User manual D-LINK DES-3225G

DES-3225G Series 24-Port Fast Ethernet Switch User's Guide Sixth Edition (December 2001) 651S3225G065 Printed In Taiwan RECYCLABLE Table of Contents INTRODUCTION ...............................................................................................................................................................................................1 FAST ETHERNET TECHNOLOGY ................................................................................................................................................................... 1 GIGABIT ETHERNET TECHNOLOGY ............................................................................................................................................................. 1 SWITCHING TECHNOLOGY ............................................................................................................................................................................ 2 FEATURES......................................................................................................................................................................................................... 2 Ports...............................................................................................................................................................................................................2 Performance features ..................................................................................................................................................................................3 Management .................................................................................................................................................................................................3 UNPACKING AND SETUP ...............................................................................................................................................................................4 UNPACKING...................................................................................................................................................................................................... 4 INSTALLATION ................................................................................................................................................................................................ 4 Desktop or Shelf Installation ....................................................................................................................................................................4 Rack Installation .........................................................................................................................................................................................5 POWER ON ........................................................................................................................................................................................................ 6 Power Failure ..............................................................................................................................................................................................6 IDENTIFYING EXTERNAL COMPONENTS................................................................................................................................................7 FRONT PANEL.................................................................................................................................................................................................. 7 REAR PANEL..................................................................................................................................................................................................... 7 SIDE PANELS.................................................................................................................................................................................................... 8 OPTIONAL PLUG-IN MODULES..................................................................................................................................................................... 8 100BASE-TX Module..................................................................................................................................................................................9 100BASE-FX (SC) Fiber Module .............................................................................................................................................................9 100BASE-FX (MT-RJ) Fiber Module ......................................................................................................................................................9 1000BASE-SX Gigabit Module...............................................................................................................................................................10 1000BASE-LX Gigabit Module...............................................................................................................................................................10 1000BASE-T Copper Gigabit Module...................................................................................................................................................11 LED INDICATORS........................................................................................................................................................................................... 11 CONNECTING THE SWITCH.......................................................................................................................................................................12 SWITCH TO END NODE ................................................................................................................................................................................ 12 SWITCH TO HUB OR SWITCH...................................................................................................................................................................... 12 10BASE-T Device.......................................................................................................................................................................................13 100BASE-TX Device..................................................................................................................................................................................13 SWITCH MANAGEMENT CONCEPTS ......................................................................................................................................................14 LOCAL CONSOLE MANAGEMENT ............................................................................................................................................................... 14 Diagnostic (console) port (RS-232 DCE) ............................................................................................................................................14 IP ADDRESSES AND SNMP COMMUNITY NAMES.................................................................................................................................... 15 TRAPS.............................................................................................................................................................................................................. 15 MIBS................................................................................................................................................................................................................ 16 PACKET FORWARDING................................................................................................................................................................................. 16 Aging Time ..................................................................................................................................................................................................16 Filtering Database....................................................................................................................................................................................17 SPANNING TREE ALGORITHM .................................................................................................................................................................... 17 STA Operation Levels ...............................................................................................................................................................................17 On the Bridge Level................................................................................................................................................................................ 18 On the Port Level.................................................................................................................................................................................... 18 User-Changeable STA Parameters.........................................................................................................................................................18 Illustration of STA .....................................................................................................................................................................................19 PORT TRUNKING............................................................................................................................................................................................ 20 VLANS AND BROADCAST DOMAINS.......................................................................................................................................................... 21 MAC-based Broadcast Domains.............................................................................................................................................................22 802.1Q VLANs............................................................................................................................................................................................22 802.1Q VLAN Segmentation ................................................................................................................................................................. 22 Sharing Resources Across 802.1Q VLANs ........................................................................................................................................ 23 802.1Q VLANs Spanning Multiple Switches ...................................................................................................................................... 23 Port-based VLANs .....................................................................................................................................................................................25 BROADCAST STORMS.................................................................................................................................................................................... 25 Segmenting Broadcast Domains.............................................................................................................................................................26 Eliminating Broadcast Storms................................................................................................................................................................26 USING THE CONSOLE INTERFACE...........................................................................................................................................................27 SETTING UP A CONSOLE............................................................................................................................................................................. 27 CONNECTING TO THE SWITCH USING TELNET....................................................................................................................................... 28 CONSOLE USAGE CONVENTIONS................................................................................................................................................................. 28 FIRST TIME CONNECTING TO THE SWITCH............................................................................................................................................. 28 User Accounts Management....................................................................................................................................................................30 Saving Changes .........................................................................................................................................................................................30 LOGGING ONTO THE SWITCH CONSOLE BY REGISTERED USERS......................................................................................................... 31 Create/Modify User Accounts ............................................................................................................................................................. 31 View/Delete User Accounts .................................................................................................................................................................. 33 SETTING UP THE SWITCH........................................................................................................................................................................... 34 Configuration.............................................................................................................................................................................................34 Configure IP Address ............................................................................................................................................................................ 34 Configure Console .................................................................................................................................................................................. 36 Configure Switch .................................................................................................................................................................................... 37 Configure Ports ....................................................................................................................................................................................... 