Part No. 060191-10, Rev. B April 2004 OmniStack® 6300-24 Users Guide An Alcatel service agreement brings your company the assurance of 7x24 no-excuses technical support. You'll also receive regular software updates to maintain and maximize your Alcatel product's features and functionality and on-site hardware replacement through our global network of highly qualified service delivery partners. Additionally, with 24-hour-a-day access to Alcatel's Service and Support web page, you'll be able to view and update any case (open or closed) that you have reported to Alcatel's technical support, open a new case or access helpful release notes, technical bulletins, and manuals. For more information on Alcatel's Service Programs, see our web page at www.ind.alcatel.com, call us at 1-800-995-2696, or email us at support@ind.alcatel.com. This Manual documents OmniStack 6300-24 hardware and software. The functionality described in this Manual is subject to change without notice. Copyright© 2004 by Alcatel Internetworking, Inc. All rights reserved. This document may not be reproduced in whole or in part without the express written permission of Alcatel Internetworking, Inc. Alcatel®and the Alcatel logo are registered trademarks of Compagnie Financiére Alcatel, Paris, France. OmniSwitch® and OmniStack® are registered trademarks of Alcatel Internetworking, Inc. Omni Switch/RouterTM, SwitchExpertSM, the Xylan logo are trademarks of Alcatel Internetworking, Inc. All other brand and product names are trademarks of their respective companies. 26801 West Agoura Road Calabasas, CA 91301 (818) 880-3500 FAX (818) 880-3505 info@ind.alcatel.com US Customer Support-(800) 995-2696 International Customer Support-(818) 878-4507 Internet-http://eservice.ind.alcatel.com Warning This equipment has been tested and found to comply with the limits for Class A digital device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions in this guide, may cause interference to radio communications. Operation of this equipment in a residential area is likely to cause interference, in which case the user will be required to correct the interference at his own expense. The user is cautioned that changes and modifications made to the equipment without approval of the manufacturer could void the user's authority to operate this equipment. It is suggested that the user use only shielded and grounded cables to ensure compliance with FCC Rules. This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the radio interference regulations of the Canadian department of communications. Le present appareil numerique níemet pas de bruits radioelectriques depassant les limites applicables aux appareils numeriques de la Class A prescrites dans le reglement sur le brouillage radioelectrique edicte par le ministere des communications du Canada. Contents Chapter 1: Introduction Key Features Description of Software Features System Defaults Chapter 2: Initial Configuration Connecting to the Switch Configuration Options Required Connections Remote Connections Basic Configuration Console Connection Setting Passwords Setting an IP Address Manual Configuration Dynamic Configuration Enabling SNMP Management Access Community Strings Trap Receivers Saving Configuration Settings Managing System Files Chapter 3: Configuring the Switch Using the Web Interface Navigating the Web Browser Interface Home Page Configuration Options Panel Display Main Menu Basic Configuration Displaying System Information Displaying Switch Hardware/Software Versions Displaying Bridge Extension Capabilities Setting the Switch's IP Address Manual Configuration Using DHCP/BOOTP Enabling Jumbo Frames Managing Firmware Downloading System Software from a Server Saving or Restoring Configuration Settings Downloading Configuration Settings from a Server Console Port Settings 1-1 1-1 1-2 1-5 2-1 2-1 2-1 2-2 2-3 2-3 2-3 2-4 2-4 2-4 2-5 2-6 2-6 2-7 2-7 2-8 3-1 3-1 3-2 3-2 3-2 3-3 3-3 3-8 3-8 3-10 3-11 3-12 3-13 3-14 3-15 3-15 3-16 3-17 3-17 3-18 v Contents Telnet Settings Configuring Event Logging System Logs System Logs Configuration Remote Logs Configuration Sending Simple Mail Transfer Protocol Alerts Resetting the System Setting the System