advertisement
Configuring the Switch
Configuring the Switch
The Device Control menu is used to control a broad range of functions, including port configuration, Spanning Tree, port mirroring, multicast filtering, and Virtual
LANs. Each of the setup screens provided by these configuration menus are described in the following sections.
Device Control Menu
===================
Port Configuration ...
Port Information ...
Spanning Tree Configuration ...
Spanning Tree Information ...
Mirror Port Configuration ...
Extended Bridge Configuration ...
802.1P Configuration ...
802.1Q VLAN Base Information ...
802.1Q VLAN Current Table Information ...
802.1Q VLAN Static Table Configuration ...
Port Trunking Configuration ...
IGMP Configuration ...
802.1Q VLAN Port Configuration ...
Port Security Configuration ...
BStorm Control Configuration ...
Port GARP Configuration ...
Port GMRP Configuration ...
<OK>
Use <TAB> or arrow keys to move. <Enter> to select.
Menu
Port Configuration
Description
Sets communication parameters for ports.
Port Information Displays current port settings and port status.
Spanning Tree Configuration Configures the switch and its ports to participate in a local Spanning Tree.
Spanning Tree Information
Mirror Port Configuration
Port Trunking Configuration
IGMP Configuration
Displays the current Spanning Tree configuration for the switch and its ports.
Sets the source and target ports for mirroring.
Specifies ports to group into aggregate trunks.
Configures IGMP multicast filtering.
BStorm Control Configuration Allows you to enable/disable broadcast storm control on a per-port basis and set the packet-per-second threshold.
Extended Bridge Configuration Displays/configures extended bridge capabilities provided by this switch.
802.1P Configuration Configures default port priorities and queue assignments.
802.1Q VLAN
Base Information
802.1Q VLAN Current Table
Information
Displays basic VLAN information, such as VLAN version number and maximum VLANs supported.
Displays VLAN groups and port members.
802.1Q VLAN Static Table
Configuration
802.1Q VLAN Port ConfigurationDisplays/configures port-specific VLAN settings, including PVID and ingress filtering.
Port Security Configuration
Port GARP Configuration*
Configures VLAN groups via static assignments, including setting port members.
Allows you to enable and configure port security for the switch.
Configures generic attribute settings used in the spanning tree protocol,
VLAN registration, multicast filtering.
Port GMRP Configuration* Configures GMRP multicast filtering.
* Not implemented in this firmware release.
2-21
Using the System Configuration Program
Configuring Port Parameters
Use the Port Configuration menus to set or display communication parameters for any port or module in the stack.
Port Configuration : Unit 1 Port 1 - 12
==================
Port
Flow Control on all ports :
Type Admin
[Enable]
Flow Control
[Disable]
Speed and Duplex
-------------------------------------------------------------------
1 10/100TX ENABLED DISABLED AUTO
2
3
10/100TX
10/100TX
ENABLED
ENABLED
DISABLED
DISABLED
AUTO
AUTO
6
7
4
5
10/100TX
10/100TX
10/100TX
10/100TX
ENABLED
ENABLED
ENABLED
ENABLED
DISABLED
DISABLED
DISABLED
DISABLED
AUTO
AUTO
AUTO
AUTO
8
9
10
11
12
10/100TX
10/100TX
10/100TX
10/100TX
10/100TX
ENABLED
ENABLED
ENABLED
ENABLED
ENABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
AUTO
AUTO
AUTO
AUTO
AUTO
<APPLY> <OK> <CANCEL> <PREV UNIT> <NEXT UNIT> <PREV PAGE> <NEXT PAGE>
Use <TAB> or arrow keys to move. <Enter> to select
Parameter
Flow Control on all ports
Type
Admin
Flow Control
Default
Disabled
Enabled
Disabled
Speed and Duplex Auto
Description
See “Flow Control” in this table.
Shows port type as:
/
100FX: 100BASE-FX
1000SX: 1000BASE-SX
1000LX: 1000BASE-LX
Allows you to disable a port due to abnormal behavior (e.g., excessive collisions), and then re-enable it after the problem has been resolved.
You may also disable a port for security reasons.
Used to enable or disable flow control. Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill. IEEE 802.3x flow control is used for full duplex. Note that flow control should not be used if a port is connected to a hub.
Indicates current port speed and duplex mode.
Note that autonegotiation is not available for the 100BASE-FX ports.
Port Type
100BASE-FX
Speed
100M
Duplex Mode full duplex
1000BASE-SX 1000M auto
1000BASE-LX 1000M auto
Flow Control auto auto auto
The 1000BASE-SX and 1000BASE-LX ports are fixed at 1000 Mbps but autonegotiate duplex mode. The 100BASE-FX module is fixed at the indicated speed and duplex mode. All media types can autonegotiate flow control.
2-22
Configuring the Switch
Viewing the Current Port Configuration
The Port Information screen displays the port type, status, link state, and flow control in use, as well as the communication speed and duplex mode. To change any of the port settings, use the Port Configuration menu.
