN within a bridge. Each VLAN will have an entry in the els10-27VlanConfigTable. The implementation of this group is MANDATORY. els10-27VlanConfigVlan OBJECT IDENTIFIER ::= { els10-27VlanBridgeConfig 6 } The MIB OBJECT IDENTIFIER for accessing the VlanConfigVlan is: OID 1.3.6.1.4.1.97.9.20.6 4-4 VLAN MIB Objects 4.3 CONFIGURATION ENTRIES This section provides you with VLAN configuration entries. For instructions on configuring VLANs, refer to Chapter 3, Configuring VLANs Using SNMP. 4.3.1 Entry (VlanConfigEntry) This entry allows configuration of specific VLAN entries. Although this is configured as a table, there is only a single instance. Entries must be referenced as simple variables. els10-27VlanConfigEntry OBJECT-TYPE SYNTAX Els10-27VlanConfigEntry ACCESS not-accessible STATUS mandatory INDEX { els10-27VlanConfigVID } ::= { els10-27VlanConfigTable 1 } The MIB OBJECT IDENTIFIER for the VlanConfigEntry is: OID 1.3.6.1.4.1.97.9.20.6.4.1 4.3.1.1 VlanConfigEntry Els10-27VlanConfigEntry ::= SEQUENCE { els10-27VlanConfigIndex INTEGER, els10-27VlanConfigVID OCTET STRING, els10-27VlanConfigPorts OCTET STRING, els10-27VlanConfigIP IPADDRESS, els10-27VlanConfigIPMask IPADDRESS, els10-27VlanConfigName DisplayString, els10-27VlanConfigStatus INTEGER, els10-27VlanConfigEstablish INTEGER } 4-5 VLAN MIB Objects 4.3.2 Index (VlanConfigIndex) The VLANConfigIndex is the index into the table of VLANs. The table has 32 entries (0 - 31). An index value outside this range will reference the local variable. For example, if the index is set to -1 and the els10-27VlanConfigVID object is read, the local variable (not the table entry) is read. By using an out of range value, the local variables can be read. Only the local variables are written to until an els10-27VlanConfigStatus is written. els10-27VlanConfigIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory ::= { els10-27VlanConfigEntry 1 } The MIB OBJECT IDENTIFIER for accessing the VlanConfigIndex is: OID 1.3.6.1.4.1.97.9.20.6.4.1.1 4.3.3 VID (VlanConfigVID) The 12 bit VLAN Identifier associated with the configured VLAN. The valid range is 1..4094. els10-27VlanConfigVID OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..8)) ACCESS read-write STATUS mandatory ::= { els10-27VlanConfigEntry 2 } The MIB OBJECT IDENTIFIER for accessing the VlanConfigVID is: OID 1.3.6.1.4.1.97.9.20.6.4.1.2 4-6 VLAN MIB Objects 4.3.4 Ports (VlanConfigPorts) A bit mask of the ports in this VLAN. Each octet within the value of this object specifies a set of eight ports. This is a list of all ports within the VLAN. From right to left, the first octet specifies ports 1-8, the second octet specifies ports 916, the third octet specifies ports 17-24 and the fourth octet specifies ports 25-27. Within each octet, the least significant bit represents the lowest numbered port, and the most significant bit represents the highest numbered port. For Example, to include ports 1 through 4 in the VLAN, you would use the octet (0x)0000000F. If you wanted to include ports 1, 5, 9 in the VLAN, you would use the octet (0x)00000111. In this example, each port of the VLAN bridge is represented by single bit within the value of this object. If that bit has a value of ‘1’ then that port is included in the set of ports; the port is not included if its bit has a value of ‘0.’ els10-27VlanConfigPorts OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..8)) ACCESS read-write STATUS mandatory ::= { els10-27VlanConfigEntry 3 } The MIB OBJECT IDENTIFIER for accessing the VlanConfigPorts is: OID 1.3.6.1.4.1.97.9.20.6.4.1.3 4.3.5 IP (VlanConfigIP) The IP address to be used to access the unit on this VLAN. This must be a valid host address. els10-27VlanConfigIP OBJECT-TYPE SYNTAX IPADDRESS ACCESS read-write STATUS mandatory ::= { els10-27VlanConfigEntry 4 } The MIB OBJECT IDENTIFIER for accessing the VlanConfigIP is: OID 1.3.6.1.4.1.97.9.20.6.4.1.4 4-7 VLAN MIB Objects 4.3.6 IP Mask (VlanConfigIPMask) The IP subnet mask to be used with this IP address. els10-27VlanConfigIPMask OBJECT-TYPE SYNTAX IPADDRESS ACCESS read-write STATUS mandatory ::= { els10-27VlanConfigEntry 5 } The MIB OBJECT IDENTIFIER for accessing the VlanConfigIPMask is: OID 1.3.6.1.4.1.97.9.20.6.4.1.5 4.3.7 Name (VlanConfigName) The ASCII name associated with this VLAN. els10-27VlanConfigName OBJECT-TYPE SYNTAX DisplayString (SIZE (1..32)) ACCESS read-write STATUS mandatory ::= { els10-27VlanConfigEntry 6 } The MIB OBJECT IDENTIFIER for accessing the VlanConfigName is: OID 1.3.6.1.4.1.97.9.20.6.4.1.6 4-8 VLAN MIB Objects 4.3.8 Status (VlanConfigStatus) A set with any value will create, modify or delete entries in the specified VLAN according to the value in els10-27VlanConfigEstablish. els10-27VlanConfigStatus OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory ::= { els10-27VlanConfigEntry 7 } The MIB OBJECT IDENTIFIER for accessing the VlanConfigStatus is: OID 1.3.6.1.4.1.97.9.20.6.4.1.7 4.3.9 Establish (VlanConfigEstablish) A set with the value create(1), causes an entry to be created in the els1027VlanConfigTable as specified by the instancing information of els1027VlanConfigVID, els10-27VlanConfigName, and els10-27VlanConfigPorts, etc., when the els10-27VlanConfigStatus is written to. A set of delete(2) causes the specified entry to be removed from the table, when the els1027VlanConfigStatus is written to. For configuration