Clock Configuring SNTP Setting the Time Zone Simple Network Management Protocol Enabling SNMP Setting Community Access Strings Specifying Trap Managers and Trap Types Configuring SNMPv3 Management Access Setting an Engine ID Configuring SNMPv3 Users Configuring SNMPv3 Groups Setting SNMPv3 Views User Authentication Configuring the Logon Password Configuring Local/Remote Logon Authentication Configuring HTTPS Replacing the Default Secure-site Certificate Configuring the Secure Shell Generating the Host Key Pair Configuring the SSH Server Configuring Port Security Configuring 802.1x Port Authentication Displaying 802.1x Global Settings Configuring 802.1x Global Settings Configuring Port Authorization Mode Displaying 802.1x Statistics Access Control Lists Configuring Access Control Lists Setting the ACL Name and Type Configuring a Standard IP ACL Configuring an Extended IP ACL Configuring a MAC ACL Configuring ACL Masks Specifying the Mask Type Configuring an IP ACL Mask Configuring a MAC ACL Mask Binding a Port to an Access Control List Filtering IP Addresses for Management Access vi 3-21 3-23 3-23 3-24 3-25 3-27 3-29 3-29 3-30 3-31 3-31 3-33 3-33 3-34 3-35 3-35 3-36 3-38 3-40 3-41 3-41 3-42 3-45 3-46 3-47 3-49 3-51 3-52 3-54 3-55 3-57 3-58 3-59 3-61 3-61 3-62 3-62 3-63 3-66 3-68 3-68 3-69 3-71 3-72 3-73 Contents Port Configuration Displaying Connection Status Configuring Interface Connections Creating Trunk Groups Statically Configuring a Trunk Enabling LACP on Selected Ports Configuring LACP Parameters Displaying LACP Port Counters Displaying LACP Settings and Status for the Local Side Displaying LACP Settings and Status for the Remote Side Setting Broadcast Storm Thresholds Configuring Port Mirroring Configuring Rate Limits Showing Port Statistics Alcatel Mapping Adjacency Protocol (AMAP) Configuring AMAP Displaying AMAP Detected Devices Address Table Settings Setting Static Addresses Displaying the Address Table Changing the Aging Time Spanning Tree Algorithm Configuration Displaying Global Settings Configuring Global Settings Displaying Interface Settings Configuring Interface Settings Configuring Multiple Spanning Trees Displaying Interface Settings for MSTP Configuring Interface Settings for MSTP VLAN Configuration Overview Assigning Ports to VLANs Forwarding Tagged/Untagged Frames Enabling or Disabling GVRP (Global Setting) Displaying Basic VLAN Information Displaying Current VLANs Creating VLANs Adding Static Members to VLANs (VLAN Index) Adding Static Members to VLANs (Port Index) Configuring VLAN Behavior for Interfaces Configuring Private VLANs Enabling Private VLANs Configuring Uplink and Downlink Ports Configuring Protocol-Based VLANs Configuring Protocol Groups 3-75 3-75 3-77 3-79 3-80 3-81 3-83 3-85 3-86 3-88 3-90 3-91 3-92 3-93 3-98 3-98 3-99 3-100 3-100 3-101 3-102 3-103 3-104 3-107 3-111 3-114 3-116 3-119 3-121 3-122 3-122 3-123 3-125 3-125 3-126 3-127 3-129 3-130 3-132 3-133 3-135 3-135 3-136 3-136 3-137 vii Contents Mapping Protocols to VLANs Class of Service Configuration Setting the Default Priority for Interfaces Mapping CoS Values to Egress Queues Selecting the Queue Mode Setting the Service Weight for Traffic Classes Mapping Layer 3/4 Priorities to CoS Values Selecting IP Precedence/DSCP Priority Mapping IP Precedence Mapping DSCP Priority Mapping IP Port Priority Mapping CoS Values to ACLs Changing Priorities Based on ACL Rules Quality of Service Configuring Quality of Service Parameters Configuring a Class Map Creating QoS Policies Attaching a Policy Map to Ingress and Egress Queues Multicast Filtering Layer 2 IGMP (Snooping and Query) Configuring IGMP Snooping and Query Parameters Displaying Interfaces Attached to a Multicast Router Specifying Static Interfaces for a Multicast Router Displaying Port Members of Multicast Services Assigning Ports to Multicast Services Configuring Domain Name Service Configuring General DNS Server Parameters Configuring Static DNS Host to Address Entries Displaying the DNS Cache Chapter 4: Command Line Interface Using the Command Line Interface Accessing the CLI Console Connection Telnet Connection Entering Commands Keywords and Arguments Minimum Abbreviation Command Completion Getting