38 Configure Slot1 Module ........................................................................................................................................................................ 40 Configure Slot2 Module ........................................................................................................................................................................ 42 Configure Port Mirroring ....................................................................................................................................................................... 43 Configure Spanning Tree Protocol ...................................................................................................................................................... 44 Configure Filtering and Forwarding Table .......................................................................................................................................... 47 Configure IGMP Filtering ...................................................................................................................................................................... 50 Configure VLANs & MAC-based Broadcast Domains .................................................................................................................... 54 Configure Trunk...................................................................................................................................................................................... 75 Update Firmware and Configuration Files..........................................................................................................................................76 System Utilities...........................................................................................................................................................................................77 Ping Test.................................................................................................................................................................................................. 78 Save Settings to TFTP Server............................................................................................................................................................... 79 Save Switch History to TFTP Server................................................................................................................................................... 80 SNMP Manager Configuration ..............................................................................................................................................................81 SWITCH MONITORING................................................................................................................................................................................. 82 Network Monitoring .................................................................................................................................................................................82 Traffic Statistics ...................................................................................................................................................................................... 83 Browse Address Table .......................................................................................................................................................................... 89 Browse IGMP Status .............................................................................................................................................................................. 90 Browse GVRP Status .............................................................................................................................................................................. 91 Browse GMRP Status............................................................................................................................................................................. 91 Switch History ......................................................................................................................................................................................... 92 RESETTING THE SWITCH............................................................................................................................................................................. 93 Restart System............................................................................................................................................................................................93 Factory Reset..............................................................................................................................................................................................94 Logout..........................................................................................................................................................................................................95 WEB-BASED NETWORK MANAGEMENT ...............................................................................................................................................96 INTRODUCTION ............................................................................................................................................................................................. 96 GETTING STARTED....................................................................................................................................................................................... 96 MANAGEMENT .............................................................................................................................................................................................. 96 Configure Switch .......................................................................................................................................................................................97 IP Settings................................................................................................................................................................................................ 98 Port Settings ............................................................................................................................................................................................ 99 Port Mirroring........................................................................................................................................................................................ 100 Switch Settings ..................................................................................................................................................................................... 101 Filtering and Forwarding Table .......................................................................................................................................................... 103 Spanning Tree ....................................................................................................................................................................................... 110 IGMP Filtering ....................................................................................................................................................................................... 113 VLANs & MAC-based Broadcast Domains..................................................................................................................................... 115 Trunk ...................................................................................................................................................................................................... 123 Configure Management......................................................................................................................................................................... 123 Traps and Community Strings ............................................................................................................................................................ 124 User Accounts ...................................................................................................................................................................................... 125 Console Port Settings .......................................................................................................................................................................... 127 Monitor..................................................................................................................................................................................................... 128 Switch Overview ................................................................................................................................................................................... 128 Port Statistics ........................................................................................................................................................................................ 129 Browse Address Table ........................................................................................................................................................................ 134 Browse IGMP Status ............................................................................................................................................................................ 138 Browse GVRP Status ............................................................................................................................................................................ 139 Browse GMRP Status........................................................................................................................................................................... 140 Switch History ....................................................................................................................................................................................... 141 Reset and Update.................................................................................................................................................................................... 141 Reboot Switch ....................................................................................................................................................................................... 142 Reset to Factory Default ...................................................................................................................................................................... 143 Update Firmware ................................................................................................................................................................................... 144 Change Configuration File .................................................................................................................................................................. 145 Save Settings to TFTP Server............................................................................................................................................................. 146 Upload Log File ..................................................................................................................................................................................... 147 Save Changes .......................................................................................................................................................................................... 148 Help........................................................................................................................................................................................................... 148 TECHNICAL SPECIFICATIONS ............................................................................................................................................................... 149 RJ-45 PIN SPECIFICATION ...................................................................................................................................................................... 152 SAMPLE CONFIGURATION FILE............................................................................................................................................................ 154 Commands:............................................................................................................................................................................................ 154 Notes about the Configuration File: .................................................................................................................................................. 154 RUNTIME SWITCHING SOFTWARE DEFAULT SETTINGS ............................................................................................................. 156 INDEX............................................................................................................................................................................................................. 158 Contacting Technical Support...............................................................................................................................166 Warranty.................................................................................................................................................................167 Registration.............................................................................................................................................................169 24-port NWay Ethernet Switch User's Guide ABOUT THIS GUIDE This User's Guide tells you how to install your DES-3225G Series Switch, how to connect it to your Ethernet network, and how to set its configuration using either the built-in console interface or Web-based management. Terms For simplicity, this documentation uses the terms "Switch" (first letter upper case) to refer to the DES-3225G Series 24port NWay Ethernet Switch, and "switch" (first letter lower case) to refer to all Ethernet switches, including the DES3225G. Overview of this User's Guide Chapter 1, "Introduction." Describes the Switch and its features. Chapter 2, "Unpacking and Setup." Helps you get started with the basic installation of the Switch. Chapter 3, "Identifying External" Components. Describes the front panel, rear panel, optional plug-in modules, and LED indicators of the Switch. Chapter 4, "Connecting the Switch." Tells how you can connect the DES-3225G to your Ethernet network. Chapter 5, "Switch Management Concepts." Talks about Local Console Management via the RS-232 DCE console port and other aspects about how to manage the Switch. Chapter 6, "Using the Console Interface." Tells how to use the built-in console interface to change, set, and monitor Switch performance and security. Chapter 7, "Web-Based Network Management." Tells how to manage the Switch through an Internet browser. Appendix A, "Technical Specifications." Lists the technical specifications of the DES-3225G. Appendix B, "RJ-45 Pin Specifications. Shows the details and pin assignments for the RJ-45 receptacle/connector. Appendix C, "Sample Configuration File." Appendix D, "Runtime Switch Software Default Settings." 