Port Information : Unit 1 Port 1 - 12
================
10
11
12
8
9
6
7
Port Type Operational Link FlowControl
InUse
Speed and
Duplex InUse
------------------------------------------------------------------
1 10/100TX YES DOWN -----------------------
4
5
2
3
10/100TX
10/100TX
10/100TX
10/100TX
YES
YES
YES
YES
DOWN
DOWN
DOWN
DOWN
--------------
--------------
--------------
--------------
----------
----------
----------
----------
10/100TX
10/100TX
10/100TX
10/100TX
10/100TX
10/100TX
10/100TX
YES
YES
YES
YES
YES
YES
YES
DOWN
DOWN
DOWN
DOWN
DOWN
DOWN
DOWN
--------------
--------------
--------------
--------------
--------------
--------------
--------------
----------
----------
----------
----------
----------
----------
----------
<OK> <PREV UNIT> <NEXT UNIT> <PREV PAGE> <NEXT PAGE>
Use <TAB> or arrow keys to move. <Enter> to select.
Parameter
Type
Operational
Link
FlowControl InUse
Speed and Duplex InUse
Description
Shows port type as:
/
100FX: 100BASE-FX
1000SX: 1000BASE-SX
1000LX: 1000BASE-LX
Shows if the port is functioning or not.
Indicates if the port has a valid connection to an external device.
Shows the flow control type in use. Flow control can eliminate frame loss by “blocking” traffic from end stations connected directly to the switch. Back pressure is used for half duplex and IEEE 802.3x for full duplex. Note that flow control should not be used if a port is connected to a hub.
Displays the current port speed and duplex mode used. (Note that
Auto-negotiation is not available for 100BASE-FX ports.)
2-23
Using the System Configuration Program
Using the Spanning Tree Algorithm
The Spanning Tree Algorithm can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (that is, an STA-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations on the network. For a more detailed description of how to use this algorithm, refer to
“Spanning Tree Algorithm” on page 4-1.
< Spanning Tree Configuration Menu >
Spanning Tree Bridge Configuration
Spanning Tree Port Configuration
<Ok>
Use <TAB> or arrow keys to move. <Enter> to select.
Configuring Bridge STA
The following figure and table describe Bridge STA configuration.
Spanning Tree Configuration : STA Bridge Configuration
======================================================
Spanning Tree Protocol
Priority
: ENABLED
: 32768
Hello Time (in seconds)
Max Age (in seconds)
: 2
: 20
Forward Delay (in seconds) : 15
Parameter
Spanning Tree
Protocol
Priority
<APPLY> <OK> <CANCEL>
Use <TAB> or arrow keys to move, <Space> to scroll options.
Default
Enabled
32,768
Description
Enable this parameter to participate in a STA compliant network.
Device priority is used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STA root device. However, if all devices have the same priority, the device with the lowest MAC address will then become the root device.
Enter a value from 0 - 65535.
Remember that the lower the numeric value, the higher the priority.
2-24
Parameter
Hello Time
Default
2
Max (Message)
Age
20
Forward Delay 15
Configuring the Switch
Description
Time interval (in seconds) at which the root device transmits a configuration message.
The minimum value is1.
The maximum value is the lower of 10 or [(Max. Message Age / 2) -1].
The maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure. All device ports
(except for designated ports) should receive configuration messages at regular intervals. Any port that ages out STA information (provided in the last configuration message) becomes the designated port for the attached LAN. If it is a root port, a new root port is selected from among the device ports attached to the network.
The minimum value is the higher of 6 or [2 x (Hello Time + 1)].
The maximum value is the lower of 40 or [2 x (Forward Delay - 1)].
The maximum time (in seconds) the root device will wait before changing states (i.e., listening to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a blocking state; otherwise, temporary data loops might result.
The maximum value is 30.
The minimum value is the higher of 4 or [(Max. Message Age / 2) + 1].
2-25
Using the System Configuration Program
Configuring STA for Ports
The following figure and table describe port STA configuration.
8
9
10
11
12
6
7
4
5
Spanning Tree Port Configuration : Unit 1 Port 1 - 12
================================
Fast forwarding on all ports :
Port Type Priority
[Enable]
Cost
[Disable]
FastForwarding
-------------------------------------------------------
1 10/100TX 128 19 ENABLED
2
3
10/100TX
10/100TX
128
128
19
19
ENABLED
ENABLED
10/100TX
10/100TX
10/100TX
10/100TX
10/100TX
10/100TX
10/100TX
10/100TX
10/100TX
128
128
128
128
128
128
128
128
128
19
19
19
19
19
19
19
19
19
ENABLED
ENABLED
ENABLED
ENABLED
ENABLED
ENABLED
ENABLED
ENABLED
ENABLED
<APPLY> <OK> <CANCEL> <PREV UNIT> <NEXT UNIT> <PREV PAGE> <NEXT PAGE>
Use <TAB> or arrow keys to move. <Enter> to select
Parameter
Fast forwarding on all ports
Type
Default
Enabled
Description
See “FastForwarding” in this table.