instructions refer to Chapter 2, The Configuration Table. els10-27VlanConfigEstablish OBJECT-TYPE SYNTAX INTEGER { create(1), delete(2) } ACCESS read-write STATUS mandatory ::= { els10-27VlanConfigEntry 8 } The MIB OBJECT IDENTIFIER for accessing the VlanConfigEstablish is: OID 1.3.6.1.4.1.97.9.20.6.4.1.8 4-9 VLAN MIB Objects 4.4 DEVICE ENTRIES 4.4.1 Active (VlanNumActiveEntries) The number of active VLAN entries for the device. This includes the total number of both static and dynamic VLANs presently in use. els10-27VlanNumActiveEntries OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory ::= { els10-27VlanConfigVlan 1 } The MIB OBJECT IDENTIFIER for accessing the VlanNumActiveEntries is: OID 1.3.6.1.4.1.97.9.20.6.1 4.4.2 Static Configured (VlanNumConfiguredEntries) The number of Static configured VLAN entries for the unit. els10-27VlanNumConfiguredEntries OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory ::= { els10-27VlanConfigVlan 2 } The MIB OBJECT IDENTIFIER for accessing the VlanNumConfiguredEntries is: OID 1.3.6.1.4.1.97.9.20.6.2 4-10 VLAN MIB Objects 4.4.3 Maximum Number (VlanMaxNumEntries) The maximum number of VLAN entries for the device. A value of 32 will be returned. els10-27VlanMaxNumEntries OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory ::= { els10-27VlanConfigVlan 3 } The MIB OBJECT IDENTIFIER for accessing the VlanMaxNumEntries is: OID 1.3.6.1.4.1.97.9.20.6.3 4.4.4 Configuration Table (VlanConfigTable) This table allows for the creation, deletion, and modification of specific VLANs. The ports defined within this group will be members of the ‘member set’ as defined in the IEEE 802.1Q specification. Although this is configured as a table, there is only a single instance. Entries should be referenced as simple variables. els10-27VlanConfigTable OBJECT-TYPE SYNTAX SEQUENCE OF Els10-27VlanConfigEntry ACCESS not-accessible STATUS mandatory ::= { els10-27VlanConfigVlan 4 } The MIB OBJECT IDENTIFIER for the VlanConfigTable is: OID 1.3.6.1.4.1.97.9.20.6.4 4-11 VLAN MIB Objects 4.5 Egress Table 4.5.1 Egress Table (VlanConfigEgressTable) This table allows for the specifying of the default VLAN ID for a specific port. If NOT configured as an ‘Access’ port, then packets containing this VLAN ID will have the tag stripped on egress, if it matches the PVID. This will set the PVID for each port contained within the list. els10-27VlanConfigEgressTable OBJECT-TYPE SYNTAX SEQUENCE OF Els10-27VlanConfigEgressEntry ACCESS not-accessible STATUS mandatory ::= { els10-27VlanConfigVlan 5 } The MIB OBJECT IDENTIFIER for accessing the VlanConfigEstablish is: OID 1.3.6.1.4.1.97.9.20.6.5 4.5.2 Egress Entry (VlanConfigEgressEntry) Allows for configuration of specific Egress entries. Although this is configured as a table, there is only a single instance. Entries should be referenced as simple variables. els10-27VlanConfigEgressEntry OBJECT-TYPE SYNTAX Els10-27VlanConfigEgressEntry ACCESS not-accessible STATUS mandatory INDEX { els10-27VlanEgressVID } ::= { els10-27VlanConfigEgressTable 1 } The MIB OBJECT IDENTIFIER for accessing the VlanConfigEstablish is: OID 1.3.6.1.4.1.97.9.20.6.5.1 4-12 VLAN MIB Objects 4.5.2.1 VlanConfigEgressEntry Els10-27VlanConfigEgressEntry ::= SEQUENCE { els10-27VlanEgressIndex INTEGER, els10-27VlanEgressVID OCTET STRING, els10-27VlanEgressList OCTET STRING, els10-27VlanEgressStatus INTEGER 4.5.3 Index (VlanEgressIndex) The index into the VLAN table. A port must be a member of this VLAN prior to assigning this ID as the default. The table has 32 entries (0 - 31). An index value outside this range will reference the local variable. For example, if the index is set to -1 and the els10-27VlanEgressVID object is read, the local variable is read, not the table entry. By using an out of range value, the local variables can be read. Only the local variables are written to until els10-27VlanEgressStatus is written. els10-27VlanEgressIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory ::= { els10-27VlanConfigEgressEntry 1 } The MIB OBJECT IDENTIFIER for accessing the VlanEgressIndex is: OID 1.3.6.1.4.1.97.9.20.6.5.1.1 4-13 VLAN MIB Objects 4.5.4 VID (VlanEgressVID) The 12-bit VLAN Identifier associated with the configured VLAN. The valid range is 1..4094. els10-27VlanEgressVID OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..8)) ACCESS read-write STATUS mandatory ::= { els10-27VlanConfigEgressEntry 2 } The MIB OBJECT IDENTIFIER for accessing the VlanEgressVID is: OID 1.3.6.1.4.1.97.9.20.6.5.1.2 4.5.5 List (VlanEgressList) The set of ports to which traffic destined for the VLAN specified by els1027VlanEgressVID on the device will have this tag stripped on egress. Each octet within the value of this object specifies a set of eight ports. The first octet specifies ports 1 through 8. The second octet specifies ports 9 through 16, etc. Within each octet, the least significant bit represents the lowest numbered port, and the most significant bit represents the highest numbered port. For example, each port of the VLAN bridge is represented by a single bit within the value of this object. If that bit has a value of ‘1’ then that port is included in the set of ports; the port is not included if its bit has a value of ‘0.’ els10-27VlanEgressList OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..8)) ACCESS read-write STATUS mandatory ::= { els10-27VlanConfigEgressEntry 3 } The MIB OBJECT IDENTIFIER for accessing the VlanEgressList is: OID 1.3.6.1.4.1.97.9.20.6.5.1.3 4-14 VLAN MIB Objects 4.5.6 Status (VlanEgressStatus) A set with any value will change all associated entries in the els10-27VlanEgressList to have the default VLAN ID set to the value in els10-27VlanEgressVID using the els10-27VlanEgressIndex value to index into the table. els10-27VlanEgressStatus OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory ::= { els10-27VlanConfigEgressEntry 4 } The MIB OBJECT IDENTIFIER for accessing the VlanEgressStatus is: OID 1.3.6.1.4.1.97.9.20.6.5.1.4 4-15 VLAN MIB Objects 4.6 FILTER GVRP 4.6.1 GVRP (VlanFilterGVRPTable) This table allows for the specifying of VLAN ID’s that will be restricted from being learned by the device. If a GVRP packet is received specifying this VLAN ID, it will be ignored. els10-27VlanFilterGVRPTable OBJECT-TYPE SYNTAX SEQUENCE OF Els10-27VlanFilterGVRPEntry ACCESS not-accessible STATUS mandatory ::= { els10-27VlanConfigVlan 6 } The MIB OBJECT IDENTIFIER for accessing the VlanFilterGVRP is: OID 1.3.6.1.4.1.97.9.20.6.6 4.6.2 Entry (VlanFilterGVRPEntry) Allows for configuration of specific entries. Although this is configured as a table, there is only a single instance. Entries should be referenced as simple variables. els10-27VlanFilterGVRPEntry OBJECT-TYPE SYNTAX Els10-27VlanFilterGVRPEntry ACCESS not-accessible STATUS mandatory INDEX { els10-27VlanFilterGVRPVID } ::= { els10-27VlanFilterGVRPTable 1 } The MIB OBJECT IDENTIFIER for accessing the VlanFilterGVRP is: OID 1.3.6.1.4.1.97.9.20.6.6.1 4-16 VLAN MIB Objects 4.6.2.1 VlanFilterGVRPEntry Els10-27VlanFilterGVRPEntry ::= SEQUENCE { els10-27VlanFilterGVRPIndex INTEGER, els10-27VlanFilterGVRPVID OCTET STRING, els10-27VlanFilterGVRPList OCTET STRING, els10-27VlanFilterGVRPStatus INTEGER, els10-27VlanFilterGVRPEstablishVID INTEGER } 4.6.3 VlanFilterGVRPIndex The index into the VLAN Filter table. A maximum of 32 VLAN IDs can be restricted from being learned via GVRP. The table has 32 entries (0 - 31). An index value outside this range will reference the local variable. For example, if the index is set to -1 and the els10-27VlanFilterGVRPVID object is read, the local variable is read, not the table entry. By using an out of range value, the local variables can be read. Only the local variables are written to until els1027VlanFilterGVRPStatus is written. els10-27VlanFilterGVRPIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory ::= { els10-27VlanFilterGVRPEntry 1 } The MIB OBJECT IDENTIFIER for accessing the VlanFilterGVRPIndex is: OID 1.3.6.1.4.1.97.9.20.6.6.1 4-17 VLAN MIB Objects 4.6.4 VID (VlanFilterGVRPVID) The 12-bit VLAN Identifier associated with the configured VLAN. The valid range is 1..4094. els10-27VlanFilterGVRPVID OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..8)) ACCESS read-write STATUS mandatory ::= { els10-27VlanFilterGVRPEntry 2 } The MIB OBJECT IDENTIFIER for accessing the VlanFilterGVRPVID is: OID 1.3.6.1.4.1.97.9.20.6.6.2 4.6.5 List (VlanFilterGVRPList) The set of ports that will be restricted from learning of a VLAN ID from a GVRP message. The VLAN ID is specified by els10-27VlanFilterGVRPVID. Each octet within the value of this object specifies a set of eight ports. The first octet specifies ports 1 through 8. The second octet specifies ports 9 through 16, etc. Within each octet, the least significant bit represents the lowest numbered port, and the most significant bit represents the highest numbered port. For example, each port of the VLAN bridge is represented by a single bit within the value of this object. If that bit has a value of ‘1’ then that port is included in the set of ports; the port is not included if its bit has a value of ‘0.’ els10-27VlanFilterGVRPList OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..8)) ACCESS read-write STATUS mandatory ::= { els10-27VlanFilterGVRPEntry 3 } The MIB OBJECT IDENTIFIER for accessing the VLANFilterGVRPList is: OID 1.3.6.1.4.1.97.9.20.6.6.3 4-18 VLAN MIB Objects 4.6.6 Status (VlanFilterGVRPStatus) A set with any value enables all associated entries in els10-27VlanFilterGVRPVID table for the specified VLAN. els10-27VlanFilterGVRPStatus OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory ::= { els10-27VlanFilterGVRPEntry 4 } The MIB OBJECT IDENTIFIER for accessing the VLANFilterGVRPStatus is: OID 1.3.6.1.4.1.97.9.20.6.6.4 4.6.7 EstablishVID (VlanFilterGVRPEstablishVID) A set of the value create(1), will cause an entry to be created in the els10-27VlanFilterGVRPTable using els10-27VlanFilterGVRPIndex, els10-27VlanFilterGVRPVID, and els10-27VlanFilterGVRPList once a write is done to els10-27VlanFilterGVRPStatus. A set of delete(2) causes the specified entry to be removed from the table once a write is done to els1027VlanFilterGVRPStatus. els10-27VlanFilterGVRPEstablishVID OBJECT-TYPE SYNTAX INTEGER { create(1), delete(2) } ACCESS read-write STATUS mandatory ::= { els10-27VlanFilterGVRPEntry 5 } The MIB OBJECT IDENTIFIER for accessing the VLANFilterGVRPEstablishVID is: OID 1.3.6.1.4.1.97.9.20.6.6.5 4-19 VLAN MIB Objects 4.7 STATIC MAC ADDRESS ENTRIES 4.7.1 Table (VlanStaticTable) Allows for configuration of specific VLAN/MAC Address entries and to specify the port to which traffic destined for this address pair should be forwarded. These entries will not be aged out of the forwarding