24-port NWay Ethernet Switch User's Guide 1 INTRODUCTION This section describes the features of the Switch, as well as giving some background information about Ethernet/Fast Ethernet, Gigabit Ethernet, and switching technology. Fast Ethernet Technology The growing importance of LANs and the increasing complexity of desktop computing applications are fueling the need for high performance networks. A number of high-speed LAN technologies are proposed to provide greater bandwidth and improve client/server response times. Among them, Fast Ethernet, or 100BASE-TX, provides a non-disruptive, smooth evolution from the current 10BASE-T technology. The dominating market position virtually guarantee cost effective and high performance Fast Ethernet solutions in the years to come. 100Mbps Fast Ethernet is a standard specified by the IEEE 802.3 LAN committee. It is an extension of the 10Mbps Ethernet standard with the ability to transmit and receive data at 100Mbps, while maintaining the Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Ethernet protocol. Gigabit Ethernet Technology Gigabit Ethernet is an extension of IEEE 802.3 Ethernet utilizing the same packet structure, format, and support for CSMA/CD protocol, full duplex, flow control, and management objects, but with a tenfold increase in theoretical throughput over 100Mbps Fast Ethernet and a one hundred-fold increase over 10Mbps Ethernet. Since it is compatible with all 10Mbps and 100Mbps Ethernet environments, Gigabit Ethernet provides a straightforward upgrade without wasting a company's existing investment in hardware, software, and trained personnel. The increased speed and extra bandwidth offered by Gigabit Ethernet is essential to coping with the network bottlenecks that frequently develop as computers and their busses get faster and more users use applications that generate more traffic. Upgrading key components, such as your backbone and servers to Gigabit Ethernet can greatly improve network response times as well as significantly speed up the traffic between your subnets. Gigabit Ethernet enables fast optical fiber connections to support video conferencing, complex imaging, and similar dataintensive applications. Likewise, since data transfers occur 10 times faster than Fast Ethernet, servers outfitted with Gigabit Ethernet NIC's are able to perform 10 times the number of operations in the same amount of time. In addition, the phenomenal bandwidth delivered by Gigabit Ethernet is the most cost-effective method to take advantage of today and tomorrow's rapidly improving switching and routing internetworking technologies. And with expected advances in the coming years in silicon technology and digital signal processing that will enable Gigabit Ethernet to eventually operate over unshielded twisted-pair (UTP) cabling, outfitting your network with a powerful 1000Mbps-capable backbone/server connection creates a flexible foundation for the next generation of network technology products. Introduction 1 24-port NWay Ethernet Switch User's Guide Switching Technology Another key development pushing the limits of Ethernet technology is in the field of switching technology. A switch bridges Ethernet packets at the MAC address level of the Ethernet protocol transmitting among connected Ethernet or fast Ethernet LAN segments. Switching is a cost-effective way of increasing the total network capacity available to users on a local area network. A switch increases capacity and decreases network loading by making it possible for a local area network to be divided into different segments which don't compete with each other for network transmission capacity, giving a decreased load on each. The switch acts as a high-speed selective bridge between the individual segments. Traffic that needs to go from one segment to another (from one port to another) is automatically forwarded by the switch, without interfering with any other segments (ports). This allows the total network capacity to be multiplied, while still maintaining the same network cabling and adapter cards. For Fast Ethernet or Gigabit Ethernet networks, a switch is an effective way of eliminating problems of chaining hubs beyond the "two-repeater limit." A switch can be used to split parts of the network into different collision domains, for example, making it possible to expand your Fast Ethernet network beyond the 205-meter network diameter limit for 100BASE-TX networks. Switches supporting both traditional 10Mbps Ethernet and 100Mbps Fast Ethernet are also ideal for bridging between existing 10Mbps networks and new 100Mbps networks. Switching LAN technology is a marked improvement over the previous generation of network bridges, which were characterized by higher latencies. Routers have also been used to segment local area networks, but the cost of a router and the setup and maintenance required make routers relatively impractical. Today's switches are an ideal solution to most kinds of local area network congestion problems. Features The DES-3225G Switch was designed for easy installation and high performance in an environment where traffic on the network and the number of users increase continuously. Switch features include: Ports 24 high performance NWay ports all operating at 10/100 Mbps for connecting to end stations, servers, and hubs (22 MDI-X 10/100 Ethernet UTP ports and 2 MDI-II Uplink ports). All ports can auto-negotiate (NWay) between 10Mbps/ 100Mbps, half-duplex or full duplex and flow control. One optional rear panel slide-in module interface for a 1-port 1000BASE-SX Gigabit Ethernet module, a 1-port 1000BASE-LX Gigabit Ethernet module, or a 1-port 1000BASE-T Gigabit Ethernet module, for connecting to another switch. One slide-in module interface in the front panel for 1 or 2 port 10/100M Ethernet connection. Three modules are available: 2 ports TX module, 2 ports FX MT-RJ type module, and 1 port FX SC type module. RS-232 DCE Diagnostic port (console port) for setting up and managing the Switch via a connection to a console terminal or PC using a terminal emulation program. 2 Introduction 24-port NWay Ethernet Switch User's Guide Performance features Store and forward switching scheme capability to support rate adaptation and protocol conversion. Full- and half-duplex for both 10Mbps and 100Mbps connections. The 1000BASE-SX and 1000BASE-LX Gigabit Ethernet modules operate at full duplex only while the 1000BASE-T Gigabit Ethernet module can also operate in half-duplex mode when auto negotiate is selected. Full duplex allows the switch port to simultaneously transmit and receive data, and only works with connections to full-duplex capable end stations and switches. Connections to hubs must take place at half duplex. Auto-polarity detection and correction of incorrect polarity on the receive twisted-pair at each port. Data forwarding rate 14,880 pps per port at 100% of wire-speed for 10Mbps speed. Data forwarding rate 148,800 pps per port at 100% of wire-speed for 100Mbps speed. Data filtering rate eliminates all error packets, runts, etc. at 14,880 pps per port at 100% of wire-speed for 10Mbps speed. Data filtering rate eliminates all error packets, runts, etc. at 148,800 pps per port at 100% of wire-speed for 100Mbps speed. 12K active MAC address entry table per device with automatic learning and aging (10 to 1000000 seconds). 12 MB packet buffer per device. Broadcast storm filtering. IGMP Multicast support. 802.1Q VLANs. GARP/GVRP, GARP/GMRP support. DHCP Client. 802.1p Priority Queues. Management RS-232 console port for out-of-band network management via a console terminal or PC. Spanning Tree Algorithm Protocol for creation of alternative backup paths and prevention of network loops. Fully configurable either in-band or out-of-band control via SNMP-based software. Flash memory for software upgrades. This can be done in-band via TFTP. Built-in SNMP management: Bridge MIB (RFC 1493), RMON MIB (RFC 1757), MIB-II (RFC 1213), Entity MIB version 2 (RFC 2737), and Proprietary MIBs. Introduction 3 24-port NWay Ethernet Switch User's Guide 2 UNPACKING AND SETUP This chapter provides unpacking and setup information for the Switch. Unpacking Open the shipping carton of the Switch and carefully unpack its contents. The carton should contain the following items: One DES-3225G 24-port NWay Ethernet Switch One 2-port 100BASE-TX Fast Ethernet module preinstalled on front panel (DES-3225GF includes a 1-port 100BASE-FX module preinstalled). One console cable Mounting kit: 2 mounting brackets and screws Four rubber feet with adhesive backing One AC power cord This User's Guide with Registration Card If any item is found missing or damaged, please contact your local D-Link reseller for replacement. Installation Use the following guidelines when choosing a place to install the Switch: The surface must support at least 3 kg. The power outlet should be within 1.82 meters (6 feet) of the device. Visually inspect the power cord and see that it is secured to the AC power connector. Make sure that there is proper heat dissipation from and adequate ventilation around the switch. Do not place heavy objects on the switch. Desktop or Shelf Installation When installing the Switch on a desktop or shelf, the rubber feet included with the device should first be attached. Attach these cushioning feet on the bottom at each corner of the device. Allow adequate space for ventilation between the device and the objects around it. 4 Unpacking and Setup 24-port NWay Ethernet Switch User's Guide Figure 2-1. Installing rubber feet for desktop installation Rack Installation The DES-3225G can be mounted in an EIA standard-sized, 19-inch rack, which can be placed in a wiring closet with other equipment. To install, attach the mounting brackets on the switch's side panels (one on each side) and secure them with the screws provided. Figure 2- 2A. Attaching the mounting brackets to the switch Then, use the screws provided with the equipment rack to mount the switch on the rack. Figure 2-2B. Installing the switch on an equipment rack Unpacking and Setup 5 24-port NWay Ethernet Switch User's Guide Power on The DES-3225G switch can be used with AC power supply 100 - 240 VAC, 50/60 Hz. The Switch's power supply will adjust to the local power source automatically and may be used without having any or all LAN segment cables connected. After the switch is plugged in, the LED indicators should respond as follows: All LED indicators will momentarily blink. This blinking of the LED indicators represents a reset of the system. The power LED indicator will blink while the Switch loads onboard software and performs a self-test. After approximately 20 seconds, the LED will light again to indicate the switch is in a ready state. The console LED indicator will remain ON if there is a connection at the RS-232 port, otherwise this LED indicator is OFF. The 100M LED indicator may remain ON or OFF depending on the transmission speed. Power Failure As a precaution, in the event of a power failure, unplug the switch. When power is resumed, plug the switch back in. 6 Unpacking and Setup 24-port NWay Ethernet Switch User's Guide 3 IDENTIFYING EXTERNAL COMPONENTS This chapter describes the front panel, rear panel, optional plug-in modules, and LED indicators of the DES-3225G. Front Panel The front panel of the Switch consists of LED indicators, an RS-232 communication port, a slide-in module slot, two uplink ports, and 22 (10/100 Mbps) Ethernet/Fast Ethernet ports. Figure 3-1. Front panel view of the Switch Comprehensive LED indicators display the status of the switch and the network. A description of these LED indicators follows (see the LED Indicators section below). An RS-232 DCE console port for setting up and managing the switch via a connection to a console terminal or PC using a terminal emulation program. A front-panel slide-in module slot for 10/100 Mbps Ethernet ports can accommodate a 2-port 10/100BASE-TX Fast Ethernet module, a 2-port 100BASE-FX MT-RJ type module, or a 1-port 100BASE-FX SC type module. Two MDI-II Uplink jacks which can be used to connect a straight-through cable to a normal (non-Uplink) port on a switch or hub. Do not use port 1X if the top Uplink port is occupied or Port 2X if the bottom Uplink port is occupied. Twenty-two high-performance, NWay Ethernet ports all of which operate at 10/100 Mbps for connections to end stations, servers and hubs. All ports can auto-negotiate between 10Mbps or 100Mbps, full- or half-duplex, and flow control. Rear Panel The rear panel of the switch consists of a slot for an optional Gigabit Ethernet fiber port and an AC power connector. The following displays the rear panel of the switch. Figure 3-2. Rear panel view of the Switch Identifying External Components 7 24-port NWay Ethernet Switch User's Guide Figure 3-3. Rear panel view of the Switch fitted with the optional Gigabit Ethernet slide-in module The optional Gigabit Ethernet slide-in module (1000BASE-SX, 1000BASE-LX, or 1000BASE-T) contains one port for connecting to another switch. The AC power connector is a standard three-pronged connector that supports the power cord. Plug-in the female connector of the provided power cord into this socket, and the male side of the cord into a power outlet. Supported input voltages range from 100 ~ 240 VAC at 50 ~ 60 Hz. Side Panels The right side panel of the Switch contains two system fans (see the top part of the diagram below). The left side panel contains heat vents. Figure 3-4. Side panel views of the Switch The system fans are used to dissipate heat. The sides of the system also provide heat vents to serve the same purpose. Do not block these openings, and leave at least 6 inches of space at the rear and sides of the switch for proper ventilation. Be reminded that without proper heat dissipation and air circulation, system components might overheat, which could lead to system failure. Optional Plug-in Modules The DES-3225G 24-port NWay Ethernet Switch is able to accommodate a range of plug-in modules in order to increase functionality and performance. 