Help on Commands Showing Commands Partial Keyword Lookup Negating the Effect of Commands Using Command History viii 3-137 3-139 3-139 3-141 3-143 3-143 3-145 3-145 3-146 3-147 3-149 3-150 3-151 3-153 3-153 3-154 3-156 3-159 3-160 3-160 3-161 3-162 3-163 3-164 3-165 3-166 3-167 3-169 3-171 4-1 4-1 4-1 4-1 4-1 4-3 4-3 4-3 4-3 4-3 4-4 4-5 4-5 4-5 Contents Understanding Command Modes Exec Commands Configuration Commands Command Line Processing Command Groups Line Commands line login password timeout login response exec-timeout password-thresh silent-time databits parity speed stopbits disconnect show line General Commands enable disable configure show history reload end exit quit System Management Commands Device Designation Commands prompt hostname User Access Commands username enable password IP Filter Commands management show management Web Server Commands ip http port ip http server ip http secure-server ip http secure-port Secure Shell Commands ip ssh server 4-5 4-6 4-6 4-7 4-9 4-10 4-10 4-11 4-12 4-13 4-14 4-14 4-15 4-16 4-16 4-17 4-17 4-18 4-18 4-19 4-19 4-20 4-20 4-21 4-22 4-22 4-22 4-23 4-23 4-24 4-24 4-25 4-25 4-25 4-26 4-27 4-27 4-28 4-29 4-29 4-30 4-30 4-31 4-32 4-34 ix Contents ip ssh timeout ip ssh authentication-retries ip ssh server-key size delete public-key ip ssh crypto host-key generate ip ssh crypto zeroize ip ssh save host-key show ip ssh show ssh show public-key Event Logging Commands logging on logging history logging host logging facility logging trap clear logging show logging SMTP Alert Commands logging sendmail host logging sendmail level logging sendmail source-email logging sendmail destination-email logging sendmail show logging sendmail Time Commands sntp client sntp server sntp poll show sntp clock timezone calendar set show calendar System Status Commands show startup-config show running-config show system show users show version Frame Size Commands jumbo frame Flash/File Commands copy delete dir x 4-35 4-36 4-36 4-37 4-37 4-38 4-38 4-39 4-39 4-40 4-41 4-41 4-42 4-43 4-43 4-44 4-44 4-45 4-46 4-47 4-47 4-48 4-48 4-49 4-49 4-50 4-50 4-51 4-52 4-52 4-53 4-53 4-54 4-54 4-54 4-57 4-59 4-60 4-60 4-61 4-61 4-62 4-62 4-64 4-65 Contents whichboot boot system Authentication Commands Authentication Sequence authentication login authentication enable RADIUS Client radius-server host radius-server port radius-server key radius-server retransmit radius-server timeout show radius-server TACACS+ Client tacacs-server host tacacs-server port tacacs-server key show tacacs-server Port Security Commands port security 802.1x Port Authentication authentication dot1x default dot1x default dot1x max-req dot1x port-control dot1x operation-mode dot1x re-authenticate dot1x re-authentication dot1x timeout quiet-period dot1x timeout re-authperiod dot1x timeout tx-period show dot1x Access Control List Commands IP ACLs access-list ip permit, deny (Standard ACL) permit, deny (Extended ACL) show ip access-list access-list ip mask-precedence mask (IP ACL) show access-list ip mask-precedence ip access-group show ip access-group map access-list ip show map access-list ip 4-66 4-66 4-67 4-67 4-68 4-69 4-70 4-70 4-70 4-71 4-71 4-72 4-72 4-73 4-73 4-73 4-74 4-74 4-75 4-75 4-76 4-77 4-77 4-78 4-78 4-79 4-79 4-80 4-80 4-80 4-81 4-81 4-83 4-85 4-85 4-86 4-87 4-89 4-89 4-90 4-93 4-94 4-94 4-95 4-96 xi Contents match access-list ip show marking MAC ACLs access-list mac permit, deny (MAC ACL) show mac access-list access-list mac mask-precedence mask (MAC ACL) show access-list mac mask-precedence mac access-group show mac access-group map access-list mac show map access-list mac match access-list mac ACL Information show access-list show access-group SNMP Commands snmp-server community snmp-server contact snmp-server location snmp-server host snmp-server enable traps show snmp snmp-server snmp-server engine-id show snmp engine-id snmp-server view show snmp view snmp-server group show snmp group snmp-server user show snmp user DHCP Commands DHCP Client ip dhcp client-identifier ip dhcp restart client DNS Commands ip host clear host ip domain-name ip domain-list ip name-server ip domain-lookup show hosts xii 4-96 4-97 4-98 4-98 4-99 4-100 4-101 4-102 4- ...