data base, but they will not be saved across a reboot. els10-27VlanStaticTable OBJECT-TYPE SYNTAX SEQUENCE OF Els10-27VlanStaticEntry ACCESS not-accessible STATUS mandatory ::= { els10-27VlanConfigVlan 7 } The MIB OBJECT IDENTIFIER for accessing the VLANFilterGVRPEstablish is: OID 1.3.6.1.4.1.97.9.20.6.7 4.7.2 Entry (VlanStaticEntry) Allows for configuration of specific entries. Although this is configured as a table, there is only a single instance. Entries should be referenced as simple variables. els10-27VlanStaticEntry OBJECT-TYPE SYNTAX Els10-27VlanStaticEntry ACCESS not-accessible STATUS mandatory INDEX { els10-27VlanStaticVID } ::= { els10-27VlanStaticTable 1 } The MIB OBJECT IDENTIFIER for accessing the VLANStaticEntry is: OID 1.3.6.1.4.1.97.9.20.6.7.1 4-20 VLAN MIB Objects 4.7.2.1 VlanStaticEntry Els10-27VlanStaticEntry ::= SEQUENCE { els10-27VlanStaticVID OCTET STRING, els10-27VlanStaticMAC PhysAddress, els10-27VlanStaticPort INTEGER, els10-27VlanStaticEstablish INTEGER } 4.7.3 VID (VlanStaticVID) The 12-bit VLAN Identifier associated with the configured VLAN. The valid range is 1..4094. els10-27VlanStaticVID OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..8)) ACCESS read-write STATUS mandatory ::= { els10-27VlanStaticEntry 1 } The MIB OBJECT IDENTIFIER for accessing the VLANStaticEntry is: OID 1.3.6.1.4.1.97.9.20.6.7.1.1 4-21 VLAN MIB Objects 4.7.4 MAC (VlanStaticMAC) The media dependent physical address. els10-27VlanStaticMAC OBJECT-TYPE SYNTAX PhysAddress ACCESS read-write STATUS mandatory ::= { els10-27VlanStaticEntry 2 } The MIB OBJECT IDENTIFIER for accessing the VLANStaticEntry is: OID 1.3.6.1.4.1.97.9.20.6.7.1.2 4.7.5 Port (VlanStaticPort) An integer designating the port number to associate this address to. els10-27VlanStaticPort OBJECT-TYPE SYNTAX INTEGER ACCESS read-write STATUS mandatory ::= { els10-27VlanStaticEntry 3 } The MIB OBJECT IDENTIFIER for accessing the VLANStaticEntry is: OID 1.3.6.1.4.1.97.9.20.6.7.1.3 4-22 VLAN MIB Objects 4.7.6 Establish (VlanStaticEstablish) A set of the value create(1), causes an entry to be created as specified by the instancing information of els10-27VlanStaticVID, els10-27VlanStaticMAC, and els10-27VlanStaticPort. A set of delete(2) causes the specified entry to be removed from the table. els10-27VlanStaticEstablish OBJECT-TYPE SYNTAX INTEGER { create(1), delete(2) } ACCESS read-write STATUS mandatory ::= { els10-27VlanStaticEntry 4 } The MIB OBJECT IDENTIFIER for accessing the VLANStaticEntry is: OID 1.3.6.1.4.1.97.9.20.6.7.1.4 4-23 CHAPTER 5 CONFIGURING WORKGROUPS USING LCM 5.1 OVERVIEW Workgroups are a proprietary form that was developed prior to the IEEE standard being available. Workgroups are only supported in the 802.1D mode. The ELS10-27TX supports up to eight user defined Workgroups, with limited support for overlapping Workgroups. The goal of Workgroups was to isolate broadcast and multicast traffic to within the Workgroup. In some cases unicast traffic will also be isolated. Due to the fact that a typical unicast address is obtained by first issuing an ARP packet (which is a broadcast, and the broadcast packet will not be forwarded outside of the Workgroup), the unicast address will not be learned outside of the Workgroup. The end result is that host or servers will not be able to communicate with other hosts or servers outside of their Workgroup. Unlike the IEEE standard VLANs which spans switches, Workgroups only deal with filtering and forwarding of packets within the single switch. When packets are received on a port, the packet will be identified with a single Workgroup. The packet will then be forwarded or filtered based on that single Workgroup marking. When a packet leaves the switch, the packet will appear just as it did when it was received on the inbound port. 5-1 Configuring Workgroups Using LCM 5.2 WORKGROUP CONFIGURATION EXAMPLES Figure 5-1 shows an example of a typical Workgroup configuration. In this example, two Workgroups are used: Workgroup Alpha and the Default Workgroup. Workgroup Alpha contains ports 3,5,7 and 9, and the Default Workgroup contains all ports not contained in Workgroup Alpha. NOTES 1. The system creates the Default Workgroup. 2. If Workgroups were not defined, all ports are members of the Default Workgroup. Figure 5-1. Traffic Within Workgroups Workgroup Alpha Ports 3, 5, 7, 9 Workgroup Default Ports 1, 2, 4, 6, 8, and 10 - 27 In this example, all broadcast, multicast, and unicast packets will be restricted to the Workgroups. 5-2 Configuring Workgroups Using LCM It is also possible to overlap workgroups. Figure 5-2 shows how overlapping ports can communicate with ports in both Workgroups. For example, Workgroup Alpha 3-7 and Workgroup Omega 7-9. In this example, four workgroups would be created, Alpha, Omega, the default, and a superset workgroup containing all ports in Alpha and Omega. In this case ports 3-6 would be limited to communicating with ports within Alpha. Ports 8 and 9 would be limited to communicating with ports in Omega. However, port 7 can communicate with ports within both Alpha and Omega. Figure 5-2. Traffic Overlapping Within Workgroups Workgroup Superset Workgroup Alpha Ports 3, 4, 5, 6, 7 Ports 3 through 9 Workgroup Omega 7 8, 9 Workgroup Default Ports 1, 2, and 10 through 27 The system is able to do this because the system places additional entries in the database