8 Identifying External Components 24-port NWay Ethernet Switch User's Guide 100BASE-TX Module Figure 3-5. Two-port, 100BASE-TX module Two-port, front-panel module. Connects to 100BASE-TX devices at full- or half-duplex. Supports Category 5 UTP or STP cable connections of up to 100 meters. 100BASE-FX (SC) Fiber Module Figure 3-6. One-port, 100BASE-FX (SC) module One-port, front-panel module. Connects to 100BASE-FX devices at full- or half-duplex. Supports multi-mode fiber-optic cable connections of up to 412 meters in half-duplex or 2 km in full-duplex mode. 100BASE-FX (MT-RJ) Fiber Module Figure 3-7. Two-port, 100BASE-FX (MT-RJ) module Identifying External Components 9 24-port NWay Ethernet Switch User's Guide Two-port, front-panel module. Connects to 100BASE-FX devices at full- or half-duplex. Supports multi-mode fiber-optic cable connections of up to 412 meters in half duplex or 2 km in full duplex mode. 1000BASE-SX Gigabit Module Figure 3-8. One-port, 1000BASE-SX module One-port, rear-panel module. Connects to 1000BASE-SX devices at full duplex or auto (auto negotiation is available in DES-3251G, version A3 and later). Allows connections using multi-mode fiber optic cable in the following configurations: 62.5µ m µ Modal bandwidth (min. overfilled launch) Unit: MHz*km Operating distance Unit: meters Channel insertion loss Unit: dB 2.33 2.53 3.25 3.43 220 275 500 550 160 62.5µ m µ 200 50µ m µ 400 50µ m µ 500 1000BASE-LX Gigabit Module Figure 3-9. One-port, 1000BASE-LX module One-port, rear-panel module. Connects to 1000BASE-LX devices at full duplex or auto (auto negotiation is available in DES-3251GL, version A3 and later). 10 Identifying External Components 24-port NWay Ethernet Switch User's Guide Allows connections up to 5 km in length using single-mode fiber optic cable. 1000BASE-T Copper Gigabit Module Figure 3-10. One-port, 1000BASE-T module One-port, rear-panel module. Connects to 1000BASE-T devices at 1000M/full duplex, 100M/full duplex, 100M/half duplex, and Auto. Supports Category 5+ or higher cable connections of up to 100 meters. LED Indicators The LED indicators of the Switch include Power, Console, Slot2, Giga, Speed, and Link/Act. The following shows the LED indicators for the Switch along with an explanation of each indicator. Figure 3-11. The LED indicators Power This indicator on the front panel should be colored amber during the Power-On Self Test (POST). It will light green approximately 2 seconds after the switch is powered on to indicate the ready state of the device. The LED will blink green while downloading new software for the switch, or if the system's configuration has changed and will light yellow when an error occurs. Console This indicator is lit green when the switch is being managed via out-of-band/local console management through the RS-232 console port using a straight-through serial cable. Slot 2 This indicator is lit green when a Gigabit Ethernet slide-in module is present in the rear panel of the Switch. Giga This indicator is lit green when a link is established. It blinks green when the Gigabit port is active. 100M These indicators are illuminated green when a 100 Mbps device is connected to any of the 24 ports or uplink port. If a 10 Mbps device is connected to any of the 24 ports or uplink port, these LEDs remain dark. Link/Act These indicators are lit when there is a secure connection (or link) to a device at any of the ports. The LEDs blink whenever there is reception or transmission (i.e. Activity--Act) of data occurring at a port. Identifying External Components 11 24-port NWay Ethernet Switch User's Guide 4 CONNECTING THE SWITCH This chapter describes how to connect the DES-3225G to your Fast Ethernet network. Switch to End Node End nodes include PCs outfitted with a 10, 100 or 10/100 Mbps RJ-45 Ethernet/Fast Ethernet Network Interface Card (NIC) and most routers. The RJ-45 UTP ports on NICs and most routers are MDI-II. When using a normal straight-through cable, an MDI-II port must connect to an MDI-X port. An end node can be connected to the Switch via a two-pair Category 3, 4, 5 UTP/STP straight cable (be sure to use Category 5 UTP or STP cabling for 100 Mbps Fast Ethernet connections). The end node should be connected to any of the twenty-two ports (1x - 22x) of the DES-3225G or to either of the two 100BASE-TX ports on the front-panel module that came preinstalled on the switch. An end node should not be connected to an Uplink port (unless using a crossover cable), and if the top Uplink port is in use, Port 1X must remain vacant; if the bottom Uplink port is in use, Port 2X cannot be used. Figure 4-1. Switch connected to an End Node The LED indicators for the port the end node is connected to are lit according to the capabilities of the NIC. If LED indicators are not illuminated after making a proper connection, check the PC's LAN card, the cable, switch conditions, and connections. The following LED indicator states are possible for an end node to switch connection: 1. The 100M LED indicator comes ON for a 100 Mbps and stays OFF for 10 Mbps. 2. The Link/Act LED indicator lights up upon hooking up a PC that is powered on. Switch to Hub or Switch These connections can be accomplished in a number of ways. The most important consideration is that when using a normal, straight-through cable, the connection should be made between a normal crossed port (Port 1X, 2X, etc.) and an Uplink (MDI-II) port. If you are using a crossover cable, the connection must be made from Uplink to Uplink, or from a crossed port to another crossed port. A 10BASE-T hub or switch can be connected to the Switch via a two-pair Category 3, 4 or 5 UTP/STP straight cable. 12 Connecting The Switch 24-port NWay Ethernet Switch User's Guide A 100BASE-TX hub or switch can be connected to the Switch via a two-pair Category 5 UTP/STP straight cable. If the other switch or hub contains an unused Uplink port, we suggest connecting the other device's Uplink (MDI-II) port to any of the switch's (MDI-X) ports (1x - 22x, or one of the 100BASE-TX module ports) using a normal straight-through cable, as shown below. If the other device does not have an unused Uplink port, make the connection with a normal straight-through cable from one of the Uplink ports on the switch to any normal crossed port on the hub. Alternatively, if you have a crossover cable you can save the Uplink ports for other connections and make this one from a crossed port to another crossed port. Figure 4-2. Switch connected to a normal (non-Uplink) port on a hub or switch using a straight or crossover cable 10BASE-T Device For a 10BASE-T device, the Switch's LED indicators should display the following: 100M LED speed indicator is OFF. Link/Act indicator is ON. 100BASE-TX Device For a 100BASE-TX device, the Switch's LED indicators should display the following: 100M LED speed indicator is ON. Link/Act is ON. Connecting The Switch 13 24-port NWay Ethernet Switch User's Guide 5 SWITCH MANAGEMENT CONCEPTS This chapter discusses many of the features used to manage the switch, and explains many concepts and important points regarding these features. Configuring the switch to implement these concepts is discussed in detail in the next chapters. Local Console Management Local console management involves the administration of the DES-3225G Switch via a direct connection to the RS-232 DCE console port. This is an Out-Of-Band connection, meaning that it is on a different circuit than normal network communications, and thus works even when the network is down. The local console management connection involves a terminal or PC running terminal emulation software to operate the switch's built-in console program (see Chapter 6, "Using the Console Interface"). Using the console program, a network administrator can manage, control and monitor the many functions of the Switch. Hardware components in the Switch allow it to be an active part of a manageable network. These components include a CPU, memory for data storage, other related hardware, and SNMP agent firmware. Activities on the Switch can be monitored with these components, while the Switch can be manipulated to carry out specific tasks. Diagnostic (console) port (RS-232 DCE) Out-of-band management requires connecting a terminal, such as a VT-100 or a PC running terminal emulation program (such as HyperTerminal, which is automatically installed with Microsoft Windows) a to the RS-232 DCE console port of the Switch. Switch management using the RS-232 DCE console port is called Local Console Management to differentiate it from management done via management platforms, such as D-View, HP OpenView, etc. The console port is set for the following configuration: Baud rate: Data width: Parity: Stop bits: Flow Control 9,600 8 bits none 1 None Make sure the terminal or PC you are using to make this connection is configured to match these settings. If you are having problems making this connection on a PC, make sure the emulation is set to VT-100 or ANSI. If you still don't see anything, try hitting + r to refresh the screen. 14 Switch Management Concepts 24-port NWay Ethernet Switch User's Guide IP Addresses and SNMP Community Names Each Switch has its own IP Address, which is used for communication with an SNMP network manager or other TCP/IP application (for example BOOTP, TFTP). You can change the default Switch IP Address to meet the specification of your networking address scheme. In addition, you can also set an IP Address for a gateway router. This becomes necessary when the network management station is located on a different IP network as the Switch, making it necessary for management packets to go through a router to reach the network manager, and vice versa. For security, you can set in the Switch a list of IP Addresses of the network managers that you allow to manage the Switch. You can also change the default Community Name in the Switch and set access rights of these Community Names. Traps Traps are messages that alert you of events that occur on the Switch. The events can be as serious as a reboot (someone accidentally turned OFF the Switch), or less serious like a port status change. The Switch generates traps and sends them to the network manager (trap managers). The following lists the types of events that can take place on the Switch. System resets Errors Status changes Topology changes Operation You can also specify which network managers may receive traps from the Switch by setting a list of IP Addresses of the authorized network managers. Trap managers are special users of the network who are given certain rights and access in overseeing the maintenance of the network. Trap managers will receive traps sent from the Switch; they must immediately take certain actions to avoid future failure or breakdown of the network. The following are trap types a trap manager will receive: Cold Start This trap signifies that the Switch has been powered up and initialized such that software settings are reconfigured and hardware systems are rebooted. A cold start is different from a factory reset. Warm Start This trap signifies that the Switch has been rebooted, however the POST (Power On Self-Test) is skipped. Authentication Failure This trap signifies that someone has tried to logon to the switch using an invalid SNMP community name. The switch automatically stores the source IP address of the unauthorized user. New Root This trap indicates that the Switch has become the new root of the Spanning Tree, the trap is sent by a bridge soon after its election as the new root. This implies that upon expiration of the Topology Change Timer the new root trap is sent out immediately after the Switch's selection as a new root. Topology Change A Topology Change trap is sent by the Switch when any of its configured ports transitions from the Learning state to the Forwarding state, or from the Forwarding state to the Blocking state. The trap is not sent if a new root trap is sent for the same transition. Switch Management Concepts 15 24-port NWay Ethernet Switch User's Guide Link Change Event This trap is sent whenever the link of a port changes from link up to link down or from link down to link up. Port Partition This trap is sent whenever a port is partitioned as a result of more than sixty-one collisions on the port (i.e., it is automatically partitioned). The number of collisions that triggers this trap is the same at either 10Mbps or 100Mbps. Broadcast Storm This trap is sent whenever the port reaches the broadcast storm rising or falling threshold. Address Table Full This trap is sent whenever the MAC Address Table is full. Entity MIB Change This trap is sent whenever a MIB object of Entity MIB version 2 (RFC 2737) is changed. MIBs Management information and counters are stored in the Switch in the Management Information Base (MIB). The Switch uses the standard MIB-II Management Information Base module. Consequently, values for MIB objects can be retrieved from any SNMP-based network manager software. In addition to the standard MIB-II, the Switch also supports its own proprietary enterprise MIB as an extended Management Information Base. These MIBs may also be retrieved by specifying the MIB's Object-Identity (OID) at the network manager. MIB values can be either read-only or read-write. Read-only MIBs variables can be either constants that are programmed into the Switch, or variables that change while the Switch is in operation. Examples of read-only constants are the number of ports and types of ports. Examples of read-only variables are the statistics counters such as the number of errors that have occurred, or how many kilobytes of data have been received and forwarded through a port. Read-write MIBs are variables usually related to user-customized configurations. Examples of these are the Switch's IP Address, Spanning Tree Algorithm parameters, and port status. If you use a third-party vendors' SNMP software to manage the Switch, a diskette listing the Switch's propriety enterprise MIBs can be obtained by request. If your software provides functions to browse or modify MIBs, you can also get the MIB values and change them (if the MIBs' attributes permit the write operation). This process however can be quite involved, since you must know the MIB OIDs and retrieve them one by one. Packet Forwarding The Switch learns the network configuration and uses this information to forward packets. This reduces the traffic congestion on the network, because packets, instead of being transmitted to all segments, are transmitted to the destination only. Example: if Port 1 receives a packet destined for a station on Port 2, the Switch transmits that packet through Port 2 only, and transmits nothing through the other ports. Aging Time The Aging Time is a parameter that affects the auto-learn process of the Switch in terms of the network configuration. Dynamic Entries, which make up the auto-learned-node address, are aged out of the address table according to the Aging Time that you set. The Aging Time can be from 10 seconds to 1000000 seconds. A very long Aging Time can result with the out-of-date Dynamic Entries that may cause incorrect packet filtering/forwarding decisions. 