Priority
(Path) Cost
128
100/19/4
Shows port type as:
10/100TX: 10BASE-T / 100BASE-TX
100FX: 100BASE-FX
1000SX: 1000BASE-SX
1000LX: 1000BASE-LX
Defines the priority for the use of a port in the STA algorithm. If the path cost for all ports on a switch are the same, the port with the highest priority
(i.e., lowest value) will be configured as an active link in the Spanning Tree.
Where more than one port is assigned the highest priority, the port with lowest numeric identifier will be enabled. The range is 0 - 255.
This parameter is used by the STA algorithm to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. (Path cost takes precedence over port priority.)
The default and recommended range is:
Ethernet: 100 (50~600)
Fast Ethernet: 19 (10~60)
Gigabit Ethernet: 4 (3~10)
The full range is 0 - 65535.
Fast Forwarding* Enabled This parameter is used to enable/disable the Fast Spanning Tree mode for the selected port. In this mode, ports skip the Blocked, Listening and
Learning states and proceed straight to Forwarding.
*Fast Forwarding enables end-node workstations and servers to overcome time-out problems when the
Spanning Tree Algorithm is implemented in a network. Therefore, Fast Forwarding should only be enabled for ports connected to an end-node device.
2-26
Configuring the Switch
Viewing the Current Spanning Tree Information
The Spanning Tree Information screen displays a summary of the STA information for the overall bridge or for a specific port. To make any changes to the parameters for the Spanning Tree, use the Spanning Tree Configuration menu.
< Spanning Tree Information Menu >
Spanning Tree Bridge State
Spanning Tree Port State
<Ok>
Use <TAB> or arrow keys to move. <Enter> to select.
2-27
Using the System Configuration Program
Displaying the Current Bridge STA
The parameters shown in the following figure and table describe the current Bridge
STA State.
Spanning Tree Information : STA Bridge Information
==================================================
Priority
Hello Time (in seconds)
: 32768
: 2
Max Age (in seconds) : 20
Forward Delay (in seconds) : 15
Hold Time (in seconds)
Designated Root
Root Cost
Root Port
Reconfig Counts
Topology Up Time
: 1
: 32768.0010B5FD84BB
: 0
: 0
: 0
: 680904 (0 day 1 hr 53 min 29 sec)
Parameter
Priority
Hello Time
Max Age
Forward Delay
Hold Time
Designated Root
Root Cost
Root Port
Reconfig Counts
Topology Up Time
<OK>
<Enter> to select.
Description
Device priority is used in selecting the root device, root port, and designated port. The device with the highest priority becomes the STA root device.
However, if all devices have the same priority, the device with the lowest
MAC address will then become the root device.
The time interval (in seconds) at which the root device transmits a configuration message.
The maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure.
The maximum time (in seconds) the root device will wait before changing states (i.e., listening to learning to forwarding).
The minimum interval between the transmission of consecutive
Configuration BPDUs.
The priority and MAC address of the device in the Spanning Tree that this switch has accepted as the root device.
The path cost from the root port on this switch to the root device.
The number of the port on this switch that is closest to the root. This switch communicates with the root device through this port. If there is no root port, then this switch has been accepted as the root device of the Spanning Tree network.
The number of times the Spanning Tree has been reconfigured.
The time since the Spanning Tree was last reconfigured.
2-28
Configuring the Switch
Displaying the Current STA for Ports
The parameters shown in the following figure and table are for port STA Information.
Spanning Tree Port Information : Unit 1 Port 1 - 12
==============================
9
10
11
12
5
6
7
8
Port Type Status Designated
Cost
Designated
Bridge
Designated
Port
--------------------------------------------------------------------------
1
2
3
4
10/100TX
10/100TX
10/100TX
10/100TX
NO LINK
NO LINK
NO LINK
NO LINK
0
0
0
0
32768.0010B5FD84BB
32768.0010B5FD84BB
32768.0010B5FD84BB
32768.0010B5FD84BB
128.1
128.2
128.3
128.4
10/100TX
10/100TX
10/100TX
10/100TX
10/100TX
10/100TX
10/100TX
10/100TX
NO LINK
NO LINK
NO LINK
NO LINK
NO LINK
NO LINK
NO LINK
NO LINK
0
0
0
0
0
0
0
0
32768.0010B5FD84BB
32768.0010B5FD84BB
32768.0010B5FD84BB
32768.0010B5FD84BB
32768.0010B5FD84BB
32768.0010B5FD84BB
32768.0010B5FD84BB
32768.0010B5FD84BB
128.5
128.6
128.7
128.8
128.9
128.10
128.11
128.12
<OK> <PREV UNIT> <NEXT UNIT> <PREV PAGE>
Return to previous panel.
<NEXT PAGE>
Use <TAB> or arrow keys to move. <Enter> to select.
Parameter
Type
Status
Designated Cost
Description
Shows port type as:
/
100FX: 100BASE-FX
1000SX: 1000BASE-SX
1000LX: 1000BASE-LX
Displays current state of this port within the Spanning Tree:
No Link No link has been established on this port.