that allow the two-way communication. In the previous example, when a packet is received on port 7, its source MAC address is stored in the database with a Workgroup identifier. In this case it is the identifier of the superset (0x06e). When a device on ports 3-6 or 8 and 9 try to send a packet to that MAC address, it has no way of combining the destination MAC address with the Workgroup identifier for port 7 (0x06e). For example, if the packet is received on port 3, the packet is labeled with the Workgroup identifier for Workgroup Alpha (0x065). A lookup will be done on the MAC address and Workgroup ID pair (0x065). In this case, it would not be found and the packet would be flooded to all members of Workgroup Alpha. The two devices would be able to communicate, but only because of the flooding. To avoid flooding, the system places additional entries into the database. When the first packet is received on port 7, three entries are placed into the database. One for the superset (0x06e), one for Alpha (0x065), and one for Omega (0x066). By placing three entries, when the responding device sends a packet to 5-3 Configuring Workgroups Using LCM one of these ports, the MAC address and Workgroup pair is found in the database and sent to port 7. In our example, the packet was received on port 3 and paired with Workgroup Alpha (0x065). Conversely when packets are received on other ports (Port 3 in this example) they also will have additional entries placed into the database. In this example when a packet is received on port 3, two entries will be placed into the database for its source address. One for Alpha (0x065) and one for the superset (0x06e). Workgroups can be configured using either the console or SNMP. SNMP Workgroup Configuration is described in Chapter 6, Workgroup MIB Objects. 5.3 LCM WORKGROUP COMMANDS The workgroup command allows you to group ports together to limit the scope of broadcast, multicast and unicast packets. If there are no user defined workgroups, one default group exists consisting of all ports. As workgroups become defined, ports are removed from the default group and added to the newly defined group. NOTE Workgroups are only valid in 802.1D mode. The following is an example of the LCM workgroup command: ELS10-27> workgroup [NAME [ad[d] [del[ete] | PORT_RANGE]] To display all workgroups, enter the command: ELS10-27>workgroup To create/add a workgroup, enter the command: ELS10-27>workgroup alpha add 3-7 Name: alpha Workgroup ID: 0x065 Ports: 3, 4, 5, 6, 7, ELS10-27>workgroup omega add 7-9 Name: omega Workgroup ID: 0x066 Ports: 5-4 7, 8, 9, Configuring Workgroups Using LCM ELS10-27>workgroup default add 1, 2, 10 -27 Name: default Workgroup ID: 0x001 Ports: 1, 2, 10 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27 To delete ports specify the range: ELS10-27>workgroup omega delete 8, 9 NOTE When deleting a workgroup, you must delete the entire workgroup. Name: omega Workgroup ID: 0x066 Ports: 7 To display a workgroup specify the name: ELS10-27>workgroup omega Name: omega Workgroup ID: 0x066 Ports: 7 5-5 CHAPTER 6 CONFIGURING WORKGROUPS USING SNMP 6.1 OVERVIEW Workgroups are a proprietary form that was developed prior to the IEEE standard being available. Workgroups are only supported in the 802.1D mode. The ELS10-27TX supports up to eight user-defined Workgroups, with limited support for overlapping Workgroups. The goal of Workgroups was to isolate broadcast and multicast traffic to within the Workgroup. In some cases unicast traffic will also be isolated. Due to the fact that a typical unicast address is obtained by first issuing an ARP packet (which is a broadcast, and the broadcast packet will not be forwarded outside of the Workgroup), the unicast address will not be learned outside of the Workgroup. The end result is that host or servers will not be able to communicate with other hosts or servers outside of their Workgroup. Unlike the IEEE standard VLANs which span switches, Workgroups only deal with filtering and forwarding of packets within the single switch. When packets are received on a port, the packet will be identified with a single Workgroup. The packet will then be forwarded or filtered based on that single Workgroup marking. When a packet leaves the switch, the packet will appear just as it did when it was received on the inbound port. You can use a Cabletron Systems Network Management System, or a standard SNMP-based Network Management System (NMS), to manage the SmartSTACK Ethernet ELS10-27TX. This section describes Workgroup configuration using the Simple Network Management Protocol (SNMP). 6-1 Configuring Workgroups Using SNMP 6.2 WORKGROUP CONFIGURATION PROCEDURES You should have a familiarity with networking concepts and principles. In addition, a basic understanding of SNMP is helpful. SNMP Configuration information is shown on the following pages. To configure workgroups using SNMP, proceed as follows: Step Action 1 Read els10-27WorkGroupCurrentCount. This will tell you if another workgroup can be created. If the value is less than 8, another workgroup can be created. 2 Read els10-27WorkGroupNextNumber. This is the next available index into the workgroup table. This number should be written to els10-27WorkGroupNumber. 3 Write the number returned from els10-27WorkGroupNextNumber to els10-27WorkGroupNumber. 4 Write the new workgroup name to els10-27WorkGroupName. 