16 Switch Management Concepts 24-port NWay Ethernet Switch User's Guide In the opposite case, if the Aging Time is too short, many entries may be aged out soon, resulting in a high percentage of received packets whose source addresses cannot be found in the address table, in which case the switch will broadcast the packet to all ports, negating many of the benefits of having a switch. Filtering Database A switch uses a filtering database to segment the network and control communications between segments. It also filters packets off the network for intrusion control (MAC Address filtering). For port filtering, each port on the switch is a unique collision domain and the switch filters (discards) packets whose destination lies on the same port as where it originated. This keeps local packets from disrupting communications on other parts of the network. For intrusion control, whenever a switch encounters a packet originating from or destined to a MAC address defined by the user, the switch will discard the packet. Filtering includes: 1. Dynamic filtering ­ automatic learning and aging of MAC addresses and their location on the network. Filtering occurs to keep local traffic confined to its segment. 2. MAC address filtering ­ the manual entry of specific MAC addresses to be filtered from the network. 3. Filtering done by the Spanning Tree Protocol, which can filter packets based on topology, making sure that signal loops don't occur. 4. Filtering done for VLAN integrity. Packets from a member of a VLAN (VLAN 2, for example) destined for a device on another VLAN (VLAN 3) will be filtered. Spanning Tree Algorithm The Spanning Tree Algorithm (STA) in the Switch allows you to create alternative paths (with multiple switches or other types of bridges) in your network. These backup paths are idle until the Switch determines that a problem has developed in the primary paths. When a primary path is lost, the switch providing the alternative path will automatically go into service with no operator intervention. This automatic network reconfiguration provides maximum uptime to network users. The concept of the Spanning Tree Algorithm is a complicated and complex subject and must be fully researched and understood. Please read the following before making any changes. Network loop detection and prevention With STA, there will be only one path between any two LANs. If there is more than one path, forwarded packets will loop indefinitely. STA detects any looped path and selects the path with the lowest path cost as the active path, while blocking the other path and using it as the backup path. Automatic topology re-configuration When the path for which there is a backup path fails, the backup path will be automatically activated, and STA will automatically re-configure the network topology. STA Operation Levels STA operates on two levels: the bridge level and the port level. On the bridge level, STA calculates the Bridge Identifier for each Switch, then sets the Root Bridge and the Designated Bridges. On the port level, STA sets the Root Port and Designated Ports. Details are as follows: Switch Management Concepts 17 24-port NWay Ethernet Switch User's Guide On the Bridge Level Root Bridge The switch with the lowest Bridge Identifier is the Root Bridge. Naturally, you will want the Root Bridge to be the best switch among the switches in the loop to ensure the highest network performance and reliability. Bridge Identifier This is the combination of the Bridge Priority (a parameter that you can set) and the MAC address of the switch. Example: 4 00 80 C8 00 01 00, where 4 is the Bridge Priority. A lower Bridge Identifier results in a higher priority for the switch, and thus increases it probably of being selected as the Root Bridge. Designated Bridge From each LAN segment, the attached Bridge that has the lowest Root Path Cost to the Root Bridge is the Designated Bridge. It forwards data packets for that LAN segment. In cases where all Switches have the same Root Path Cost, the switch with the lowest Bridge Identifier becomes the Designated Bridge. Root Path Cost The Root Path Cost of a switch is the sum of the Path Cost of the Root Port and the Root Path Costs of all the switches that the packet goes through. The Root Path Cost of the Root Bridge is zero. Bridge Priority This is a parameter that users can set. The smaller the number you set, the higher the Bridge Priority is. The higher the Bridge Priority, the better the chance the Switch will be selected as the Root Bridge. On the Port Level Root Port Each switch has a Root Port. This is the port that has the lowest Path Cost to the Root Bridge. In case there are several such ports, then the one with the lowest Port Identifier is the Root Port. Designated Port This is the port on each Designated Bridge that is attached to the LAN segment for which the switch is the Designated Bridge. Port Priority The smaller this number, the higher the Port Priority is. With higher Port Priority, the higher the probability that the port will be selected as the Root Port. Path Cost This is a changeable parameter and may be modified according to STA specifications. Each 10Mbps segment has an assigned Path Cost of 100, each 100Mbps segment has an assigned Path Cost of 19, and the 1000Mbps segment has an assigned Path Cost of 4. Please note if port trunking is enabled, these values will change dynamically. User-Changeable STA Parameters The factory default setting should cover the majority of installations. However, it is advisable to keep the default settings as set at the factory; unless, it is absolutely necessary. The user changeable parameters in the Switch are as follows: Bridge Priority A Bridge Priority can be from 0 to 65535. 0 is equal to the highest Bridge Priority. Bridge Hello Time The Hello Time can be from 1 to 10 seconds. This is the interval between two transmissions of BPDU packets sent by the Root Bridge to tell all other Switches that it is indeed the Root Bridge. If you set a Hello Time for your Switch, and it is not the Root Bridge, the set Hello Time will be used if and when your Switch becomes the Root Bridge. Note: The Hello Time cannot be longer than the Max. Age. Otherwise, a configuration error will occur. Bridge Max. Age The Max. Age can be from 6 to 40 seconds. At the end of the Max. Age, if a BPDU has still not been received from the Root Bridge, your Switch will start sending its own BPDU to all other Switches for permission to become the Root Bridge. If it turns out that your Switch has the lowest Bridge Identifier, it will become the Root Bridge. Bridge Forward Delay The Forward Delay can be from 4 to 30 seconds. This is the time any port on the Switch spends in the listening state while moving from the blocking state to the forwarding state. 18 Switch Management Concepts 24-port NWay Ethernet Switch User's Guide Observe the following formulas when you set the above parameters: 1. Max. Age 2. Max. Age 2 x (Forward Delay - 1 second) 2 x (Hello Time + 1 second) Port Priority A Port Priority can be from 0 to 255. The lower the number, the greater the probability the port will be chosen as the Root Port. Illustration of STA A simple illustration of three Bridges (or the Switch) connected in a loop is depicted in Figure 5-1. In this example, you can anticipate some major network problems if the STA assistance is not applied. For instance, if Bridge 1 broadcasts a packet to Bridge 2, Bridge 2 will broadcast it to Bridge 3, and Bridge 3 will broadcast it to Bridge 1...and so on. The broadcast packet will be passed indefinitely in a loop, causing a serious network failure. To alleviate network loop problems, STA can be applied as shown in Figure 5-2. In this example, STA breaks the loop by blocking the connection between Bridge 1 and 2. The decision to block a particular connection is based on the STA calculation of the most current Bridge and Port settings. Now, if Bridge 1 broadcasts a packet to Bridge 3, then Bridge 3 will broadcast it to Bridge 2 and the broadcast will end there. STA setup can be somewhat complex. Therefore, you are advised to keep the default factory settings and STA will automatically assign root bridges/ports and block loop connections. However, if you need to customize the STA parameters, refer to Table 5-1. Figure 5-1. Before Applying the STA Rules Figure 5-2. After Applying the STA Rules STA parameters Settings Effects Comment Switch Management Concepts 19 24-port NWay Ethernet Switch User's Guide Bridge Priority lower the #, Increases chance higher the of becoming the priority Root Bridge 1 - 10 sec. 6 - 40 sec. No effect, if not Root Bridge Compete for Root Bridge, if BPDU is not received High # delays the change in state Avoid, if the switch is used in workgroup level of a large network Never set greater than Max. Age Time Avoid low number for unnecessary reset of Root Bridge Max. Age 2 x (Forward Delay - 1) Max. Age 2 x (Hello Time + 1) Hello Time Max. Age Time Forward Delay 4 - 30 sec. Port Level STA parameters Enable / Disable Enable / Disable Enable or disable Disable a port for this LAN segment security or problem isolation Port Priority lower the #, Increases chance higher the of become Root priority Port Table 5-1. User-selective STA parameters Port Trunking Port trunking is used to combine a number of ports together to make a single high-bandwidth data pipeline. The participating parts are called members of a trunk group, with one port designated as the master of the group. Since all members of the trunk group must be configured to operate in the same manner, all settings changes made to the master port are applied to all members of the trunk group. Thus, when configuring the ports in a trunk group, you only need to configure the master port. The DES-3225G supports 3 trunk groups, which may include from 2 to 8 switch ports each, except for the third trunk group which consists of the 2 ports of the Slot 1, 100BASE-TX or 100BASE-FX front-panel module. The master port for the first group is preset as port 7, the master port for the second group is port 15 and the master port for the third group is the first port (1x) on the 2-port module. 20 Switch Management Concepts 24-port NWay Ethernet Switch User's Guide Figure 5-3. Port trunking example The switch treats all ports in a trunk group as a single port. As such, trunk ports will not be blocked by Spanning Tree. Data transmitted to a specific host (destination address) will always be transmitted over the same port in a trunk group. This allows packets in a data stream to arrive in the same order they were sent. A trunk connection can be made with any other switch that maintains host-to-host data streams over a single trunk port. Switches that use a load-balancing scheme that sends the packets of a host-to-host data stream over multiple trunk ports cannot have a trunk connection with the DES-3225G switch. VLANs and Broadcast Domains VLANs are a collection of users or switch ports grouped together in a secure, autonomous broadcast and multicast domain. The main purpose of setting up VLANs or a broadcast domain on a network is to limit the range and effects of broadcast packets. Two types of VLANs are implemented on the Switch: 802.1Q VLANs and port-based VLANs. MAC-based broadcast domains are a third option. Only one type of VLAN or broadcast domain can be active on the Switch at any given time, however. Thus, you will need to choose the type of VLAN or broadcast domain you wish to setup on your network and configure the Switch accordingly. 802.1Q VLANs support IEEE 802.1Q tagging, which enables them to span the entire network (assuming all switches on the network are IEEE 802.1Q-compliant). In contrast, MAC-based broadcast domains are limited to the Switch and devices directly connected to them. All VLANs allow a network to be segmented in order to reduce the size of broadcast domains. All broadcast, multicast, and unknown packets entering the Switch on a particular VLAN will only be forwarded to the stations or ports (802.1Q and port-based) that are members of that VLAN. 802.1Q and port-based VLANs also limit unicast packets to members of the VLAN, thus providing a degree of security to your network. Another benefit of 802.1Q and port-based VLANs is that you can change the network topology without physically moving stations or changing cable connections. Stations can be `moved' to another VLAN and thus communicate with its members and share its resources, simply by changing the port VLAN settings from one VLAN (the sales VLAN, for example) to another VLAN (the marketing VLAN). This allows VLANs to accommodate network moves, changes and additions with Switch Management Concepts 21 24-port NWay Ethernet Switch User's Guide the utmost flexibility. MAC-based broadcast domains, on the other hand, allow a station to be physically moved yet still belong to the same broadcast domain without having to change and configuration settings. The untagging feature of IEEE 802.1Q VLANs allows VLANs to work with legacy switches that don't recognize VLAN tags in packet headers. The tagging feature allows VLANs to span multiple 802.1Q-compliant switches through a single physical connection and allows Spanning Tree to be enabled on all ports and work normally (BPDU packets are not tagged). MAC-based Broadcast Domains The Switch supports up to 12 MAC-based broadcast domains, which are by their nature, limited to the Switch itself and the devices connected directly to it. Since MAC addresses are hard-wired into a station's network interface card (NIC), MAC-based broadcast domains enable network managers to move a station to a different physical location on the network and have that station automatically retain its broadcast domain membership. This provides the network with a high degree of flexibility since even notebook PC's can plug into any available port on a network and communicate with the same people and use the same resources that have been allocated to the broadcast domain in which it is a member. Since MAC-based broadcast domains do not restrict the transmission of known unicast frames to other broadcast domains, they can only be used to define limited broadcast domains. As such, they are best implemented on networks where stations are frequently moving, for example where people using notebook PCs are constantly plugging into different parts of the network. Setting up MAC-based broadcast domains is a relatively straightforward process. Simply create the broadcast domain by assigning it a name (description) and add MAC addresses for the stations that will be members. 