Disabled Port has been disabled by the user or has failed diagnostics.
Blocking
Listening
Learning
Forwarding
Port receives STA configuration messages, but does not forward packets.
Port will leave blocking state due to topology change, starts transmitting configuration messages, but does not yet forward packets.
Port has transmitted configuration messages for an interval set by the
Forward Delay parameter without receiving contradictory information.
Port address table is cleared, and the port begins learning addresses.
The port forwards packets, and continues learning addresses.
The rules defining port status are:
• A port on a network segment with no other STA-compliant bridging device is always forwarding.
• If two ports of a switch are connected to the same segment and there is no other
STA device attached to this segment, the port with the smaller ID forwards packets and the other is blocked.
• All ports are blocked when the switch is booted, then some of them change state to listening, to learning, and then to forwarding.
The cost for a packet to travel from this port to the root in the current Spanning Tree configuration. The slower the media, the higher the cost.
2-29
Using the System Configuration Program
Parameter
Designated Bridge
(ID)
Designated
Port (ID)
Description
The priority and MAC address of the device through which this port must communicate to reach the root of the Spanning Tree.
The priority and number of the port on the designated bridging device through which this switch must communicate with the root of the Spanning Tree.
Using a Mirror Port for Analysis
You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a network sniffer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner. When mirroring port traffic, note that the target port must be included in the same VLAN as the
source port. (See “Configuring Virtual LANs” on page 2-40.)
You can use the Mirror Port Configuration screen to designate a single port pair for mirroring as shown below.
Mirror Port Configuration
=========================
Mirror Source Port : Unit 1
Port 1
Mirror Target Port : Unit 1
Port 2
Status : DISABLED
Parameter
Mirror Source Port
Mirror Target Port
Status
<APPLY> <OK> <CANCEL>
Use <TAB> or arrow keys to move, other keys to make changes.
Description
The port whose traffic will be monitored.
The port that will duplicate or “mirror” all the traffic happening on the monitored port.
Enables or disables the mirror function.
2-30
Configuring the Switch
Configuring Port Trunks
Port trunks can be used to increase the bandwidth of a network connection or to ensure fault recovery. You can configure up to five trunk connections (combining 2~4 ports into a fat pipe) between any two standalone CheetahSwtich Workgroup-3726M switches, or up to 12 for an entire stack. However, before making any physical connections between devices, use the Trunk Configuration menu to specify the trunk on the devices at both ends. When using a port trunk, note that:
• The ports used in a trunk must all be of the same media type (RJ-45, 100 Mbps fiber, 1000BASE-SX or 1000BASE-LX). The ports that can be assigned to the
same trunk have certain other restrictions as described on page 2-33.
• Ports can only be assigned to one trunk.
• The ports at both ends of a connection must be configured as trunk ports.
• The ports at both ends of a trunk must be configured in an identical manner, including speed, duplex mode, and VLAN assignments.
• None of the ports in a trunk can be configured as a mirror source port or mirror target port.
• All the ports in a trunk have to be treated as a whole when moved from/to, added or deleted from a VLAN.
• The Spanning Tree Algorithm will treat all the ports in a trunk as a whole.
• Enable the trunk prior to connecting any cable between the switches to avoid creating a loop.
• Disconnect all trunk port cables or disable the trunk ports before removing a port trunk to avoid creating a loop.
2-31
Using the System Configuration Program
You can use the Port Trunking Configuration screen to set up port trunks as shown below:
Port Trunking Configuration
===========================
Trunk ID Status
1
Member List
2 3 4
--------------------------------------------------------
--------Unit : Unit : Unit : Unit : -
Port : -Port : -Port : -Port : --
--
--
--------
--------
Trunk ID : 1
Unit : -
Port : --
Unit : -
Port : --
Unit : -
Port : --
Unit : -
Port : --
Trunk ID : 1
Unit : -
Port : --
Unit : -
Port : --
Unit : -
Port : --
Unit : -
Port : --
Member Unit : 1
Member Port : 1
[Show]
[Enable]
[More]
[Disable] [Add] [Delete]
<OK>
Use <TAB> or arrow keys to move, other keys to make changes.
Parameter
Trunk ID
Status
Unit
Port
[Show]
[More]
[Enable] [Disable]
[Add] [Delete]
Description
Configure up to five trunks per switch.
Shows if the selected trunk is enabled or disabled.
Specifies a switch unit in the stack (1~4).
Select from 2 ~ 4 ports per trunk.
Displays trunk settings, where the first trunk listed is specified by “Trunk ID.”
Scrolls through the list of configured trunks.
Enables/disables the selected trunk.
Adds/deletes the port specified by
Trunk ID / Member Unit / Member Port.