5 Write the list of ports to be included in the workgroup, to els1027WorkGroupPorts. 6 Write a value of 3 to els10-27WorkGroupType. When writing to the els10-27WorkGroupType entry, the following checks are made: • If the els10-27WorkGroupNumber is less than 1 or greater then 8, the command will be aborted. • If the els10-27WorkGroupName field is blank, the command will be aborted. • If the els10-27WorkGroupPorts is empty, the command will be aborted. • If the els10-27WorkGroupType field is not 3 or 4, the command will be aborted. 6-2 Configuring Workgroups Using SNMP If ports are added to an existing workgroup, the index into the workgroup table would be written to els10-27WorkGroupNumber. This would be obtained by first reading all of the entries in the workgroup table. The name of the workgroup you want to add ports to would be written to els10-27WorkGroupName. If a workgroup was to be deleted, the index into the table and the workgroup name would be used, as in the previous example, any value should be written to els10-27WorkGroupPorts. However, a value of 4 would be written to els1027WorkGroupType to perform a delete. NOTE You must delete the Workgroup in its entirety. You cannot delete part of a Workgroup. 6-3 CHAPTER 7 WORKGROUP MIB OBJECTS 7.1 OVERVIEW You can use a Cabletron Systems Network Management System (NMS), or a standard SNMP-based Network Management System, to manage the SmartSTACK Ethernet ELS10-27TX. This section describes Workgroup configuration using the Simple Network Management Protocol (SNMP). You should have a familiarity with networking concepts and principles. In addition, a basic understanding of SNMP is helpful. SNMP Configuration information is shown on the following pages. 7.2 WORKGROUPS USING SNMP The ELS10-27TX has support for the following OBJECT-IDENTIFIERs in the enterprise specific area. There are three Read-Only Workgroup variables, and four Read/Write Workgroup Table variables. 7.2.1 Next Number (WorkGroupNextNumber) The next available workgroup number to be used. When creating a new workgroup, it is recommended to read the value of the variable and use it to key into the workgroup table. els10-27WorkGroupNextNumber OBJECT-TYPE SYNTAX INTEGER STRING (SIZE (1..8)) ACCESS read-only STATUS mandatory ::= { els10-27WorkGroup 1 } The MIB OBJECT IDENTIFIER for reading the VLANVersionNumber is: OID 1.3.6.1.4.1.97.9.14.1 7-1 Workgroup MIB Objects 7.2.2 Current Count (WorkGroupCurrentCount) The total number of workgroups currently defined. This will return a value between 0 and 8. els10-27WorkGroupCurrentCount OBJECT-TYPE SYNTAX INTEGER STRING (SIZE (1..8)) ACCESS read-only STATUS mandatory ::= { els10-27WorkGroup 2 } The MIB OBJECT IDENTIFIER for reading the VLANVersionNumber is: OID 1.3.6.1.4.1.97.9.14.2 7.2.3 MAX Count (WorkGroupMaxCount) The maximum number of workgroups allowed. This will always return a value of 8. els10-27WorkGroupMaxCount OBJECT-TYPE SYNTAX INTEGER STRING (SIZE (1..8)) ACCESS read-only STATUS mandatory ::= { els10-27WorkGroup 3 } The MIB OBJECT IDENTIFIER for reading the VLANVersionNumber is: OID 1.3.6.1.4.1.97.9.14.3 7-2 Workgroup MIB Objects 7.2.4 Table (WorkGroupTable) This table contains Workgroup definitions for the interfaces. els10-27WorkGroupTable OBJECT-TYPE SYNTAX Sequence of LxWorkGroupEntry ACCESS non-accessible STATUS mandatory ::= { els10-27WorkGroup 4 } The MIB OBJECT IDENTIFIER for reading the WorkGroupTable is: OID 1.3.6.1.4.1.97.9.14.4 7-3 Workgroup MIB Objects 7.2.5 Entry (WorkGroupEntry) Each entry in this table contains a definition of a Workgroup. els10-27WorkGroupNumber OBJECT-TYPE SYNTAX LxWorkGroupEntry ACCESS non-accessible STATUS mandatory ::= { els10-27WorkGroupTable 1 } INDEX { els10-27WorkGroupNumber } ::= { els10-27WorkGroupTable 1 } LxWorkGroupEntry ::= SEQUENCE { els10-27WorkGroupNumber INTEGER, els10-27WorkGroupName DisplayString, els10-27WorkGroupPorts OCTET STRING, els10-27WorkGroupType INTEGER } The MIB OBJECT IDENTIFIER for reading the WorkgroupTable is: OID 1.3.6.1.4.1.97.9.14.4.1 7-4 Workgroup MIB Objects 7.2.5.1 Number (WorkGroupNumber) An integer that identifies the work group, used as an index to this table. When creating a new Workgroup, the value returned from the els1027WorkGroupNextNumber variable is written here. els10-27WorkGroupNumber OBJECT-TYPE SYNTAX INTEGER STRING (SIZE (1..8)) ACCESS read-write STATUS mandatory ::= { els10-27WorkGroupEntry 1 } The MIB OBJECT IDENTIFIER for reading the VLANVersionNumber is: OID 1.3.6.1.4.1.97.9.14.4.1.1 7.2.5.2 Name (WorkGroupName) A 1 through 16 character Workgroup name. When creating a Workgroup, this must be a unique name. els10-27WorkGroupName OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..16)) ACCESS read-write STATUS mandatory ::= { els10-27WorkGroupEntry 2 } The MIB OBJECT IDENTIFIER for reading the VLANVersionNumber is: OID 1.3.6.1.4.1.97.9.14.4.1.2 7-5 Workgroup MIB Objects 7.2.5.3 Ports (WorkGroupPorts) This is a list of all ports within the Workgroup. From left to right, the first octet specifies ports 1-8, the second octet specifies ports 9-16, the third octet specifies ports 17-32 and the fourth octet specifies ports 24-27. When create or add is used, you must provide a list of ports to be included in the Workgroup. For example, if you want to include ports 1 through 4 in the Workgroup, you would use the following