802.1Q VLANs The Switch supports up to 2000 802.1Q VLANs. 802.1Q VLANs limit traffic that flows into and out of switch ports. Thus, all devices connected to a port are members of the VLAN(s) the port belongs to, whether there is a single computer directly connected to a switch, or an entire department. On 802.1Q VLANs, NICs do not need to be able to identify 802.1Q tags in packet headers. NICs send and receive normal Ethernet packets. If the packet's destination lies on the same segment, communications take place using normal Ethernet protocols. Even though this is always the case, when the destination for a packet lies on another Switch port, VLAN considerations come into play to decide if the packet gets dropped by the Switch or delivered. There are two key components to understanding 802.1Q VLANs: Port VLAN ID numbers (PVIDs) and VLAN ID numbers (VIDs). Both variables are assigned to a switch port, but there are important differences between them. A user can only assign one PVID to each switch port. The PVID defines which VLAN a packet belongs to when packets need to be forwarded to another switch port or somewhere else on the network. On the other hand, a user can define a port as a member of multiple VLANs (VIDs), allowing the segment connected to it to receive packets from many VLANs on the network. These two variables control a port's ability to transmit and receive VLAN traffic, and the difference between them provides network segmentation, while still allowing resources to be shared across more than one VLAN. 802.1Q VLAN Segmentation The following example is helpful in explaining how 802.1Q VLAN segmentation works. Take a packet that is transmitted by a machine on Port 1 that is a member of VLAN 2 and has the Port VLAN ID number 2 (PVID=2). If the destination lies on another port (found through a normal forwarding table lookup), the Switch then looks to see if the other port (Port 10) is a member of VLAN 2 (and can therefore receive VLAN 2 packets). If port 10 is not a member of VLAN 2, then the packet will be dropped by the Switch and will not reach its destination. If Port 10 is a member of VLAN 2, the packet will go through. This selective forwarding feature based on VLAN criteria is how VLANs segment networks. The key point being that Port 1 will only transmit on VLAN 2, because it's Port VLAN ID number is 2 (PVID=2). 22 Switch Management Concepts 24-port NWay Ethernet Switch User's Guide Sharing Resources Across 802.1Q VLANs Network resources such as printers and servers however, can be shared across 802.1Q VLANs. This is achieved by setting up overlapping VLANs as shown in the diagram below. VLAN 3 VLAN 1 VLAN 2 123 4 P o rt V ID s = 1 5678 9 10 11 12 P o rt V I Ds = 2 P ort P V ID = 3 Workstations Network Server Graphics Workstations Figure 5-4. Example of typical VLAN configuration In the above example, there are three different 802.1Q VLANs and each port can transmit packets on one of them according to their Port VLAN ID (PVID). However, a port can receive packets on all VLANs (VID) that it belongs to. The assignments are as follows: PVID (Port VLAN ID) 1 1 1 2 2 3 Ports Port 1 Port 2 Port 3 Port 11 Port 12 Port 7 VID (VLAN ID) 1 2 3 Member Ports 1,2,3,7 7,11,12 1,2,3,7,11,12 Table 5-2. VLAN assignments for Figure 5-4 The server attached to Port 7 is shared by VLAN 1 and VLAN 2 because Port 7 is a member of both VLANs (it is listed as a member of VID 1 and 2). Since it can receive packets from both VLANs, all ports can successfully send packets to it. Ports 1, 2 and 3 send these packets on VLAN 1 (their PVID=1), and Ports 11 and 12 send these packets on VLAN 2 (PVID=2). The third VLAN (PVID=3) is used by the server to transmit files that had been requested on VLAN 1 or 2 back to the computers. All computers that use the server will receive transmissions from it since they are all located on ports which are members of VLAN 3 (VID=3). 802.1Q VLANs Spanning Multiple Switches 802.1Q VLANs can span multiple switches as well as your entire network. Two considerations to keep in mind while building VLANs of this sort are whether the switches are IEEE 802.1Q-compliant and whether VLAN packets should be tagged or untagged. Definitions of relevant terms are as follows: Switch Management Concepts 23 24-port NWay Ethernet Switch User's Guide Tagging The act of putting 802.1Q VLAN information into the header of a packet. Tagging ports will put the VID number, priority, and other VLAN information into all packets that flow out it. If a packet has previously been tagged, the port will not alter the packet, thus keeping the VLAN information intact. Tagging is used to send packets from one 802.1Q-compliant device to another. Untagging The act of stripping 802.1Q VLAN information out of the packet header. Untagging ports will take all VLAN information out of all packets that flow out of a port. If the packet doesn't have a VLAN tag, the port will not alter the packet, thus keeping the packet free of VLAN information. Untagging is used to send packets from an 802.1Qcompliant switch to a non-compliant device. Ingress port A port on a switch where packets are flowing into the switch. If an ingress port has the Ingress Filter enabled, the switch will examine each packet to determine whether or not it is a VLAN member and then take one of two actions: if the port is not a member of a VLAN, the packet will be dropped; if the port is a member of a VLAN, then the packet will be forwarded. Otherwise, if the Ingress Filter is disabled, then the switch will process any packet received at this port in its normal fashion. Egress port A port on a switch where packets are flowing out of the switch, either to another switch or to an end station, and tagging decisions must be made. If an egress port is connected to an 802.1Q-compliant device, tagging should be enabled so the other device can take VLAN data into account when making forwarding decisions (this allows VLANs to span multiple switches). If an egress connection is to a non-compliant switch or end-station, tags should be stripped so the (now normal Ethernet) packet can be read by the receiving device. VLANs Over 802.1Q-compliant Switches When switches maintaining the same VLANs are 802.1Q-compliant, it is possible to use tagging. Tagging puts 802.1Q VLAN information into each packet header, enabling other 802.1Q-compliant switches that receive the packet to know how to treat it. Upon receiving a tagged packet, an 802.1Q-compliant switch can use the information in the packet header to maintain the integrity of VLANs, carry out priority forwarding, etc. Data transmissions between 802.1Q-compliant switches take place as shown below. Figure 5-5. Data transmissions between 802.1Q-compliant Switches 24 Switch Management Concepts 24-port NWay Ethernet Switch User's Guide In the above example, step 4 is the key element. Because the packet has 802.1Q VLAN data encoded in its header, the ingress port can make VLAN-based decisions about its delivery: whether server #2 is attached to a port that is a member of VLAN 2 and thus, should the packet be delivered; the queuing priority to give to the packet, etc. It can also perform these functions for VLAN 1 packets as well, and, in fact, for any tagged packet it receives regardless of the VLAN number. If the ingress port in step 4 were connected to a non-802.1Q-compliant device and was thus receiving untagged packets, it would tag its own PVID onto the packet and use this information to make forwarding decisions. As a result, the packets coming from the non-compliant device would automatically be placed on the ingress ports VLAN and could only communicate with other ports that are members of this VLAN. Port-based VLANs Port-based VLANs are a simplified version of the 802.1Q VLANs described in the previous section. In port-based VLANs, all the 802.1Q settings are pre-configured allowing you to quickly and easily setup and maintain port-based VLANs on your network. In port-based VLANs, broadcast, multicast and unknown packets will be limited to within the VLAN. Thus, port-based VLANs effectively segment your network into broadcast domains. Furthermore, ports can only belong to a single VLAN. Because port-based VLANs are uncomplicated and fairly rigid in their implementation, they are best used for network administrators who wish to quickly and easily setup VLANs in order to isolate limit the effect of broadcast packets on their network. For the most secure implementation, make sure that end stations are directly connected to the switch. Attaching a hub, switch or other repeater to the port causes all stations attached to the repeater to become members of the Port-based VLAN. To setup port-based VLANs, simply select one of 24 VLAN ID numbers, name the VLAN and specify which ports will be members. All other ports will automatically be forbidden membership, even dynamically as a port can belong to only one VLAN. Broadcast Storms Broadcast storms are a common problem on today's networks. Basically, they consist of broadcast packets that flood and/or are looped on a network causing noticeable performance degradation and, in extreme cases, network failure. Broadcast storms can be caused by network loops, malfunctioning NICs, bad cable connections, and applications or protocols that generate broadcast traffic, among others. In effect, broadcast storms can originate from any number of sources, and once they are started, they can be selfperpetuating, and can even multiply the number of broadcast packets on the network over time. In the best case, network utilization will be high and bandwidth limited until the hop counts for all broadcast packets have expired, whereupon the packets will be discarded and the network will return to normal. In the worst case, they will multiply, eventually using up all the network bandwidth (although network applications will usually crash long before this happens), and cause a network meltdown. Broadcast storms have long been a concern for network administrators with routers traditionally being used to prevent their occurrence, and if that failed, to at least limit their scope. However, with the advent of VLANs, switches are now able to limit broadcast domains better and cheaper than routers. Also, many switches, including the DES-3225G series, have broadcast sensors and filters built into each port to further control broadcast storms. Switch Management Concepts 25 24-port NWay Ethernet Switch User's Guide Segmenting Broadcast Domains The Switch allows you to segment broadcast domains. It does this by forwarding packets only to ports in the same broadcast domain or VLAN. Thus, broadcast packets will only be forwarded to ports that are members of the same broadcast domain or VLAN. Other parts of the network are effectively shielded. As a result, the smaller the broadcast domain, the less effect a broadcast storm will have. Since VLANs and broadcast domains are implemented at each switch port, they can be quite effective in limiting the scope of broadcast storms. Eliminating Broadcast Storms SNMP agents can be programmed to monitor the number of broadcast packets on switch ports and act on the data. When the number of broadcast packets on a given port rise past an assigned threshold, an action can be triggered. When enabled, the usual action is to block the port to broadcast frames, which discards all broadcast frames arriving at the port from the attached segment. Not only does this isolate the broadcast domain, but it actually starts removing broadcast packets from the affected segment. When the number of broadcast packets falls to an acceptable level (below a falling threshold), the SNMP agent can remove the blocking condition, returning the port to its normal operational state. In the Switch, the default rising threshold is met when more than 500 broadcast packets per second are being detected on a specified port. Once the rising threshold is surpassed for a duration of more than 5 seconds, it will trigger the broadcast storm rising action configured by the user. The default falling threshold is met if there are less than 250 broadcast packets per second. It is triggered once the duration is at least 30 seconds. The actions can easily be defined by using a normal SNMP management program or through the console interface. 26 Switch Management Concepts 24-port NWay Ethernet Switch User's Guide 6 USING THE CONSOLE INTERFACE Your 24-port NWay Ethernet Switch supports a console management interface that allows you to set up and control your Switch, either with an ordinary terminal (or terminal emulator), or over the network using the TCP/IP Telnet protocol. You can use this facility to perform many basic network management functions. In addition, the console program will allow you to set up the Switch for management using an SNMP-based network management system. This chapter describes how to use the console interface to access the Switch, change its settings, and monitor its operation. Setting Up A Console First-time configuration must be carried out through a "console," that is, either (a) a VT100-type serial data terminal, or (b) a computer running communications software set to emulate a VT100. The console must be connected to the Diagnostics port. This is an RS-232 port with a 9-socket D-shell connector and DCE-type wiring. Make the connection as follows: 1. Obtain suitable cabling for the connection. You can use either (a) a "null-modem" RS-232 cable or (b) an ordinary RS-232 cable and a null-modem adapter. One end of the cable (or cable/adapter combination) must have a 9-pin D-shell connector suitable for the Diagnostics port; the other end must have a connector suitable for the console's serial communications port. 2. Power down the devices, attach the cable (or cable/adapter combination) to the correct ports, and restore power. 