2-32
Configuring the Switch
The RJ-45 ports used for one side of a trunk must all be on the same internal switch chip. The port groups permitted include:
Group 1
1, 2, 3, 4,
13, 14, 15, 16
Group 2
5, 6, 7, 8,
17, 18, 19, 20
Group 3
9, 10, 11, 12,
21, 22, 23, 24
The 100BASE-FX fiber ports used for one side of a trunk must all be on the same module. However, the 1000BASE-SX and 1000BASE-LX ports used for one side of a trunk may be on any switch in the stack, or both on the same switch if used standalone.
Media Module
100BASE-FX
1000BASE-SX
1000BASE-LX
Any ports on a single module.
Up to four Gigabit ports from any switch in the stack, or both Gigabit ports on two modules installed in a standalone switch.
For example, when using Gigabit ports to form a trunk within a stack, the Gigabit ports will all be at Port 25. In this case, you could specify a trunk group consisting of:
(Unit1-Port25, Unit2-Port25, Unit3-Port25, Unit4-Port25), or two trunks consisting of:
(Unit1-Port25, Unit2-Port25) and (Unit3-Port25, Unit4-Port25).
2-33
Using the System Configuration Program
IGMP Multicast Filtering
Multicasting is used to support real-time applications such as video conferencing or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts which want to receive the multicast register with their local multicast switch/ router. Although this approach reduces the network overhead required by a multicast server, the broadcast traffic must be carefully pruned at every multicast switch/router it passes through to ensure that traffic is only passed on the hosts which subscribed to this service.
This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts who want to receive a specific multicast service. The switch looks up the IP Multicast Group used for this service and adds any port which received a similar request to that group. It then propagates the service request on to any neighboring multicast switch/router to ensure that it will continue to receive the
multicast service. (For more information, see “IGMP Protocol” on page 4-5.)
Configuring IGMP
This protocol allows a host to inform its local switch/router that it wants to receive transmissions addressed to a specific multicast group. You can use the IGMP
Configuration screen to configure multicast filtering shown below.
IGMP Configuration
==================
IGMP Status
IGMP Query Count
: ENABLED
: 2
IGMP Report Delay (Seconds) : 10
<APPLY> <OK> <CANCEL>
Use <TAB> or arrow keys to move. <Enter> to select
Parameter
IGMP Status
IGMP Query Count
IGMP Report Delay
Description
If enabled, the switch will monitor network traffic to determine which hosts want to receive multicast traffic. This is also referred to as IGMP Snooping.
The maximum number of queries issued for which there has been no response before the switch takes action to solicit reports. (Range 2 - 10.)
The time (in seconds) between receiving an IGMP Report for an IP multicast address on a port before the switch sends an IGMP Query out that port and removes the entry from its list. (Range 5 - 30.)
Note: The default values are indicated in the sample screen.
2-34
Configuring the Switch
Configuring Broadcast Storm Control
Use the Broadcast Storm Control Configuration screen to enable broadcast storm control for any port on the switch, as shown below.
Broadcast Storm Control Configuration : Unit 1 Port 1 - 12
======================================
Broadcast control on all ports :
Port Threshold
[Enable] [Disable]
Broadcast Control
-------------------------------------------------------
1 500 ENABLED
4
5
2
3
500
500
500
500
ENABLED
ENABLED
ENABLED
ENABLED
10
11
12
8
9
6
7
500
500
500
500
500
500
500
ENABLED
ENABLED
ENABLED
ENABLED
ENABLED
ENABLED
ENABLED
<APPLY> <OK> <CANCEL> <PREV UNIT> <NEXT UNIT> <PREV PAGE> <NEXT PAGE>
Enable Broadcast Control of all ports.
Use <TAB> or arrow keys to move. <Enter> to select
Parameter Description
Broadcast control on all ports Allows you to enable/disable broadcast storm control for all ports on the switch.
Select [Enable] and press <Enter> to enable broadcast control for all ports.
Select [Disable] and press <Enter> to disable broadcast control for all ports.
Threshold The packet-per-second threshold for broadcast packets on the port.
(Default is 500 pps.)
Broadcast Control Enables/disables broadcast control for the port. When enabled, the switch will employ a broadcast-control mechanism if the packet-per-second threshold is exceeded. This mechanism limits the amount of broadcasts passed by the port to half of the received packet-per-second count. The control mechanism remains in effect until the number of received broadcasts falls back below the packet-per-second threshold. (Default is Enabled.)
2-35
Using the System Configuration Program
Configuring Bridge MIB Extensions
The Bridge MIB includes extensions for managed devices that support Traffic
Classes and Virtual LANs. To display and configure these extensions, use the
Extended Bridge Configuration screen as shown below.
Extended Bridge Configuration
=============================
Bridge Capability : (Read Only)
Extended Multicast Filtering Services : NO
Traffic Classes
Static Entry Individual Port
: YES
: YES
VLAN Learning
Configurable PVID Tagging
Local VLAN Capable
: SVL
: YES
: NO
Bridge Settings :
Traffic Classes
GMRP
GVRP
: TRUE
: DISABLED
: DISABLED
<APPLY> <OK> <CANCEL>
Use <TAB> or arrow keys to move, <Space> to scroll options.