octet: 0XF0000000. When delete is used, it must be a non-zero value. Regardless of the value, all ports will be removed, and the Workgroup deleted. The user is not allowed to perform a partial delete. els10-27WorkGroupPorts OBJECT-TYPE SYNTAX OCTET STRING (SIZE 4 Bytes) (00 |00 |00 |00 ) (1-8|9-16|17-23|24-27) ACCESS read-write STATUS mandatory ::= { els10-27WorkGroupEntry 3 } The MIB OBJECT IDENTIFIER for reading the VLANVersionNumber is: OID 1.3.6.1.4.1.97.9.14.4.1.3 7.2.5.4 Type (WorkGroupType) This is the type of Workgroup action (create or delete). If you want to create or add, enter a value of 3. This creates or adds using the values in the three preceding variables. If you want to delete, enter a value of 4. els10-27WorkGroupType OBJECT-TYPE SYNTAX INTEGER STRING (3=Create, 4=Delete) ACCESS read-write STATUS mandatory ::= { els10-27WorkGroupEntry 4 } The MIB OBJECT IDENTIFIER for reading the VLANVersionNumber is: OID 1.3.6.1.4.1.97.9.14.4.1.4 7-6 APPENDIX A VIRTUAL LANS (VLANS) A.1 VLANS AND FRAME TAGGING The ELS10-27TX supports IEEE 802.1Q-compliant virtual LANs (VLANs). This capability provides a highly efficient architecture for establishing VLANs within a network and for controlling broadcast/multicast traffic between workgroups. Central to this capability is an explicit frame tagging approach for carrying VLAN information between interconnected network devices. With frame tagging, a four-byte data tag field is appended to frames that cross the network. The tag identifies which VLAN the frame belongs to. The tag may be added to the frame by the end station itself or by a network device, such as a switch. In the example in Figure A-1 below, the workstations attached to the top switch are members of the same two VLANs as the workstations attached to the bottom switch. The 802.1Q tags are used to carry VLAN information in the frames traveling between the two switches. VLAN X VLAN Y 1 802.1Q tag added by Incoming port* RESET PWR COM TX ACT FDX MON RX COL 100 USR 2X 4X 6X 8X 10X 12X 14X 16X 18X 20X 22X 24X 25X LINK LINK 26X STATUS STATUS CPU STATUS LINK LINK PORT STATUS MODE ELS10-27TX 10BASE-T/100BASE-TX STATUS LINK STATUS LINK STATUS LINK STATUS LINK STATUS LINK STATUS STATUS LINK LINK STATUS LINK STATUS LINK STATUS LINK STATUS LINK STATUS STATUS EPIM100 ETHERNET SWITCH 27X 26 2 27 802.1Q tag carries VLAN Identifier RESET PWR COM CPU TX ACT FDX MON RX COL 100 USR VLAN X 2X 4X 6X 8X 10X 12X 14X 16X 18X 20X 22X 24X 25X LINK LINK 26X STATUS STATUS STATUS ELS10-27TX 10BASE-T/100BASE-TX LINK PORT STATUS MODE STATUS LINK STATUS LINK STATUS LINK STATUS STATUS LINK LINK STATUS STATUS LINK LINK STATUS LINK STATUS STATUS LINK STATUS LINK LINK LINK STATUS STATUS EPIM100 ETHERNET SWITCH 27X 3 26 27 802.1Q used by switch to determine VLAN, then stripped by forwarding port* VLAN Y * Note 1 is true if it does not have a tag and is a hybrid port, or the port is an access port. * Note 3 is only stripped, if the hybrid port and the tag in the packet matches the PVID or is an access port. Figure A-1. Two-Switch VLAN Configuration A-1 ELS10-27TX VLAN Configuration If the ELS10-27TX is so configured, and, if the frame does not already contain a tag, a VLAN identifier is placed in a tag which is appended to frames as they are received by the switch. Within the switch and between switches compliant with IEEE 802.1Q, these identifiers are used to control the destination of all frames, preventing them from being flooded to all connected stations and interfaces. When frames are forwarded to destination end stations, the tag may or may not be stripped off, depending on the configuration of the switch port. By using 802.1Q tagged VLANs, users from physically dispersed locations can be formed into groups by assigning them to specific VLANs. Broadcast, Unicast and multicast traffic for these specific VLANs can be directed across the network without being radiated out to stations that are not members of the same VLANs. Up to 32 different VLANs can be specified by the 802.1Q tag. This implementation is non-intrusive to end-station applications and the associated clients. Both tagged and non-tagged as defined can function properly in the environment. A.2 ELS10-27TX VLAN CONFIGURATION VLAN operation on the ELS10-27TX is disabled by default.You must configure all VLANs, prior to using them. When VLANs are enabled, all frames are transferred internally through the switch with a VLAN tag. This tag may already be on the frame entering the switch, or it may be added to the frame by the switch. VLAN information already existing on frames entering the switch is automatically handled by the switch. The ELS10-27TX uses VLAN information from tagged frames and appropriately switches frames out the proper ports based on this information. This configuration can be made either through the VLAN Menu in the console interface or via SNMP. The parameters used to configure VLANs on the ELS10-27TX are explained below. If tag-unaware devices are to be supported, access ports and default VLAN IDs for the ports must be configured. A.2.1 VLAN ID The VLAN ID is used to uniquely identify different VLANs on a network. The VLAN ID information is contained in the 802.1Q tag header on a frame, and so identifies the VLAN to which a frame belongs. The ELS10-27TX recognizes VLAN IDs in the tags on frames entering the switch, and can also add tags with