3. Set the console to use the following communication parameters for your terminal: 9600 baud No parity checking (sometimes referred to as "no parity") 8 data bits (sometimes called a "word length" of 8 bits) 1 stop bit (sometimes referred to as a 1-bit stop interval) VT-100/ANSI compatible Arrow keys enabled A typical console connection is illustrated below: Using the Console Interface 27 24-port NWay Ethernet Switch User's Guide Figure 6-1. Example of a console connection Connecting to the Switch Using Telnet Once you have set an IP address for your Switch, you can use a Telnet program (in a VT-100 compatible terminal mode) to access and control the Switch. Most of the screens are identical, whether accessed from the console port or from a Telnet interface. You can also use a Web-based browser to manage the Switch. See the next chapter, "Web-Based Network Management," for further information. Console Usage Conventions The console interface makes use of the following conventions: 1. Items in can be toggled on or off using the space bar. 2. Items in [square brackets]can be changed by typing in a new value. You can use the backspace and delete keys to erase characters behind and in front of the cursor. 3. The up and down arrow keys, the left and right arrow keys, the tab key and the backspace key, can be used to move between selected items. It is recommended that you use the tab key and backspace key for moving around console. 4. Items in UPPERCASE are commands. Moving the selection to a command and pressing Enter will execute that command, e.g. APPLY, etc. Please note that the command APPLY only applies for the current session. Use Save Changes from the main menu for permanent changes. An asterisk "*" indicates a change has been made but won't take effect until the Switch has been rebooted. First Time Connecting To The Switch The Switch supports user-based security that can allow you to prevent unauthorized users from accessing the Switch or changing its settings. This section tells how to log onto the Switch. Note: The passwords used to access the Switch are case sensitive; therefore, "S" is not the same as "s." When you first connect to the Switch, you will be presented with the first login screen (shown below). Press Ctrl+R (hold down the Ctrl key, press the R key, and release both keys) to call up the screen, if the initial login screen does not appear. Also Ctrl+R can be used at any time to refresh the screen. 28 Using the Console Interface 24-port NWay Ethernet Switch User's Guide Figure 6-2. Initial screen, first time connecting to the Switch Note: There is no initial username or password. Leave the Username and Password fields blank. Press or in the Username and Password fields. You will be given access to the main menu shown below: Figure 6-3. Main menu The first user automatically gets Administrator privileges (See Table 6-1). It is recommended to create at least one Administrator-level user for the Switch. Using the Console Interface 29 24-port NWay Ethernet Switch User's Guide User Accounts Management From the screen above, move the cursor to the User Accounts Management menu and press , then the Users Accounts Management menu appears. 1. Choose Create/Modify User Accounts from the User Accounts Management menu and the Add/Modify User Accounts menu appears. 2. Enter the new user name, assign an initial password, and then confirm the new password. Determine whether the new user should have Administrator or Normal User privileges. (Use the space bar to toggle between the two options). 3. Press APPLY to let the user addition take effect. 4. Press to return to the previous screen or Ctrl+T to go to the root screen. 5. To see a listing of all user accounts and access levels, press . Then choose View/Delete User Accounts. The View/Delete User Accounts screen appears. Administrator and Normal User Privileges There are two levels of user privileges: Administrator and Normal User. Some menu selections available to users with Administrator privileges may not be available to Normal Users. The main menus shown are the menus for the two types of users: The following table summarizes Administrator and Normal User privileges: Menu Administrator Normal User Privilege Configuration Network Monitoring Community Stations Update Firmware and Yes No Strings and Trap Yes Yes Yes Yes, view only. Yes, view only. Yes, view only. Configuration Files User Accounts Management Create/Modify User Accounts View/ Delete User Accounts System Utilities Factory Reset Restart System Yes Yes Yes Yes Yes No No Yes No No Table 6-1. Administrator and Normal User Privileges After establishing a User Account with Administrator-level privileges, press twice. Then choose the Save Changes menu (see below). Pressing any key will return to the main menu. You are now ready to operate the Switch. Saving Changes The DES-3225G has two levels of memory normal RAM and non-volatile or NV-RAM. Settings need to be changed in all screens by clicking on the Apply button. When this is done, the settings will be immediately applied to the switching software in RAM, and will immediately take effect. Some settings, though, require you to restart the switch before they will take effect. Restarting the switch will erase all settings in RAM and reload them from the NV-RAM. Thus, it is necessary to save all settings to the NV-RAM before restarting the switch. 30 Using the Console Interface 24-port NWay Ethernet Switch User's Guide In order to retain any modifications made in the current session by saving them into the NV-RAM, it is necessary to choose Save Changes from the main menu. The following screen will appear to indicate your new settings have been processed: Figure 6-4. Save Changes screen After the settings have been saved to NV-RAM, they will become the default settings for the switch, and they will be used by the switch every time it is powered on, reset or rebooted. The only exception to this is a factory reset, which will clear all settings and restore them to their initial values listed in Appendix D, which were present when the switch was purchased. Logging Onto The Switch Console By Registered Users To log in once you have created a registered user, 1. Type in your Username and press . 2. Type in your Password and press . 3. The main menu screen will be displayed based on your Administrator or Normal User access level or privilege. Create/Modify User Accounts To add or change your user password: Choose Users Accounts Management from the main menu. The following User Accounts Management menu appears: Using the Console Interface 31 24-port NWay Ethernet Switch User's Guide Figure 6-5. User Accounts Management menu 1. Choose Create/Modify User Accounts. The following screen appears: Figure 6-6. Add/Modify User Accounts screen 32 Using the Console Interface 24-port NWay Ethernet Switch User's Guide 2. Type in your Username and press . 3. If you are a new user, type in the Old Password and press . 4. Type in the New Password you have chosen, and press . Type in the same new password in the following field to verify that you have not mistyped it. 5. Determine whether the new user should have Normal User or Administrator privileges. 6. Choose the APPLY command to let the password change take effect. This method can also be used by an Administrator-level user to change another user's password. View/Delete User Accounts Access to the console, whether using the console port or via Telnet, is controlled using a user name and password. Up to three of these user names can be defined. The console interface will not let you delete the current logged-in user, however, in order to prevent accidentally deleting all of the users with Administrator privilege. Only users with the Administrator privilege can delete users. To view your user password: Choose View/Delete User Accounts from the User Accounts Management menu. The following screen appears: Figure 6-7. View/Delete User Accounts screen To delete your user password: 1. Toggle the Delete field of the user you wish to remove to Yes. 2. Press APPLY to let the user deletion take effect. Using the Console Interface 33 24-port NWay Ethernet Switch User's Guide Setting Up The Switch This section will help prepare the Switch user by describing the Configuration, Update Firmware and Configuration Files, Save Changes, and System Utilities menus and their respective sub-menus. Configuration Choose Configuration to access the first item on the DES-3225G main menu. The following menu appears: Figure 6-8. Configuration menu You will need to change some settings to allow you to be able to manage the Switch from an SNMP-based Network Management System such as SNMP v1 or to be able to access the Switch using the Telnet protocol. See the next chapter for Web-based network management information. Configure IP Address The Switch needs to have an IP address assigned to it so that an In-Band network management system or Telnet client can find it on the network. The IP Configuration screen allows you to change the settings for the two different interfaces used on the Switch: the Ethernet interface used for in-band communication, and the SLIP interface used over the console port for out-of-band communication. Choose Configure IP Address to access the first item on the Configuration menu. The following screen appears: 34 Using the Console Interface 24-port NWay Ethernet Switch User's Guide Figure 6-9. IP Configuration screen The fields listed under the Current Settings heading are those that are currently being used by the Switch. Those fields listed under Restart Settings will be used after the Switch has been Reset. Fields that can be set include: Assign IP Determines whether the Switch should get its IP Address settings from the user (Manual), a BOOTP server, or a DHCP server. If Manual is chosen, the Switch will use the IP Address, Subnet Mask and Default Gateway settings defined in this screen upon being rebooted. If BOOTP is chosen, the Switch will send out a BOOTP broadcast request when it is powered up. The BOOTP protocol allows IP addresses, network masks, and default gateways to be assigned by a central BOOTP server. If this option is set, the Switch will first look for a BOOTP server to provide it with this information before using the supplied settings. If DHCP is chosen, a Dynamic Host Configuration Protocol request will be sent when the Switch is powered up. IP Address Determines the IP address used by the Switch for receiving SNMP and Telnet communications. These fields should be of the form xxx.xxx.xxx.xxx, where each xxx is a number (represented in decimal) between 0 and 255. This address should be a unique address on a network assigned to you by the central Internet authorities. The same IP address is shared by both the SLIP and Ethernet network interfaces. Subnet Mask Bitmask that determines the extent of the subnet that the Switch is on. Should be of the form xxx.xxx.xxx.xxx, where each xxx is a number (represented in decimal) between 0 and 255. If no subnetting is being done, the value should be 255.0.0.0 for a Class A network, 255.255.0.0 for a Class B network, and 255.255.255.0 for a Class C network. Default Gateway IP address that determines where frames with a destination outside the current subnet should be sent. This is usually the address of a router or a host acting as an IP gateway. If your network is not part of an internetwork, or you do not want the Switch to be accessible outside your local network, you can leave this field unchanged. Using the Console Interface 35 24-port NWay Ethernet Switch User's Guide Configure Console You can use the Console Options screen to choose whether to use the Switch's RS-232C serial port for console management or for out-of-band TCP/IP communications using SLIP, and to set the bit rate used for SLIP communications. Choose Configure Console to access the last item on the Configuration menu. The following screen appears: Figure 6-10. Console Options screen The following fields can be set: Settings on Restart: Console Timeout This setting for the restart of the console is 2 mins, 5 mins, 10 mins, 15 mins, or Never. Serial Port Determines whether the serial port should be used for out-of-band (SLIP) management or for console management, starting from the next time the Switch is restarted. In this field, you can toggle between SLIP or Console port type settings. Baud Rate Determines the serial port bit rate that will be used the next time the Switch is restarted. Applies only when the serial port is being used for out-of-band (SLIP) management; it does not apply when the port is used for the console port. Available speeds are 2400, 9600, 19,200 and 38,400 bits per second. The default setting in this Switch version is 9600. The top of the screen displays the current settings for Console Timeout and Serial Port as well as the Baud Rate, Character Size, and Stop Bit for Out of Band and Console settings, respectively. 36 Using the Console Interface 24-port NWay Ethernet Switch User's Guide Configure Switch The Switch Configuration screen shows various pieces of information about your Switch, and allows you to set the System Name, System Location, and System Contact. These settings can be retrieved from the Switch using SNMP requests, allowing these settings to be used for network management purposes. Choose Configure Switch to access the second item on the Configuration menu. The following screen appears: Figure 6-11. Switch Configuration screen The fields you can set are: System Name Corresponds to the SNMP MIB II variable system.sysName, and is used to give a name to the Switch for administrative purposes. The Switch's fully qualified domain name is often used, provided a name has been assigned. System Location Corresponds to the SNMP MIB II variable system.sysLocation, and is used to indicate the physical location of the Switch for administrative purposes. System Contact Corresponds to the SNMP MIB II variable sysContact, and is used to give the name and contact information for the person responsible for administering the Switch. Advanced Settings The Configure Advanced Switch Features screen allows you to set an expiration time for MAC address entries and enable or disable auto-partitioning on all ports. Select ADVANCED SETTINGS on the Switch Configuration screen to access the Configure Advanced Switch Features screen (see below). Press APPLY once the desired changes have been made. Using the Console Interface 37 24-port NWay Ethernet Switch User's Guide Figure 6-12. Configure Advanced Switch Features screen The fields you can set are: Port Auto-Partition Capability on All Ports When this function is enabled, if too many consecutive collisions occur on an individual port, the port will be blocked off until a good packet is seen on the wire. If a port is partitioned, the Switch can only transmit data, not receive it. Head Of Line (HOL) Blocking Prevention Enables or disables Head-Of-Line Blocking Prevention. Head-of Line blocking occurs when a packet originating on Port 1, for instance, needs to be forwarded to Ports 2 and 3. If Port 2 is occupied (causing the packet to be held in memory until the port is free), the packet destined for Port 3 will also be delayed, even though the port may be free. Cumulatively, these delays can have a noticeable effect on overall network performance. Enabling HOL Blocking Prevention prevents Head-of-Line blocking from occurring, meaning that the packet destined for Port 3 gets delivered immediately. Configure Ports The port configuration screen allows you to change the port state in the case when you would like to partition a port due to excessive collision, or for observation, device repair, or security reasons. Great caution, however, must be observed when partitioning a port; you should make sure that the partitioned port is not being used as the port to control or monitor the condition of other devices. 