Parameter
Bridge Capability
Extended Multicast Filtering
Services
Traffic Classes
Local VLAN Capable
Description
This switch does not support filtering of individual multicast addresses based on GMRP (GARP Multicast Registration Protocol).
This switch provides mapping of user priorities to multiple traffic classes.
(Refer to “802.1P Port Traffic Class Information” on page 2-39.)
Static Entry Individual Port This switch allows static filtering for unicast and multicast addresses. (Refer to Network Monitor Menu / Static Unicast Address Table Configuration and
Static Multicast Address Table Configuration.)
VLAN Learning This switch uses Shared VLAN Learning (SVL), whereby each port maintains its own VLAN filtering database.
Configurable
PVID Tagging
This switch allows you to override the default PVID (Port VLAN ID) assigned
to untagged incoming frames under “802.1Q VLAN Port Configuration” on page 2-44.
This switch does not support multiple local bridges (that is, multiple Spanning
Trees).
Bridge Settings
Traffic Class*
GMRP*
Multiple traffic classes are supported by this switch as indicated under Bridge
Capabilities. However, you can disable this function by setting this parameter to False.
GARP Multicast Registration Protocol (GMRP) allows network devices to register endstations with multicast groups.
IGMP Snooping is currently used by this switch to provide multicast filtering.
GVRP* GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports across the network. This function should be enabled to permit
VLANs groups which extend beyond the local switch.
* Not enabled in this firmware release.
2-36
Configuring the Switch
Configuring Traffic Classes
IEEE 802.1P defines up to 8 separate traffic classes. This switch supports Quality of
Service (QoS) by using two priority queues, with Weighted Fair Queuing for each port. You can use the 802.1P Configuration menu to configure the default priority for each port, or to display the mapping for the traffic classes as described in the following sections.
802.1P Configuration
====================
802.1P Port Priority Configuration ...
802.1P Port Traffic Class Information ...
<OK>
Use <TAB> or arrow keys to move. <Enter> to select.
2-37
Using the System Configuration Program
Port Priority Configuration
Inbound frames that do not have any VLAN tags are tagged with the input port’s default VLAN ID (PVID) and the Default Ingress User Priority as shown in the following menu, and then sorted into the appropriate priority queue at the output port. (Note that if the output port is an untagged member of the associated VLAN, these frames are stripped of all VLAN tags prior to transmission.)
The default priority for all ingress ports is zero. Therefore, any inbound frames that do not have priority tags will be placed in the low priority queue of the output port.
You can use the following menu to adjust default ingress priority for any port as shown below.
802.1P Port Priority Configuration : Unit 1 Port 1 - 12
==================================
10
11
12
8
9
6
7
Port Default Ingress
User Priority
Number of Egress
Traffic Class
-----------------------------------------------
1 0 2
4
5
2
3
0
0
0
0
2
2
2
2
0
0
0
0
0
0
0
2
2
2
2
2
2
2
<APPLY> <OK> <CANCEL> <PREV UNIT> <NEXT UNIT> <PREV PAGE> <NEXT PAGE>
Use <TAB> or arrow keys to move, other keys to make changes.
Parameter
Port
Description
Numeric identifier for switch port.
Default Ingress User Priority Default ingress priority can be set to any value from 0~7, where 0~3 specifies the low priority queue and 4~7 specifies the high priority queue.
Number of Egress Traffic
Classes
Indicates that this switch supports two priority output queues.
2-38
Configuring the Switch
802.1P Port Traffic Class Information
This switch provides two priority levels with Weighted Fair Queuing for port egress.
This means that any frames with a priority tag from 0~3 are sent to the low priority queue “0” while those from 4~7 are sent to the high priority queue “1” as shown in the following screen.
802.1P Port Traffic Class Information :
=====================================
Unit 1 Port 1 - 12
Port
0 1 2
User Priority
3 4 5 6 7
-----------------------------------------------------
1
2
0
0
0
0
0
0
0
0
1
1
1
1
1
1
1
1
5
6
3
4
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
7
8
9
10
11
12
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
<OK> <PREV UNIT> <NEXT UNIT> <PREV PAGE> <NEXT PAGE>
Use <TAB> or arrow keys to move. <Enter> to select.
Parameter
Port
User Priority
Description
Numeric identifier for switch port.
Shows that user priorities 0~3 specify the low priority queue and 4~7 specify the high priority queue.
2-39
Using the System Configuration Program
Configuring Virtual LANs
You can use the VLAN configuration menu to assign any port on the switch to any of up to 256 LAN groups. In conventional networks with routers, broadcast traffic is split up into separate domains. Switches do not inherently support broadcast domains. This can lead to broadcast storms in large networks that handle traffic such as IPX or NetBeui. By using IEEE 802.1Q compliant VLANs, you can organize any group of network nodes into separate broadcast domains, confining broadcast traffic to the originating group. This also provides a more secure and cleaner
network environment. For more information on how to use VLANs, see “Virtual
LANs” on page 4-2. The VLAN configuration screens are described in the following
sections.