an appropriate VLAN ID to untagged frames. A-2 ELS10-27TX VLAN Configuration A.2.2 PORTS IN VLAN A port is made a member of the VLAN by the VLAN command. A port can be a member of multiple VLAN IDs. If a packet is received without a tag, the default VLAN for that port is applied to the packet. The default VLAN ID for a port is set with the port command. A.2.3 VLAN EGRESS For hybrid ports, if a tag within the frame matches the PVID of the port, the tag will be stripped. If a tag within the frame does not match the PVID, the frame will be transmitted from the port. For access ports, the tag will always be stripped. A.2.4 VLAN ACCESS PORTS Individual ELS10-27TX ports can be configured as one of two types for the purpose of VLAN configuration: Access or Hybrid. A VLAN Access port is used to connect one or more VLAN-unaware devices to the switch. VLAN tagged frames are not allowed to enter or exit an Access port. If a tagged frame enters the switch on an Access port, the switch will add the PVID to the frame and forward the frame based on it. Only end-user stations which do not support 802.1Q tags should be attached to ports on the switch configured as Access ports. In Example 1 in Figure A-2, both ports are designated as Access ports. The ports are both configured to be on VLAN X. An untagged frame (1) comes in through the left port and gets tagged with a VLAN X tag (2), based on the incoming port PVID. As the frame exits through the right port, the tag is stripped (3) since the outgoing port is an Access port as well and can only transmit untagged frames. The frame can propagate through the switch in this example only because both ports are on the same VLAN. In Example 2 in Figure A-2, both ports are also Access ports, however the port on the left is on VLAN X while the port on the right is on VLAN Y. The untagged frame (1) comes in through the left port and again gets tagged with a VLAN X tag (2). However, because the outgoing port is on a different VLAN (VLAN Y), the frame is dropped. In general, frames cannot propagate between ports unless both ports belong to the same VLAN. A-3 ELS10-27TX VLAN Configuration Figure A-2. VLAN Access Ports A-4 INDEX Numerics 802.1Q A-2, A-3 802.1Q Trunk Ports 1-4 Enable Command 2-1 address limit parameter Exit or Logout 2-4 A F Access Port A-1 Access Ports 1-3, A-3, A-4 Access Ports (802.1Q Mode) 1-3 Add a VLAN 3-2 a workgroup 5-4 Assigning Ports to a VLAN 1-6 frame tagging B basic LCM commands 2-4 C Configuring VLANs Using LCM 2-1 Configuring Workgroups Using LCM 5-1 Configuring Workgroups Using SNMP 6-1 Connfiguring VLANs Using SNMP 3-1 Conventions used in this guide xix conventions, LCM command 2-1 Creating a VLAN 3-3 Index 2-5 A-1 G Gateway Default Gateway 1-9 Getting Help xviii GVRP Creating a Filter 3-7 Enable GVRP 1-7 Modifying, Creating or Deleting a Filter GVRP Table Entry 3-6 Support for 2-11 The Filter GVRP table 3-6 H Hybrid Port 1-4 Hybrid Ports 1-3, 1-4 Hybrid ports A-1 I Installation and Management 1-9 L D Default Workgroup 5-5 Default Port VLAN ID 1-6 Delete A VLAN 3-3 A workgroup 5-5 Display All workgroups 5-4 E Egress Modifying a Config Egress List Entry 3-5 LCM Basic LCM Commands 2-4 Command Syntax 2-3 Commands 2-5 Configuring Workgroups 5-1 Conventions 2-1 Default Gateway 2-6 description of 2-1 Enable Command 2-5 Erase Command 2-4 Exit or Logout Commands 2-4 Help Command 2-4 Workgroup Commands 5-4 LCM command syntax 2-1 i-1 Index LCM Commands Subset of LCM Commands Local Console Manager. See LCM 2-1 Logout 2-4 2-2 M MAC Addresses 2-1 Management 1-9 MIBs For Workgroups 7-1 Modifying a VLAN 3-2 Modifying, Creating and Deleting VLANs 3-2 P Port Command 2-7 Access Sub-Command 2-7 GVRP Sub-Command 2-7 Naming a VLAN 2-7 VLAN Sub-Command 2-7 Ports 802.1Q Trunk Ports 1-4 Access Ports (802.1Q Mode) 1-3 Assigning Ports to a VLAN 1-6 Default Port VLAN ID 1-6 VLAN Hybrid Ports 1-3 Product Overview 1-1 PVID A-1, A-3 R Read-Only Access 2-4 Community Name 2-4 Read-Write Community Name Related Documentation xx Restricting VLANs (802.1Q Mode) 1-7 S Safety information laser xi i-2 SNMP Ceating a VLAN 3-3 Configuring VLANs Using SNMP 3-1 Configuring Workgroups Using SNMP 6-1 Deleting a VLAN 3-3 Modifying a VLAN 3-2 Modifying, Creating and Deleting VLANs 3-2 The Config Egress List 3-4 The Config Table 3-1 Workgroups Using SNMP 7-1 Static Creating a Static MAC Entry 3-8 Deleting a Static MAC Entry 3-8 The Static MAC Entry 3-8 Support Getting Help xviii Switch Mode 1-6 syntax, LCM command 2-1 T Trap Control Command 2-1, 2-10 IP address parameter 2-10 Trunk Ports 1-4 Non-Preserving Priority 1-4, 1-5 Preserving Priority 1-4 Trunk ports Preserving Priority 1-4 U 2-4 Using VLANs on the ELS1027TX 1-1 V Virtual LANs (VLANs) A-1 VLAN Access Ports A-4 Configurations A-1 Index VLAN Access Ports A-2, A-3 VLAN Command 2-11 VLAN Hybrid ports 1-3 VLANs 802.1Q A-2 Restricting VLANs (802.1Q Mode) 1-7 Using VLANs on the ELS10-27TX 1-1 VLANs and Frame Tagging A-1 W Workgroup Add a workgroup 5-4 Default Workgroup 5-5 Delete a workgroup 5-5 Display a Workgroup 5-5 Display all workgroups 5-4 LCM Command 2-1 LCM Commands 5-4 Workgroup MIBs Entry 7-4 MAX Count 7-2 Name 7-5 Next Number 7-1 Number 7-5 Ports 7-6 Table 7-3 Type 7-6 Workgroups 1-8 Configuration Procedures 6-2 Configuring Using LCM 5-1 Traffic Overlapping Within Workgroups 5-3 Traffic Within Workgroups 5-2 i-3 ">
Advertisement