38 Using the Console Interface 24-port NWay Ethernet Switch User's Guide Figure 6-13. Port Configuration screen Items in the above window are defined as follows: Port Specifies the port (1-22,all) that will be configured. When all is chosen, the settings you configure will be applied to all UTP ports. State Enables or disables the port. This amounts to turning the port on or off. Speed/Duplex Selects the desired Speed and Duplex fort the port. Possible settings include: Auto, 100M/Full, 100M/Half, 10M/Full, or 10M/Half. Choosing Auto enables NWay auto-configuration on the port. Flow Control Toggles flow control On or Off. Flow control can only be used with other IEEE 802.3x-compliant devices and in a full-duplex connection. It is useful during periods of heavy network activity when the Switch's buffers can receive too much traffic and fill up faster than the Switch can forward the information. In such cases, the Switch will intervene and tell the transmitting device to pause to allow the information in the port buffer to be sent. When Auto-Negotiation is enabled in the Speed/Duplex field above, flow control will only be enabled if the connected device can Auto-negotiate flow control. Confirm that Flow Control is in force by checking the Status field. Priority Selects Normal, High or Low. The Switch has two packet queues where incoming packets wait to be processed for forwarding; a high priority and low priority queue. The high priority queue should only be used for data in which latency can have adverse affects on the function of an application, such as video or audio data, where latency can produce distorted sounds and images. Packets in the low priority queue will not be processed unless the High priority queue is empty. Setting the port priority to high will deliver all packets arriving at the port to the high priority queue, a low setting will send them all to the low priority queue. The Normal settings causes the port to examine the packet for an IEEE 802.1p/Q priority tag. If no tag exists, the packet will be sent to the low priority queue. If the priority tag field in the packet header contains a value of 0-3, the packet will be placed in the low priority queue; a value of 4-7 causes the packet to be placed in the high priority queue. Using the Console Interface 39 24-port NWay Ethernet Switch User's Guide Port Lock When locked, automatic learning for all stations connected to this port will stop and entries in the Forwarding Table for all devices residing on this port will age out. The only traffic this port will allow is traffic from machines whose MAC address is manually entered in the Static Forwarding Table. Broadcast Storm Rising Action This setting will be activated when Broadcast Storm Rising Threshold (below) is met. When triggered, the port can be configured to Do Nothing, Blocking or Blocking-Trap. The Do Nothing setting causes the switch to operate normally, in other words, ignore the broadcast storm condition. The Blocking setting causes the port to drop all broadcast frames, thus isolating the broadcast storm. Blocking-Trap performs the same action as Blocking, except it also sends a trap to the designated Trap Recipient informing them of the situation. For more information on broadcast storms, please refer to the Switch Management Concepts section of this manual. Broadcast Storm Rising Threshold This setting defines a ceiling for the number of broadcast packets per second on this port. Once met, the Broadcast Storm Rising Action (above) will be triggered. The assigned number should be high enough to allow normal broadcast packets (which comprise significant traffic) to be let through, while being low enough so that broadcast storms can be detected early. Broadcast Storm Falling Action This setting will be activated when the Broadcast Storm Rising Threshold and then the Broadcast Storm Falling Threshold (below) is met. This setting can be configured to Do Nothing, Forwarding or Forwarding-Trap. The Do Nothing setting causes the switch to operate normally, in other words, ignore the situation. If the port had met the Broadcast Storm Rising Action criteria and started Blocking broadcast packets, it will continue doing so. The Forwarding setting causes the port to begin forwarding broadcast frames, thus removing the Blocking state imposed by the Broadcast Storm Rising Action. Forwarding-Trap performs the same action as Forwarding, except it also sends a trap to the designated Trap Recipient informing them of the situation. Broadcast Storm Falling Threshold This setting defines the number of broadcast packets per second on this port which will trigger the Broadcast Storm Falling Action (above). This threshold will only trigger an action if the Broadcast Storm Rising Threshold has first been reached. The assigned number should be high enough to allow normal broadcast packets (which comprise significant traffic) to be let through as early as possible, while being low enough so that broadcast storms are completely eliminated. Press APPLY to let the changes take effect. If you wish these changes to be the default for the switch, return to the main menu and choose Save Changes. STP Port State (whether the Spanning Tree Protocol is enabled or disabled on this port) and Status reflect the current conditions of the port. They are read-only fields and cannot be changed. Configure Slot1 Module This screen allows you to change the port state of the module in slot 1 in the case when you would like to partition a port due to excessive collision, or for observation, device repair, or security reasons. Great caution, however, must be observed when disabling a port, since all data passing through the port will be discarded by the Switch. To change the configuration of the Slot1 module shown below: 40 Using the Console Interface 24-port NWay Ethernet Switch User's Guide Figure 6-14. Slot1-Port Configuration screen Port Field specifies either S1P1, the Port 1x port or S1P2, the Port 2x port on the module. For single-port modules, only S1P1 will be available. State Enables or disables this port. Speed/Duplex Selects the desired Speed and Duplex fort the port. Possible settings include: Auto, 100M/Full, 100M/Half, 10M/Full, or 10M/Half. Choosing Auto enables NWay auto-configuration on the port. Flow Control Enables or disables IEEE 802.1x full-duplex (only) flow control on this port. See Flow Control in the Configure Ports section above for a more detailed explanation. Priority Selects Normal, High or Low. See Priority in the Configure Ports section above for a more detailed explanation. Port Lock When locked, automatic learning for all stations connected to this port will stop and entries in the Forwarding Table for all devices residing on this port will age out. The only traffic this port will allow is traffic from machines whose MAC address is manually entered in the Static Forwarding Table. Broadcast Storm Rising Action Selects an action ­ Do Nothing, Blocking, Blocking-Trap ­ for the port when the Broadcast Storm Rising Threshold (below) condition is met. See Broadcast Storm Rising Action in the Configure Ports section of this manual for a more detailed explanation. Broadcast Storm Rising Threshold This setting defines a ceiling for the number of broadcast packets per second on this port. See Broadcast Storm Rising Threshold in the Configure Ports section of this manual for a more detailed explanation. Using the Console Interface 41 24-port NWay Ethernet Switch User's Guide Broadcast Storm Falling Action This setting will be activated when the Broadcast Storm Rising Threshold and then the Broadcast Storm Falling Threshold (below) is met. This setting can be configured to Do Nothing, Forwarding or Forwarding-Trap. See Broadcast Storm Falling Action in the Configure Ports section of this manual for a more detailed explanation. Broadcast Storm Falling Threshold This setting defines the number of broadcast packets per second on this port which will trigger the Broadcast Storm Falling Action (above). See Broadcast Storm Falling Threshold in the Configure Ports section of this manual for a more detailed explanation. Press APPLY to have the changes take effect. STP Port State and Status reflect the current conditions of the port. They are read-only fields and cannot be changed. Configure Slot2 Module This screen allows you to change the port state of an optional Gigabit Ethernet module in slot 2. This is useful in the case when you would like to partition a port due to excessive collision, or for observation, device repair, or security reasons. Great caution, however, must be observed when disabling a port, since all data passing through the port will be discarded by the Switch. The Configure Slot2 Module screen appears as follows: Figure 6-15. Slot2-Port Configuration screen State Enables or disables this port. Speed/Duplex If either a 1000BASE-SX or 1000BASE-LX module is used, this field will offer two choices: 1000M/Full or Auto. If a 1000BASE-T module is used, this field will offer the following choices: 1000M/Full, 100M/Full, 100M/Half, and Auto. Please note that DES-3251G/GL version A2 supports 1000M/Full only. Version A3 supports 1000M/Full and Auto. 42 Using the Console Interface 24-port NWay Ethernet Switch User's Guide Flow Control Enables or disables IEEE 802.1x full-duplex (only) flow control on this port. See Flow Control in the Configure Ports section above for a more detailed explanation. Priority Selects Normal, High or Low. See Priority in the Configure Ports section above for a more detailed explanation. Port Lock When locked, automatic learning for all stations connected to this port will stop and entries in the Forwarding Table for all devices residing on this port will age out. The only traffic this port will allow is traffic from machines whose MAC address is manually entered in the Static Forwarding Table. Broadcast Storm Rising Action Selects an action ­ Do Nothing, Blocking, Blocking-Trap ­ for the port when the Broadcast Storm Rising Threshold (below) condition is met. See Broadcast Storm Rising Action in the Configure Ports section of this manual for a more detailed explanation. Broadcast Storm Rising Threshold This setting defines a ceiling for the number of broadcast packets per second on this port. See Broadcast Storm Rising Threshold in the Configure Ports section of this manual for a more detailed explanation. Broadcast Storm Falling Action This setting will be activated when the Broadcast Storm Rising Threshold and then the Broadcast Storm Falling Threshold (below) is met. This setting can be configured to Do Nothing, Forwarding or Forwarding-Trap. See Broadcast Storm Falling Action in the Configure Ports section of this manual for a more detailed explanation. Broadcast Storm Falling Threshold This setting defines the number of broadcast packets per second on this port which will trigger the Broadcast Storm Falling Action (above). See Broadcast Storm Falling Threshold in the Configure Ports section of this manual for a more detailed explanation. Press APPLY to have the changes take effect. STP Port State and Status reflect the current conditions of the port. They are read-only fields and cannot be changed. Configure Port Mirroring The Switch allows you to copy frames transmitted and received on a port and redirect the copies to another port. You can attach a monitoring device to the mirrored port, such as a sniffer or an RMON probe, to view details about the packets passing through the first port. This is useful for network monitoring and troubleshooting purposes. Choose Configure Port Mirroring on the Configuration menu to access the following screen: Using the Console Interface 43 24-port NWay Ethernet Switch User's Guide Figure 6-16. Configure Port Mirroring screen To configure a mirror port, select the port from where you want to copy frames in the Source Port field. Then select the port which receives the copies from the source port in the Target Port field. The target port is where you will connect a monitoring/troubleshooting device such as a sniffer or an RMON probe. Note: You cannot mirror a fast port onto a slower port. For example, if you try to mirror the traffic from a 100 Mbps port onto a 10 Mbps port, this can cause throughput problems. The port you are copying frames from should always support an equal or lower speed than the port to which you are sending the copies. Also, the target port cannot be a member of a trunk group. Configure Spanning Tree Protocol The Spanning Tree Algorithm Parameters can be used for creating alternative paths in your network. The Protocol Parameters allow you to change the behind the scene parameters of the Spanning Tree Algorithm at the bridge level. The parameters for this section have been fully explained in Chapter 5's Switch Management Concepts, see STA Operation Levels: On the Bridge level, and User-Changeable Parameters. It is recommended that you read these sections, as well as the introductory section in the same chapter entitled Spanning Tree Algorithm before changing any of the parameters. STP Parameter Settings To change the Protocol Parameters: 1. Choose Configure Spanning Tree Protocol from the Configuration menu. The following Configure Spanning Tree Protocol menu will be displayed: 44 Using the Console Interface 24-port NWay Ethernet Switch User's Guide Figure 6-17. Configure Spanning Tree Protocol menu 2. Choose STP Parameter Setting to access the following screen: Figure 6-18. STP Parameters Setting screen Using the Console Interface 45