802.1Q VLAN Base Information
The 802.1Q VLAN Base Information screen displays basic information on the VLAN type supported by this switch.
802.1Q VLAN Base Information
============================
VLAN Version Number : 1
MAX VLAN ID
MAX Supported VLANs
: 2048
: 256
Current Number of 802.1Q VLANs Configured : 1
Parameter
VLAN Version Number
MAX VLAN ID
MAX Supported VLANs
Current Number of VLANs
Configured
<OK>
<Enter> to select.
Description
The VLAN version used by this switch as specified in the IEEE 802.1Q standard.
Maximum VLAN ID recognized by this switch.
Maximum number of VLANs that can be configured on this switch.
The number of VLANs currently configured on this switch.
2-40
Configuring the Switch
802.1Q VLAN Current Table Information
This screen shows the current port members of each VLAN and whether or not the port supports VLAN tagging. Ports assigned to a large VLAN group that crosses several switches should use VLAN tagging. However, if you just want to create a small port-based VLAN for one or two switches, you can assign ports to the same untagged VLAN. The current configuration is shown in the following screen.
< 802.1Q VLAN Current Table Information >
Deleted VLAN Entry Counts : 0
VID Creation Time Status
----------------------------------------------------------------
1 0 (0 day 0 hr 0 min 0 sec) Permanent
Unit Current Egress Ports
1.
111111111111 111111111111 11--
2.
3.
4.
------------ ------------ ----
------------ ------------ ----
------------ ------------ ----
Sorted by VID : 1
Current Untagged Ports
111111111111 111111111111 11--
------------ ------------ ----
------------ ------------ ----
------------ ------------ ----
Port 1 Port 13 Port 25
[Show] [More]
<Ok>
Use <TAB> or arrow keys to move. <Enter> to select
Parameter
Deleted VLAN Entry Counts
VID
Creation Time
Status
Unit
Current Egress Ports
Current Untagged Ports
Sorted by VID
[Show]
[More]
Description
The number of times a VLAN entry has been deleted from this table.
The ID for the VLAN currently displayed.
The value of sysUpTime (System Up Time) when this VLAN was created.
Shows how this VLAN was added to the switch.
Dynamic GVRP: Automatically learned via GVRP.
Permanent: Added as a static entry.
Stack unit.
Shows the ports which have been added to the displayed VLAN group, where
“1” indicates that a port is a member and “0” that it is not.
If a port has been added to the displayed VLAN (see Current Egress Ports), its entry in this field will be “1” if the port is untagged or “0” if tagged.
The VLAN ID number from which the display will start.
Displays the members for the VLAN indicated by the “Sorted by VID” field.
Displays any subsequent VLANs if configured.
2-41
Using the System Configuration Program
802.1Q VLAN Static Table Configuration
Use this screen to create a new VLAN or modify the settings for an existing VLAN.
You can add/delete port members for a VLAN from any unit in the stack as a tagged or untagged member. Or you can prevent a port from being automatically added to a
VLAN by the GVRP protocol.
802.1Q VLAN Static Table Configuration
======================================
VID VLAN Name Status
------------------------------
1 Active
Unit Egress Ports
1.
111111111111 111111111111 11--
2.
3.
4.
------------ ------------ ----
------------ ------------ ----
------------ ------------ ----
Forbidden Egress Ports
000000000000 000000000000 00--
------------ ------------ ----
------------ ------------ ----
------------ ------------ ----
Unit Untagged Ports
1.
111111111111 111111111111 11-VID : 1
2.
3.
4.
------------ ------------ ----
------------ ------------ ----
------------ ------------ ----
[Show]
[More]
[New]
<APPLY> <OK> <CANCEL>
Use <TAB> or arrow keys to move, other keys to make changes.
Parameter
VID
Description
The ID for the VLAN currently displayed.
Range: 1-2048
VLAN Name
Status
Unit
[Show]
[More]
A user-specified symbolic name for this VLAN.
String length: Up to 8 alphanumeric characters
Sets the current editing status for this VLAN as: Not in Service, Destroy or Active.
Stack unit.
Egress Ports Set the entry for any port in this field to “1” to add it to the displayed VLAN, or “0” to remove it from the VLAN.
Forbidden Egress Ports Prevents a port from being automatically added to this VLAN via GVRP. Note that
GVRP is not supported in the current firmware release.
Untagged Ports You can add a port to the displayed VLAN as an untagged port by setting this field to “1” or as a tagged port by setting it to “0.” This field is only enabled if the corresponding port has been added to the displayed VLAN as an “Egress Port.”
Use <TAB> or the arrow keys to select this field, then press <Enter> to display settings for the VLAN specified in the VID field immediately above.
Use <TAB> or the arrow keys to select this field, then press <Enter> to display the next consecutively numbered VLAN.
[New] Use <TAB> or the arrow keys to select this field, then press <Enter> to set up the screen for configuring a new VLAN.
2-42
Configuring the Switch
For example, the following screen displays settings for VLAN 2, which includes untagged ports 1-6, and forbidden port 8.
802.1Q VLAN Static Table Configuration
======================================
VID VLAN Name Status
------------------------------
2 Active
Unit Egress Ports
1.
111111000000 000000000000 00--
2.
3.
4.
------------ ------------ ----
------------ ------------ ----
------------ ------------ ----
Forbidden Egress Ports
000000010000 000000000000 00--
------------ ------------ ----
------------ ------------ ----
------------ ------------ ----
Unit Untagged Ports
1.
111111000000 000000000000 00-VID : 2
2.
------------ ------------ ---[Show]
3.
4.
------------ ------------ ---[More]
------------ ------------ ---[New]
<Apply> <Ok> <Cancel>
Use <TAB> or arrow keys to move, other keys to make changes.
Notes: 1. To allow this switch to participate in a VLAN group that extends beyond this switch, you must add the VLAN ID for the required external groups.
2. If a removed port is no longer assigned to any other group as an untagged port, it will automatically be assigned to VLAN group 1 as untagged.
2-43
Using the System Configuration Program
802.1Q VLAN Port Configuration
Use this screen to configure port-specific settings for IEEE 802.1Q VLAN features.
802.1Q VLAN Port Configuration : Unit 1 Port 1 - 12
===============================
Port PVID Acceptable Ingress GVRP GVRP Failed GVRP Last
Frame Type Filtering Status Registrations PDU Origin
----------------------------------------------------------------------------
1
2
1
1
All
All
FALSE
FALSE
DISABLED
DISABLED
0
0
00-00-00-00-00-00
00-00-00-00-00-00
7
8
9
10
3
4
5
6
11
12
1
1
1
1
1
1
1
1
1
1
All
All
All
All
All
All
All
All
All
All
FALSE
FALSE
FALSE
FALSE
FALSE
FALSE
FALSE
FALSE
FALSE
FALSE
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
DISABLED
0
0
0
0
0
0
0
0
0
0
00-00-00-00-00-00
00-00-00-00-00-00
00-00-00-00-00-00
00-00-00-00-00-00
00-00-00-00-00-00
00-00-00-00-00-00
00-00-00-00-00-00
00-00-00-00-00-00
00-00-00-00-00-00
00-00-00-00-00-00
<APPLY> <OK> <CANCEL> <PREV UNIT> <NEXT UNIT> <PREV PAGE> <NEXT PAGE>
Use <TAB> or arrow keys to move, other keys to make changes.
Parameter
PVID
Acceptable Frame Type
Ingress Filtering
GVRP Status 2
1
1
Description
The VLAN ID assigned to untagged frames received on this port.
This switch accepts “All” frame types, including VLAN tagged or VLAN untagged frames. Note that all VLAN untagged frames received on this port are assigned to the PVID for this port.
If set to “True,” incoming frames for VLANs which do not include this ingress port in their member set will be discarded at the ingress port.
Enables or disables GVRP for this port. When disabled, any GVRP packets received on this port will be discarded and no GVRP registrations will be propagated from other ports.
Note that GVRP must be enabled for the switch before this setting can take effect. (See Device Control Menu / Extended Bridge Configuration.)
GVRP Failed Registrations
GVRP Last PDU Origin 2
2 The total number of failed GVRP registrations, for any reason, on this port.
The Source MAC Address of the last GVRP message received on this port.
1: These controls do not affect VLAN independent BPDU frames, such as GVRP or STP. However, they do affect VLAN dependent BPDU frames, such as GMRP.
2: Not available for the current firmware release.
2-44
Configuring the Switch
Port Security Configuration
Use the Port Security Configuration screen to enable and configure port security for the switch. Port Security allows you to configure each port with a list of MAC addresses of devices that are authorized to access the network through that port.
Port Security Configuration
===========================
MAC Address MAC Address
--------------------------------------------------
Parameter
MAC Address
Secure Address Count
Unit
Port
[Show]
[More]
Mode
[Apply]
MAC
[Add]
[Delete]
[Clear]
Secure address count : 0
Unit
[Show]
: 1
Mode:DISABLE
Port : 1
[More]
[Apply]
MAC : 00-00-00-00-00-00
[Add] [Delete]
[Clear]
<OK>
Use <TAB> or arrow keys to move. <Enter> to select
Description
A list of the authorized MAC addresses that can access the network through the specified port.
The number of authorized MAC addresses for the specified port.
The stack unit ID.
The port number on the unit.
Displays authorized MAC addresses for the specified port.
Displays more MAC addresses for the port.
Port security can be set to three states; Static, Disable, or Learning. When set to Static, the switch will drop packets from the port if the source MAC address does not match one of the addresses in the MAC Address list. If set to
Learning, the switch will add the source MAC address of all packets received on the port to the authorized MAC Address list.
Applies a change of Mode to the port.
A specific MAC address to be added or deleted from the list.
Adds a new MAC address to the current list.
Removes a MAC address from the current list.
Clears all the MAC addresses for the current port.
2-45
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement